diff --git a/conformance/base/manifests.yaml b/conformance/base/manifests.yaml index 22e34634dd..852c2767a7 100644 --- a/conformance/base/manifests.yaml +++ b/conformance/base/manifests.yaml @@ -740,9 +740,9 @@ spec: selector: app: backendtlspolicy-test ports: - - protocol: TCP - port: 443 - targetPort: 8443 + - protocol: TCP + port: 443 + targetPort: 8443 --- apiVersion: apps/v1 kind: Deployment @@ -762,34 +762,33 @@ spec: app: backendtlspolicy-test spec: containers: - - name: backendtlspolicy-test - image: gcr.io/k8s-staging-gateway-api/echo-basic:v20240412-v1.0.0-394-g40c666fd - volumeMounts: - - name: secret-volume - mountPath: /etc/secret-volume - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CA_CERT - value: /etc/secret-volume/crt - - name: CA_CERT_KEY - value: /etc/secret-volume/key - resources: - requests: - cpu: 10m - volumes: + - name: backendtlspolicy-test + image: gcr.io/k8s-staging-gateway-api/echo-basic:v20240412-v1.0.0-394-g40c666fd + volumeMounts: - name: secret-volume - secret: - secretName: backend-tls-checks-certificate - items: - - key: tls.crt - path: crt - - key: tls.key - path: key ---- \ No newline at end of file + mountPath: /etc/secret-volume + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CA_CERT + value: /etc/secret-volume/crt + - name: CA_CERT_KEY + value: /etc/secret-volume/key + resources: + requests: + cpu: 10m + volumes: + - name: secret-volume + secret: + secretName: backend-tls-checks-certificate + items: + - key: tls.crt + path: crt + - key: tls.key + path: key diff --git a/conformance/echo-basic/echo-basic.go b/conformance/echo-basic/echo-basic.go index b8c34e2aa0..cb48dd5452 100644 --- a/conformance/echo-basic/echo-basic.go +++ b/conformance/echo-basic/echo-basic.go @@ -226,7 +226,9 @@ func echoHandler(w http.ResponseWriter, r *http.Request) { if strings.Contains(r.RequestURI, "backendTLS") { sni, err = sniffForSNI(r.RemoteAddr) if err != nil { - // Todo: research if for some test cases there won't be one + // TODO: research if for some test cases there won't be SNI available. + processError(w, err, http.StatusBadRequest) + return } } @@ -340,14 +342,15 @@ func sniffForSNI(addr string) (string, error) { return "", fmt.Errorf("could not read socket: %v", err) } // Take an incoming TLS Client Hello and return the SNI name. - sni, err = parser.GetHostname(data[:]) + sni, err = parser.GetHostname(data) if err != nil { return "", fmt.Errorf("error getting SNI: %v", err) } if sni == "" { return "", fmt.Errorf("no server name indication found") + } else { + return sni, nil } - return sni, nil } } diff --git a/conformance/tests/backendtlspolicy-normative.yaml b/conformance/tests/backendtlspolicy-normative.yaml index a622bc0eba..740509911a 100644 --- a/conformance/tests/backendtlspolicy-normative.yaml +++ b/conformance/tests/backendtlspolicy-normative.yaml @@ -23,12 +23,12 @@ metadata: namespace: gateway-conformance-infra spec: targetRefs: - - group: "" - kind: Service - name: "backendtlspolicy-test" + - group: "" + kind: Service + name: "backendtlspolicy-test" validation: caCertificateRefs: group: "" kind: Secret name: "backend-tls-checks-certificate" - hostname: "abc.example.com" \ No newline at end of file + hostname: "abc.example.com"