repeat tests with TLS (#129)

* repeat tests with TLS

* added second kn service to test TLS with it

* added second kn service to test TLS with it

* added second kn service to test TLS with it

* added second kn service to test TLS with it

* added second kn service to test TLS with it

* added second kn service to test TLS with it

Author: davidhadas

.github/workflows/e2e.yaml

@@ -79,20 +79,43 @@ jobs:
         kubectl apply -f https://github.com/knative/serving/releases/download/knative-v1.8.3/serving-default-domain.yaml
         kubectl wait --timeout 300s --for=condition=complete job/default-domain -n knative-serving
 
-    - name: install test service
+    - name: install test service1
       run: |
-        kubectl apply -f ./test/e2e/deploy/httptestCrd.yaml
-        kn service create httptest \
+        kubectl apply -f ./test/e2e/deploy/httptest1Crd.yaml
+        kn service create httptest1 \
            --image gcr.io/knative-samples/helloworld-go \
            --env "TARGET=Secured World" \
            --annotation features.knative.dev/queueproxy-podinfo=enabled \
            --annotation qpoption.knative.dev/guard-activate=enable
         URL=`kn service list|head -2|tail -1|awk '{print $2}'`   
         echo "SERVICE_URL=$URL" >> $GITHUB_ENV
 
-    - name: Run e2e Tests
+    - name: Run e2e Tests "httptest1"
       run: |
-        ./test/e2e/e2e-tests.sh $SERVICE_URL
+        ./test/e2e/e2e-tests.sh $SERVICE_URL "httptest1"
+
+    - name: Activate TLS
+      run: |
+        ./hack/setTLS.sh
+    
+    - name: Cleanup httptest1
+      run: |
+        kn service delete httptest1
+      
+    - name: install test service2
+      run: |
+        kubectl apply -f ./test/e2e/deploy/httptest2Crd.yaml
+        kn service create httptest2 \
+           --image gcr.io/knative-samples/helloworld-go \
+           --env "TARGET=Secured World" \
+           --annotation features.knative.dev/queueproxy-podinfo=enabled \
+           --annotation qpoption.knative.dev/guard-activate=enable
+        URL=`kn service list|head -2|tail -1|awk '{print $2}'`   
+        echo "SERVICE_URL=$URL" >> $GITHUB_ENV
+
+    - name: Run e2e Tests With TLS
+      run: |
+        ./test/e2e/e2e-tests.sh $SERVICE_URL "httptest2"
 
     - uses: chainguard-dev/actions/kind-diag@main
       # Only upload logs on failure.

test/e2e/deploy/httptestCrd.yaml test/e2e/deploy/httptest1Crd.yamltest/e2e/deploy/httptestCrd.yaml renamed to test/e2e/deploy/httptest1Crd.yaml

@@ -3,7 +3,7 @@ kind: Guardian
 metadata:
   creationTimestamp: "2022-12-11T13:40:47Z"
   generation: 1
-  name: httptest
+  name: httptest1
   namespace: default
   resourceVersion: "40851122"
   uid: 3b3a4231-a2b2-4bf8-bbbd-64714b7119e9

test/e2e/deploy/httptest2Crd.yaml

@@ -0,0 +1,205 @@
+apiVersion: guard.security.knative.dev/v1alpha1
+kind: Guardian
+metadata:
+  creationTimestamp: "2022-12-11T13:40:47Z"
+  generation: 1
+  name: httptest2
+  namespace: default
+  resourceVersion: "40851122"
+  uid: 3b3a4231-a2b2-4bf8-bbbd-64714b7119e9
+spec:
+  control:
+    alert: true
+    auto: true
+    block: false
+    force: true
+    learn: true
+  learned:
+    active: true
+    envelop:
+      completiontime: 0
+      responsetime: 0
+    pod:
+      tcp4peers: null
+      tcp6peers: null
+      udp4peers: null
+      udp6peers: null
+      udplite4peers: null
+      udplite6peers: null
+    req:
+      cip: null
+      contentlength:
+      - max: 0
+        min: 0
+      headers:
+        kv:
+          otherKeynames: null
+          otherVals: null
+          vals:
+            Accept:
+              digits: 0
+              flags: 1073750272
+              letters: 0
+              nonreadables: 0
+              schars: 3
+              sequences: 1
+              spaces: 0
+              unicodeFlags: []
+              unicodes: 0
+            Forwarded:
+              digits: 20
+              flags: 167936
+              letters: 20
+              nonreadables: 0
+              schars: 6
+              sequences: 30
+              spaces: 0
+              unicodeFlags: []
+              unicodes: 0
+            K-Proxy-Request:
+              digits: 0
+              flags: 0
+              letters: 9
+              nonreadables: 0
+              schars: 0
+              sequences: 1
+              spaces: 0
+              unicodeFlags: []
+              unicodes: 0
+            User-Agent:
+              digits: 4
+              flags: 12288
+              letters: 4
+              nonreadables: 0
+              schars: 3
+              sequences: 7
+              spaces: 0
+              unicodeFlags: []
+              unicodes: 0
+            X-Forwarded-For:
+              digits: 30
+              flags: 5120
+              letters: 0
+              nonreadables: 0
+              schars: 7
+              sequences: 16
+              spaces: 1
+              unicodeFlags: []
+              unicodes: 0
+            X-Forwarded-Proto:
+              digits: 0
+              flags: 0
+              letters: 4
+              nonreadables: 0
+              schars: 0
+              sequences: 1
+              spaces: 0
+              unicodeFlags: []
+              unicodes: 0
+            X-Request-Id:
+              digits: 50
+              flags: 2048
+              letters: 50
+              nonreadables: 0
+              schars: 4
+              sequences: 80
+              spaces: 0
+              unicodeFlags: []
+              unicodes: 0
+      hopip: null
+      mediatype:
+        params:
+          otherKeynames: null
+          otherVals: null
+          vals: {}
+        type:
+          set:
+          - none
+      method:
+        set:
+        - GET
+      proto:
+        set:
+        - HTTP/1.1
+      qs:
+        kv:
+          otherKeynames: null
+          otherVals: null
+          vals: {}
+      url:
+        segments:
+        - max: 0
+          min: 0
+        val:
+          digits: 0
+          flags: 0
+          letters: 0
+          nonreadables: 0
+          schars: 0
+          sequences: 0
+          spaces: 0
+          unicodeFlags: []
+          unicodes: 0
+    reqbody:
+      structured: null
+      unstructured: null
+    resp:
+      contentlength:
+      - max: 5
+        min: 5
+      headers:
+        kv:
+          otherKeynames: null
+          otherVals: null
+          vals:
+            Content-Length:
+              digits: 2
+              flags: 0
+              letters: 0
+              nonreadables: 0
+              schars: 0
+              sequences: 1
+              spaces: 0
+              unicodeFlags: []
+              unicodes: 0
+            Content-Type:
+              digits: 1
+              flags: 174080
+              letters: 19
+              nonreadables: 0
+              schars: 4
+              sequences: 10
+              spaces: 1
+              unicodeFlags: []
+              unicodes: 0
+            Date:
+              digits: 12
+              flags: 17408
+              letters: 9
+              nonreadables: 0
+              schars: 3
+              sequences: 16
+              spaces: 5
+              unicodeFlags: []
+              unicodes: 0
+      mediatype:
+        params:
+          otherKeynames: null
+          otherVals: null
+          vals:
+            charset:
+              digits: 1
+              flags: 2048
+              letters: 3
+              nonreadables: 0
+              schars: 1
+              sequences: 3
+              spaces: 0
+              unicodeFlags: []
+              unicodes: 0
+        type:
+          set:
+          - text/plain
+    respbody:
+      structured: null
+      unstructured: null

test/e2e/e2e-tests.sh

@@ -1,21 +1,20 @@
 
 URL=$1
+HTTPTEST=$2
 echo "connecting to $URL"
 curl $URL
-kubectl logs deployment/httptest-00001-deployment queue-proxy
+kubectl logs deployment/${HTTPTEST}-00001-deployment queue-proxy
 kubectl logs deployment/guard-service -n knative-serving
-response=`kubectl logs deployment/httptest-00001-deployment queue-proxy|grep -i "alert"|tail -1`
-responseEnd="${response#*Alert}"
-alert=${responseEnd%%\"*}
+response=`kubectl logs deployment/${HTTPTEST}-00001-deployment queue-proxy|grep INFO | grep -i "alert"|tail -1`
 
-echo "Alert Value: $alert"
-if [ "$alert" != "!" ]; then
+echo "response: $response"
+if [ ! -z ${response} ]; then
    exit 1
 fi
 
 curl "$URL?a=2"
-kubectl logs deployment/httptest-00001-deployment queue-proxy
-response=`kubectl logs deployment/httptest-00001-deployment queue-proxy|grep "ALERT!"|tail -1`
+kubectl logs deployment/${HTTPTEST}-00001-deployment queue-proxy
+response=`kubectl logs deployment/${HTTPTEST}-00001-deployment queue-proxy|grep INFO |grep "ALERT!"|tail -1`
 responseEnd="${response#*ALERT}"
 alert=${responseEnd%%\"*}
 
@@ -26,8 +25,8 @@ fi
 
 
 curl $URL -H "a:2"
-kubectl logs deployment/httptest-00001-deployment queue-proxy
-response=`kubectl logs deployment/httptest-00001-deployment queue-proxy|grep "ALERT!"|tail -1`
+kubectl logs deployment/${HTTPTEST}-00001-deployment queue-proxy
+response=`kubectl logs deployment/${HTTPTEST}-00001-deployment queue-proxy|grep INFO |grep "ALERT!"|tail -1`
 responseEnd="${response#*ALERT}"
 alert=${responseEnd%%\"*}