Skip to content

Commit

Permalink
fix: flaky secrets tests, reduced number of k3s starts
Browse files Browse the repository at this point in the history
  • Loading branch information
benoitgravitee authored and phiz71 committed Jan 6, 2025
1 parent a1be60c commit 5472dab
Show file tree
Hide file tree
Showing 3 changed files with 167 additions and 271 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -52,10 +52,9 @@
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.DisplayNameGeneration;
import org.junit.jupiter.api.DisplayNameGenerator;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.testcontainers.k3s.K3sContainer;

Expand All @@ -64,133 +63,107 @@
* @author GraviteeSource Team
*/
@DisplayNameGeneration(DisplayNameGenerator.ReplaceUnderscores.class)
public class KubernetesHttpProxyHeaderSecretTest {
@GatewayTest
class KubernetesHttpProxyHeaderSecretTest extends AbstractGatewayTest {

abstract static class AbstractKubernetesApiTest extends AbstractGatewayTest {
static Path kubeConfigFile;
static K3sContainer k3sServer;
final String apiKey = UUID.randomUUID().toString();

Path kubeConfigFile;
K3sContainer k3sServer;

@AfterEach
void cleanup() throws IOException {
k3sServer.close();
Files.delete(kubeConfigFile);
}

@Override
public void configureGateway(GatewayConfigurationBuilder configurationBuilder) {
try {
kubeConfigFile =
Files.createTempDirectory(KubernetesHttpProxyHeaderSecretTest.class.getSimpleName()).resolve("kube_config.yml");
configurationBuilder.setYamlProperty("api.secrets.providers[0].plugin", "kubernetes");
configurationBuilder.setYamlProperty("api.secrets.providers[0].configuration.enabled", true);
configurationBuilder.setYamlProperty("api.secrets.providers[0].configuration.kubeConfigFile", kubeConfigFile.toString());

setupAdditionalProperties(configurationBuilder);
} catch (IOException e) {
throw new RuntimeException(e);
}
}

@Override
public void configureEntrypoints(Map<String, EntrypointConnectorPlugin<?, ?>> entrypoints) {
entrypoints.putIfAbsent("http-proxy", EntrypointBuilder.build("http-proxy", HttpProxyEntrypointConnectorFactory.class));
}

@Override
public void configureEndpoints(Map<String, EndpointConnectorPlugin<?, ?>> endpoints) {
endpoints.putIfAbsent("http-proxy", EndpointBuilder.build("http-proxy", HttpProxyEndpointConnectorFactory.class));
}

@Override
public void configureSecretProviders(
Set<SecretProviderPlugin<? extends SecretProviderFactory<?>, ? extends SecretManagerConfiguration>> secretProviderPlugins
) throws Exception {
secretProviderPlugins.add(
SecretProviderBuilder.build(KubernetesSecretProvider.PLUGIN_ID, KubernetesSecretProviderFactory.class, K8sConfig.class)
);
startK3s();
createSecrets();
}

@Override
public void configureServices(Set<Class<? extends AbstractService<?>>> services) {
super.configureServices(services);
services.add(SecretsService.class);
}

abstract void createSecrets() throws IOException, InterruptedException;
@AfterAll
static void cleanup() throws IOException {
k3sServer.close();
Files.delete(kubeConfigFile);
}

final void startK3s() throws IOException {
// not call by JUnit, as needs to be started before API is deployed
static void startK3s() throws IOException {
if (k3sServer == null) {
k3sServer = KubernetesHelper.getK3sServer();
k3sServer.start();
// write config so the secret provider can pick it up
Files.writeString(kubeConfigFile, k3sServer.getKubeConfigYaml());
}

protected void setupAdditionalProperties(GatewayConfigurationBuilder configurationBuilder) {
// no op by default
}
}

abstract static class AbstractApiKeyStaticSecretRefTest extends AbstractKubernetesApiTest {

protected final String apiKey = UUID.randomUUID().toString();
@Override
public void configureSecretProviders(
Set<SecretProviderPlugin<? extends SecretProviderFactory<?>, ? extends SecretManagerConfiguration>> secretProviderPlugins
) throws Exception {
secretProviderPlugins.add(
SecretProviderBuilder.build(KubernetesSecretProvider.PLUGIN_ID, KubernetesSecretProviderFactory.class, K8sConfig.class)
);
startK3s();
createSecrets();
}

@Override
void createSecrets() throws IOException, InterruptedException {
KubernetesHelper.createSecret(k3sServer, "default", "test", Map.of("api-key", this.apiKey));
@Override
public void configureGateway(GatewayConfigurationBuilder configurationBuilder) {
try {
kubeConfigFile =
Files.createTempDirectory(KubernetesHttpProxyHeaderSecretTest.class.getSimpleName()).resolve("kube_config.yml");
configurationBuilder.setYamlProperty("api.secrets.providers[0].plugin", "kubernetes");
configurationBuilder.setYamlProperty("api.secrets.providers[0].configuration.enabled", true);
configurationBuilder.setYamlProperty("api.secrets.providers[0].configuration.kubeConfigFile", kubeConfigFile.toString());
} catch (IOException e) {
throw new RuntimeException(e);
}
}

protected void callAndAssert(HttpClient httpClient) {
wiremock.stubFor(get("/endpoint").willReturn(ok("response from backend")));

httpClient
.rxRequest(HttpMethod.GET, "/test")
.flatMap(HttpClientRequest::rxSend)
.flatMap(response -> {
// just asserting we get a response (hence no SSL errors), no need for an API.
assertThat(response.statusCode()).isEqualTo(200);
return response.body();
})
.test()
.awaitDone(10, TimeUnit.SECONDS)
.assertComplete();

wiremock.verify(1, getRequestedFor(urlPathEqualTo("/endpoint")).withHeader("Authorization", equalTo("ApiKey ".concat(apiKey))));
}
@Override
public void configureEntrypoints(Map<String, EntrypointConnectorPlugin<?, ?>> entrypoints) {
entrypoints.putIfAbsent("http-proxy", EntrypointBuilder.build("http-proxy", HttpProxyEntrypointConnectorFactory.class));
}

@Override
public void configureEndpoints(Map<String, EndpointConnectorPlugin<?, ?>> endpoints) {
endpoints.putIfAbsent("http-proxy", EndpointBuilder.build("http-proxy", HttpProxyEndpointConnectorFactory.class));
}

@Nested
@GatewayTest
class StaticSecretRef extends AbstractApiKeyStaticSecretRefTest {
@Override
public void configureServices(Set<Class<? extends AbstractService<?>>> services) {
super.configureServices(services);
services.add(SecretsService.class);
}

@Test
@DeployApi("/apis/v4/http/secrets/k8s/api-static-ref.json")
void should_call_api_with_k8s_api_key_from_static_ref(HttpClient httpClient) {
callAndAssert(httpClient);
}
// @Override
void createSecrets() throws IOException, InterruptedException {
KubernetesHelper.createSecret(k3sServer, "default", "test", Map.of("api-key", this.apiKey));
}

@Nested
@GatewayTest
class StaticSecretRefELKey extends AbstractApiKeyStaticSecretRefTest {
protected void callAndAssert(HttpClient httpClient) {
wiremock.stubFor(get("/endpoint").willReturn(ok("response from backend")));

httpClient
.rxRequest(HttpMethod.GET, "/test")
.flatMap(HttpClientRequest::rxSend)
.flatMap(response -> {
// just asserting we get a response (hence no SSL errors), no need for an API.
assertThat(response.statusCode()).isEqualTo(200);
return response.body();
})
.test()
.awaitDone(10, TimeUnit.SECONDS)
.assertComplete();

wiremock.verify(1, getRequestedFor(urlPathEqualTo("/endpoint")).withHeader("Authorization", equalTo("ApiKey ".concat(apiKey))));
}

@Test
@DeployApi("/apis/v4/http/secrets/k8s/api-el-key-ref.json")
void should_call_api_with_k8s_api_key_from_static_ref_and_el_key(HttpClient httpClient) {
callAndAssert(httpClient);
}
@Test
@DeployApi("/apis/v4/http/secrets/k8s/api-static-ref.json")
void should_call_api_with_k8s_api_key_from_static_ref(HttpClient httpClient) {
callAndAssert(httpClient);
}

@Nested
@GatewayTest
class StaticSecretRefELURI extends AbstractApiKeyStaticSecretRefTest {
@Test
@DeployApi("/apis/v4/http/secrets/k8s/api-el-key-ref.json")
void should_call_api_with_k8s_api_key_from_static_ref_and_el_key(HttpClient httpClient) {
callAndAssert(httpClient);
}

@Test
@DeployApi("/apis/v4/http/secrets/k8s/api-el-ref.json")
void should_call_api_with_k8s_api_key_el_ref(HttpClient httpClient) {
callAndAssert(httpClient);
}
@Test
@DeployApi("/apis/v4/http/secrets/k8s/api-el-ref.json")
void should_call_api_with_k8s_api_key_el_ref(HttpClient httpClient) {
callAndAssert(httpClient);
}
}
Loading

0 comments on commit 5472dab

Please sign in to comment.