apache
diff --git a/‎test/e2e/apisix/e2e_test.go‎
Lines changed: 1 addition & 0 deletions b/‎test/e2e/apisix/e2e_test.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎test/e2e/framework/manifests/webhook.yaml‎
Lines changed: 181 additions & 13 deletions b/‎test/e2e/framework/manifests/webhook.yaml‎
Lines changed: 181 additions & 13 deletions
diff --git a/‎test/e2e/webhook/apisixconsumer.go‎
Lines changed: 88 additions & 0 deletions b/‎test/e2e/webhook/apisixconsumer.go‎
Lines changed: 88 additions & 0 deletions
@@ -30,6 +30,7 @@ import (
 	_ "github.com/apache/apisix-ingress-controller/test/e2e/gatewayapi"
 	_ "github.com/apache/apisix-ingress-controller/test/e2e/ingress"
 	"github.com/apache/apisix-ingress-controller/test/e2e/scaffold"
+	_ "github.com/apache/apisix-ingress-controller/test/e2e/webhook"
 )
 
 // TestAPISIXE2E runs e2e tests using the APISIX standalone mode
 
@@ -20,6 +20,174 @@ kind: ValidatingWebhookConfiguration
 metadata:
   name: test-webhook-{{ .Namespace }}
 webhooks:
+- name: vapisixconsumer-v2.kb.io
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: {{ .Namespace }}
+      path: /validate-apisix-apache-org-v2-apisixconsumer
+    caBundle: {{ .CABundle }}
+  admissionReviewVersions:
+    - v1
+  rules:
+    - operations:
+        - CREATE
+        - UPDATE
+      apiGroups:
+        - apisix.apache.org
+      apiVersions:
+        - v2
+      resources:
+        - apisixconsumers
+  failurePolicy: Fail
+  sideEffects: None
+- name: vapisixroute-v2.kb.io
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: {{ .Namespace }}
+      path: /validate-apisix-apache-org-v2-apisixroute
+    caBundle: {{ .CABundle }}
+  admissionReviewVersions:
+    - v1
+  rules:
+    - operations:
+        - CREATE
+        - UPDATE
+      apiGroups:
+        - apisix.apache.org
+      apiVersions:
+        - v2
+      resources:
+        - apisixroutes
+  failurePolicy: Fail
+  sideEffects: None
+- name: vapisixtls-v2.kb.io
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: {{ .Namespace }}
+      path: /validate-apisix-apache-org-v2-apisixtls
+    caBundle: {{ .CABundle }}
+  admissionReviewVersions:
+    - v1
+  rules:
+    - operations:
+        - CREATE
+        - UPDATE
+      apiGroups:
+        - apisix.apache.org
+      apiVersions:
+        - v2
+      resources:
+        - apisixtlses
+  failurePolicy: Fail
+  sideEffects: None
+- name: vconsumer-v1alpha1.kb.io
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: {{ .Namespace }}
+      path: /validate-apisix-apache-org-v1alpha1-consumer
+    caBundle: {{ .CABundle }}
+  admissionReviewVersions:
+    - v1
+  rules:
+    - operations:
+        - CREATE
+        - UPDATE
+      apiGroups:
+        - apisix.apache.org
+      apiVersions:
+        - v1alpha1
+      resources:
+        - consumers
+  failurePolicy: Fail
+  sideEffects: None
+- name: vgateway-v1.kb.io
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: {{ .Namespace }}
+      path: /validate-gateway-networking-k8s-io-v1-gateway
+    caBundle: {{ .CABundle }}
+  admissionReviewVersions:
+    - v1
+  rules:
+    - operations:
+        - CREATE
+        - UPDATE
+      apiGroups:
+        - gateway.networking.k8s.io
+      apiVersions:
+        - v1
+      resources:
+        - gateways
+  failurePolicy: Fail
+  sideEffects: None
+- name: vgatewayproxy-v1alpha1.kb.io
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: {{ .Namespace }}
+      path: /validate-apisix-apache-org-v1alpha1-gatewayproxy
+    caBundle: {{ .CABundle }}
+  admissionReviewVersions:
+    - v1
+  rules:
+    - operations:
+        - CREATE
+        - UPDATE
+      apiGroups:
+        - apisix.apache.org
+      apiVersions:
+        - v1alpha1
+      resources:
+        - gatewayproxies
+  failurePolicy: Fail
+  sideEffects: None
+- name: vgrpcroute-v1.kb.io
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: {{ .Namespace }}
+      path: /validate-gateway-networking-k8s-io-v1-grpcroute
+    caBundle: {{ .CABundle }}
+  admissionReviewVersions:
+    - v1
+  rules:
+    - operations:
+        - CREATE
+        - UPDATE
+      apiGroups:
+        - gateway.networking.k8s.io
+      apiVersions:
+        - v1
+      resources:
+        - grpcroutes
+  failurePolicy: Fail
+  sideEffects: None
+- name: vhttproute-v1.kb.io
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: {{ .Namespace }}
+      path: /validate-gateway-networking-k8s-io-v1-httproute
+    caBundle: {{ .CABundle }}
+  admissionReviewVersions:
+    - v1
+  rules:
+    - operations:
+        - CREATE
+        - UPDATE
+      apiGroups:
+        - gateway.networking.k8s.io
+      apiVersions:
+        - v1
+      resources:
+        - httproutes
+  failurePolicy: Fail
+  sideEffects: None
 - name: vingress-v1.kb.io
   clientConfig:
     service:
@@ -30,15 +198,15 @@ webhooks:
   admissionReviewVersions:
     - v1
   rules:
-  - operations:
-      - CREATE
-      - UPDATE
-    apiGroups:
-      - networking.k8s.io
-    apiVersions:
-      - v1
-    resources:
-      - ingresses
+    - operations:
+        - CREATE
+        - UPDATE
+      apiGroups:
+        - networking.k8s.io
+      apiVersions:
+        - v1
+      resources:
+        - ingresses
   failurePolicy: Fail
   sideEffects: None
 - name: vingressclass-v1.kb.io
@@ -62,12 +230,12 @@ webhooks:
         - ingressclasses
   failurePolicy: Fail
   sideEffects: None
-- name: vgateway-v1.kb.io
+- name: vtcproute-v1alpha2.kb.io
   clientConfig:
     service:
       name: webhook-service
       namespace: {{ .Namespace }}
-      path: /validate-gateway-networking-k8s-io-v1-gateway
+      path: /validate-gateway-networking-k8s-io-v1alpha2-tcproute
     caBundle: {{ .CABundle }}
   admissionReviewVersions:
     - v1
@@ -78,8 +246,8 @@ webhooks:
       apiGroups:
         - gateway.networking.k8s.io
       apiVersions:
-        - v1
+        - v1alpha2
       resources:
-        - gateways
+        - tcproutes
   failurePolicy: Fail
   sideEffects: None
@@ -0,0 +1,88 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package webhook
+
+import (
+	"fmt"
+	"time"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+
+	"github.com/apache/apisix-ingress-controller/test/e2e/scaffold"
+)
+
+var _ = Describe("Test ApisixConsumer Webhook", Label("webhook"), func() {
+	s := scaffold.NewScaffold(scaffold.Options{
+		Name:          "apisixconsumer-webhook-test",
+		EnableWebhook: true,
+	})
+
+	BeforeEach(func() {
+		By("creating GatewayProxy")
+		err := s.CreateResourceFromString(s.GetGatewayProxySpec())
+		Expect(err).NotTo(HaveOccurred(), "creating GatewayProxy")
+		time.Sleep(5 * time.Second)
+
+		By("creating IngressClass")
+		err = s.CreateResourceFromStringWithNamespace(s.GetIngressClassYaml(), "")
+		Expect(err).NotTo(HaveOccurred(), "creating IngressClass")
+		time.Sleep(5 * time.Second)
+	})
+
+	It("should warn on missing authentication secrets", func() {
+		missingSecret := "missing-basic-secret"
+		consumerName := "webhook-apisixconsumer"
+		consumerYAML := `
+apiVersion: apisix.apache.org/v2
+kind: ApisixConsumer
+metadata:
+  name: %s
+  namespace: %s
+spec:
+  ingressClassName: %s
+  authParameter:
+    basicAuth:
+      secretRef:
+        name: %s
+`
+
+		output, err := s.CreateResourceFromStringAndGetOutput(fmt.Sprintf(consumerYAML, consumerName, s.Namespace(), s.Namespace(), missingSecret))
+		Expect(err).ShouldNot(HaveOccurred())
+		Expect(output).To(ContainSubstring(fmt.Sprintf("Warning: Referenced Secret '%s/%s' not found", s.Namespace(), missingSecret)))
+
+		By("creating referenced secret")
+		secretYAML := fmt.Sprintf(`
+apiVersion: v1
+kind: Secret
+metadata:
+  name: %s
+stringData:
+  username: demo
+  password: demo
+`, missingSecret)
+		err = s.CreateResourceFromString(secretYAML)
+		Expect(err).NotTo(HaveOccurred(), "creating basic auth secret")
+
+		time.Sleep(2 * time.Second)
+
+		output, err = s.CreateResourceFromStringAndGetOutput(fmt.Sprintf(consumerYAML, consumerName, s.Namespace(), s.Namespace(), missingSecret))
+		Expect(err).ShouldNot(HaveOccurred())
+		Expect(output).NotTo(ContainSubstring(fmt.Sprintf("Warning: Referenced Secret '%s/%s' not found", s.Namespace(), missingSecret)))
+	})
+})
Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,7 @@ import (`
`30`	`30`	`_ "github.com/apache/apisix-ingress-controller/test/e2e/gatewayapi"`
`31`	`31`	`_ "github.com/apache/apisix-ingress-controller/test/e2e/ingress"`
`32`	`32`	`"github.com/apache/apisix-ingress-controller/test/e2e/scaffold"`
	`33`	`+ _ "github.com/apache/apisix-ingress-controller/test/e2e/webhook"`
`33`	`34`	`)`
`34`	`35`
`35`	`36`	`// TestAPISIXE2E runs e2e tests using the APISIX standalone mode`