From 60c0cf538681940d71fda9f8e89a82a21cd8f54d Mon Sep 17 00:00:00 2001 From: Martin Kudlej Date: Fri, 2 Sep 2022 10:08:08 +0200 Subject: [PATCH 1/2] add raw http test with response with adding extra header --- testsuite/openshift/objects/auth_config.py | 5 ++- .../authorino/operator/http/__init__.py | 0 .../authorino/operator/http/conftest.py | 38 +++++++++++++++++++ .../authorino/operator/http/test_raw_http.py | 20 ++++++++++ 4 files changed, 61 insertions(+), 2 deletions(-) create mode 100644 testsuite/tests/kuadrant/authorino/operator/http/__init__.py create mode 100644 testsuite/tests/kuadrant/authorino/operator/http/conftest.py create mode 100644 testsuite/tests/kuadrant/authorino/operator/http/test_raw_http.py diff --git a/testsuite/openshift/objects/auth_config.py b/testsuite/openshift/objects/auth_config.py index f04dfe84..af2f1982 100644 --- a/testsuite/openshift/objects/auth_config.py +++ b/testsuite/openshift/objects/auth_config.py @@ -153,5 +153,6 @@ def add_opa_policy(self, name, rego_policy): @modify def add_response(self, response): - """Add response to AuthConfig""" - self.model["spec"]["response"] = [response] + """Adds response section to authconfig.""" + responses = self.model.spec.setdefault("response", []) + responses.append(response) diff --git a/testsuite/tests/kuadrant/authorino/operator/http/__init__.py b/testsuite/tests/kuadrant/authorino/operator/http/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/testsuite/tests/kuadrant/authorino/operator/http/conftest.py b/testsuite/tests/kuadrant/authorino/operator/http/conftest.py new file mode 100644 index 00000000..4e34f092 --- /dev/null +++ b/testsuite/tests/kuadrant/authorino/operator/http/conftest.py @@ -0,0 +1,38 @@ +"""Conftest for all tests requiring custom deployment of Authorino""" +import pytest + +from testsuite.objects import Authorization +from testsuite.httpx import HttpxBackoffClient + + +# pylint: disable=unused-argument +@pytest.fixture(scope="module") +def authorization(authorization, wildcard_domain, blame, openshift, rhsso_service_info, module_label) -> Authorization: + """In case of Authorino, AuthConfig used for authorization""" + authorization.remove_all_hosts() + authorization.add_host(wildcard_domain) + resp = {'name': 'another-json-returned-in-a-header', + 'wrapperKey': 'x-ext-auth-other-json', + 'json': {'properties': [ + {'name': 'propX', 'value': 'valueX'} + ]}} + authorization.add_response(response=resp) + return authorization + + +@pytest.fixture(scope="module") +def client_http_auth(authorization, authorino_route): + """Returns httpx client to be used for requests, it also commits AuthConfig""" + client = HttpxBackoffClient(base_url=f"http://{authorino_route.model.spec.host}", verify=False) + yield client + client.close() + + +@pytest.fixture(scope="module") +def authorino_route(authorino, blame, openshift): + """Add route for authorino http port to be able to access it.""" + name = f"route-{authorino.name()}" + route = openshift.routes.expose(name, f"{authorino.name()}-authorino-authorization", + port='http') + yield route + route.delete() diff --git a/testsuite/tests/kuadrant/authorino/operator/http/test_raw_http.py b/testsuite/tests/kuadrant/authorino/operator/http/test_raw_http.py new file mode 100644 index 00000000..ac199505 --- /dev/null +++ b/testsuite/tests/kuadrant/authorino/operator/http/test_raw_http.py @@ -0,0 +1,20 @@ +""" +Test raw http authorization interface. +""" + + +# pylint: disable=unused-argument +def test_authorized_via_http(authorization, client_http_auth, auth): + """Test raw http authentization with Keycloak.""" + response = client_http_auth.request("GET", "/check", auth=auth) + assert response.status_code == 200 + assert response.text == '' + assert response.headers.get('x-ext-auth-other-json', '') == '{"propX":"valueX"}' + + +# pylint: disable=unused-argument +def test_unauthorized_via_http(authorization, client_http_auth): + """Test raw http authentization with unauthorized request.""" + response = client_http_auth.request("GET", "/check") + assert response.status_code == 401 + assert response.text == '' From c56217863a090feb641bbb5d0a9db83a15c95bfa Mon Sep 17 00:00:00 2001 From: Martin Kudlej Date: Wed, 7 Sep 2022 15:10:23 +0200 Subject: [PATCH 2/2] add port parameter to openshift.types.routes --- testsuite/openshift/types/routes.py | 4 +++- .../tests/kuadrant/authorino/operator/http/conftest.py | 7 +++---- .../kuadrant/authorino/operator/http/test_raw_http.py | 8 ++++---- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/testsuite/openshift/types/routes.py b/testsuite/openshift/types/routes.py index 041c6e06..f3407791 100644 --- a/testsuite/openshift/types/routes.py +++ b/testsuite/openshift/types/routes.py @@ -8,12 +8,14 @@ class Routes(RemoteMapping): def __init__(self, client) -> None: super().__init__(client, "route") - def expose(self, name, service, hostname=None): + def expose(self, name, service, hostname=None, port=None): """Expose containers internally as services or externally via routes. Returns requested route in yaml format. """ extra_args = [] if hostname is not None: extra_args.append(f"--hostname={hostname}") + if port is not None: + extra_args.append(f"--port={port}") return self._client.do_action("expose", "service", f"--name={name}", "-o", "json", service, *extra_args, parse_output=True) diff --git a/testsuite/tests/kuadrant/authorino/operator/http/conftest.py b/testsuite/tests/kuadrant/authorino/operator/http/conftest.py index 4e34f092..e6fc1eb5 100644 --- a/testsuite/tests/kuadrant/authorino/operator/http/conftest.py +++ b/testsuite/tests/kuadrant/authorino/operator/http/conftest.py @@ -7,7 +7,7 @@ # pylint: disable=unused-argument @pytest.fixture(scope="module") -def authorization(authorization, wildcard_domain, blame, openshift, rhsso_service_info, module_label) -> Authorization: +def authorization(authorization, wildcard_domain, openshift, rhsso_service_info, module_label) -> Authorization: """In case of Authorino, AuthConfig used for authorization""" authorization.remove_all_hosts() authorization.add_host(wildcard_domain) @@ -21,7 +21,7 @@ def authorization(authorization, wildcard_domain, blame, openshift, rhsso_servic @pytest.fixture(scope="module") -def client_http_auth(authorization, authorino_route): +def client(authorization, authorino_route): """Returns httpx client to be used for requests, it also commits AuthConfig""" client = HttpxBackoffClient(base_url=f"http://{authorino_route.model.spec.host}", verify=False) yield client @@ -31,8 +31,7 @@ def client_http_auth(authorization, authorino_route): @pytest.fixture(scope="module") def authorino_route(authorino, blame, openshift): """Add route for authorino http port to be able to access it.""" - name = f"route-{authorino.name()}" - route = openshift.routes.expose(name, f"{authorino.name()}-authorino-authorization", + route = openshift.routes.expose(blame('route'), f"{authorino.name()}-authorino-authorization", port='http') yield route route.delete() diff --git a/testsuite/tests/kuadrant/authorino/operator/http/test_raw_http.py b/testsuite/tests/kuadrant/authorino/operator/http/test_raw_http.py index ac199505..355eabbc 100644 --- a/testsuite/tests/kuadrant/authorino/operator/http/test_raw_http.py +++ b/testsuite/tests/kuadrant/authorino/operator/http/test_raw_http.py @@ -4,17 +4,17 @@ # pylint: disable=unused-argument -def test_authorized_via_http(authorization, client_http_auth, auth): +def test_authorized_via_http(authorization, client, auth): """Test raw http authentization with Keycloak.""" - response = client_http_auth.request("GET", "/check", auth=auth) + response = client.get("/check", auth=auth) assert response.status_code == 200 assert response.text == '' assert response.headers.get('x-ext-auth-other-json', '') == '{"propX":"valueX"}' # pylint: disable=unused-argument -def test_unauthorized_via_http(authorization, client_http_auth): +def test_unauthorized_via_http(authorization, client): """Test raw http authentization with unauthorized request.""" - response = client_http_auth.request("GET", "/check") + response = client.get("/check") assert response.status_code == 401 assert response.text == ''