From 86e4d8fce04d3bfbc468a5ec751c2aaeb2e30546 Mon Sep 17 00:00:00 2001 From: emmaaroche Date: Tue, 21 Jan 2025 14:28:14 +0000 Subject: [PATCH] Test for changing targetRef field in policies (AuthPolicy and RateLimitPolicy) Signed-off-by: emmaaroche --- .../change_targetref/__init__.py | 0 .../change_targetref/conftest.py | 108 ++++++++++++++++++ .../test_update_authpolicy_target_ref.py | 39 +++++++ .../test_update_ratelimitpolicy_target_ref.py | 44 +++++++ 4 files changed, 191 insertions(+) create mode 100644 testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/__init__.py create mode 100644 testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/conftest.py create mode 100644 testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_authpolicy_target_ref.py create mode 100644 testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_ratelimitpolicy_target_ref.py diff --git a/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/__init__.py b/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/conftest.py b/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/conftest.py new file mode 100644 index 00000000..84af0d09 --- /dev/null +++ b/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/conftest.py @@ -0,0 +1,108 @@ +""" +Conftest for changing targetRef field in policies +""" + +import pytest + +from testsuite.gateway import GatewayRoute, GatewayListener, Hostname, Exposer +from testsuite.gateway.gateway_api.gateway import KuadrantGateway +from testsuite.gateway.gateway_api.hostname import DNSPolicyExposer +from testsuite.gateway.gateway_api.route import HTTPRoute +from testsuite.kuadrant.policy.dns import DNSPolicy + + +@pytest.fixture(scope="module") +def exposer2(request, cluster) -> Exposer: + """Second DNSPolicyExposer setup for Gateway 2""" + exposer = DNSPolicyExposer(cluster) + request.addfinalizer(exposer.delete) + exposer.commit() + return exposer + + +@pytest.fixture(scope="module") +def base_domain2(exposer2): + """Returns preconfigured base domain for the second Gateway""" + return exposer2.base_domain + + +@pytest.fixture(scope="module") +def wildcard_domain2(base_domain2): + """Wildcard domain for Gateway 2""" + return f"*.{base_domain2}" + + +@pytest.fixture(scope="module") +def gateway(request, cluster, blame, wildcard_domain, module_label): + """Create and configure Gateway 1""" + gw = KuadrantGateway.create_instance(cluster, blame("gw"), {"app": module_label}) + gw.add_listener(GatewayListener(hostname=wildcard_domain)) + request.addfinalizer(gw.delete) + gw.commit() + gw.wait_for_ready() + return gw + + +@pytest.fixture(scope="module") +def gateway2(request, cluster, blame, wildcard_domain2, module_label): + """Create and configure Gateway 2""" + gw = KuadrantGateway.create_instance(cluster, blame("gw2"), {"app": module_label}) + gw.add_listener(GatewayListener(hostname=wildcard_domain2)) + request.addfinalizer(gw.delete) + gw.commit() + gw.wait_for_ready() + return gw + + +@pytest.fixture(scope="module") +def hostname2(gateway2, exposer2, blame) -> Hostname: + """Expose Hostname for Gateway 2""" + hostname = exposer2.expose_hostname(blame("hostname2"), gateway2) + return hostname + + +@pytest.fixture(scope="module") +def route2(request, gateway2, blame, hostname2, module_label, backend) -> GatewayRoute: + """Create and configure Route 2""" + route = HTTPRoute.create_instance(gateway2.cluster, blame("route2"), gateway2, {"app": module_label}) + route.add_hostname(hostname2.hostname) + route.add_backend(backend) + request.addfinalizer(route.delete) + route.commit() + route.wait_for_ready() + return route + + +@pytest.fixture(scope="module") +def client2(route2, hostname2): # pylint: disable=unused-argument + """Returns httpx client for Gateway 2""" + client = hostname2.client() + yield client + client.close() + + +@pytest.fixture(scope="module") +def dns_policy2(blame, gateway2, module_label, dns_provider_secret, request): + """DNSPolicy fixture for Gateway 2""" + policy = DNSPolicy.create_instance( + gateway2.cluster, blame("dns2"), gateway2, dns_provider_secret, labels={"app": module_label} + ) + request.addfinalizer(policy.delete) + policy.commit() + policy.wait_for_ready() + return policy + + +@pytest.fixture(scope="session") +def change_target_ref(): + """Function that changes targetRef of given policy""" + + def _change_targetref(policy, gateway): + def _apply_target_ref(apiobj): + apiobj.model.spec.targetRef = gateway.reference + return True + + policy.modify_and_apply(_apply_target_ref) + policy.wait_for_ready() + + return _change_targetref diff --git a/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_authpolicy_target_ref.py b/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_authpolicy_target_ref.py new file mode 100644 index 00000000..ffa5ce44 --- /dev/null +++ b/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_authpolicy_target_ref.py @@ -0,0 +1,39 @@ +""" +Test for changing targetRef field in AuthPolicy +""" + +import pytest + +from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy + +pytestmark = [pytest.mark.kuadrant_only, pytest.mark.dnspolicy] + + +@pytest.fixture(scope="module") +def authorization(oidc_provider, gateway, cluster, blame, module_label, route): # pylint: disable=unused-argument + """Overwrite the authorization fixture and attach it to the gateway""" + policy = AuthPolicy.create_instance(cluster, blame("authz"), gateway, labels={"testRun": module_label}) + policy.identity.add_oidc("default", oidc_provider.well_known["issuer"]) + return policy + + +def test_update_auth_policy_target_ref( + gateway2, authorization, client, client2, auth, dns_policy, dns_policy2, change_target_ref +): # pylint: disable=unused-argument + """Test updating the targetRef of an AuthPolicy from Gateway 1 to Gateway 2""" + response = client.get("/get", auth=auth) + assert response.status_code == 200 + + response = client.get("/get") + assert response.status_code == 401 + + response = client2.get("/get") + assert response.status_code == 200 + + change_target_ref(authorization, gateway2) + + response = client2.get("/get", auth=auth) + assert response.status_code == 200 + + response = client2.get("/get") + assert response.status_code == 401 diff --git a/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_ratelimitpolicy_target_ref.py b/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_ratelimitpolicy_target_ref.py new file mode 100644 index 00000000..30e05379 --- /dev/null +++ b/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_ratelimitpolicy_target_ref.py @@ -0,0 +1,44 @@ +""" +Test for changing targetRef field in RateLimitPolicy +""" + +import pytest + +from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy + +pytestmark = [pytest.mark.kuadrant_only, pytest.mark.dnspolicy] + + +@pytest.fixture(scope="module") +def authorization(): + """ + Override the authorization fixture to prevent the creation of an AuthPolicy. + This ensures no authentication is enforced during the test + """ + return None + + +@pytest.fixture(scope="module") +def rate_limit(cluster, blame, module_label, gateway, route): # pylint: disable=unused-argument + """RateLimitPolicy for testing""" + policy = RateLimitPolicy.create_instance(cluster, blame("limit"), gateway, labels={"testRun": module_label}) + policy.add_limit("basic", [Limit(2, "10s")]) + return policy + + +def test_update_ratelimit_policy_target_ref( + gateway2, rate_limit, client, client2, dns_policy, dns_policy2, change_target_ref +): # pylint: disable=unused-argument + """Test updating the targetRef of a RateLimitPolicy from Gateway 1 to Gateway 2""" + responses = client.get_many("/get", 2) + responses.assert_all(status_code=200) + assert client.get("/get").status_code == 429 + + responses = client2.get_many("/get", 3) + responses.assert_all(status_code=200) + + change_target_ref(rate_limit, gateway2) + + responses = client2.get_many("/get", 2) + responses.assert_all(status_code=200) + assert client2.get("/get").status_code == 429