diff --git a/testsuite/mockserver.py b/testsuite/mockserver.py index 65c9c905..72c5d65c 100644 --- a/testsuite/mockserver.py +++ b/testsuite/mockserver.py @@ -27,7 +27,7 @@ def create_expectation(self, expectation_id, path, opa_policy): } ) response.raise_for_status() - return response + return self.url + path def clear_expectation(self, expectation_id): """Clears Expectation with specific ID""" diff --git a/testsuite/tests/conftest.py b/testsuite/tests/conftest.py index 06e74c54..cef20c49 100644 --- a/testsuite/tests/conftest.py +++ b/testsuite/tests/conftest.py @@ -4,8 +4,10 @@ from urllib.parse import urlparse import pytest +from dynaconf import ValidationError from keycloak import KeycloakAuthenticationError +from testsuite.mockserver import Mockserver from testsuite.oidc import OIDCProvider from testsuite.config import settings from testsuite.oidc.auth0 import Auth0Provider @@ -82,6 +84,16 @@ def auth0(testconfig): return pytest.skip(f"Auth0 configuration item is missing: {exc}") +@pytest.fixture(scope="module") +def mockserver(testconfig): + """Returns mockserver""" + try: + testconfig.validators.validate(only=["mockserver"]) + return Mockserver(testconfig["mockserver"]["url"]) + except (KeyError, ValidationError) as exc: + return pytest.skip(f"Mockserver configuration item is missing: {exc}") + + @pytest.fixture(scope="session") def oidc_provider(rhsso) -> OIDCProvider: """Fixture which enables switching out OIDC providers for individual modules""" diff --git a/testsuite/tests/kuadrant/authorino/authorization/opa/conftest.py b/testsuite/tests/kuadrant/authorino/authorization/opa/conftest.py deleted file mode 100644 index 496608ec..00000000 --- a/testsuite/tests/kuadrant/authorino/authorization/opa/conftest.py +++ /dev/null @@ -1,25 +0,0 @@ -"""Conftest for Open Policy Agent (OPA)""" -import pytest -from dynaconf import ValidationError - -from testsuite.mockserver import Mockserver -from testsuite.utils import rego_allow_header - - -@pytest.fixture(scope="module") -def header(): - """Header used by OPA policy""" - return "opa", "opa-test" - - -@pytest.fixture(scope="module") -def mockserver(request, testconfig, module_label, header): - """Returns mockserver and creates Expectation that returns Rego query""" - try: - testconfig.validators.validate(only=["mockserver"]) - mockserver = Mockserver(testconfig["mockserver"]["url"]) - request.addfinalizer(lambda: mockserver.clear_expectation(module_label)) - mockserver.create_expectation(module_label, "/opa", rego_allow_header(*header)) - return mockserver - except (KeyError, ValidationError) as exc: - return pytest.skip(f"Mockserver configuration item is missing: {exc}") diff --git a/testsuite/tests/kuadrant/authorino/authorization/opa/external_registry/__init__.py b/testsuite/tests/kuadrant/authorino/authorization/opa/external_registry/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/testsuite/tests/kuadrant/authorino/authorization/opa/external_registry/conftest.py b/testsuite/tests/kuadrant/authorino/authorization/opa/external_registry/conftest.py new file mode 100644 index 00000000..ad8b1eac --- /dev/null +++ b/testsuite/tests/kuadrant/authorino/authorization/opa/external_registry/conftest.py @@ -0,0 +1,27 @@ +"""Conftest for OPA policy located on external registry""" +import pytest + +from testsuite.utils import rego_allow_header + + +@pytest.fixture(scope="module") +def header(): + """Header used by OPA policy""" + return "opa", "opa-test" + + +@pytest.fixture(scope="module") +def opa_policy_expectation(request, mockserver, module_label, header): + """Creates Mockserver Expectation that returns Rego query and returns its endpoint""" + request.addfinalizer(lambda: mockserver.clear_expectation(module_label)) + return mockserver.create_expectation(module_label, f"/{module_label}/opa", rego_allow_header(*header)) + + +@pytest.fixture(scope="module") +def authorization(authorization, opa_policy_expectation): + """ + Adds OPA policy. Rego query is located on external registry (Mockserver). + Policy accepts requests that contain `header`. + """ + authorization.add_external_opa_policy("opa", opa_policy_expectation, 1) + return authorization diff --git a/testsuite/tests/kuadrant/authorino/authorization/opa/test_auto_refresh_policy.py b/testsuite/tests/kuadrant/authorino/authorization/opa/external_registry/test_auto_refresh_policy.py similarity index 73% rename from testsuite/tests/kuadrant/authorino/authorization/opa/test_auto_refresh_policy.py rename to testsuite/tests/kuadrant/authorino/authorization/opa/external_registry/test_auto_refresh_policy.py index ebb266e3..3cedc89e 100644 --- a/testsuite/tests/kuadrant/authorino/authorization/opa/test_auto_refresh_policy.py +++ b/testsuite/tests/kuadrant/authorino/authorization/opa/external_registry/test_auto_refresh_policy.py @@ -18,21 +18,11 @@ def updated_header(): @pytest.fixture(scope="module", autouse=True) def update_external_opa(mockserver, module_label, updated_header): """Updates Expectation with updated header""" - mockserver.create_expectation(module_label, "/opa", rego_allow_header(*updated_header)) + mockserver.create_expectation(module_label, f"/{module_label}/opa", rego_allow_header(*updated_header)) # Sleeps for 1 second to compensate auto-refresh cycle `authorization.opa.externalRegistry.ttl = 1` time.sleep(1) -@pytest.fixture(scope="module") -def authorization(authorization, mockserver): - """ - Adds OPA policy. Rego query is located on external registry (Mockserver). - Policy accepts requests that contain `header`. - """ - authorization.add_external_opa_policy("opa", mockserver.url + "/opa", 1) - return authorization - - def test_auto_refresh(client, auth, updated_header): """Tests auto-refresh of OPA policy from external registry.""" key, value = updated_header diff --git a/testsuite/tests/kuadrant/authorino/authorization/opa/test_external_registry.py b/testsuite/tests/kuadrant/authorino/authorization/opa/external_registry/test_external_registry.py similarity index 62% rename from testsuite/tests/kuadrant/authorino/authorization/opa/test_external_registry.py rename to testsuite/tests/kuadrant/authorino/authorization/opa/external_registry/test_external_registry.py index 76e86a2e..3acb8543 100644 --- a/testsuite/tests/kuadrant/authorino/authorization/opa/test_external_registry.py +++ b/testsuite/tests/kuadrant/authorino/authorization/opa/external_registry/test_external_registry.py @@ -1,17 +1,5 @@ """Tests for Open Policy Agent (OPA) using Mockserver Expectations as http endpoint with Rego query""" -import pytest - - -@pytest.fixture(scope="module") -def authorization(mockserver, authorization): - """ - Adds OPA policy. Rego query is located on external registry (Mockserver). - Policy accepts requests that contain `header`. - """ - authorization.add_external_opa_policy("opa", mockserver.url + "/opa") - return authorization - def test_allowed_by_opa(client, auth, header): """Tests a request that should be authorized by OPA external registry declaration""" diff --git a/testsuite/tests/kuadrant/authorino/authorization/opa/test_inline_rego.py b/testsuite/tests/kuadrant/authorino/authorization/opa/test_inline_rego.py index b241a78f..008caba6 100644 --- a/testsuite/tests/kuadrant/authorino/authorization/opa/test_inline_rego.py +++ b/testsuite/tests/kuadrant/authorino/authorization/opa/test_inline_rego.py @@ -4,6 +4,12 @@ from testsuite.utils import rego_allow_header +@pytest.fixture(scope="module") +def header(): + """Header used by OPA policy""" + return "opa", "opa-test" + + @pytest.fixture(scope="module") def authorization(authorization, header): """Adds OPA policy that accepts all requests that contain `header`"""