fix e2e

Signed-off-by: zirain <zirain2009@gmail.com>

Author: zirain

test/e2e/testdata/backend-tls.yaml

@@ -212,13 +212,11 @@ spec:
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
-  name: http-with-backend-tls-system-trust-store
+  name: http-with-backend-tls-trust-bundle
   namespace: gateway-conformance-infra
 spec:
   parentRefs:
     - name: same-namespace
-  hostnames:
-    - gateway.envoyproxy.io
   rules:
     - matches:
         - path:
@@ -257,3 +255,4 @@ spec:
         kind: ClusterTrustBundle
     hostname: example.com
 ---
+

test/e2e/testdata/httproute-with-dynamic-resolver-backend-with-clustertrustbundle.yaml

@@ -29,7 +29,7 @@ spec:
 apiVersion: gateway.envoyproxy.io/v1alpha1
 kind: Backend
 metadata:
-  name: backend-dynamic-resolver-tls
+  name: backend-dynamic-resolver-clustertrustbundle
   namespace: gateway-conformance-infra
 spec:
   type: DynamicResolver

test/e2e/testdata/httproute-with-dynamic-resolver-backend-with-tls.yaml

@@ -15,6 +15,14 @@ spec:
     - path:
         type: PathPrefix
         value: /with-tls
+  - backendRefs:
+    - group: gateway.envoyproxy.io
+      kind: Backend
+      name: backend-dynamic-resolver-clustertrustbundle
+    matches:
+    - path:
+        type: PathPrefix
+        value: /with-clustertrustbundle
 ---
 apiVersion: gateway.envoyproxy.io/v1alpha1
 kind: Backend

test/e2e/tests/backend_tls.go

@@ -25,10 +25,9 @@ var BackendTLSTest = suite.ConformanceTest{
 	Description: "Connect to backend with TLS",
 	Manifests:   []string{"testdata/backend-tls.yaml"},
 	Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
+		gwNN := types.NamespacedName{Name: "same-namespace", Namespace: ConformanceInfraNamespace}
 		t.Run("with a backend TLS Policy", func(t *testing.T) {
-			ns := "gateway-conformance-infra"
-			routeNN := types.NamespacedName{Name: "http-with-backend-tls", Namespace: ns}
-			gwNN := types.NamespacedName{Name: "same-namespace", Namespace: ns}
+			routeNN := types.NamespacedName{Name: "http-with-backend-tls", Namespace: ConformanceInfraNamespace}
 			gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN)
 
 			expectedResponse := http.ExpectedResponse{
@@ -38,7 +37,7 @@ var BackendTLSTest = suite.ConformanceTest{
 				Response: http.Response{
 					StatusCode: 200,
 				},
-				Namespace: ns,
+				Namespace: ConformanceInfraNamespace,
 			}
 
 			http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, expectedResponse)
@@ -49,9 +48,7 @@ var BackendTLSTest = suite.ConformanceTest{
 			if IPFamily == "ipv6" {
 				t.Skip("Skipping test as IP_FAMILY is IPv6")
 			}
-			ns := "gateway-conformance-infra"
-			routeNN := types.NamespacedName{Name: "http-with-backend-tls-system-trust-store", Namespace: ns}
-			gwNN := types.NamespacedName{Name: "same-namespace", Namespace: ns}
+			routeNN := types.NamespacedName{Name: "http-with-backend-tls-system-trust-store", Namespace: ConformanceInfraNamespace}
 			gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN)
 
 			expectedResponse := http.ExpectedResponse{
@@ -73,9 +70,7 @@ var BackendTLSTest = suite.ConformanceTest{
 		})
 
 		t.Run("without a backend TLS Policy", func(t *testing.T) {
-			ns := "gateway-conformance-infra"
-			routeNN := types.NamespacedName{Name: "http-without-backend-tls", Namespace: ns}
-			gwNN := types.NamespacedName{Name: "same-namespace", Namespace: ns}
+			routeNN := types.NamespacedName{Name: "http-without-backend-tls", Namespace: ConformanceInfraNamespace}
 			gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN)
 
 			expectedResponse := http.ExpectedResponse{
@@ -85,16 +80,14 @@ var BackendTLSTest = suite.ConformanceTest{
 				Response: http.Response{
 					StatusCode: 400, // Bad Request: Client sent an HTTP request to an HTTPS server
 				},
-				Namespace: ns,
+				Namespace: ConformanceInfraNamespace,
 			}
 
 			http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, expectedResponse)
 		})
 
 		t.Run("with CA mismatch and skip tls verify", func(t *testing.T) {
-			ns := "gateway-conformance-infra"
-			routeNN := types.NamespacedName{Name: "http-with-backend-insecure-skip-verify", Namespace: ns}
-			gwNN := types.NamespacedName{Name: "same-namespace", Namespace: ns}
+			routeNN := types.NamespacedName{Name: "http-with-backend-insecure-skip-verify", Namespace: ConformanceInfraNamespace}
 			gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN)
 
 			expectedResponse := http.ExpectedResponse{
@@ -104,26 +97,24 @@ var BackendTLSTest = suite.ConformanceTest{
 				Response: http.Response{
 					StatusCode: 200, // Bad Request: Client sent an HTTP request to an HTTPS server
 				},
-				Namespace: ns,
+				Namespace: ConformanceInfraNamespace,
 			}
 
 			http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, expectedResponse)
 		})
 
 		t.Run("with ClusterTrustBundle", func(t *testing.T) {
-			ns := "gateway-conformance-infra"
-			routeNN := types.NamespacedName{Name: "http-with-backend-tls", Namespace: ns}
-			gwNN := types.NamespacedName{Name: "same-namespace", Namespace: ns}
+			routeNN := types.NamespacedName{Name: "http-with-backend-tls-trust-bundle", Namespace: ConformanceInfraNamespace}
 			gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN)
 
 			expectedResponse := http.ExpectedResponse{
 				Request: http.Request{
-					Path: "/backend-tls",
+					Path: "/cluster-trust-bundle",
 				},
 				Response: http.Response{
 					StatusCode: 200,
 				},
-				Namespace: ns,
+				Namespace: ConformanceInfraNamespace,
 			}
 
 			http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, expectedResponse)

test/e2e/tests/httproute_with_dynamic_resolver_backend.go

@@ -19,8 +19,7 @@ import (
 func init() {
 	ConformanceTests = append(ConformanceTests,
 		DynamicResolverBackendTest,
-		DynamicResolverBackendWithTLSTest,
-		DynamicResolverBackendWithClusterTrustBundleTest)
+		DynamicResolverBackendWithTLSTest)
 }
 
 var DynamicResolverBackendTest = suite.ConformanceTest{
@@ -96,12 +95,30 @@ var DynamicResolverBackendWithTLSTest = suite.ConformanceTest{
 	Manifests: []string{
 		"testdata/httproute-with-dynamic-resolver-backend-with-tls.yaml",
 		"testdata/httproute-with-dynamic-resolver-backend-with-tls-system-ca.yaml",
+		"testdata/httproute-with-dynamic-resolver-backend-with-clustertrustbundle.yaml",
 	},
 	Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
 		ns := "gateway-conformance-infra"
 		gwNN := types.NamespacedName{Name: "same-namespace", Namespace: ns}
+		t.Run("ClusterTrustBundle", func(t *testing.T) {
+			routeNN := types.NamespacedName{Name: "httproute-with-dynamic-resolver-backend-tls", Namespace: ns}
+			gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN)
+			BackendMustBeAccepted(t, suite.Client, types.NamespacedName{Name: "backend-dynamic-resolver-clustertrustbundle", Namespace: ns})
+
+			expectedResponse := http.ExpectedResponse{
+				Request: http.Request{
+					Host: "backend-dynamic-resolver-tls.gateway-conformance-infra.svc.cluster.local:443",
+					Path: "/with-clustertrustbundle",
+				},
+				Response: http.Response{
+					StatusCode: 200,
+				},
+				Namespace: ns,
+			}
 
-		t.Run("route to service with TLS", func(t *testing.T) {
+			http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, expectedResponse)
+		})
+		t.Run("TLS", func(t *testing.T) {
 			routeNN := types.NamespacedName{Name: "httproute-with-dynamic-resolver-backend-tls", Namespace: ns}
 			gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN)
 			BackendMustBeAccepted(t, suite.Client, types.NamespacedName{Name: "backend-dynamic-resolver-tls", Namespace: ns})
@@ -119,7 +136,7 @@ var DynamicResolverBackendWithTLSTest = suite.ConformanceTest{
 
 			http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, expectedResponse)
 		})
-		t.Run("route to service with TLS using system CA", func(t *testing.T) {
+		t.Run("SystemCA", func(t *testing.T) {
 			routeNN := types.NamespacedName{Name: "httproute-with-dynamic-resolver-backend-tls-system-trust-store", Namespace: ns}
 			gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN)
 			BackendMustBeAccepted(t, suite.Client, types.NamespacedName{Name: "backend-dynamic-resolver-tls-system-trust-store", Namespace: ns})
@@ -142,33 +159,3 @@ var DynamicResolverBackendWithTLSTest = suite.ConformanceTest{
 		})
 	},
 }
-
-var DynamicResolverBackendWithClusterTrustBundleTest = suite.ConformanceTest{
-	ShortName:   "DynamicResolverBackendWithClusterTrustBundle",
-	Description: "Routes with a backend ref to a dynamic resolver backend with ClusterTrustBundle",
-	Manifests: []string{
-		"testdata/httproute-with-dynamic-resolver-backend-with-tls.yaml",
-		"testdata/httproute-with-dynamic-resolver-backend-with-clustertrustbundle.yaml",
-	},
-	Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
-		ns := "gateway-conformance-infra"
-		gwNN := types.NamespacedName{Name: "same-namespace", Namespace: ns}
-
-		routeNN := types.NamespacedName{Name: "httproute-with-dynamic-resolver-backend-tls", Namespace: ns}
-		gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN)
-		BackendMustBeAccepted(t, suite.Client, types.NamespacedName{Name: "backend-dynamic-resolver-tls", Namespace: ns})
-
-		expectedResponse := http.ExpectedResponse{
-			Request: http.Request{
-				Host: "backend-dynamic-resolver-tls.gateway-conformance-infra.svc.cluster.local:443",
-				Path: "/with-tls",
-			},
-			Response: http.Response{
-				StatusCode: 200,
-			},
-			Namespace: ns,
-		}
-
-		http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, expectedResponse)
-	},
-}