diff --git a/pkg/apis/serving/v1/route_lifecycle.go b/pkg/apis/serving/v1/route_lifecycle.go index 4b67a2b9efcf..29f611a33dac 100644 --- a/pkg/apis/serving/v1/route_lifecycle.go +++ b/pkg/apis/serving/v1/route_lifecycle.go @@ -29,6 +29,7 @@ import ( var routeCondSet = apis.NewLivingConditionSet( RouteConditionAllTrafficAssigned, RouteConditionIngressReady, + RouteConditionCertificateProvisioned, ) // GetGroupVersionKind returns the GroupVersionKind. @@ -99,43 +100,41 @@ func (rs *RouteStatus) MarkMissingTrafficTarget(kind, name string) { } func (rs *RouteStatus) MarkCertificateProvisionFailed(name string) { - routeCondSet.Manage(rs).SetCondition(apis.Condition{ - Type: RouteConditionCertificateProvisioned, - Status: corev1.ConditionFalse, - Severity: apis.ConditionSeverityWarning, - Reason: "CertificateProvisionFailed", - Message: fmt.Sprintf("Certificate %s fails to be provisioned.", name), - }) + routeCondSet.Manage(rs).MarkFalse(RouteConditionCertificateProvisioned, + "CertificateProvisionFailed", + "Certificate %s fails to be provisioned.", name) } func (rs *RouteStatus) MarkCertificateReady(name string) { - routeCondSet.Manage(rs).SetCondition(apis.Condition{ - Type: RouteConditionCertificateProvisioned, - Status: corev1.ConditionTrue, - Severity: apis.ConditionSeverityWarning, - Reason: "CertificateReady", - Message: fmt.Sprintf("Certificate %s is successfully provisioned", name), - }) + routeCondSet.Manage(rs).MarkTrue(RouteConditionCertificateProvisioned) } func (rs *RouteStatus) MarkCertificateNotReady(name string) { - routeCondSet.Manage(rs).SetCondition(apis.Condition{ - Type: RouteConditionCertificateProvisioned, - Status: corev1.ConditionUnknown, - Severity: apis.ConditionSeverityWarning, - Reason: "CertificateNotReady", - Message: fmt.Sprintf("Certificate %s is not ready.", name), - }) + routeCondSet.Manage(rs).MarkUnknown(RouteConditionCertificateProvisioned, + "CertificateNotReady", + "Certificate %s is not ready.", name) } func (rs *RouteStatus) MarkCertificateNotOwned(name string) { - routeCondSet.Manage(rs).SetCondition(apis.Condition{ - Type: RouteConditionCertificateProvisioned, - Status: corev1.ConditionFalse, - Severity: apis.ConditionSeverityWarning, - Reason: "CertificateNotOwned", - Message: fmt.Sprintf("There is an existing certificate %s that we don't own.", name), - }) + routeCondSet.Manage(rs).MarkFalse(RouteConditionCertificateProvisioned, + "CertificateNotOwned", + "There is an existing certificate %s that we don't own.", name) +} + +// MarkAutoTLSNotEnabled sets RouteConditionCertificateProvisioned to true when +// certificate config such as autoTLS is not enabled. +func (rs *RouteStatus) MarkAutoTLSNotEnabled() { + routeCondSet.Manage(rs).MarkTrueWithReason(RouteConditionCertificateProvisioned, + "AutoTLSNotEnabled", + "autoTLS is not enabled") +} + +// MarkHTTPDowngrade sets RouteConditionCertificateProvisioned to true when plain +// HTTP is enabled even when Certificated is not ready. +func (rs *RouteStatus) MarkHTTPDowngrade(name string) { + routeCondSet.Manage(rs).MarkTrueWithReason(RouteConditionCertificateProvisioned, + "HTTPDowngrade", + "Certificate %s is not ready downgrade HTTP.", name) } // PropagateIngressStatus update RouteConditionIngressReady condition diff --git a/pkg/apis/serving/v1/route_lifecycle_test.go b/pkg/apis/serving/v1/route_lifecycle_test.go index 3b16f5559a00..ef2710a67102 100644 --- a/pkg/apis/serving/v1/route_lifecycle_test.go +++ b/pkg/apis/serving/v1/route_lifecycle_test.go @@ -168,6 +168,7 @@ func TestTypicalRouteFlow(t *testing.T) { apistest.CheckConditionOngoing(r, RouteConditionReady, t) r.MarkTrafficAssigned() + r.MarkAutoTLSNotEnabled() apistest.CheckConditionSucceeded(r, RouteConditionAllTrafficAssigned, t) apistest.CheckConditionOngoing(r, RouteConditionIngressReady, t) apistest.CheckConditionOngoing(r, RouteConditionReady, t) @@ -281,6 +282,7 @@ func TestIngressFailureRecovery(t *testing.T) { apistest.CheckConditionOngoing(r, RouteConditionReady, t) r.MarkTrafficAssigned() + r.MarkAutoTLSNotEnabled() r.PropagateIngressStatus(netv1alpha1.IngressStatus{ Status: duckv1.Status{ Conditions: duckv1.Conditions{{ @@ -372,6 +374,22 @@ func TestRouteNotOwnCertificate(t *testing.T) { apistest.CheckConditionFailed(r, RouteConditionCertificateProvisioned, t) } +func TestRouteAutoTLSNotEnabled(t *testing.T) { + r := &RouteStatus{} + r.InitializeConditions() + r.MarkAutoTLSNotEnabled() + + apistest.CheckConditionSucceeded(r, RouteConditionCertificateProvisioned, t) +} + +func TestRouteHTTPDowngrade(t *testing.T) { + r := &RouteStatus{} + r.InitializeConditions() + r.MarkHTTPDowngrade("cert") + + apistest.CheckConditionSucceeded(r, RouteConditionCertificateProvisioned, t) +} + func TestIngressNotConfigured(t *testing.T) { r := &RouteStatus{} r.InitializeConditions() diff --git a/pkg/apis/serving/v1alpha1/route_lifecycle.go b/pkg/apis/serving/v1alpha1/route_lifecycle.go index 017e6dc42995..523187d49dd4 100644 --- a/pkg/apis/serving/v1alpha1/route_lifecycle.go +++ b/pkg/apis/serving/v1alpha1/route_lifecycle.go @@ -29,6 +29,7 @@ import ( var routeCondSet = apis.NewLivingConditionSet( RouteConditionAllTrafficAssigned, RouteConditionIngressReady, + RouteConditionCertificateProvisioned, ) func (r *Route) GetGroupVersionKind() schema.GroupVersionKind { @@ -112,43 +113,41 @@ func (rs *RouteStatus) MarkMissingTrafficTarget(kind, name string) { } func (rs *RouteStatus) MarkCertificateProvisionFailed(name string) { - routeCondSet.Manage(rs).SetCondition(apis.Condition{ - Type: RouteConditionCertificateProvisioned, - Status: corev1.ConditionFalse, - Severity: apis.ConditionSeverityWarning, - Reason: "CertificateProvisionFailed", - Message: fmt.Sprintf("Certificate %s fails to be provisioned.", name), - }) + routeCondSet.Manage(rs).MarkFalse(RouteConditionCertificateProvisioned, + "CertificateProvisionFailed", + "Certificate %s fails to be provisioned.", name) } func (rs *RouteStatus) MarkCertificateReady(name string) { - routeCondSet.Manage(rs).SetCondition(apis.Condition{ - Type: RouteConditionCertificateProvisioned, - Status: corev1.ConditionTrue, - Severity: apis.ConditionSeverityWarning, - Reason: "CertificateReady", - Message: fmt.Sprintf("Certificate %s is successfully provisioned", name), - }) + routeCondSet.Manage(rs).MarkTrue(RouteConditionCertificateProvisioned) } func (rs *RouteStatus) MarkCertificateNotReady(name string) { - routeCondSet.Manage(rs).SetCondition(apis.Condition{ - Type: RouteConditionCertificateProvisioned, - Status: corev1.ConditionUnknown, - Severity: apis.ConditionSeverityWarning, - Reason: "CertificateNotReady", - Message: fmt.Sprintf("Certificate %s is not ready.", name), - }) + routeCondSet.Manage(rs).MarkUnknown(RouteConditionCertificateProvisioned, + "CertificateNotReady", + "Certificate %s is not ready.", name) } func (rs *RouteStatus) MarkCertificateNotOwned(name string) { - routeCondSet.Manage(rs).SetCondition(apis.Condition{ - Type: RouteConditionCertificateProvisioned, - Status: corev1.ConditionFalse, - Severity: apis.ConditionSeverityWarning, - Reason: "CertificateNotOwned", - Message: fmt.Sprintf("There is an existing certificate %s that we don't own.", name), - }) + routeCondSet.Manage(rs).MarkFalse(RouteConditionCertificateProvisioned, + "CertificateNotOwned", + "There is an existing certificate %s that we don't own.", name) +} + +// MarkAutoTLSNotEnabled sets RouteConditionCertificateProvisioned to true when +// certificate config such as autoTLS is not enabled. +func (rs *RouteStatus) MarkAutoTLSNotEnabled() { + routeCondSet.Manage(rs).MarkTrueWithReason(RouteConditionCertificateProvisioned, + "AutoTLSNotEnabled", + "autoTLS is not enabled") +} + +// MarkHTTPDowngrade sets RouteConditionCertificateProvisioned to true when plain +// HTTP is enabled even when Certificated is not ready. +func (rs *RouteStatus) MarkHTTPDowngrade(name string) { + routeCondSet.Manage(rs).MarkTrueWithReason(RouteConditionCertificateProvisioned, + "HTTPDowngrade", + "Certificate %s is not ready downgrade HTTP.", name) } // PropagateIngressStatus update RouteConditionIngressReady condition diff --git a/pkg/apis/serving/v1alpha1/route_lifecycle_test.go b/pkg/apis/serving/v1alpha1/route_lifecycle_test.go index 04dec0bf6ac4..b1685869efe6 100644 --- a/pkg/apis/serving/v1alpha1/route_lifecycle_test.go +++ b/pkg/apis/serving/v1alpha1/route_lifecycle_test.go @@ -160,6 +160,7 @@ func TestTypicalRouteFlow(t *testing.T) { apistest.CheckConditionOngoing(r, RouteConditionReady, t) r.MarkTrafficAssigned() + r.MarkAutoTLSNotEnabled() apistest.CheckConditionSucceeded(r, RouteConditionAllTrafficAssigned, t) apistest.CheckConditionOngoing(r, RouteConditionIngressReady, t) apistest.CheckConditionOngoing(r, RouteConditionReady, t) @@ -273,6 +274,7 @@ func TestIngressFailureRecovery(t *testing.T) { apistest.CheckConditionOngoing(r, RouteConditionReady, t) r.MarkTrafficAssigned() + r.MarkAutoTLSNotEnabled() r.PropagateIngressStatus(netv1alpha1.IngressStatus{ Status: duckv1.Status{ Conditions: duckv1.Conditions{{ @@ -376,6 +378,22 @@ func TestRouteNotOwnCertificate(t *testing.T) { apistest.CheckConditionFailed(r, RouteConditionCertificateProvisioned, t) } +func TestRouteAutoTLSNotEnabled(t *testing.T) { + r := &RouteStatus{} + r.InitializeConditions() + r.MarkAutoTLSNotEnabled() + + apistest.CheckConditionSucceeded(r, RouteConditionCertificateProvisioned, t) +} + +func TestRouteHTTPDowngrade(t *testing.T) { + r := &RouteStatus{} + r.InitializeConditions() + r.MarkHTTPDowngrade("cert") + + apistest.CheckConditionSucceeded(r, RouteConditionCertificateProvisioned, t) +} + func TestIngressNotConfigured(t *testing.T) { r := &RouteStatus{} r.InitializeConditions() diff --git a/pkg/reconciler/route/route.go b/pkg/reconciler/route/route.go index 0de403c2ba70..145677f1d096 100644 --- a/pkg/reconciler/route/route.go +++ b/pkg/reconciler/route/route.go @@ -189,6 +189,7 @@ func (c *Reconciler) reconcileIngressResources(ctx context.Context, r *v1.Route, func (c *Reconciler) tls(ctx context.Context, host string, r *v1.Route, traffic *traffic.Config) ([]netv1alpha1.IngressTLS, []netv1alpha1.HTTP01Challenge, error) { tls := []netv1alpha1.IngressTLS{} if !config.FromContext(ctx).Network.AutoTLS { + r.Status.MarkAutoTLSNotEnabled() return tls, nil, nil } domainToTagMap, err := domains.GetAllDomainsAndTags(ctx, r, getTrafficNames(traffic.Targets), traffic.Visibility) @@ -248,7 +249,7 @@ func (c *Reconciler) tls(ctx context.Context, host string, r *v1.Route, traffic } else { acmeChallenges = append(acmeChallenges, cert.Status.HTTP01Challenges...) r.Status.MarkCertificateNotReady(cert.Name) - // When httpProtocol is enabled, downward http scheme. + // When httpProtocol is enabled, downgrade http scheme. if config.FromContext(ctx).Network.HTTPProtocol == network.HTTPEnabled { if dnsNames.Has(host) { r.Status.URL = &apis.URL{ @@ -257,6 +258,7 @@ func (c *Reconciler) tls(ctx context.Context, host string, r *v1.Route, traffic } } setTargetsScheme(&r.Status, dnsNames.List(), "http") + r.Status.MarkHTTPDowngrade(cert.Name) } } } diff --git a/pkg/reconciler/route/table_test.go b/pkg/reconciler/route/table_test.go index 7d366145431a..dd7e21152f39 100644 --- a/pkg/reconciler/route/table_test.go +++ b/pkg/reconciler/route/table_test.go @@ -157,7 +157,7 @@ func TestReconcile(t *testing.T) { Object: Route("default", "becomes-ready", WithConfigTarget("config"), WithRouteUID("12-34"), // Populated by reconciliation when all traffic has been assigned. - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressNotConfigured, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -204,7 +204,7 @@ func TestReconcile(t *testing.T) { Object: Route("default", "ingress-failed", WithConfigTarget("config"), WithRouteUID("12-34"), // Populated by reconciliation when all traffic has been assigned. - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, WithInitRouteConditions, MarkTrafficAssigned, WithStatusTraffic( v1.TrafficTarget{ @@ -255,7 +255,7 @@ func TestReconcile(t *testing.T) { Object: Route("default", "becomes-ready", WithConfigTarget("config"), WithRouteUID("12-34"), WithIngressClass("custom-ingress-class"), // Populated by reconciliation when all traffic has been assigned. - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressNotConfigured, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -312,7 +312,7 @@ func TestReconcile(t *testing.T) { Object: Route("default", "becomes-ready", WithConfigTarget("config"), WithRouteUID("65-23"), // Populated by reconciliation when all traffic has been assigned. - WithLocalDomain, WithAddress, WithInitRouteConditions, + WithLocalDomain, WithAddress, WithRouteConditionsAutoTLSDisabled, WithRouteLabel(map[string]string{"serving.knative.dev/visibility": "cluster-local"}), MarkTrafficAssigned, MarkIngressNotConfigured, WithStatusTraffic( v1.TrafficTarget{ @@ -358,7 +358,7 @@ func TestReconcile(t *testing.T) { WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ Object: Route("default", "becomes-ready", WithConfigTarget("config"), // Populated by reconciliation when the route becomes ready. - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -448,7 +448,7 @@ func TestReconcile(t *testing.T) { Object: Route("default", "ingress-create-failure", WithConfigTarget("config"), WithRouteFinalizer, // Populated by reconciliation when we fail to create the ingress. - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -466,7 +466,7 @@ func TestReconcile(t *testing.T) { Name: "steady state", Objects: []runtime.Object{ Route("default", "steady-state", WithConfigTarget("config"), - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ @@ -503,7 +503,7 @@ func TestReconcile(t *testing.T) { WantErr: true, Objects: []runtime.Object{ Route("default", "unhappy-owner", WithConfigTarget("config"), - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -520,7 +520,7 @@ func TestReconcile(t *testing.T) { }, WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ Object: Route("default", "unhappy-owner", WithConfigTarget("config"), - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -542,7 +542,7 @@ func TestReconcile(t *testing.T) { Objects: []runtime.Object{ Route("default", "different-domain", WithConfigTarget("config"), WithAnotherDomain, WithAddress, - WithInitRouteConditions, MarkTrafficAssigned, MarkIngressReady, + WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -604,7 +604,7 @@ func TestReconcile(t *testing.T) { Name: "new latest created revision", Objects: []runtime.Object{ Route("default", "new-latest-created", WithConfigTarget("config"), - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -642,7 +642,7 @@ func TestReconcile(t *testing.T) { Name: "new latest ready revision", Objects: []runtime.Object{ Route("default", "new-latest-ready", WithConfigTarget("config"), - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -695,7 +695,7 @@ func TestReconcile(t *testing.T) { }}, WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ Object: Route("default", "new-latest-ready", WithConfigTarget("config"), - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00002", @@ -760,7 +760,7 @@ func TestReconcile(t *testing.T) { Object: Route("default", "becomes-local", WithConfigTarget("config"), WithRouteUID("65-23"), MarkTrafficAssigned, MarkIngressNotConfigured, - WithLocalDomain, WithAddress, WithInitRouteConditions, + WithLocalDomain, WithAddress, WithRouteConditionsAutoTLSDisabled, WithRouteLabel(map[string]string{"serving.knative.dev/visibility": "cluster-local"}), WithStatusTraffic( v1.TrafficTarget{ @@ -824,7 +824,7 @@ func TestReconcile(t *testing.T) { Object: Route("default", "becomes-public", WithConfigTarget("config"), WithRouteUID("65-23"), MarkTrafficAssigned, MarkIngressNotConfigured, - WithAddress, WithInitRouteConditions, WithURL, + WithAddress, WithRouteConditionsAutoTLSDisabled, WithURL, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -842,7 +842,7 @@ func TestReconcile(t *testing.T) { }, Objects: []runtime.Object{ Route("default", "update-ci-failure", WithConfigTarget("config"), - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -894,7 +894,7 @@ func TestReconcile(t *testing.T) { }}, WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ Object: Route("default", "update-ci-failure", WithConfigTarget("config"), - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00002", @@ -910,7 +910,7 @@ func TestReconcile(t *testing.T) { Name: "reconcile service mutation", Objects: []runtime.Object{ Route("default", "svc-mutation", WithConfigTarget("config"), - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -954,7 +954,7 @@ func TestReconcile(t *testing.T) { }, Objects: []runtime.Object{ Route("default", "svc-mutation", WithConfigTarget("config"), WithRouteFinalizer, - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -999,7 +999,7 @@ func TestReconcile(t *testing.T) { Name: "drop cluster ip", Objects: []runtime.Object{ Route("default", "cluster-ip", WithConfigTarget("config"), WithRouteFinalizer, - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -1039,7 +1039,7 @@ func TestReconcile(t *testing.T) { Name: "fix external name", Objects: []runtime.Object{ Route("default", "external-name", WithConfigTarget("config"), WithRouteFinalizer, - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -1078,7 +1078,7 @@ func TestReconcile(t *testing.T) { Name: "reconcile ingress mutation", Objects: []runtime.Object{ Route("default", "ingress-mutation", WithConfigTarget("config"), WithRouteFinalizer, - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -1133,7 +1133,7 @@ func TestReconcile(t *testing.T) { Objects: []runtime.Object{ // The status reflects "oldconfig", but the spec "newconfig". Route("default", "change-configs", WithConfigTarget("newconfig"), WithRouteFinalizer, - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "oldconfig-00001", @@ -1189,7 +1189,7 @@ func TestReconcile(t *testing.T) { WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ // Status updated to "newconfig" Object: Route("default", "change-configs", WithConfigTarget("newconfig"), - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "newconfig-00001", @@ -1270,7 +1270,7 @@ func TestReconcile(t *testing.T) { Object: Route("default", "pinned-becomes-ready", // Use the Revision name from the config WithRevTarget("config-00001"), WithRouteFinalizer, - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -1352,7 +1352,7 @@ func TestReconcile(t *testing.T) { ConfigurationName: "green", Percent: ptr.Int64(50), }), WithRouteUID("34-78"), - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressNotConfigured, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "blue-00001", @@ -1489,7 +1489,7 @@ func TestReconcile(t *testing.T) { RevisionName: "gray-00001", Percent: ptr.Int64(50), }), WithRouteUID("1-2"), WithRouteFinalizer, - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressNotConfigured, WithStatusTraffic( v1.TrafficTarget{ Tag: "gray", @@ -1524,7 +1524,7 @@ func TestReconcile(t *testing.T) { // Start from a steady state referencing "blue", and modify the route spec to point to "green" instead. Objects: []runtime.Object{ Route("default", "switch-configs", WithConfigTarget("green"), - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithStatusTraffic( v1.TrafficTarget{ Tag: "blue", @@ -1579,7 +1579,7 @@ func TestReconcile(t *testing.T) { }}, WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ Object: Route("default", "switch-configs", WithConfigTarget("green"), - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "green-00001", @@ -1642,7 +1642,7 @@ func TestReconcile(t *testing.T) { Name: "Update stale lastPinned", Objects: []runtime.Object{ Route("default", "stale-lastpinned", WithConfigTarget("config"), - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -1682,7 +1682,7 @@ func TestReconcile(t *testing.T) { Name: "check that we can find the ingress with old naming", Objects: []runtime.Object{ Route("default", "old-naming", WithConfigTarget("config"), WithRouteFinalizer, - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -1718,7 +1718,7 @@ func TestReconcile(t *testing.T) { Name: "deletes service when route no longer references service", Objects: []runtime.Object{ Route("default", "my-route", WithConfigTarget("config"), - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ @@ -1923,13 +1923,13 @@ func TestReconcile_EnableAutoTLS(t *testing.T) { Object: Route("default", "becomes-ready", WithConfigTarget("config"), WithRouteUID("12-34"), // Populated by reconciliation when all traffic has been assigned. - WithURL, WithAddress, WithInitRouteConditions, + WithURL, WithAddress, WithInitRouteConditions, WithRouteConditionsHTTPDowngrade, MarkTrafficAssigned, MarkIngressNotConfigured, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", Percent: ptr.Int64(100), LatestRevision: ptr.Bool(true), - }), MarkCertificateNotReady), + })), }}, WantEvents: []string{ Eventf(corev1.EventTypeNormal, "Created", "Created placeholder service %q", "becomes-ready"), @@ -2157,17 +2157,16 @@ func TestReconcile_EnableAutoTLS(t *testing.T) { WithRouteUID("12-34"), // Populated by reconciliation when all traffic has been assigned. WithAddress, WithInitRouteConditions, + // The certificate has to be created in the not ready state for the ACME challenge + // ingress rules to be added. MarkTrafficAssigned, MarkIngressNotConfigured, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", Percent: ptr.Int64(100), LatestRevision: ptr.Bool(true), }), - // The certificate has to be created in the not ready state for the ACME challenge - // ingress rules to be added. - MarkCertificateNotReady, // Which also means no HTTPS URL - WithURL, + WithURL, WithRouteConditionsHTTPDowngrade, ), }}, Key: "default/becomes-ready", @@ -2279,13 +2278,13 @@ func TestReconcile_EnableAutoTLS(t *testing.T) { Object: Route("default", "becomes-ready", WithConfigTarget("config"), WithRouteUID("12-34"), // Populated by reconciliation when all traffic has been assigned. - WithAddress, WithInitRouteConditions, + WithAddress, WithRouteConditionsHTTPDowngrade, MarkTrafficAssigned, MarkIngressNotConfigured, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", Percent: ptr.Int64(100), LatestRevision: ptr.Bool(true), - }), MarkCertificateNotReady, MarkIngressNotConfigured, + }), MarkIngressNotConfigured, // The certificate is not ready. So we want to have HTTP URL. WithURL), }}, diff --git a/pkg/testing/v1/route.go b/pkg/testing/v1/route.go index 186f6d8804ae..c990d3d60ab3 100644 --- a/pkg/testing/v1/route.go +++ b/pkg/testing/v1/route.go @@ -159,6 +159,18 @@ func WithInitRouteConditions(rt *v1.Route) { rt.Status.InitializeConditions() } +// WithRouteConditionsAutoTLSDisabled calls MarkAutoTLSNotEnabled after initialized the Service's conditions. +func WithRouteConditionsAutoTLSDisabled(rt *v1.Route) { + rt.Status.InitializeConditions() + rt.Status.MarkAutoTLSNotEnabled() +} + +// WithRouteConditionsHTTPDowngrade calls MarkHTTPDowngrade after initialized the Service's conditions. +func WithRouteConditionsHTTPDowngrade(rt *v1.Route) { + rt.Status.InitializeConditions() + rt.Status.MarkHTTPDowngrade(routenames.Certificate(rt)) +} + // MarkTrafficAssigned calls the method of the same name on .Status func MarkTrafficAssigned(r *v1.Route) { r.Status.MarkTrafficAssigned()