diff --git a/pkg/agent/as3/as3Resource_test.go b/pkg/agent/as3/as3Resource_test.go index e40bb125a0..7d5b33dc82 100644 --- a/pkg/agent/as3/as3Resource_test.go +++ b/pkg/agent/as3/as3Resource_test.go @@ -10,6 +10,7 @@ var _ = Describe("AS3Manager Tests", func() { var mockMgr *mockAS3Manager var resourceConfig *ResourceConfig var as3Config *AS3Config + var rule1, rule2 *Rule BeforeEach(func() { as3Config = &AS3Config{ tenantMap: make(map[string]interface{}), @@ -60,7 +61,57 @@ var _ = Describe("AS3Manager Tests", func() { resourceConfig.Virtual.SetVirtualAddress("1.2.3.4", 443, true) resourceConfig.Monitors = []Monitor{{Name: "test_monitor", Partition: DEFAULT_PARTITION, Type: "tcp", Interval: 10, Send: "GET /", Recv: ""}} // url-rewrite host matches rule2 and rule3 - rule1 := &Rule{ + rule1 = &Rule{ + Name: "url-rewrite-rule1-++foo++", + FullURI: "host.com/bar", + Actions: []*Action{&Action{ + Name: "0", + HTTPHost: true, + Replace: true, + Request: true, + Value: "newhost.com", + }}, + Conditions: []*Condition{ + &Condition{ + Name: "0", + Equals: true, + Host: true, + HTTPHost: true, + Index: 0, + Request: true, + Values: []string{"foo.com"}, + }, + &Condition{ + Name: "0", + Equals: true, + PathSegment: true, + HTTPHost: true, + Index: 0, + Request: true, + Values: []string{"foo.com"}, + }, + &Condition{ + Name: "0", + Equals: true, + Path: true, + HTTPHost: true, + Index: 0, + Request: true, + Values: []string{"foo.com"}, + }, + &Condition{ + Name: "0", + Equals: true, + Tcp: true, + HTTPHost: true, + Index: 0, + Request: true, + Values: []string{"foo.com"}, + }, + }, + } + + rule2 = &Rule{ Name: "url-rewrite-rule1", FullURI: "host.com/bar", Actions: []*Action{&Action{ @@ -147,7 +198,7 @@ var _ = Describe("AS3Manager Tests", func() { mockMgr.ResourceRequest.Resources.RsMap[NameRef{Name: "test_virtual_secure", Partition: DEFAULT_PARTITION}] = resourceConfig as3Config.resourceConfig = mockMgr.prepareAS3ResourceConfig() unifiedDecl := mockMgr.getUnifiedDeclaration(as3Config) - mockMgr.as3ActiveConfig.unifiedDeclaration = "{\"$schema\":\"https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/3.52.0/as3-schema-3.52.0-5.json\",\"class\":\"AS3\",\"declaration\":{\"class\":\"ADC\",\"controls\":{\"class\":\"Controls\",\"userAgent\":\"\"},\"id\":\"urn:uuid:85626792-9ee7-46bb-8fc8-4ba708cfdc1d\",\"k8s\":{\"Shared\":{\"Openshift_insecure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"Openshift_secure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"class\":\"Application\",\"serverssl_ca_bundle\":{\"class\":\"CA_Bundle\",\"bundle\":\"\\ncert\"},\"template\":\"shared\",\"test_clientssl\":{\"class\":\"Certificate\",\"certificate\":\"cert\",\"privateKey\":\"key\",\"chainCA\":\"ca-file\"},\"test_datagroup\":{\"records\":[{\"key\":\"test_record\",\"value\":\"/Common/serverssl\"}],\"keyDataType\":\"string\",\"class\":\"Data_Group\"},\"test_irule\":{\"class\":\"iRule\",\"iRule\":\"Dummy Code\"},\"test_monitor\":{\"class\":\"Monitor\",\"interval\":10,\"monitorType\":\"tcp\",\"targetAddress\":\"\",\"timeUntilUp\":0,\"dscp\":0,\"receive\":\"none\",\"send\":\"GET /\",\"targetPort\":0},\"test_pool\":{\"class\":\"Pool\",\"members\":[{\"addressDiscovery\":\"static\",\"serverAddresses\":[\"192.168.1.1\"],\"servicePort\":80,\"shareNodes\":true}],\"monitors\":[{\"use\":\"/k8s/Shared/test_monitor\"}]},\"test_virtual_secure\":{\"source\":\"0.0.0.0/0\",\"translateServerAddress\":true,\"translateServerPort\":true,\"class\":\"Service_HTTPS\",\"virtualAddresses\":[\"1.2.3.4\"],\"virtualPort\":443,\"snat\":\"auto\",\"clientTLS\":{\"bigip\":\"/Common/serverssl\"},\"serverTLS\":[{\"bigip\":\"/Common/clientssl\"}],\"redirect80\":false,\"pool\":\"/k8s/Shared/test_pool\"},\"test_virtual_secure_tls_client\":{\"class\":\"TLS_Client\",\"trustCA\":{\"use\":\"serverssl_ca_bundle\"}},\"test_virtual_secure_tls_server\":{\"class\":\"TLS_Server\",\"certificates\":[{\"certificate\":\"test_clientssl\"}],\"renegotiationEnabled\":false}},\"class\":\"Tenant\",\"defaultRouteDomain\":0},\"label\":\"CIS Declaration\",\"remark\":\"Auto-generated by CIS\",\"schemaVersion\":\"3.52.0\"}}" + mockMgr.as3ActiveConfig.unifiedDeclaration = "{\"$schema\":\"https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/3.52.0/as3-schema-3.52.0-5.json\",\"class\":\"AS3\",\"declaration\":{\"class\":\"ADC\",\"controls\":{\"class\":\"Controls\",\"userAgent\":\"\"},\"id\":\"urn:uuid:85626792-9ee7-46bb-8fc8-4ba708cfdc1d\",\"k8s\":{\"Shared\":{\"Openshift_insecure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1___foo__\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"Openshift_secure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1___foo__\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"class\":\"Application\",\"serverssl_ca_bundle\":{\"class\":\"CA_Bundle\",\"bundle\":\"\\ncert\"},\"template\":\"shared\",\"test_clientssl\":{\"class\":\"Certificate\",\"certificate\":\"cert\",\"privateKey\":\"key\",\"chainCA\":\"ca-file\"},\"test_datagroup\":{\"records\":[{\"key\":\"test_record\",\"value\":\"/Common/serverssl\"}],\"keyDataType\":\"string\",\"class\":\"Data_Group\"},\"test_irule\":{\"class\":\"iRule\",\"iRule\":\"Dummy Code\"},\"test_monitor\":{\"class\":\"Monitor\",\"interval\":10,\"monitorType\":\"tcp\",\"targetAddress\":\"\",\"timeUntilUp\":0,\"dscp\":0,\"receive\":\"none\",\"send\":\"GET /\",\"targetPort\":0},\"test_pool\":{\"class\":\"Pool\",\"members\":[{\"addressDiscovery\":\"static\",\"serverAddresses\":[\"192.168.1.1\"],\"servicePort\":80,\"shareNodes\":true}],\"monitors\":[{\"use\":\"/k8s/Shared/test_monitor\"}]},\"test_virtual_secure\":{\"source\":\"0.0.0.0/0\",\"translateServerAddress\":true,\"translateServerPort\":true,\"class\":\"Service_HTTPS\",\"virtualAddresses\":[\"1.2.3.4\"],\"virtualPort\":443,\"snat\":\"auto\",\"clientTLS\":{\"bigip\":\"/Common/serverssl\"},\"serverTLS\":[{\"bigip\":\"/Common/clientssl\"}],\"redirect80\":false,\"pool\":\"/k8s/Shared/test_pool\"},\"test_virtual_secure_tls_client\":{\"class\":\"TLS_Client\",\"trustCA\":{\"use\":\"serverssl_ca_bundle\"}},\"test_virtual_secure_tls_server\":{\"class\":\"TLS_Server\",\"certificates\":[{\"certificate\":\"test_clientssl\"}],\"renegotiationEnabled\":false}},\"class\":\"Tenant\",\"defaultRouteDomain\":0},\"label\":\"CIS Declaration\",\"remark\":\"Auto-generated by CIS\",\"schemaVersion\":\"3.52.0\"}}" Expect(DeepEqualJSON(mockMgr.as3ActiveConfig.unifiedDeclaration, unifiedDecl)).To(BeTrue()) }) @@ -158,7 +209,7 @@ var _ = Describe("AS3Manager Tests", func() { mockMgr.ResourceRequest.Resources.RsMap[NameRef{Name: "test_virtual_secure", Partition: DEFAULT_PARTITION}] = resourceConfig as3Config.resourceConfig = mockMgr.prepareAS3ResourceConfig() unifiedDecl := mockMgr.getUnifiedDeclaration(as3Config) - mockMgr.as3ActiveConfig.unifiedDeclaration = "{\"$schema\":\"https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/3.52.0/as3-schema-3.52.0-5.json\",\"class\":\"AS3\",\"declaration\":{\"class\":\"ADC\",\"controls\":{\"class\":\"Controls\",\"userAgent\":\"\"},\"id\":\"urn:uuid:85626792-9ee7-46bb-8fc8-4ba708cfdc1d\",\"k8s\":{\"Shared\":{\"Openshift_insecure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"Openshift_secure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"class\":\"Application\",\"serverssl_ca_bundle\":{\"class\":\"CA_Bundle\",\"bundle\":\"\\ncert\"},\"template\":\"shared\",\"test_clientssl\":{\"class\":\"Certificate\",\"certificate\":\"cert\",\"privateKey\":\"key\",\"chainCA\":\"ca-file\"},\"test_datagroup\":{\"records\":[{\"key\":\"test_record\",\"value\":\"/Common/serverssl\"}],\"keyDataType\":\"string\",\"class\":\"Data_Group\"},\"test_irule\":{\"class\":\"iRule\",\"iRule\":\"Dummy Code\"},\"test_monitor\":{\"class\":\"Monitor\",\"interval\":10,\"monitorType\":\"tcp\",\"targetAddress\":\"\",\"timeUntilUp\":0,\"dscp\":0,\"receive\":\"none\",\"send\":\"GET /\",\"targetPort\":0},\"test_pool\":{\"class\":\"Pool\",\"members\":[{\"addressDiscovery\":\"static\",\"serverAddresses\":[\"192.168.1.1\"],\"servicePort\":80,\"shareNodes\":true}],\"monitors\":[{\"use\":\"/k8s/Shared/test_monitor\"}]},\"test_virtual_secure\":{\"source\":\"0.0.0.0/0\",\"translateServerAddress\":true,\"translateServerPort\":true,\"class\":\"Service_HTTPS\",\"virtualAddresses\":[\"1.2.3.4\"],\"virtualPort\":443,\"snat\":\"auto\",\"policyEndpoint\":\"/k8s/Shared/Test_Policy\",\"clientTLS\":{\"bigip\":\"/Common/serverssl\"},\"serverTLS\":[{\"bigip\":\"/Common/clientssl\"}],\"redirect80\":false},\"test_virtual_secure_tls_client\":{\"class\":\"TLS_Client\",\"trustCA\":{\"use\":\"serverssl_ca_bundle\"}},\"test_virtual_secure_tls_server\":{\"class\":\"TLS_Server\",\"certificates\":[{\"certificate\":\"test_clientssl\"}],\"renegotiationEnabled\":false}},\"class\":\"Tenant\",\"defaultRouteDomain\":0},\"label\":\"CIS Declaration\",\"remark\":\"Auto-generated by CIS\",\"schemaVersion\":\"3.52.0\"}}" + mockMgr.as3ActiveConfig.unifiedDeclaration = "{\"$schema\":\"https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/3.52.0/as3-schema-3.52.0-5.json\",\"class\":\"AS3\",\"declaration\":{\"class\":\"ADC\",\"controls\":{\"class\":\"Controls\",\"userAgent\":\"\"},\"id\":\"urn:uuid:85626792-9ee7-46bb-8fc8-4ba708cfdc1d\",\"k8s\":{\"Shared\":{\"Openshift_insecure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1___foo__\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"Openshift_secure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1___foo__\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"class\":\"Application\",\"serverssl_ca_bundle\":{\"class\":\"CA_Bundle\",\"bundle\":\"\\ncert\"},\"template\":\"shared\",\"test_clientssl\":{\"class\":\"Certificate\",\"certificate\":\"cert\",\"privateKey\":\"key\",\"chainCA\":\"ca-file\"},\"test_datagroup\":{\"records\":[{\"key\":\"test_record\",\"value\":\"/Common/serverssl\"}],\"keyDataType\":\"string\",\"class\":\"Data_Group\"},\"test_irule\":{\"class\":\"iRule\",\"iRule\":\"Dummy Code\"},\"test_monitor\":{\"class\":\"Monitor\",\"interval\":10,\"monitorType\":\"tcp\",\"targetAddress\":\"\",\"timeUntilUp\":0,\"dscp\":0,\"receive\":\"none\",\"send\":\"GET /\",\"targetPort\":0},\"test_pool\":{\"class\":\"Pool\",\"members\":[{\"addressDiscovery\":\"static\",\"serverAddresses\":[\"192.168.1.1\"],\"servicePort\":80,\"shareNodes\":true}],\"monitors\":[{\"use\":\"/k8s/Shared/test_monitor\"}]},\"test_virtual_secure\":{\"source\":\"0.0.0.0/0\",\"translateServerAddress\":true,\"translateServerPort\":true,\"class\":\"Service_HTTPS\",\"virtualAddresses\":[\"1.2.3.4\"],\"virtualPort\":443,\"snat\":\"auto\",\"policyEndpoint\":\"/k8s/Shared/Test_Policy\",\"clientTLS\":{\"bigip\":\"/Common/serverssl\"},\"serverTLS\":[{\"bigip\":\"/Common/clientssl\"}],\"redirect80\":false},\"test_virtual_secure_tls_client\":{\"class\":\"TLS_Client\",\"trustCA\":{\"use\":\"serverssl_ca_bundle\"}},\"test_virtual_secure_tls_server\":{\"class\":\"TLS_Server\",\"certificates\":[{\"certificate\":\"test_clientssl\"}],\"renegotiationEnabled\":false}},\"class\":\"Tenant\",\"defaultRouteDomain\":0},\"label\":\"CIS Declaration\",\"remark\":\"Auto-generated by CIS\",\"schemaVersion\":\"3.52.0\"}}" Expect(DeepEqualJSON(mockMgr.as3ActiveConfig.unifiedDeclaration, unifiedDecl)).To(BeTrue()) }) @@ -169,23 +220,11 @@ var _ = Describe("AS3Manager Tests", func() { mockMgr.ResourceRequest.Resources.RsMap[NameRef{Name: "test_virtual_secure", Partition: DEFAULT_PARTITION}] = resourceConfig as3Config.resourceConfig = mockMgr.prepareAS3ResourceConfig() unifiedDecl := mockMgr.getUnifiedDeclaration(as3Config) - mockMgr.as3ActiveConfig.unifiedDeclaration = "{\"$schema\":\"https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/3.52.0/as3-schema-3.52.0-5.json\",\"class\":\"AS3\",\"declaration\":{\"class\":\"ADC\",\"controls\":{\"class\":\"Controls\",\"userAgent\":\"\"},\"id\":\"urn:uuid:85626792-9ee7-46bb-8fc8-4ba708cfdc1d\",\"k8s\":{\"Shared\":{\"Openshift_insecure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"Openshift_secure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"class\":\"Application\",\"serverssl_ca_bundle\":{\"class\":\"CA_Bundle\",\"bundle\":\"\\ncert\"},\"template\":\"shared\",\"test_clientssl\":{\"class\":\"Certificate\",\"certificate\":\"cert\",\"privateKey\":\"key\",\"chainCA\":\"ca-file\"},\"test_datagroup\":{\"records\":[{\"key\":\"test_record\",\"value\":\"/Common/serverssl\"}],\"keyDataType\":\"string\",\"class\":\"Data_Group\"},\"test_irule\":{\"class\":\"iRule\",\"iRule\":\"Dummy Code\"},\"test_monitor\":{\"class\":\"Monitor\",\"interval\":10,\"monitorType\":\"tcp\",\"targetAddress\":\"\",\"timeUntilUp\":0,\"dscp\":0,\"receive\":\"none\",\"send\":\"GET /\",\"targetPort\":0},\"test_pool\":{\"class\":\"Pool\",\"members\":[{\"addressDiscovery\":\"static\",\"serverAddresses\":[\"192.168.1.1\"],\"servicePort\":80,\"shareNodes\":true}],\"monitors\":[{\"use\":\"/k8s/Shared/test_monitor\"}]},\"test_virtual_secure\":{\"source\":\"0.0.0.0/0\",\"translateServerAddress\":true,\"translateServerPort\":true,\"class\":\"Service_HTTPS\",\"virtualAddresses\":[\"1.2.3.4\"],\"virtualPort\":443,\"snat\":\"auto\",\"policyEndpoint\":null,\"clientTLS\":{\"bigip\":\"/Common/serverssl\"},\"serverTLS\":[{\"bigip\":\"/Common/clientssl\"}],\"redirect80\":false},\"test_virtual_secure_tls_client\":{\"class\":\"TLS_Client\",\"trustCA\":{\"use\":\"serverssl_ca_bundle\"}},\"test_virtual_secure_tls_server\":{\"class\":\"TLS_Server\",\"certificates\":[{\"certificate\":\"test_clientssl\"}],\"renegotiationEnabled\":false}},\"class\":\"Tenant\",\"defaultRouteDomain\":0},\"label\":\"CIS Declaration\",\"remark\":\"Auto-generated by CIS\",\"schemaVersion\":\"3.52.0\"}}" + mockMgr.as3ActiveConfig.unifiedDeclaration = "{\"$schema\":\"https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/3.52.0/as3-schema-3.52.0-5.json\",\"class\":\"AS3\",\"declaration\":{\"class\":\"ADC\",\"controls\":{\"class\":\"Controls\",\"userAgent\":\"\"},\"id\":\"urn:uuid:85626792-9ee7-46bb-8fc8-4ba708cfdc1d\",\"k8s\":{\"Shared\":{\"Openshift_insecure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1___foo__\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"Openshift_secure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1___foo__\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"class\":\"Application\",\"serverssl_ca_bundle\":{\"class\":\"CA_Bundle\",\"bundle\":\"\\ncert\"},\"template\":\"shared\",\"test_clientssl\":{\"class\":\"Certificate\",\"certificate\":\"cert\",\"privateKey\":\"key\",\"chainCA\":\"ca-file\"},\"test_datagroup\":{\"records\":[{\"key\":\"test_record\",\"value\":\"/Common/serverssl\"}],\"keyDataType\":\"string\",\"class\":\"Data_Group\"},\"test_irule\":{\"class\":\"iRule\",\"iRule\":\"Dummy Code\"},\"test_monitor\":{\"class\":\"Monitor\",\"interval\":10,\"monitorType\":\"tcp\",\"targetAddress\":\"\",\"timeUntilUp\":0,\"dscp\":0,\"receive\":\"none\",\"send\":\"GET /\",\"targetPort\":0},\"test_pool\":{\"class\":\"Pool\",\"members\":[{\"addressDiscovery\":\"static\",\"serverAddresses\":[\"192.168.1.1\"],\"servicePort\":80,\"shareNodes\":true}],\"monitors\":[{\"use\":\"/k8s/Shared/test_monitor\"}]},\"test_virtual_secure\":{\"source\":\"0.0.0.0/0\",\"translateServerAddress\":true,\"translateServerPort\":true,\"class\":\"Service_HTTPS\",\"virtualAddresses\":[\"1.2.3.4\"],\"virtualPort\":443,\"snat\":\"auto\",\"policyEndpoint\":null,\"clientTLS\":{\"bigip\":\"/Common/serverssl\"},\"serverTLS\":[{\"bigip\":\"/Common/clientssl\"}],\"redirect80\":false},\"test_virtual_secure_tls_client\":{\"class\":\"TLS_Client\",\"trustCA\":{\"use\":\"serverssl_ca_bundle\"}},\"test_virtual_secure_tls_server\":{\"class\":\"TLS_Server\",\"certificates\":[{\"certificate\":\"test_clientssl\"}],\"renegotiationEnabled\":false}},\"class\":\"Tenant\",\"defaultRouteDomain\":0},\"label\":\"CIS Declaration\",\"remark\":\"Auto-generated by CIS\",\"schemaVersion\":\"3.52.0\"}}" Expect(DeepEqualJSON(mockMgr.as3ActiveConfig.unifiedDeclaration, unifiedDecl)).To(BeTrue()) }) - It("Prepare AS3 Declaration for route config", func() { - resourceConfig.MetaData.ResourceType = ResourceTypeRoute - resourceConfig.MetaData.RouteProfs[RouteKey{Name: "test-clientssl", Namespace: DEFAULT_PARTITION, Context: "clientside"}] = "/Common/test-clientssl" - resourceConfig.MetaData.RouteProfs[RouteKey{Name: "test-serverssl", Namespace: DEFAULT_PARTITION, Context: "serverside"}] = "/Common/test-serverssl" - mockMgr.ResourceRequest.Resources.RsMap[NameRef{Name: "test_virtual_secure", Partition: DEFAULT_PARTITION}] = resourceConfig - as3Config.resourceConfig = mockMgr.prepareAS3ResourceConfig() - unifiedDecl := mockMgr.getUnifiedDeclaration(as3Config) - Expect(mockMgr.validateAS3Template(string(unifiedDecl))).To(BeFalse()) - mockMgr.as3ActiveConfig.unifiedDeclaration = "{\"$schema\":\"https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/3.52.0/as3-schema-3.52.0-5.json\",\"class\":\"AS3\",\"declaration\":{\"class\":\"ADC\",\"controls\":{\"class\":\"Controls\",\"userAgent\":\"\"},\"id\":\"urn:uuid:85626792-9ee7-46bb-8fc8-4ba708cfdc1d\",\"k8s\":{\"Shared\":{\"class\":\"Application\",\"openshift_insecure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}},{\"type\":\"waf\",\"enabled\":false}]},{\"name\":\"openshift_route_waf_disable\",\"actions\":[{\"type\":\"drop\",\"event\":\"request\"},{\"type\":\"waf\",\"enabled\":false}]}]},\"openshift_secure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}},{\"type\":\"waf\",\"enabled\":false}]},{\"name\":\"openshift_route_waf_disable\",\"actions\":[{\"type\":\"drop\",\"event\":\"request\"},{\"type\":\"waf\",\"enabled\":false}]}]},\"serverssl_ca_bundle\":{\"class\":\"CA_Bundle\",\"bundle\":\"\\ncert\"},\"template\":\"shared\",\"test_clientssl\":{\"class\":\"Certificate\",\"certificate\":\"cert\",\"privateKey\":\"key\",\"chainCA\":\"ca-file\"},\"test_datagroup\":{\"records\":[{\"key\":\"test_record\",\"value\":\"/Common/test-serverssl\"}],\"keyDataType\":\"string\",\"class\":\"Data_Group\"},\"test_irule\":{\"class\":\"iRule\",\"iRule\":\"Dummy Code\"},\"test_monitor\":{\"class\":\"Monitor\",\"interval\":10,\"monitorType\":\"tcp\",\"targetAddress\":\"\",\"timeUntilUp\":0,\"dscp\":0,\"receive\":\"none\",\"send\":\"GET /\",\"targetPort\":0},\"test_pool\":{\"class\":\"Pool\",\"members\":[{\"addressDiscovery\":\"static\",\"serverAddresses\":[\"192.168.1.1\"],\"servicePort\":80,\"shareNodes\":true}],\"monitors\":[{\"use\":\"/k8s/Shared/test_monitor\"}]},\"test_virtual_secure\":{\"source\":\"0.0.0.0/0\",\"translateServerAddress\":true,\"translateServerPort\":true,\"class\":\"Service_HTTPS\",\"virtualAddresses\":[\"1.2.3.4\"],\"virtualPort\":443,\"snat\":\"auto\",\"clientTLS\":{\"bigip\":\"/Common/test-serverssl\"},\"serverTLS\":[{\"bigip\":\"/Common/test-clientssl\"}],\"redirect80\":false,\"pool\":\"/k8s/Shared/test_pool\"},\"test_virtual_secure_tls_client\":{\"class\":\"TLS_Client\",\"trustCA\":{\"use\":\"serverssl_ca_bundle\"}},\"test_virtual_secure_tls_server\":{\"class\":\"TLS_Server\",\"certificates\":[{\"certificate\":\"test_clientssl\"}],\"renegotiationEnabled\":false}},\"class\":\"Tenant\",\"defaultRouteDomain\":0},\"label\":\"CIS Declaration\",\"remark\":\"Auto-generated by CIS\",\"schemaVersion\":\"3.52.0\"}}" - Expect(DeepEqualJSON(mockMgr.as3ActiveConfig.unifiedDeclaration, unifiedDecl)).To(BeTrue()) - - }) It("Prepare AS3 Declaration for ingress config", func() { resourceConfig.MetaData.ResourceType = ResourceTypeIngress resourceConfig.Virtual.Profiles = append(resourceConfig.Virtual.Profiles, ProfileRef{Name: "test-clientssl", Partition: DEFAULT_PARTITION, Context: "clientside"}) @@ -195,7 +234,7 @@ var _ = Describe("AS3Manager Tests", func() { as3Config.resourceConfig = mockMgr.prepareAS3ResourceConfig() unifiedDecl := mockMgr.getUnifiedDeclaration(as3Config) Expect(mockMgr.validateAS3Template(string(unifiedDecl))).To(BeFalse()) - mockMgr.as3ActiveConfig.unifiedDeclaration = "{\"$schema\":\"https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/3.52.0/as3-schema-3.52.0-5.json\",\"class\":\"AS3\",\"declaration\":{\"class\":\"ADC\",\"controls\":{\"class\":\"Controls\",\"userAgent\":\"\"},\"id\":\"urn:uuid:85626792-9ee7-46bb-8fc8-4ba708cfdc1d\",\"k8s\":{\"Shared\":{\"Openshift_insecure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"Openshift_secure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"class\":\"Application\",\"serverssl_ca_bundle\":{\"class\":\"CA_Bundle\",\"bundle\":\"\\ncert\"},\"template\":\"shared\",\"test_clientssl\":{\"class\":\"Certificate\",\"certificate\":\"cert\",\"privateKey\":\"key\",\"chainCA\":\"ca-file\"},\"test_datagroup\":{\"records\":[{\"key\":\"test_record\",\"value\":\"/Common/serverssl\"}],\"keyDataType\":\"string\",\"class\":\"Data_Group\"},\"test_irule\":{\"class\":\"iRule\",\"iRule\":\"Dummy Code\"},\"test_monitor\":{\"class\":\"Monitor\",\"interval\":10,\"monitorType\":\"tcp\",\"targetAddress\":\"\",\"timeUntilUp\":0,\"dscp\":0,\"receive\":\"none\",\"send\":\"GET /\",\"targetPort\":0},\"test_pool\":{\"class\":\"Pool\",\"members\":[{\"addressDiscovery\":\"static\",\"serverAddresses\":[\"192.168.1.1\"],\"servicePort\":80,\"shareNodes\":true}],\"monitors\":[{\"use\":\"/k8s/Shared/test_monitor\"}]},\"test_virtual_secure\":{\"source\":\"0.0.0.0/0\",\"translateServerAddress\":true,\"translateServerPort\":true,\"class\":\"Service_HTTPS\",\"virtualAddresses\":[\"1.2.3.4\"],\"virtualPort\":443,\"snat\":\"auto\",\"clientTLS\":{\"bigip\":\"/Common/serverssl\"},\"serverTLS\":[{\"bigip\":\"/Common/clientssl\"},{\"bigip\":\"/Common/clientssl2\"}],\"redirect80\":false,\"pool\":\"/k8s/Shared/test_pool\"},\"test_virtual_secure_tls_client\":{\"class\":\"TLS_Client\",\"trustCA\":{\"use\":\"serverssl_ca_bundle\"}},\"test_virtual_secure_tls_server\":{\"class\":\"TLS_Server\",\"certificates\":[{\"certificate\":\"test_clientssl\"}],\"renegotiationEnabled\":false}},\"class\":\"Tenant\",\"defaultRouteDomain\":0},\"label\":\"CIS Declaration\",\"remark\":\"Auto-generated by CIS\",\"schemaVersion\":\"3.52.0\"}}" + mockMgr.as3ActiveConfig.unifiedDeclaration = "{\"$schema\":\"https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/3.52.0/as3-schema-3.52.0-5.json\",\"class\":\"AS3\",\"declaration\":{\"class\":\"ADC\",\"controls\":{\"class\":\"Controls\",\"userAgent\":\"\"},\"id\":\"urn:uuid:85626792-9ee7-46bb-8fc8-4ba708cfdc1d\",\"k8s\":{\"Shared\":{\"Openshift_insecure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1___foo__\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"Openshift_secure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1___foo__\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"class\":\"Application\",\"serverssl_ca_bundle\":{\"class\":\"CA_Bundle\",\"bundle\":\"\\ncert\"},\"template\":\"shared\",\"test_clientssl\":{\"class\":\"Certificate\",\"certificate\":\"cert\",\"privateKey\":\"key\",\"chainCA\":\"ca-file\"},\"test_datagroup\":{\"records\":[{\"key\":\"test_record\",\"value\":\"/Common/serverssl\"}],\"keyDataType\":\"string\",\"class\":\"Data_Group\"},\"test_irule\":{\"class\":\"iRule\",\"iRule\":\"Dummy Code\"},\"test_monitor\":{\"class\":\"Monitor\",\"interval\":10,\"monitorType\":\"tcp\",\"targetAddress\":\"\",\"timeUntilUp\":0,\"dscp\":0,\"receive\":\"none\",\"send\":\"GET /\",\"targetPort\":0},\"test_pool\":{\"class\":\"Pool\",\"members\":[{\"addressDiscovery\":\"static\",\"serverAddresses\":[\"192.168.1.1\"],\"servicePort\":80,\"shareNodes\":true}],\"monitors\":[{\"use\":\"/k8s/Shared/test_monitor\"}]},\"test_virtual_secure\":{\"source\":\"0.0.0.0/0\",\"translateServerAddress\":true,\"translateServerPort\":true,\"class\":\"Service_HTTPS\",\"virtualAddresses\":[\"1.2.3.4\"],\"virtualPort\":443,\"snat\":\"auto\",\"clientTLS\":{\"bigip\":\"/Common/serverssl\"},\"serverTLS\":[{\"bigip\":\"/Common/clientssl\"},{\"bigip\":\"/Common/clientssl2\"}],\"redirect80\":false,\"pool\":\"/k8s/Shared/test_pool\"},\"test_virtual_secure_tls_client\":{\"class\":\"TLS_Client\",\"trustCA\":{\"use\":\"serverssl_ca_bundle\"}},\"test_virtual_secure_tls_server\":{\"class\":\"TLS_Server\",\"certificates\":[{\"certificate\":\"test_clientssl\"}],\"renegotiationEnabled\":false}},\"class\":\"Tenant\",\"defaultRouteDomain\":0},\"label\":\"CIS Declaration\",\"remark\":\"Auto-generated by CIS\",\"schemaVersion\":\"3.52.0\"}}" Expect(DeepEqualJSON(mockMgr.as3ActiveConfig.unifiedDeclaration, unifiedDecl)).To(BeTrue()) // verify with multiple client ssl profiles @@ -233,8 +272,21 @@ var _ = Describe("AS3Manager Tests", func() { unifiedDecl = mockMgr.getUnifiedDeclaration(as3Config) Expect(mockMgr.validateAS3Template(string(unifiedDecl))).To(BeFalse()) // As per AS3 < v3.44, in case of multiple clientssl profiles, the first profile is used for default SNI - mockMgr.as3ActiveConfig.unifiedDeclaration = "{\"$schema\":\"https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/3.52.0/as3-schema-3.52.0-5.json\",\"class\":\"AS3\",\"declaration\":{\"class\":\"ADC\",\"controls\":{\"class\":\"Controls\",\"userAgent\":\"\"},\"id\":\"urn:uuid:85626792-9ee7-46bb-8fc8-4ba708cfdc1d\",\"k8s\":{\"Shared\":{\"Openshift_insecure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"Openshift_secure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"class\":\"Application\",\"serverssl_ca_bundle\":{\"class\":\"CA_Bundle\",\"bundle\":\"\\ncert\"},\"template\":\"shared\",\"test_clientssl\":{\"class\":\"Certificate\",\"certificate\":\"cert\",\"privateKey\":\"key\",\"chainCA\":\"ca-file\"},\"test_clientssl2\":{\"class\":\"Certificate\",\"certificate\":\"cert\",\"privateKey\":\"key\",\"chainCA\":\"ca-file\"},\"test_clientssl3\":{\"class\":\"Certificate\",\"certificate\":\"cert\",\"privateKey\":\"key\",\"chainCA\":\"ca-file\"},\"test_datagroup\":{\"records\":[{\"key\":\"test_record\",\"value\":\"/Common/serverssl\"}],\"keyDataType\":\"string\",\"class\":\"Data_Group\"},\"test_irule\":{\"class\":\"iRule\",\"iRule\":\"Dummy Code\"},\"test_monitor\":{\"class\":\"Monitor\",\"interval\":10,\"monitorType\":\"tcp\",\"targetAddress\":\"\",\"timeUntilUp\":0,\"dscp\":0,\"receive\":\"none\",\"send\":\"GET /\",\"targetPort\":0},\"test_pool\":{\"class\":\"Pool\",\"members\":[{\"addressDiscovery\":\"static\",\"serverAddresses\":[\"192.168.1.1\"],\"servicePort\":80,\"shareNodes\":true}],\"monitors\":[{\"use\":\"/k8s/Shared/test_monitor\"}]},\"test_virtual_secure\":{\"source\":\"0.0.0.0/0\",\"translateServerAddress\":true,\"translateServerPort\":true,\"class\":\"Service_HTTPS\",\"virtualAddresses\":[\"1.2.3.4\"],\"virtualPort\":443,\"snat\":\"auto\",\"clientTLS\":{\"bigip\":\"/Common/serverssl\"},\"serverTLS\":[{\"bigip\":\"/Common/clientssl\"},{\"bigip\":\"/Common/clientssl2\"}],\"redirect80\":false,\"pool\":\"/k8s/Shared/test_pool\"},\"test_virtual_secure_tls_client\":{\"class\":\"TLS_Client\",\"trustCA\":{\"use\":\"serverssl_ca_bundle\"}},\"test_virtual_secure_tls_server\":{\"class\":\"TLS_Server\",\"certificates\":[{\"certificate\":\"test_clientssl\",\"sniDefault\": true},{\"certificate\": \"test_clientssl2\"},{\"certificate\": \"test_clientssl3\"}],\"renegotiationEnabled\":false}},\"class\":\"Tenant\",\"defaultRouteDomain\":0},\"label\":\"CIS Declaration\",\"remark\":\"Auto-generated by CIS\",\"schemaVersion\":\"3.52.0\"}}" + mockMgr.as3ActiveConfig.unifiedDeclaration = "{\"$schema\":\"https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/3.52.0/as3-schema-3.52.0-5.json\",\"class\":\"AS3\",\"declaration\":{\"class\":\"ADC\",\"controls\":{\"class\":\"Controls\",\"userAgent\":\"\"},\"id\":\"urn:uuid:85626792-9ee7-46bb-8fc8-4ba708cfdc1d\",\"k8s\":{\"Shared\":{\"Openshift_insecure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1___foo__\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"Openshift_secure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1___foo__\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}}]}]},\"class\":\"Application\",\"serverssl_ca_bundle\":{\"class\":\"CA_Bundle\",\"bundle\":\"\\ncert\"},\"template\":\"shared\",\"test_clientssl\":{\"class\":\"Certificate\",\"certificate\":\"cert\",\"privateKey\":\"key\",\"chainCA\":\"ca-file\"},\"test_clientssl2\":{\"class\":\"Certificate\",\"certificate\":\"cert\",\"privateKey\":\"key\",\"chainCA\":\"ca-file\"},\"test_clientssl3\":{\"class\":\"Certificate\",\"certificate\":\"cert\",\"privateKey\":\"key\",\"chainCA\":\"ca-file\"},\"test_datagroup\":{\"records\":[{\"key\":\"test_record\",\"value\":\"/Common/serverssl\"}],\"keyDataType\":\"string\",\"class\":\"Data_Group\"},\"test_irule\":{\"class\":\"iRule\",\"iRule\":\"Dummy Code\"},\"test_monitor\":{\"class\":\"Monitor\",\"interval\":10,\"monitorType\":\"tcp\",\"targetAddress\":\"\",\"timeUntilUp\":0,\"dscp\":0,\"receive\":\"none\",\"send\":\"GET /\",\"targetPort\":0},\"test_pool\":{\"class\":\"Pool\",\"members\":[{\"addressDiscovery\":\"static\",\"serverAddresses\":[\"192.168.1.1\"],\"servicePort\":80,\"shareNodes\":true}],\"monitors\":[{\"use\":\"/k8s/Shared/test_monitor\"}]},\"test_virtual_secure\":{\"source\":\"0.0.0.0/0\",\"translateServerAddress\":true,\"translateServerPort\":true,\"class\":\"Service_HTTPS\",\"virtualAddresses\":[\"1.2.3.4\"],\"virtualPort\":443,\"snat\":\"auto\",\"clientTLS\":{\"bigip\":\"/Common/serverssl\"},\"serverTLS\":[{\"bigip\":\"/Common/clientssl\"},{\"bigip\":\"/Common/clientssl2\"}],\"redirect80\":false,\"pool\":\"/k8s/Shared/test_pool\"},\"test_virtual_secure_tls_client\":{\"class\":\"TLS_Client\",\"trustCA\":{\"use\":\"serverssl_ca_bundle\"}},\"test_virtual_secure_tls_server\":{\"class\":\"TLS_Server\",\"certificates\":[{\"certificate\":\"test_clientssl\",\"sniDefault\": true},{\"certificate\": \"test_clientssl2\"},{\"certificate\": \"test_clientssl3\"}],\"renegotiationEnabled\":false}},\"class\":\"Tenant\",\"defaultRouteDomain\":0},\"label\":\"CIS Declaration\",\"remark\":\"Auto-generated by CIS\",\"schemaVersion\":\"3.52.0\"}}" Expect(DeepEqualJSON(mockMgr.as3ActiveConfig.unifiedDeclaration, unifiedDecl)).To(BeTrue()) + }) + It("Prepare AS3 Declaration for route config", func() { + resourceConfig.Policies[0].Rules = []*Rule{rule2} + resourceConfig.Policies[1].Rules = []*Rule{rule2} + resourceConfig.MetaData.ResourceType = ResourceTypeRoute + resourceConfig.MetaData.RouteProfs[RouteKey{Name: "test-clientssl", Namespace: DEFAULT_PARTITION, Context: "clientside"}] = "/Common/test-clientssl" + resourceConfig.MetaData.RouteProfs[RouteKey{Name: "test-serverssl", Namespace: DEFAULT_PARTITION, Context: "serverside"}] = "/Common/test-serverssl" + mockMgr.ResourceRequest.Resources.RsMap[NameRef{Name: "test_virtual_secure", Partition: DEFAULT_PARTITION}] = resourceConfig + as3Config.resourceConfig = mockMgr.prepareAS3ResourceConfig() + unifiedDecl := mockMgr.getUnifiedDeclaration(as3Config) + Expect(mockMgr.validateAS3Template(string(unifiedDecl))).To(BeFalse()) + mockMgr.as3ActiveConfig.unifiedDeclaration = "{\"$schema\":\"https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/3.52.0/as3-schema-3.52.0-5.json\",\"class\":\"AS3\",\"declaration\":{\"class\":\"ADC\",\"controls\":{\"class\":\"Controls\",\"userAgent\":\"\"},\"id\":\"urn:uuid:85626792-9ee7-46bb-8fc8-4ba708cfdc1d\",\"k8s\":{\"Shared\":{\"class\":\"Application\",\"openshift_insecure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}},{\"type\":\"waf\",\"enabled\":false}]},{\"name\":\"openshift_route_waf_disable\",\"actions\":[{\"type\":\"drop\",\"event\":\"request\"},{\"type\":\"waf\",\"enabled\":false}]}]},\"openshift_secure_routes\":{\"class\":\"Endpoint_Policy\",\"rules\":[{\"name\":\"url_rewrite_rule1\",\"conditions\":[{\"type\":\"httpHeader\",\"name\":\"host\",\"event\":\"request\",\"all\":{\"values\":[\"foo.com:443\",\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"pathSegment\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"name\":\"0\",\"event\":\"request\",\"path\":{\"values\":[\"foo.com\"],\"operand\":\"equals\"}},{\"type\":\"tcp\",\"event\":\"request\",\"address\":{\"values\":[\"foo.com\"]}}],\"actions\":[{\"type\":\"httpHeader\",\"event\":\"request\",\"replace\":{\"value\":\"newhost.com\",\"name\":\"host\"}},{\"type\":\"waf\",\"enabled\":false}]},{\"name\":\"openshift_route_waf_disable\",\"actions\":[{\"type\":\"drop\",\"event\":\"request\"},{\"type\":\"waf\",\"enabled\":false}]}]},\"serverssl_ca_bundle\":{\"class\":\"CA_Bundle\",\"bundle\":\"\\ncert\"},\"template\":\"shared\",\"test_clientssl\":{\"class\":\"Certificate\",\"certificate\":\"cert\",\"privateKey\":\"key\",\"chainCA\":\"ca-file\"},\"test_datagroup\":{\"records\":[{\"key\":\"test_record\",\"value\":\"/Common/test-serverssl\"}],\"keyDataType\":\"string\",\"class\":\"Data_Group\"},\"test_irule\":{\"class\":\"iRule\",\"iRule\":\"Dummy Code\"},\"test_monitor\":{\"class\":\"Monitor\",\"interval\":10,\"monitorType\":\"tcp\",\"targetAddress\":\"\",\"timeUntilUp\":0,\"dscp\":0,\"receive\":\"none\",\"send\":\"GET /\",\"targetPort\":0},\"test_pool\":{\"class\":\"Pool\",\"members\":[{\"addressDiscovery\":\"static\",\"serverAddresses\":[\"192.168.1.1\"],\"servicePort\":80,\"shareNodes\":true}],\"monitors\":[{\"use\":\"/k8s/Shared/test_monitor\"}]},\"test_virtual_secure\":{\"source\":\"0.0.0.0/0\",\"translateServerAddress\":true,\"translateServerPort\":true,\"class\":\"Service_HTTPS\",\"virtualAddresses\":[\"1.2.3.4\"],\"virtualPort\":443,\"snat\":\"auto\",\"clientTLS\":{\"bigip\":\"/Common/test-serverssl\"},\"serverTLS\":[{\"bigip\":\"/Common/test-clientssl\"}],\"redirect80\":false,\"pool\":\"/k8s/Shared/test_pool\"},\"test_virtual_secure_tls_client\":{\"class\":\"TLS_Client\",\"trustCA\":{\"use\":\"serverssl_ca_bundle\"}},\"test_virtual_secure_tls_server\":{\"class\":\"TLS_Server\",\"certificates\":[{\"certificate\":\"test_clientssl\"}],\"renegotiationEnabled\":false}},\"class\":\"Tenant\",\"defaultRouteDomain\":0},\"label\":\"CIS Declaration\",\"remark\":\"Auto-generated by CIS\",\"schemaVersion\":\"3.52.0\"}}" + Expect(DeepEqualJSON(mockMgr.as3ActiveConfig.unifiedDeclaration, unifiedDecl)).To(BeTrue()) }) }) diff --git a/pkg/agent/as3/as3Utils.go b/pkg/agent/as3/as3Utils.go index c6f9c71e46..05919fc3db 100644 --- a/pkg/agent/as3/as3Utils.go +++ b/pkg/agent/as3/as3Utils.go @@ -382,6 +382,7 @@ func as3FormattedString(str string, resourceType string) string { switch resourceType { case ResourceTypeIngress: formattedString = strings.Replace(str, ".", "_", -1) + formattedString = strings.Replace(formattedString, "+", "_", -1) formattedString = strings.Replace(formattedString, "-", "_", -1) default: formattedString = strings.Replace(str, "-", "_", -1) diff --git a/pkg/controller/resourceConfig.go b/pkg/controller/resourceConfig.go index 21ee1b601d..ed15651ccf 100644 --- a/pkg/controller/resourceConfig.go +++ b/pkg/controller/resourceConfig.go @@ -2111,8 +2111,9 @@ func AS3NameFormatter(name string) string { "[": "", "]": "", "=": "_", - "*_": ""} - SpecialChars := [9]string{".", ":", "/", "%", "-", "[", "]", "=", "*_"} + "*_": "", + "+": "_"} + SpecialChars := [10]string{".", ":", "/", "%", "-", "[", "]", "=", "*_", "+"} for _, key := range SpecialChars { name = strings.ReplaceAll(name, key, modifySpecialChars[key]) } diff --git a/pkg/controller/resourceConfig_test.go b/pkg/controller/resourceConfig_test.go index b01ed96c68..bb9014230b 100644 --- a/pkg/controller/resourceConfig_test.go +++ b/pkg/controller/resourceConfig_test.go @@ -133,7 +133,8 @@ var _ = Describe("Resource Config Tests", func() { Expect(name).To(Equal("vs_exams_com_sample_pool")) name = formatVirtualServerRuleName("test.com", "", "/foo", "sample_pool", false) Expect(name).To(Equal("vs_test_com_foo_sample_pool")) - + name = formatVirtualServerRuleName("test.com", "", "/++foo++", "sample_pool", false) + Expect(name).To(Equal("vs_test_com___foo___sample_pool")) }) It("Monitor Name with MultiCluster mode", func() { // Standalone, no ratio and monitor for local cluster pool