update after review

Signed-off-by: Tero Saarni <[email protected]>
projectcontour · Jan 19, 2024 · e0938e2 · e0938e2
1 parent 6773a1a
commit e0938e2
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 25 deletions.
diff --git a/internal/featuretests/v3/backendcavalidation_test.go b/internal/featuretests/v3/backendcavalidation_test.go
@@ -112,13 +112,15 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) {
 		TypeUrl: listenerType,
 	})
 
-	// assert that the cluster now has a certificate and subject name.
-	c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{
+	expectedResponse := &envoy_discovery_v3.DiscoveryResponse{
 		Resources: resources(t,
-			tlsCluster(cluster("default/kuard/443/c6ccd34de5", "default/kuard/securebackend", "default_kuard_443"), []byte(featuretests.CERTIFICATE), "subjname", "", nil, nil),
+			tlsCluster(cluster("default/kuard/443/c6ccd34de5", "default/kuard/securebackend", "default_kuard_443"), caSecret.Data[dag.CACertificateKey], "subjname", "", nil, nil),
 		),
 		TypeUrl: clusterType,
-	})
+	}
+
+	// assert that the cluster now has a certificate and subject name.
+	c.Request(clusterType).Equals(expectedResponse)
 
 	// Contour does not use SDS to transmit the CA for upstream validation, issue 1405,
 	// assert that SDS is empty.
@@ -160,12 +162,7 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) {
 	})
 
 	// assert that the cluster now has a certificate and subject name.
-	c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{
-		Resources: resources(t,
-			tlsCluster(cluster("default/kuard/443/c6ccd34de5", "default/kuard/securebackend", "default_kuard_443"), []byte(featuretests.CERTIFICATE), "subjname", "", nil, nil),
-		),
-		TypeUrl: clusterType,
-	})
+	c.Request(clusterType).Equals(expectedResponse)
 
 	// Contour does not use SDS to transmit the CA for upstream validation, issue 1405,
 	// assert that SDS is empty.
@@ -210,10 +207,5 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) {
 		})
 	rh.OnAdd(tcpproxy)
 
-	c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{
-		Resources: resources(t,
-			tlsCluster(cluster("default/kuard/443/c6ccd34de5", "default/kuard/securebackend", "default_kuard_443"), []byte(featuretests.CERTIFICATE), "subjname", "", nil, nil),
-		),
-		TypeUrl: clusterType,
-	})
+	c.Request(clusterType).Equals(expectedResponse)
 }
diff --git a/internal/featuretests/v3/backendclientauth_test.go b/internal/featuretests/v3/backendclientauth_test.go
@@ -119,12 +119,14 @@ func TestBackendClientAuthenticationWithHTTPProxy(t *testing.T) {
 		})
 	rh.OnAdd(proxy)
 
-	c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{
+	expectedResponse := &envoy_discovery_v3.DiscoveryResponse{
 		Resources: resources(t,
-			tlsCluster(cluster("default/backend/443/950c17581f", "default/backend/http", "default_backend_443"), []byte(featuretests.CERTIFICATE), "subjname", "", sec1, nil),
+			tlsCluster(cluster("default/backend/443/950c17581f", "default/backend/http", "default_backend_443"), sec2.Data[dag.CACertificateKey], "subjname", "", sec1, nil),
 		),
 		TypeUrl: clusterType,
-	})
+	}
+
+	c.Request(clusterType).Equals(expectedResponse)
 
 	rh.OnDelete(proxy)
 
@@ -150,12 +152,7 @@ func TestBackendClientAuthenticationWithHTTPProxy(t *testing.T) {
 		})
 	rh.OnAdd(tcpproxy)
 
-	c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{
-		Resources: resources(t,
-			tlsCluster(cluster("default/backend/443/950c17581f", "default/backend/http", "default_backend_443"), []byte(featuretests.CERTIFICATE), "subjname", "", sec1, nil),
-		),
-		TypeUrl: clusterType,
-	})
+	c.Request(clusterType).Equals(expectedResponse)
 
 	// Test the error branch when Envoy client certificate secret does not exist.
 	rh.OnDelete(sec1)