Merge pull request #77 from mkudlej/raw_http

Add raw http test with response with adding extra header

testsuite/openshift/objects/auth_config.py

@@ -153,5 +153,6 @@ def add_opa_policy(self, name, rego_policy):
 
     @modify
     def add_response(self, response):
-        """Add response to AuthConfig"""
-        self.model["spec"]["response"] = [response]
+        """Adds response section to authconfig."""
+        responses = self.model.spec.setdefault("response", [])
+        responses.append(response)

testsuite/openshift/types/routes.py

@@ -8,12 +8,14 @@ class Routes(RemoteMapping):
     def __init__(self, client) -> None:
         super().__init__(client, "route")
 
-    def expose(self, name, service, hostname=None):
+    def expose(self, name, service, hostname=None, port=None):
         """Expose containers internally as services or externally via routes.
         Returns requested route in yaml format.
         """
         extra_args = []
         if hostname is not None:
             extra_args.append(f"--hostname={hostname}")
+        if port is not None:
+            extra_args.append(f"--port={port}")
         return self._client.do_action("expose", "service", f"--name={name}", "-o", "json",
                                       service, *extra_args, parse_output=True)

testsuite/tests/kuadrant/authorino/operator/http/conftest.py

@@ -0,0 +1,37 @@
+"""Conftest for all tests requiring custom deployment of Authorino"""
+import pytest
+
+from testsuite.objects import Authorization
+from testsuite.httpx import HttpxBackoffClient
+
+
+# pylint: disable=unused-argument
+@pytest.fixture(scope="module")
+def authorization(authorization, wildcard_domain, openshift, rhsso_service_info, module_label) -> Authorization:
+    """In case of Authorino, AuthConfig used for authorization"""
+    authorization.remove_all_hosts()
+    authorization.add_host(wildcard_domain)
+    resp = {'name': 'another-json-returned-in-a-header',
+            'wrapperKey': 'x-ext-auth-other-json',
+            'json': {'properties': [
+                {'name': 'propX', 'value': 'valueX'}
+            ]}}
+    authorization.add_response(response=resp)
+    return authorization
+
+
+@pytest.fixture(scope="module")
+def client(authorization, authorino_route):
+    """Returns httpx client to be used for requests, it also commits AuthConfig"""
+    client = HttpxBackoffClient(base_url=f"http://{authorino_route.model.spec.host}", verify=False)
+    yield client
+    client.close()
+
+
+@pytest.fixture(scope="module")
+def authorino_route(authorino, blame, openshift):
+    """Add route for authorino http port to be able to access it."""
+    route = openshift.routes.expose(blame('route'), f"{authorino.name()}-authorino-authorization",
+                                    port='http')
+    yield route
+    route.delete()

testsuite/tests/kuadrant/authorino/operator/http/test_raw_http.py

@@ -0,0 +1,20 @@
+"""
+Test raw http authorization interface.
+"""
+
+
+# pylint: disable=unused-argument
+def test_authorized_via_http(authorization, client, auth):
+    """Test raw http authentization with Keycloak."""
+    response = client.get("/check", auth=auth)
+    assert response.status_code == 200
+    assert response.text == ''
+    assert response.headers.get('x-ext-auth-other-json', '') == '{"propX":"valueX"}'
+
+
+# pylint: disable=unused-argument
+def test_unauthorized_via_http(authorization, client):
+    """Test raw http authentization with unauthorized request."""
+    response = client.get("/check")
+    assert response.status_code == 401
+    assert response.text == ''