Merge branch 'v2.9' into master

2022-10-24 11:23:33 +02:00 · 2022-10-24 11:23:33 +02:00 · e86f21ae7b
commit e86f21ae7b
parent 194247caae ccbbd0d766
9 changed files with 30 additions and 32 deletions
--- a/pkg/server/service/proxy_websocket_test.go
+++ b/pkg/server/service/proxy_websocket_test.go
@ -593,9 +593,11 @@ func TestWebSocketTransferTLSConfig(t *testing.T) {
 	require.NoError(t, err)
 	assert.Equal(t, "ok", resp)

-	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	// Don't alter default transport to prevent side effects on other tests.
+	defaultTransport := http.DefaultTransport.(*http.Transport).Clone()
+	defaultTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}

-	forwarderWithTLSConfigFromDefaultTransport, err := buildProxy(Bool(true), nil, http.DefaultTransport, nil)
+	forwarderWithTLSConfigFromDefaultTransport, err := buildProxy(Bool(true), nil, defaultTransport, nil)
 	require.NoError(t, err)

 	proxyWithTLSConfigFromDefaultTransport := createProxyWithForwarder(t, forwarderWithTLSConfigFromDefaultTransport, srv.URL)
--- a/pkg/server/service/roundtripper_test.go
+++ b/pkg/server/service/roundtripper_test.go
@ -283,11 +283,11 @@ func TestSpiffeMTLS(t *testing.T) {
 	}

 	testCases := []struct {
-		desc             string
-		config           dynamic.Spiffe
-		clientSource     SpiffeX509Source
-		wantStatusCode   int
-		wantErrorMessage string
+		desc           string
+		config         dynamic.Spiffe
+		clientSource   SpiffeX509Source
+		wantStatusCode int
+		wantError      bool
 	}{
 		{
 			desc:           "supports SPIFFE mTLS",
@ -308,8 +308,8 @@ func TestSpiffeMTLS(t *testing.T) {
 			config: dynamic.Spiffe{
 				IDs: []string{"spiffe://traefik.test/not-server"},
 			},
-			clientSource:     &clientSource,
-			wantErrorMessage: `unexpected ID "spiffe://traefik.test/server"`,
+			clientSource: &clientSource,
+			wantError:    true,
 		},
 		{
 			desc: "allows expected server trust domain",
@ -324,8 +324,8 @@ func TestSpiffeMTLS(t *testing.T) {
 			config: dynamic.Spiffe{
 				TrustDomain: "spiffe://not-traefik.test",
 			},
-			clientSource:     &clientSource,
-			wantErrorMessage: `unexpected trust domain "traefik.test"`,
+			clientSource: &clientSource,
+			wantError:    true,
 		},
 		{
 			desc: "spiffe IDs allowlist takes precedence",
@ -333,14 +333,14 @@ func TestSpiffeMTLS(t *testing.T) {
 				IDs:         []string{"spiffe://traefik.test/not-server"},
 				TrustDomain: "spiffe://not-traefik.test",
 			},
-			clientSource:     &clientSource,
-			wantErrorMessage: `unexpected ID "spiffe://traefik.test/server"`,
+			clientSource: &clientSource,
+			wantError:    true,
 		},
 		{
-			desc:             "raises an error when spiffe is enabled on the transport but no workloadapi address is given",
-			config:           dynamic.Spiffe{},
-			clientSource:     nil,
-			wantErrorMessage: `remote error: tls: bad certificate`,
+			desc:         "raises an error when spiffe is enabled on the transport but no workloadapi address is given",
+			config:       dynamic.Spiffe{},
+			clientSource: nil,
+			wantError:    true,
 		},
 	}

@ -362,8 +362,8 @@ func TestSpiffeMTLS(t *testing.T) {
 			client := http.Client{Transport: tr}

 			resp, err := client.Get(srv.URL)
-			if test.wantErrorMessage != "" {
-				assert.ErrorContains(t, err, test.wantErrorMessage)
+			if test.wantError {
+				require.Error(t, err)
 				return
 			}