Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix OPA tests #588

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix OPA tests #588

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion testsuite/tests/conftest.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ def cfssl(testconfig, skip_or_fail):
return client


@pytest.fixture(scope="module")
@pytest.fixture(scope="session")
def mockserver(testconfig, skip_or_fail):
"""Returns mockserver"""
try:
Expand Down
41 changes: 0 additions & 41 deletions ...s/singlecluster/authorino/authorization/opa/external_registry/test_auto_refresh_policy.py
View file
Open in desktop

This file was deleted.

47 changes: 47 additions & 0 deletions testsuite/tests/singlecluster/authorino/authorization/opa/external_registry/test_cache.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
"""
Tests for Open Policy Agent (OPA) policy pulled from external registry.
Registry is represented by Mockserver Expectation that returns Rego query.
"""

from time import sleep

import pytest

from testsuite.utils import rego_allow_header


pytestmark = [pytest.mark.authorino]


KEY = "test-key"
VALUE = "test-value"


@pytest.fixture(scope="function", autouse=True)
def reset_expectation(mockserver, module_label):
"""Updates Expectation with updated header"""
mockserver.create_response_expectation(module_label, rego_allow_header(KEY, VALUE))
sleep(2) # waits for cache to reset because of ttl=1


def test_caching(client, auth, mockserver, blame, module_label):
"""Tests that external policy is cached"""
response = client.get("/get", auth=auth, headers={KEY: VALUE})
assert response.status_code == 200

mockserver.create_response_expectation(module_label, rego_allow_header(blame(KEY), blame(VALUE)))

response = client.get("/get", auth=auth, headers={KEY: VALUE})
assert response.status_code == 200


def test_cache_refresh(client, auth, mockserver, blame, module_label):
"""Tests that policy is pull again from external registry after ttl expiration"""
response = client.get("/get", auth=auth, headers={KEY: VALUE})
assert response.status_code == 200

mockserver.create_response_expectation(module_label, rego_allow_header(blame(KEY), blame(VALUE)))
sleep(2)

response = client.get("/get", auth=auth, headers={KEY: VALUE})
assert response.status_code == 403
2 changes: 1 addition & 1 deletion testsuite/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ def cert_builder(

def rego_allow_header(key, value):
"""Rego query that allows all requests that contain specific header with`key` and `value`"""
return f'allow {{ input.context.request.http.headers.{key} == "{value}" }}'
return f'allow {{ input.context.request.http.headers["{key}"] == "{value}" }}'


def add_port(url_str: str, return_netloc=True) -> Union[ParseResult, str]:
Expand Down
Loading