mirror of https://github.com/istio/istio.io.git
72 lines
2.2 KiB
Bash
72 lines
2.2 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# Copyright Istio Authors
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
set -e
|
|
set -u
|
|
set -o pipefail
|
|
|
|
source ${REPO_ROOT}/content/en/docs/tasks/security/authentication/mtls-migration/snips.sh
|
|
|
|
# curl_foo_bar_legacy
|
|
out=$(snip_set_up_the_cluster_3 2>&1)
|
|
_verify_same "$out" "$snip_set_up_the_cluster_3_out" "snip_set_up_the_cluster_3"
|
|
|
|
# verify_initial_peerauthentications
|
|
out=$(snip_set_up_the_cluster_4 2>&1)
|
|
_verify_same "$out" "$snip_set_up_the_cluster_4_out" "snip_set_up_the_cluster_4"
|
|
|
|
# verify_initial_destinationrules
|
|
out=$(snip_set_up_the_cluster_5 2>&1)
|
|
_verify_same "$out" "$snip_set_up_the_cluster_5_out" "snip_set_up_the_cluster_5"
|
|
|
|
# configure_mtls_foo_peerauthentication
|
|
snip_lock_down_to_mutual_tls_by_namespace_1
|
|
|
|
# Disable errors, since the next command is expected to return an error.
|
|
set +e
|
|
set +o pipefail
|
|
|
|
# curl_foo_bar_legacy_post_pa
|
|
out=$(snip_lock_down_to_mutual_tls_by_namespace_2 2>&1)
|
|
_verify_same "$out" "$snip_lock_down_to_mutual_tls_by_namespace_2_out" "snip_lock_down_to_mutual_tls_by_namespace_2"
|
|
|
|
# Restore error handling
|
|
set -e
|
|
set -o pipefail
|
|
|
|
# configure_mtls_entire_mesh
|
|
snip_lock_down_mutual_tls_for_the_entire_mesh_1
|
|
|
|
# Disable errors, since the next command is expected to return an error.
|
|
set +e
|
|
set +o pipefail
|
|
|
|
# curl_foo_bar_legacy_httpbin_foo_mtls
|
|
out=$(snip_lock_down_mutual_tls_for_the_entire_mesh_2 2>&1)
|
|
expected="sleep.foo to httpbin.foo: 200
|
|
sleep.foo to httpbin.bar: 200
|
|
sleep.bar to httpbin.foo: 200
|
|
sleep.bar to httpbin.bar: 200
|
|
sleep.legacy to httpbin.foo: 000
|
|
command terminated with exit code 56
|
|
sleep.legacy to httpbin.bar: 000
|
|
command terminated with exit code 56"
|
|
_verify_same "$out" "$expected" "snip_lock_down_mutual_tls_for_the_entire_mesh_2"
|
|
|
|
# Restore error handling
|
|
set -e
|
|
set -o pipefail
|