mirror of https://github.com/istio/istio.io.git
86 lines
2.5 KiB
Bash
86 lines
2.5 KiB
Bash
#!/usr/bin/env bash
|
|
# shellcheck disable=SC1090,SC2154
|
|
|
|
# Copyright Istio Authors
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
set -e
|
|
set -u
|
|
set -o pipefail
|
|
|
|
# @setup profile=default
|
|
|
|
# create_ns_foo_bar_legacy
|
|
snip_set_up_the_cluster_1
|
|
snip_set_up_the_cluster_2
|
|
|
|
_wait_for_deployment foo httpbin
|
|
_wait_for_deployment foo sleep
|
|
_wait_for_deployment bar httpbin
|
|
_wait_for_deployment bar sleep
|
|
_wait_for_deployment legacy sleep
|
|
|
|
# curl_foo_bar_legacy
|
|
_verify_same snip_set_up_the_cluster_3 "$snip_set_up_the_cluster_3_out"
|
|
|
|
# verify_initial_peerauthentications
|
|
_verify_same snip_set_up_the_cluster_4 "$snip_set_up_the_cluster_4_out"
|
|
|
|
# TODO: Revisit this check. It may be that the DR from the test comes from the framework
|
|
# Maybe we can move to profile none and simply set up a simple istioctl
|
|
# verify_initial_destinationrules
|
|
#_verify_like snip_set_up_the_cluster_5 "$snip_set_up_the_cluster_5_out"
|
|
|
|
# configure_mtls_foo_peerauthentication
|
|
snip_lock_down_to_mutual_tls_by_namespace_1
|
|
_wait_for_istio peerauthentication foo default
|
|
|
|
# Disable errors, since the next command is expected to return an error.
|
|
set +e
|
|
set +o pipefail
|
|
|
|
# curl_foo_bar_legacy_post_pa
|
|
_verify_same snip_lock_down_to_mutual_tls_by_namespace_2 "$snip_lock_down_to_mutual_tls_by_namespace_2_out"
|
|
|
|
# Restore error handling
|
|
set -e
|
|
set -o pipefail
|
|
|
|
# configure_mtls_entire_mesh
|
|
snip_lock_down_mutual_tls_for_the_entire_mesh_1
|
|
_wait_for_istio peerauthentication istio-system default
|
|
|
|
# Disable errors, since the next command is expected to return an error.
|
|
set +e
|
|
set +o pipefail
|
|
|
|
# curl_foo_bar_legacy_httpbin_foo_mtls
|
|
expected="sleep.foo to httpbin.foo: 200
|
|
sleep.foo to httpbin.bar: 200
|
|
sleep.bar to httpbin.foo: 200
|
|
sleep.bar to httpbin.bar: 200
|
|
sleep.legacy to httpbin.foo: 000
|
|
command terminated with exit code 56
|
|
sleep.legacy to httpbin.bar: 000
|
|
command terminated with exit code 56"
|
|
_verify_same snip_lock_down_mutual_tls_for_the_entire_mesh_2 "$expected"
|
|
|
|
# Restore error handling
|
|
set -e
|
|
set -o pipefail
|
|
|
|
# @cleanup
|
|
snip_clean_up_the_example_1
|
|
snip_clean_up_the_example_2
|