simplify BackendTLSPolicy test infrastructure and remove unnecessary code #4016
Conversation
…code Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
k8s-ci-robot
added
release-note-none
k8s-ci-robot
added
the
size/L
snorwin
changed the title
|
In case that #3983 is merged before this PR, the changes here will also need to be applied to the |
|
@shaneutt, it would be great if we could get this merged before the code freeze. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: kl52752, snorwin The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
k8s-ci-robot
added
the
do-not-merge/hold
| "github.com/stretchr/testify/require" | ||
| ) | ||
|
|
||
| func Test_generateCACert(t *testing.T) { |
There was a problem hiding this comment.
why remove the test? we still have the generateCACert helper function right? I mean, was this test failing or is this test not being useful?
There was a problem hiding this comment.
It was only for testing that the CA certificate contained the specified hostnames, which does not make sense.
What type of PR is this?
/kind test
/area conformance-machinery
What this PR does / why we need it:
This PR simplifies the test infrastructure for BackendTLSPolicy by reusing the existing
backend-tlsDeployment instead of creating a separate backend. In addition, it fixes the CA certificate creation process as a CA certificates typically do not contain hostnames and following best practices, the CA certificate private key is now omitted from the ConfigMap.The refactoring was validated by re-running the BackendTLSPolicy tests against Envoy Gateway and Airlock Microgateway, all of which passed successfully.
Which issue(s) this PR fixes:
Fixes #3934
Does this PR introduce a user-facing change?: