add test

Author: AlinsRan

api/v2/shared_types.go

@@ -101,6 +101,8 @@ const (
 	SchemeTCP = "tcp"
 	// SchemeUDP represents the UDP protocol.
 	SchemeUDP = "udp"
+	// SchemeTLS represents the TLS protocol.
+	SchemeTLS = "tls"
 )
 
 const (

internal/controller/indexer/tlsroute.go

@@ -40,15 +40,15 @@ func setupTLSRouteIndexer(mgr ctrl.Manager) error {
 		context.Background(),
 		&gatewayv1alpha2.TLSRoute{},
 		ServiceIndexRef,
-		TCPPRouteServiceIndexFunc,
+		TLSPRouteServiceIndexFunc,
 	); err != nil {
 		return err
 	}
 	return nil
 }
 
 func TLSRouteParentRefsIndexFunc(rawObj client.Object) []string {
-	tr := rawObj.(*gatewayv1alpha2.TCPRoute)
+	tr := rawObj.(*gatewayv1alpha2.TLSRoute)
 	keys := make([]string, 0, len(tr.Spec.ParentRefs))
 	for _, ref := range tr.Spec.ParentRefs {
 		ns := tr.GetNamespace()

internal/controller/tlsroute_controller..go

@@ -124,14 +124,14 @@ func (r *TLSRouteReconciler) listTLSRoutesForBackendTrafficPolicy(ctx context.Co
 			}
 			continue
 		}
-		tcprList := &gatewayv1alpha2.TLSRouteList{}
-		if err := r.List(ctx, tcprList, client.MatchingFields{
+		trList := &gatewayv1alpha2.TLSRouteList{}
+		if err := r.List(ctx, trList, client.MatchingFields{
 			indexer.ServiceIndexRef: indexer.GenIndexKey(policy.Namespace, string(targetRef.Name)),
 		}); err != nil {
 			r.Log.Error(err, "failed to list tlsroutes by service reference", "service", targetRef.Name)
 			return nil
 		}
-		tlsrouteList = append(tlsrouteList, tcprList.Items...)
+		tlsrouteList = append(tlsrouteList, trList.Items...)
 	}
 	var namespacedNameMap = make(map[k8stypes.NamespacedName]struct{})
 	requests := make([]reconcile.Request, 0, len(tlsrouteList))
@@ -158,16 +158,16 @@ func (r *TLSRouteReconciler) listTLSRoutesForGateway(ctx context.Context, obj cl
 	if !ok {
 		r.Log.Error(fmt.Errorf("unexpected object type"), "failed to convert object to Gateway")
 	}
-	tcprList := &gatewayv1alpha2.TLSRouteList{}
-	if err := r.List(ctx, tcprList, client.MatchingFields{
+	trList := &gatewayv1alpha2.TLSRouteList{}
+	if err := r.List(ctx, trList, client.MatchingFields{
 		indexer.ParentRefs: indexer.GenIndexKey(gateway.Namespace, gateway.Name),
 	}); err != nil {
 		r.Log.Error(err, "failed to list tlsroutes by gateway", "gateway", gateway.Name)
 		return nil
 	}
 
-	requests := make([]reconcile.Request, 0, len(tcprList.Items))
-	for _, tcr := range tcprList.Items {
+	requests := make([]reconcile.Request, 0, len(trList.Items))
+	for _, tcr := range trList.Items {
 		requests = append(requests, reconcile.Request{
 			NamespacedName: client.ObjectKey{
 				Namespace: tcr.Namespace,

test/conformance/conformance_test.go

@@ -34,6 +34,9 @@ import (
 var skippedTestsForSSL = []string{
 	tests.HTTPRouteHTTPSListener.ShortName,
 	tests.HTTPRouteRedirectPortAndScheme.ShortName,
+
+	// TODO: apisix does not support TLSRoute passthrough.
+	tests.TLSRouteSimpleSameNamespace.ShortName,
 }
 
 // TODO: HTTPRoute hostname intersection and listener hostname matching

test/e2e/framework/manifests/apisix-standalone.yaml

@@ -40,6 +40,8 @@ data:
       stream_proxy:                 # TCP/UDP proxy
         tcp:                        # TCP proxy port list
           - 9100
+          - addr: 9110
+            tls: true
         udp:                        # UDP proxy port list
           - 9200
     discovery:
@@ -101,6 +103,9 @@ spec:
             - name: udp
               containerPort: 9200
               protocol: UDP
+            - name: tls
+              containerPort: 9110
+              protocol: TCP
           volumeMounts:
             - name: config-writable
               mountPath: /usr/local/apisix/conf
@@ -139,6 +144,10 @@ spec:
       port: 9200
       protocol: UDP
       targetPort: 9200
+    - name: tls
+      port: 9110
+      protocol: TCP
+      targetPort: 9110
   selector:
     app.kubernetes.io/name: apisix 
   type: {{ .ServiceType | default "NodePort" }}

test/e2e/framework/manifests/apisix.yaml

@@ -47,6 +47,8 @@ data:
       stream_proxy:                 # TCP/UDP proxy
         tcp:                        # TCP proxy port list
           - 9100
+          - addr: 9110
+            tls: true
         udp:                        # UDP proxy port list
           - 9200
     discovery:
@@ -111,6 +113,9 @@ spec:
             - name: udp
               containerPort: 9200
               protocol: UDP
+            - name: tls
+              containerPort: 9110
+              protocol: TCP
           volumeMounts:
             - name: config-writable
               mountPath: /usr/local/apisix/conf
@@ -156,6 +161,10 @@ spec:
       port: 9200
       protocol: UDP
       targetPort: 9200
+    - name: tls
+      port: 9110
+      protocol: TCP
+      targetPort: 9110
   selector:
     app.kubernetes.io/name: apisix 
   type: {{ .ServiceType | default "NodePort" }}

test/e2e/gatewayapi/tlsroute.go

@@ -0,0 +1,108 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package gatewayapi
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+
+	"github.com/apache/apisix-ingress-controller/test/e2e/scaffold"
+)
+
+var _ = Describe("suite-gateway: TLSRoute", func() {
+	s := scaffold.NewDefaultScaffold()
+
+	Context("TLSRoute Base", func() {
+		var (
+			host       = "api6.com"
+			secretName = _secretName
+			tlsGateway = `
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: tls-gateway
+spec:
+  gatewayClassName: %s
+  listeners:
+    - name: https
+      protocol: TLS
+      port: 443
+      hostname: api6.com
+      tls:
+        certificateRefs:
+        - kind: Secret
+          group: ""
+          name: %s
+  infrastructure:
+    parametersRef:
+      group: apisix.apache.org
+      kind: GatewayProxy
+      name: apisix-proxy-config
+`
+			tlsRoute = `
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: TLSRoute
+metadata:
+  name: tls-route
+spec:
+  parentRefs:
+  - name: tls-gateway
+  hostnames: ["api6.com"]
+  rules:
+  - backendRefs:
+    - name: httpbin-service-e2e-test
+      port: 80
+`
+		)
+		BeforeEach(func() {
+			createSecret(s, secretName)
+			By("create GatewayProxy")
+			Expect(s.CreateResourceFromString(s.GetGatewayProxySpec())).NotTo(HaveOccurred(), "creating GatewayProxy")
+
+			By("create GatewayClass")
+			Expect(s.CreateResourceFromString(s.GetGatewayClassYaml())).NotTo(HaveOccurred(), "creating GatewayClass")
+
+			// Create Gateway with TCP listener
+			By("create Gateway")
+			Expect(s.CreateResourceFromString(fmt.Sprintf(tlsGateway, s.Namespace(), secretName))).NotTo(HaveOccurred(), "creating Gateway")
+		})
+		It("Basic", func() {
+			s.ResourceApplied("TLSRoute", "tls-route", tlsRoute, 1)
+
+			time.Sleep(10 * time.Second)
+			client := s.NewAPISIXClientWithTLSProxy(host)
+			client.GET("/ip").
+				Expect().
+				Status(http.StatusOK)
+			client.GET("/notfound").
+				Expect().
+				Status(http.StatusNotFound)
+
+			s.DeleteResourceFromString(tlsRoute)
+			time.Sleep(5 * time.Second)
+
+			reporter := &scaffold.ErrorReporter{}
+			_ = client.GET("/ip").WithReporter(reporter).Expect()
+			Expect(reporter.Err().Error()).Should(ContainSubstring("EOF"), "should get EOF after deleting TLSRoute")
+		})
+	})
+})

test/e2e/scaffold/scaffold.go

@@ -31,7 +31,8 @@ import (
 	"github.com/gruntwork-io/terratest/modules/k8s"
 	"github.com/gruntwork-io/terratest/modules/testing"
 	. "github.com/onsi/ginkgo/v2" //nolint:staticcheck
-	. "github.com/onsi/gomega"    //nolint:staticcheck
+	ginkgo "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega" //nolint:staticcheck
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
@@ -80,6 +81,7 @@ type Tunnels struct {
 	HTTP  *k8s.Tunnel
 	HTTPS *k8s.Tunnel
 	TCP   *k8s.Tunnel
+	TLS   *k8s.Tunnel
 }
 
 func (t *Tunnels) Close() {
@@ -95,6 +97,10 @@ func (t *Tunnels) Close() {
 		t.safeClose(t.TCP.Close)
 		t.TCP = nil
 	}
+	if t.TLS != nil {
+		t.safeClose(t.TLS.Close)
+		t.TLS = nil
+	}
 }
 
 func (t *Tunnels) safeClose(close func()) {
@@ -274,6 +280,31 @@ func (s *Scaffold) NewAPISIXClientWithTCPProxy() *httpexpect.Expect {
 	})
 }
 
+func (s *Scaffold) NewAPISIXClientWithTLSProxy(host string) *httpexpect.Expect {
+	u := url.URL{
+		Scheme: apiv2.SchemeHTTPS,
+		Host:   s.apisixTunnels.TLS.Endpoint(),
+	}
+	return httpexpect.WithConfig(httpexpect.Config{
+		BaseURL: u.String(),
+		Client: &http.Client{
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{
+					// accept any certificate; for testing only!
+					InsecureSkipVerify: true,
+					ServerName:         host,
+				},
+			},
+			CheckRedirect: func(req *http.Request, via []*http.Request) error {
+				return http.ErrUseLastResponse
+			},
+		},
+		Reporter: httpexpect.NewAssertReporter(
+			httpexpect.NewAssertReporter(ginkgo.GinkgoT()),
+		),
+	})
+}
+
 func (s *Scaffold) DefaultDataplaneResource() DataplaneResource {
 	return s.Deployer.DefaultDataplaneResource()
 }
@@ -359,6 +390,7 @@ func (s *Scaffold) createDataplaneTunnels(
 		httpPort  int
 		httpsPort int
 		tcpPort   int
+		tlsPort   int
 	)
 
 	for _, port := range svc.Spec.Ports {
@@ -369,6 +401,8 @@ func (s *Scaffold) createDataplaneTunnels(
 			httpsPort = int(port.Port)
 		case apiv2.SchemeTCP:
 			tcpPort = int(port.Port)
+		case apiv2.SchemeTLS:
+			tlsPort = int(port.Port)
 		}
 	}
 
@@ -381,6 +415,8 @@ func (s *Scaffold) createDataplaneTunnels(
 		0, httpsPort)
 	tcpTunnel := k8s.NewTunnel(kubectlOpts, k8s.ResourceTypeService, serviceName,
 		0, tcpPort)
+	tlsTunnel := k8s.NewTunnel(kubectlOpts, k8s.ResourceTypeService, serviceName,
+		0, tlsPort)
 
 	if err := httpTunnel.ForwardPortE(s.t); err != nil {
 		return nil, err
@@ -396,6 +432,10 @@ func (s *Scaffold) createDataplaneTunnels(
 		return nil, err
 	}
 	tunnels.TCP = tcpTunnel
+	if err := tlsTunnel.ForwardPortE(s.t); err != nil {
+		return nil, err
+	}
+	tunnels.TLS = tlsTunnel
 
 	return tunnels, nil
 }