TestHTTPServiceUsesIngressRuleScheme makes sure httpService uses scheme defined in ingress rule and not by eyeball request
(t *testing.T)
| 148 | |
| 149 | // TestHTTPServiceUsesIngressRuleScheme makes sure httpService uses scheme defined in ingress rule and not by eyeball request |
| 150 | func TestHTTPServiceUsesIngressRuleScheme(t *testing.T) { |
| 151 | handler := func(w http.ResponseWriter, r *http.Request) { |
| 152 | require.NotNil(t, r.TLS) |
| 153 | // Echo the X-Forwarded-Proto header for assertions |
| 154 | w.Write([]byte(r.Header.Get("X-Forwarded-Proto"))) |
| 155 | } |
| 156 | origin := httptest.NewTLSServer(http.HandlerFunc(handler)) |
| 157 | defer origin.Close() |
| 158 | |
| 159 | originURL, err := url.Parse(origin.URL) |
| 160 | require.NoError(t, err) |
| 161 | require.Equal(t, "https", originURL.Scheme) |
| 162 | |
| 163 | cfg := OriginRequestConfig{ |
| 164 | NoTLSVerify: true, |
| 165 | } |
| 166 | httpService := &httpService{ |
| 167 | url: originURL, |
| 168 | } |
| 169 | shutdownC := make(chan struct{}) |
| 170 | require.NoError(t, httpService.start(TestLogger, shutdownC, cfg)) |
| 171 | |
| 172 | // Tunnel uses scheme defined in the service field of the ingress rule, independent of the X-Forwarded-Proto header |
| 173 | protos := []string{"https", "http", "dne"} |
| 174 | for _, p := range protos { |
| 175 | req, err := http.NewRequest(http.MethodGet, originURL.String(), nil) |
| 176 | require.NoError(t, err) |
| 177 | req.Header.Add("X-Forwarded-Proto", p) |
| 178 | |
| 179 | resp, err := httpService.RoundTrip(req) |
| 180 | require.NoError(t, err) |
| 181 | require.Equal(t, http.StatusOK, resp.StatusCode) |
| 182 | |
| 183 | respBody, err := io.ReadAll(resp.Body) |
| 184 | require.NoError(t, err) |
| 185 | require.Equal(t, respBody, []byte(p)) |
| 186 | } |
| 187 | } |
| 188 | |
| 189 | func tcpListenRoutine(listener net.Listener, closeChan chan struct{}) { |
| 190 | go func() { |