@@ -3,11 +3,12 @@ package ingress
33import (
44 "context"
55 "encoding/json"
6- ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types"
7- elbv2types "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types"
86 "testing"
97 "time"
108
9+ ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types"
10+ elbv2types "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types"
11+
1112 awssdk "github.com/aws/aws-sdk-go-v2/aws"
1213 jsonpatch "github.com/evanphx/json-patch"
1314 "github.com/go-logr/logr"
@@ -2141,6 +2142,109 @@ func Test_defaultModelBuilder_Build(t *testing.T) {
21412142 "80:3": null
21422143 }
21432144 }
2145+ }` ,
2146+ },
2147+ {
2148+ name : "Ingress - wafv2AclArn in IngressClassParams" ,
2149+ env : env {
2150+ svcs : []* corev1.Service {ns_1_svc_1 , ns_1_svc_2 , ns_1_svc_3 },
2151+ },
2152+ fields : fields {
2153+ resolveViaDiscoveryCalls : []resolveViaDiscoveryCall {resolveViaDiscoveryCallForInternalLB },
2154+ listLoadBalancersCalls : []listLoadBalancersCall {listLoadBalancerCallForEmptyLB },
2155+ enableBackendSG : true ,
2156+ },
2157+ args : args {
2158+ ingGroup : Group {
2159+ ID : GroupID {Namespace : "ns-1" , Name : "ing-1" },
2160+ Members : []ClassifiedIngress {
2161+ {
2162+ IngClassConfig : ClassConfiguration {
2163+ IngClassParams : & v1beta1.IngressClassParams {
2164+ Spec : v1beta1.IngressClassParamsSpec {
2165+ WAFv2ACLArn : "alb.ingress.kubernetes.io/wafv2-acl-arn: arn:aws:wafv2:us-west-2:xxxxx:regional/webacl/xxxxxxx/3ab78708-85b0-49d3-b4e1-7a9615a6613b" ,
2166+ },
2167+ },
2168+ },
2169+ Ing : & networking.Ingress {ObjectMeta : metav1.ObjectMeta {
2170+ Namespace : "ns-1" ,
2171+ Name : "ing-1" ,
2172+ },
2173+ Spec : networking.IngressSpec {
2174+ Rules : []networking.IngressRule {
2175+ {
2176+ Host : "app-1.example.com" ,
2177+ IngressRuleValue : networking.IngressRuleValue {
2178+ HTTP : & networking.HTTPIngressRuleValue {
2179+ Paths : []networking.HTTPIngressPath {
2180+ {
2181+ Path : "/svc-1" ,
2182+ Backend : networking.IngressBackend {
2183+ Service : & networking.IngressServiceBackend {
2184+ Name : ns_1_svc_1 .Name ,
2185+ Port : networking.ServiceBackendPort {
2186+ Name : "http" ,
2187+ },
2188+ },
2189+ },
2190+ },
2191+ {
2192+ Path : "/svc-2" ,
2193+ Backend : networking.IngressBackend {
2194+ Service : & networking.IngressServiceBackend {
2195+ Name : ns_1_svc_2 .Name ,
2196+ Port : networking.ServiceBackendPort {
2197+ Name : "http" ,
2198+ },
2199+ },
2200+ },
2201+ },
2202+ },
2203+ },
2204+ },
2205+ },
2206+ {
2207+ Host : "app-2.example.com" ,
2208+ IngressRuleValue : networking.IngressRuleValue {
2209+ HTTP : & networking.HTTPIngressRuleValue {
2210+ Paths : []networking.HTTPIngressPath {
2211+ {
2212+ Path : "/svc-3" ,
2213+ Backend : networking.IngressBackend {
2214+ Service : & networking.IngressServiceBackend {
2215+ Name : ns_1_svc_3 .Name ,
2216+ Port : networking.ServiceBackendPort {
2217+ Name : "https" ,
2218+ },
2219+ },
2220+ },
2221+ },
2222+ },
2223+ },
2224+ },
2225+ },
2226+ },
2227+ },
2228+ },
2229+ },
2230+ },
2231+ },
2232+ },
2233+ wantStackPatch : `
2234+ {
2235+ "id":"ns-1/ing-1",
2236+ "resources":{
2237+ "AWS::WAFv2::WebACLAssociation":{
2238+ "LoadBalancer":{
2239+ "spec":{
2240+ "resourceARN":{
2241+ "$ref":"#/resources/AWS::ElasticLoadBalancingV2::LoadBalancer/LoadBalancer/status/loadBalancerARN"
2242+ },
2243+ "webACLARN":"alb.ingress.kubernetes.io/wafv2-acl-arn: arn:aws:wafv2:us-west-2:xxxxx:regional/webacl/xxxxxxx/3ab78708-85b0-49d3-b4e1-7a9615a6613b"
2244+ }
2245+ }
2246+ }
2247+ }
21442248}` ,
21452249 },
21462250 {
0 commit comments