diff --git a/conformance/tests/tlsroute-simple-same-namespace.go b/conformance/tests/tlsroute-simple-same-namespace.go index 20f9b21e4d..d42ed9e1b0 100644 --- a/conformance/tests/tlsroute-simple-same-namespace.go +++ b/conformance/tests/tlsroute-simple-same-namespace.go @@ -54,12 +54,12 @@ var TLSRouteSimpleSameNamespace = suite.ConformanceTest{ } serverStr := string(hostnames[0]) - cPem, kPem, err := GetTLSSecret(suite.Client, certNN) + cPem, keyPem, err := GetTLSSecret(suite.Client, certNN) if err != nil { t.Fatalf("unexpected error finding TLS secret: %v", err) } t.Run("Simple TLS request matching TLSRoute should reach infra-backend", func(t *testing.T) { - tls.MakeTLSRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, cPem, kPem, serverStr, + tls.MakeTLSRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, cPem, keyPem, serverStr, http.ExpectedResponse{ Request: http.Request{Host: serverStr, Path: "/"}, Backend: "infra-backend-v4", diff --git a/conformance/utils/kubernetes/helpers.go b/conformance/utils/kubernetes/helpers.go index 77dd07bfbf..d90c614617 100644 --- a/conformance/utils/kubernetes/helpers.go +++ b/conformance/utils/kubernetes/helpers.go @@ -435,9 +435,7 @@ func TLSRouteInfo(t *testing.T, client client.Client, timeoutConfig config.Timeo return match, nil }) - if waitErr != nil { - fmt.Errorf("error waiting for TLSRoute to have parents matching expectations") - } + require.NoErrorf(t, waitErr, "error waiting for TLSRoute to have parents matching expectations") return hostnames } diff --git a/conformance/utils/roundtripper/roundtripper.go b/conformance/utils/roundtripper/roundtripper.go index 295ae8b3f1..547ea0c6a9 100644 --- a/conformance/utils/roundtripper/roundtripper.go +++ b/conformance/utils/roundtripper/roundtripper.go @@ -27,6 +27,7 @@ import ( "net/http/httputil" "net/url" "regexp" + "sigs.k8s.io/gateway-api/conformance/utils/config" ) @@ -197,12 +198,12 @@ func IsRedirect(statusCode int) bool { // captured request and response from echoserver. An error will be returned if // there is an error running the function but not if an HTTP error status code // is received. -func (d *DefaultRoundTripper) CaptureTLSRoundTrip(request Request, cPem, kPem []byte, server string) (*CapturedRequest, *CapturedResponse, error) { +func (d *DefaultRoundTripper) CaptureTLSRoundTrip(request Request, cPem, keyPem []byte, server string) (*CapturedRequest, *CapturedResponse, error) { cReq := &CapturedRequest{} client := http.DefaultClient // Create a certificate from the provided cert and key - cert, err := tls.X509KeyPair(cPem, kPem) + cert, err := tls.X509KeyPair(cPem, keyPem) if err != nil { return nil, nil, fmt.Errorf("unexpected error creating cert: %w", err) } @@ -223,6 +224,8 @@ func (d *DefaultRoundTripper) CaptureTLSRoundTrip(request Request, cPem, kPem [] Certificates: []tls.Certificate{cert}, ServerName: server, RootCAs: certPool, + MinVersion: tls.VersionTLS10, + MaxVersion: tls.VersionTLS13, }, } diff --git a/conformance/utils/tls/tls.go b/conformance/utils/tls/tls.go index 938d1150f4..e696be8ae9 100644 --- a/conformance/utils/tls/tls.go +++ b/conformance/utils/tls/tls.go @@ -36,20 +36,20 @@ const requiredConsecutiveSuccesses = 3 // // Once the request succeeds consistently with the response having the expected status code, make // additional assertions on the response body using the provided ExpectedResponse. -func MakeTLSRequestAndExpectEventuallyConsistentResponse(t *testing.T, r roundtripper.RoundTripper, timeoutConfig config.TimeoutConfig, gwAddr string, cPem, kPem []byte, server string, expected http.ExpectedResponse) { +func MakeTLSRequestAndExpectEventuallyConsistentResponse(t *testing.T, r roundtripper.RoundTripper, timeoutConfig config.TimeoutConfig, gwAddr string, cPem, keyPem []byte, server string, expected http.ExpectedResponse) { t.Helper() req := http.MakeRequest(t, &expected, gwAddr, "HTTPS", "https") - WaitForConsistentTLSResponse(t, r, req, expected, requiredConsecutiveSuccesses, timeoutConfig.MaxTimeToConsistency, cPem, kPem, server) + WaitForConsistentTLSResponse(t, r, req, expected, requiredConsecutiveSuccesses, timeoutConfig.MaxTimeToConsistency, cPem, keyPem, server) } // WaitForConsistentTLSResponse - repeats the provided request until it completes with a response having // the expected response consistently. The provided threshold determines how many times in // a row this must occur to be considered "consistent". -func WaitForConsistentTLSResponse(t *testing.T, r roundtripper.RoundTripper, req roundtripper.Request, expected http.ExpectedResponse, threshold int, maxTimeToConsistency time.Duration, cPem, kPem []byte, server string) { +func WaitForConsistentTLSResponse(t *testing.T, r roundtripper.RoundTripper, req roundtripper.Request, expected http.ExpectedResponse, threshold int, maxTimeToConsistency time.Duration, cPem, keyPem []byte, server string) { http.AwaitConvergence(t, threshold, maxTimeToConsistency, func(elapsed time.Duration) bool { - cReq, cRes, err := r.CaptureTLSRoundTrip(req, cPem, kPem, server) + cReq, cRes, err := r.CaptureTLSRoundTrip(req, cPem, keyPem, server) if err != nil { t.Logf("Request failed, not ready yet: %v (after %v)", err.Error(), elapsed) return false