@@ -31,10 +31,12 @@ var (
3131 curlPodWithCerts = filepath .Join (fsutils .MustGetThisDir (), "testdata" , "curl-pod-with-certs.yaml" )
3232
3333 // client certificate paths inside the curl pod (for verify-certificate-hash tests)
34- clientCertPath8443 = "/etc/client-certs/client-8443.crt"
35- clientKeyPath8443 = "/etc/client-certs/client-8443.key"
36- clientCertPath9443 = "/etc/client-certs/client-9443.crt"
37- clientKeyPath9443 = "/etc/client-certs/client-9443.key"
34+ clientCertPath8443 = "/etc/client-certs/client-8443.crt"
35+ clientKeyPath8443 = "/etc/client-certs/client-8443.key"
36+ clientCertPath9443 = "/etc/client-certs/client-9443.crt"
37+ clientKeyPath9443 = "/etc/client-certs/client-9443.key"
38+ commonClientCertPath = "/etc/client-certs-frontend/tls.crt"
39+ commonClientKeyPath = "/etc/client-certs-frontend/tls.key"
3840
3941 // manifests for FrontendTLSConfig tests (TestFrontendTLSConfig)
4042 // Note: gatewayManifest and curlPodWithCerts are shared with verify-certificate-hash tests
@@ -334,7 +336,7 @@ func (s *testingSuite) TestFrontendTLSConfig() {
334336 // Should succeed with client cert on port 8445
335337 s .assertEventualCurlResponse (
336338 curl .WithPort (8445 ),
337- curl .WithClientCert ("/etc/client-certs-frontend/tls.crt" , "/etc/client-certs-frontend/tls.key" ),
339+ curl .WithClientCert (commonClientCertPath , commonClientKeyPath ),
338340 )
339341 })
340342
@@ -350,7 +352,7 @@ func (s *testingSuite) TestFrontendTLSConfig() {
350352 // Should succeed with client cert on port 8444
351353 s .assertEventualCurlResponse (
352354 curl .WithPort (8444 ),
353- curl .WithClientCert ("/etc/client-certs-frontend/tls.crt" , "/etc/client-certs-frontend/tls.key" ),
355+ curl .WithClientCert (commonClientCertPath , commonClientKeyPath ),
354356 )
355357 })
356358}
@@ -364,7 +366,7 @@ func (s *testingSuite) TestMultipleCACertificates() {
364366 // Port 8446 has multiple CA cert refs (ca-cert and ca-cert-2) for wildcard domain *.example.com
365367 // Client cert signed by ca-cert should be accepted
366368 curlOpts := append (commonCurlOptsForMTLS (wildcardHostname , 8446 ),
367- curl .WithClientCert ("/etc/client-certs-frontend/tls.crt" , "/etc/client-certs-frontend/tls.key" ))
369+ curl .WithClientCert (commonClientCertPath , commonClientKeyPath ))
368370 s .TestInstallation .Assertions .AssertEventualCurlResponse (
369371 s .Ctx ,
370372 testdefaults .CurlPodExecOpt ,
@@ -381,7 +383,7 @@ func (s *testingSuite) TestMultipleCACertificates() {
381383 // Port 8446 has multiple CA cert refs (ca-cert and ca-cert-2) for wildcard domain *.example.com
382384 // Client cert signed by ca-cert-2 should be accepted
383385 curlOpts := append (commonCurlOptsForMTLS (wildcardHostname , 8446 ),
384- curl .WithClientCert ("/etc/client-certs-2-frontend/tls.crt" , "/etc/client-certs-2-frontend/tls.key" ))
386+ curl .WithClientCert (commonClientCertPath , commonClientKeyPath ))
385387 s .TestInstallation .Assertions .AssertEventualCurlResponse (
386388 s .Ctx ,
387389 testdefaults .CurlPodExecOpt ,
@@ -397,7 +399,7 @@ func (s *testingSuite) TestMultipleCACertificates() {
397399 s .Run ("no client cert fails on wildcard domain" , func () {
398400 // Port 8446 requires client cert (AllowValidOnly mode) for wildcard domain *.example.com
399401 // Connection without client cert should fail
400- curlOpts := append ( commonCurlOptsForMTLS (wildcardHostname , 8446 ) )
402+ curlOpts := commonCurlOptsForMTLS (wildcardHostname , 8446 )
401403 s .TestInstallation .Assertions .AssertEventualCurlError (
402404 s .Ctx ,
403405 testdefaults .CurlPodExecOpt ,
0 commit comments