diff --git a/testsuite/objects/__init__.py b/testsuite/objects/__init__.py index 58dc4a69..d2172062 100644 --- a/testsuite/objects/__init__.py +++ b/testsuite/objects/__init__.py @@ -60,6 +60,10 @@ def remove_all_hosts(self): def add_opa_policy(self, name, rego_policy): """Adds OPA inline Rego policy""" + @abc.abstractmethod + def add_response(self, response): + """Add response to AuthConfig""" + class PreexistingAuthorino(Authorino): """Authorino which is already deployed prior to the testrun""" diff --git a/testsuite/openshift/objects/auth_config.py b/testsuite/openshift/objects/auth_config.py index 1568c2e3..2e565cc0 100644 --- a/testsuite/openshift/objects/auth_config.py +++ b/testsuite/openshift/objects/auth_config.py @@ -118,3 +118,8 @@ def add_opa_policy(self, name, rego_policy): "inlineRego": rego_policy } }) + + @modify + def add_response(self, response): + """Add response to AuthConfig""" + self.model["spec"]["response"] = [response] diff --git a/testsuite/tests/kuadrant/authorino/operator/clusterwide/test_wildcard_collision.py b/testsuite/tests/kuadrant/authorino/operator/clusterwide/test_wildcard_collision.py new file mode 100644 index 00000000..f57e7304 --- /dev/null +++ b/testsuite/tests/kuadrant/authorino/operator/clusterwide/test_wildcard_collision.py @@ -0,0 +1,48 @@ +""" +Test for wildcard collisions with clusterwide authorino +""" + +import pytest + +from testsuite.openshift.objects.auth_config import AuthConfig + + +# pylint: disable = unused-argument +@pytest.fixture(scope="module") +def authorization(authorino, blame, openshift, module_label, envoy, wildcard_domain): + """In case of Authorino, AuthConfig used for authorization""" + auth = AuthConfig.create_instance(openshift, blame("ac"), wildcard_domain, labels={"testRun": module_label}) + auth.add_response({"name": "header", "json": {"properties": [{"name": "anything", "value": "one"}]}}) + return auth + + +# pylint: disable = unused-argument +@pytest.fixture(scope="module") +def authorization2(authorino, blame, openshift2, module_label, envoy, wildcard_domain): + """In case of Authorino, AuthConfig used for authorization""" + auth = AuthConfig.create_instance(openshift2, blame("ac"), wildcard_domain, labels={"testRun": module_label}) + auth.add_response({"name": "header", "json": {"properties": [{"name": "anything", "value": "two"}]}}) + return auth + + +@pytest.mark.parametrize(("client_fixture", "auth_fixture", "hosts"), [ + pytest.param("client", "authorization", "wildcard_domain", id="First namespace"), + pytest.param("client2", "authorization2", [], id="Second namespace"), +]) +def test_wildcard_collision(client_fixture, auth_fixture, hosts, request): + """ + Preparation: + - Create AuthConfig with host set to wildcard_domain + - Create AuthConfig with host set to wildcard_domain in another project + Test: + - Send request to authorino + - Assert that the correct AuthConfig was used + """ + if hosts: + hosts = [request.getfixturevalue(hosts)] + client = request.getfixturevalue(client_fixture) + response = client.get("/get") + assert response.status_code == 200 + assert response.json()["headers"]["Header"] == '{"anything":"one"}' + authorization = request.getfixturevalue(auth_fixture) + assert authorization.model.status.summary.hostsReady == hosts diff --git a/testsuite/tests/kuadrant/authorino/operator/conftest.py b/testsuite/tests/kuadrant/authorino/operator/conftest.py index 37a16186..3b9adb52 100644 --- a/testsuite/tests/kuadrant/authorino/operator/conftest.py +++ b/testsuite/tests/kuadrant/authorino/operator/conftest.py @@ -1,4 +1,6 @@ """Conftest for all tests requiring custom deployment of Authorino""" +from urllib.parse import urlparse + import pytest from weakget import weakget @@ -37,3 +39,12 @@ def authorino(openshift, blame, request, testconfig, cluster_wide, module_label, authorino.commit() authorino.wait_for_ready() return authorino + + +@pytest.fixture(scope="session") +def wildcard_domain(openshift): + """ + Wildcard domain of openshift cluster + """ + hostname = urlparse(openshift.api_url).hostname + return "*.apps." + hostname.split(".", 1)[1] diff --git a/testsuite/tests/kuadrant/authorino/operator/test_wildcard.py b/testsuite/tests/kuadrant/authorino/operator/test_wildcard.py new file mode 100644 index 00000000..e20f1557 --- /dev/null +++ b/testsuite/tests/kuadrant/authorino/operator/test_wildcard.py @@ -0,0 +1,25 @@ +""" +Test for wildcard host +""" +import pytest + +from testsuite.openshift.objects.auth_config import AuthConfig + + +# pylint: disable = unused-argument +@pytest.fixture(scope="module") +def authorization(authorino, blame, openshift, module_label): + """In case of Authorino, AuthConfig used for authorization""" + return AuthConfig.create_instance(openshift, blame("ac"), "*.redhat.com", labels={"testRun": module_label}) + + +def test_wildcard(client): + """ + Preparation: + - Create AuthConfig with host set to `*.redhat.com` + Test: + - Send request to authorino + - Assert that request was successful + """ + response = client.get("/get") + assert response.status_code == 200 diff --git a/testsuite/tests/kuadrant/authorino/operator/tls/conftest.py b/testsuite/tests/kuadrant/authorino/operator/tls/conftest.py index b2fccb06..b2e75bca 100644 --- a/testsuite/tests/kuadrant/authorino/operator/tls/conftest.py +++ b/testsuite/tests/kuadrant/authorino/operator/tls/conftest.py @@ -1,5 +1,4 @@ """Conftest for all TLS-enabled tests""" -from urllib.parse import urlparse import pytest @@ -46,16 +45,6 @@ def cfssl(testconfig): return client -@pytest.fixture(scope="session") -def wildcard_domain(openshift): - """ - Hostname of the upstream certificate sent to be validated by APIcast - May be overwritten to configure different test cases - """ - hostname = urlparse(openshift.api_url).hostname - return "*.apps." + hostname.split(".", 1)[1] - - @pytest.fixture(scope="session") def authorino_domain(openshift): """