@@ -581,6 +581,151 @@ spec:
581581 Check : scaffold .WithExpectedStatus (http .StatusOK ),
582582 })
583583 })
584+ It ("Test ApisixRoute with secretRef" , func () {
585+ const secretYaml = `
586+ apiVersion: v1
587+ kind: Secret
588+ metadata:
589+ name: echo-secret
590+ namespace: %s
591+ data:
592+ # content is "This is the replaced preface"
593+ before_body: IlRoaXMgaXMgdGhlIHJlcGxhY2VkIHByZWZhY2Ui
594+ # content is "my custom body"
595+ body: Im15IGN1c3RvbSBib2R5Ig==
596+ `
597+
598+ const apisixRouteSpec = `
599+ apiVersion: apisix.apache.org/v2
600+ kind: ApisixRoute
601+ metadata:
602+ name: httpbin-route
603+ namespace: %s
604+ spec:
605+ ingressClassName: %s
606+ http:
607+ - name: rule1
608+ match:
609+ hosts:
610+ - httpbin.org
611+ paths:
612+ - /ip
613+ backends:
614+ - serviceName: httpbin-service-e2e-test
615+ servicePort: 80
616+ plugins:
617+ - name: echo
618+ enable: true
619+ config:
620+ before_body: "This is the preface"
621+ after_body: "This is the epilogue"
622+ headers:
623+ X-Foo: v1
624+ X-Foo2: v2
625+ secretRef: echo-secret
626+ `
627+
628+ By ("create secret for ApisixRoute" )
629+ err := s .CreateResourceFromString (fmt .Sprintf (secretYaml , s .Namespace ()))
630+ Expect (err ).NotTo (HaveOccurred (), "creating echo secret for ApisixRoute" )
631+
632+ By ("apply ApisixRoute with secretRef" )
633+ var apisixRoute apiv2.ApisixRoute
634+ applier .MustApplyAPIv2 (types.NamespacedName {Namespace : s .Namespace (), Name : "httpbin-route" },
635+ & apisixRoute , fmt .Sprintf (apisixRouteSpec , s .Namespace (), s .Namespace ()))
636+
637+ By ("verify ApisixRoute with secretRef works" )
638+ Eventually (func () * http.Response {
639+ return s .NewAPISIXClient ().GET ("/ip" ).
640+ WithHeader ("Host" , "httpbin.org" ).
641+ Expect ().
642+ Raw ()
643+ }).WithTimeout (20 * time .Second ).ProbeEvery (time .Second ).Should (And (
644+ HaveHTTPStatus (http .StatusOK ),
645+ HaveHTTPHeaderWithValue ("X-Foo" , "v1" ),
646+ HaveHTTPHeaderWithValue ("X-Foo2" , "v2" ),
647+ ))
648+
649+ // Verify the response body contains the secret values
650+ resp := s .NewAPISIXClient ().GET ("/ip" ).
651+ WithHeader ("Host" , "httpbin.org" ).
652+ Expect ().
653+ Status (http .StatusOK )
654+
655+ resp .Body ().Contains ("This is the replaced preface" ) // From secret
656+ resp .Body ().Contains ("This is the epilogue" ) // From config
657+ resp .Body ().Contains ("my custom body" ) // From secret
658+ })
659+
660+ It ("Test ApisixRoute with secretRef - nested keys" , func () {
661+ const secretYaml = `
662+ apiVersion: v1
663+ kind: Secret
664+ metadata:
665+ name: echo-secret-nested
666+ namespace: %s
667+ data:
668+ headers.X-Foo: djI= # base64 for "v2"
669+ body: Im15IGN1c3RvbSBib2R5Ig== # base64 for "my custom body"
670+ `
671+
672+ const apisixRouteSpec = `
673+ apiVersion: apisix.apache.org/v2
674+ kind: ApisixRoute
675+ metadata:
676+ name: httpbin-route-nested
677+ namespace: %s
678+ spec:
679+ ingressClassName: %s
680+ http:
681+ - name: rule1
682+ match:
683+ hosts:
684+ - httpbin.org
685+ paths:
686+ - /ip
687+ backends:
688+ - serviceName: httpbin-service-e2e-test
689+ servicePort: 80
690+ plugins:
691+ - name: echo
692+ enable: true
693+ config:
694+ before_body: "This is the preface"
695+ after_body: "This is the epilogue"
696+ headers:
697+ X-Foo: v1
698+ secretRef: echo-secret-nested
699+ `
700+
701+ By ("create secret for ApisixRoute with nested keys" )
702+ err := s .CreateResourceFromString (fmt .Sprintf (secretYaml , s .Namespace ()))
703+ Expect (err ).NotTo (HaveOccurred (), "creating echo secret for ApisixRoute" )
704+
705+ By ("apply ApisixRoute with secretRef (nested keys)" )
706+ var apisixRoute apiv2.ApisixRoute
707+ applier .MustApplyAPIv2 (types.NamespacedName {Namespace : s .Namespace (), Name : "httpbin-route-nested" },
708+ & apisixRoute , fmt .Sprintf (apisixRouteSpec , s .Namespace (), s .Namespace ()))
709+
710+ By ("verify ApisixRoute with secretRef (nested keys) works" )
711+ Eventually (func () * http.Response {
712+ return s .NewAPISIXClient ().GET ("/ip" ).
713+ WithHeader ("Host" , "httpbin.org" ).
714+ Expect ().
715+ Raw ()
716+ }).WithTimeout (20 * time .Second ).ProbeEvery (time .Second ).Should (And (
717+ HaveHTTPStatus (http .StatusOK ),
718+ HaveHTTPHeaderWithValue ("X-Foo" , "v2" ), // From secret, overriding config value "v1"
719+ ))
720+
721+ // Verify the response body contains the secret values
722+ resp := s .NewAPISIXClient ().GET ("/ip" ).
723+ WithHeader ("Host" , "httpbin.org" ).
724+ Expect ().
725+ Status (http .StatusOK )
726+
727+ resp .Body ().Contains ("my custom body" ) // From secret
728+ })
584729 })
585730
586731 Context ("Ingress Scale and Route Management" , func () {
0 commit comments