@@ -266,7 +266,7 @@ func TestTLSRoutePassthroughReferenceGrant(t *testing.T) {
266266 t .Log ("verifying that the tcpecho is responding properly over TLS" )
267267 require .Eventually (t , func () bool {
268268 if err := tlsEchoResponds (proxyTLSURL , testUUID , tlsRouteHostname , certPool , true ); err != nil {
269- t .Logf ("failed accessing tcpecho at %s, err: %v" , proxyTLSURL , err )
269+ t .Logf ("failed accessing tcpecho by SNI %s at %s, err: %v" , tlsRouteHostname , proxyTLSURL , err )
270270 return false
271271 }
272272 return true
@@ -275,8 +275,8 @@ func TestTLSRoutePassthroughReferenceGrant(t *testing.T) {
275275 t .Log ("verifying that the tcpecho route can also serve certificates permitted by a ReferenceGrant with a named To" )
276276 require .Eventually (t , func () bool {
277277 if err := tlsEchoResponds (proxyTLSURL , testUUID2 , tlsRouteExtraHostname , certPool , true ); err != nil {
278- t .Logf ("failed accessing tcpecho at %s, err: %v" , proxyTLSURL , err )
279- return true
278+ t .Logf ("failed accessing tcpecho by SNI %s at %s, err: %v" , tlsRouteExtraHostname , proxyTLSURL , err )
279+ return false
280280 }
281281 return true
282282 }, ingressWait , waitTick )
@@ -288,25 +288,31 @@ func TestTLSRoutePassthroughReferenceGrant(t *testing.T) {
288288 require .NoError (t , err )
289289
290290 require .Eventually (t , func () bool {
291- return tlsEchoResponds (proxyTLSURL , testUUID2 , tlsRouteExtraHostname , certPool , true ) != nil
291+ if err := tlsEchoResponds (proxyTLSURL , testUUID2 , tlsRouteExtraHostname , certPool , true ); err != nil {
292+ t .Logf ("failed accessing tcpecho by SNI %s at %s as expected, err: %v" , tlsRouteExtraHostname , proxyTLSURL , err )
293+ return true
294+ }
295+ t .Logf ("Still can access tcpecho by SNI %s at %s" , tlsRouteExtraHostname , proxyTLSURL )
296+ return false
292297 }, ingressWait , waitTick )
293298
294299 t .Log ("verifying that a Listener has the invalid ref status condition" )
295- gateway , err = gatewayClient .GatewayV1 ().Gateways (ns .Name ).Get (ctx , gateway .Name , metav1.GetOptions {})
296- require .NoError (t , err )
297- invalid := false
298- for _ , status := range gateway .Status .Listeners {
299- if ok := util .CheckCondition (
300- status .Conditions ,
301- util .ConditionType (gatewayapi .ListenerConditionResolvedRefs ),
302- util .ConditionReason (gatewayapi .ListenerReasonRefNotPermitted ),
303- metav1 .ConditionFalse ,
304- gateway .Generation ,
305- ); ok {
306- invalid = true
300+ require .Eventually (t , func () bool {
301+ gateway , err = gatewayClient .GatewayV1 ().Gateways (ns .Name ).Get (ctx , gateway .Name , metav1.GetOptions {})
302+ require .NoError (t , err )
303+ for _ , status := range gateway .Status .Listeners {
304+ if ok := util .CheckCondition (
305+ status .Conditions ,
306+ util .ConditionType (gatewayapi .ListenerConditionResolvedRefs ),
307+ util .ConditionReason (gatewayapi .ListenerReasonRefNotPermitted ),
308+ metav1 .ConditionFalse ,
309+ gateway .Generation ,
310+ ); ok {
311+ return true
312+ }
307313 }
308- }
309- require . True ( t , invalid )
314+ return false
315+ }, ingressWait , waitTick )
310316
311317 t .Log ("verifying the certificate returns when using a ReferenceGrant with no name restrictions" )
312318 grant .Spec .To [0 ].Name = nil
0 commit comments