Apply PR feedback

snorwin · snorwin · commit 749768e1e09a · 2025-08-22T06:13:33.000Z
Signed-off-by: Norwin Schnyder &lt;norwin.schnyder+github@gmail.com&gt;
diff --git a/conformance/tests/backendtlspolicy-invalid-ca-certificate-ref.go b/conformance/tests/backendtlspolicy-invalid-ca-certificate-ref.go
@@ -32,11 +32,11 @@ import (
 )
 
 func init() {
-	ConformanceTests = append(ConformanceTests, BackendTLSPolicyCACertificateRefInvalidCACertificateRef)
+	ConformanceTests = append(ConformanceTests, BackendTLSPolicyInvalidCACertificateRef)
 }
 
-var BackendTLSPolicyCACertificateRefInvalidCACertificateRef = suite.ConformanceTest{
-	ShortName:   "BackendTLSPolicyCACertificateRefInvalidCACertificateRef",
+var BackendTLSPolicyInvalidCACertificateRef = suite.ConformanceTest{
+	ShortName:   "BackendTLSPolicyInvalidCACertificateRef",
 	Description: "A BackendTLSPolicy that specifies a single invalid CACertificateRef should have the Accepted and ResolvedRefs status condition set False with appropriate reasons, and HTTP requests to a backend targeted by this policy should fail with a 5xx response.",
 	Features: []features.FeatureName{
 		features.SupportGateway,
@@ -81,13 +81,16 @@ var BackendTLSPolicyCACertificateRefInvalidCACertificateRef = suite.ConformanceT
 				})
 
 				t.Run("HTTP Request to backend targeted by an invalid BackendTLSPolicy receive a 5xx", func(t *testing.T) {
-					h.MakeRequestAndExpectFailure(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr,
+					h.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr,
 						h.ExpectedResponse{
 							Namespace: ns,
 							Request: h.Request{
 								Host: serverStr,
 								Path: "/backendtlspolicy-" + policyNN.Name,
 							},
+							Response: h.Response{
+								StatusCodes: []int{500, 502, 503},
+							},
 						})
 				})
 			})
diff --git a/conformance/tests/backendtlspolicy-invalid-kind.go b/conformance/tests/backendtlspolicy-invalid-kind.go
@@ -32,11 +32,11 @@ import (
 )
 
 func init() {
-	ConformanceTests = append(ConformanceTests, BackendTLSPolicyCACertificateRefInvalidKind)
+	ConformanceTests = append(ConformanceTests, BackendTLSPolicyInvalidKind)
 }
 
-var BackendTLSPolicyCACertificateRefInvalidKind = suite.ConformanceTest{
-	ShortName:   "BackendTLSPolicyCACertificateRefInvalidKind",
+var BackendTLSPolicyInvalidKind = suite.ConformanceTest{
+	ShortName:   "BackendTLSPolicyInvalidKind",
 	Description: "A BackendTLSPolicy that specifies a single CACertificateRef with an invalid kind should have the Accepted and ResolvedRefs status condition set False with appropriate reasons, and HTTP requests to a backend targeted by this policy should fail with a 5xx response.",
 	Features: []features.FeatureName{
 		features.SupportGateway,
@@ -78,13 +78,16 @@ var BackendTLSPolicyCACertificateRefInvalidKind = suite.ConformanceTest{
 		})
 
 		t.Run("HTTP Request to backend targeted by an invalid BackendTLSPolicy receive a 5xx", func(t *testing.T) {
-			h.MakeRequestAndExpectFailure(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr,
+			h.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr,
 				h.ExpectedResponse{
 					Namespace: ns,
 					Request: h.Request{
 						Host: serverStr,
 						Path: "/backendtlspolicy-" + policyNN.Name,
 					},
+					Response: h.Response{
+						StatusCodes: []int{500, 502, 503},
+					},
 				})
 		})
 	},
diff --git a/conformance/utils/http/http.go b/conformance/utils/http/http.go
@@ -92,6 +92,7 @@ type ExpectedRequest struct {
 // Response defines expected properties of a response from a backend.
 type Response struct {
 	StatusCode    int
+	StatusCodes   []int // alternative to StatusCode, allows multiple acceptable codes
 	Headers       map[string]string
 	AbsentHeaders []string
 	Protocol      string
@@ -304,7 +305,18 @@ func CompareRoundTrip(t *testing.T, req *roundtripper.Request, cReq *roundtrippe
 			return nil
 		}
 	}
-	if expected.Response.StatusCode != cRes.StatusCode {
+	if len(expected.Response.StatusCodes) > 0 {
+		matched := false
+		for _, code := range expected.Response.StatusCodes {
+			if code == cRes.StatusCode {
+				matched = true
+				break
+			}
+		}
+		if !matched {
+			return fmt.Errorf("expected status code to be one of %v, got %d", expected.Response.StatusCodes, cRes.StatusCode)
+		}
+	} else if expected.Response.StatusCode != cRes.StatusCode {
 		return fmt.Errorf("expected status code to be %d, got %d. CRes: %v", expected.Response.StatusCode, cRes.StatusCode, cRes)
 	}
 	if expected.Response.Protocol != "" && expected.Response.Protocol != cRes.Protocol {
@@ -467,6 +479,9 @@ func (er *ExpectedResponse) GetTestCaseName(i int) string {
 	if er.Backend != "" {
 		return fmt.Sprintf("%s should go to %s", reqStr, er.Backend)
 	}
+	if len(er.Response.StatusCodes) > 0 {
+		return fmt.Sprintf("%s should receive one of %v", reqStr, er.Response.StatusCodes)
+	}
 	return fmt.Sprintf("%s should receive a %d", reqStr, er.Response.StatusCode)
 }
 
