Merge pull request Kuadrant#37 from pehala/rhsso_default

Use RHSSO identity by default
jakurban · Aug 16, 2022 · 855dbf2 · 855dbf2
2 parents d82b701 + 696707d
commit 855dbf2
Show file tree

Hide file tree

Showing 10 changed files with 108 additions and 7 deletions.
diff --git a/testsuite/objects/__init__.py b/testsuite/objects/__init__.py
@@ -36,6 +36,14 @@ class Authorization(LifecycleObject):
     def add_oidc_identity(self, name, endpoint):
         """Adds OIDC identity provider"""
 
+    @abc.abstractmethod
+    def add_api_key_identity(self, name, label):
+        """Adds API Key identity"""
+
+    @abc.abstractmethod
+    def remove_all_identities(self):
+        """Removes all identities from AuthConfig"""
+
     @abc.abstractmethod
     def add_host(self, hostname):
         """Adds host"""

diff --git a/testsuite/openshift/objects/auth_config.py b/testsuite/openshift/objects/auth_config.py
@@ -68,3 +68,9 @@ def add_api_key_identity(self, name, label):
                 "keySelector": "APIKEY"
             }
         })
+
+    @modify
+    def remove_all_identities(self):
+        """Removes all identities from AuthConfig"""
+        identities = self.model.spec.setdefault("identity", [])
+        identities.clear()
diff --git a/testsuite/tests/kuadrant/authorino/conftest.py b/testsuite/tests/kuadrant/authorino/conftest.py
@@ -2,6 +2,7 @@
 import pytest
 from weakget import weakget
 
+from testsuite.httpx.auth import HttpxOidcClientAuth
 from testsuite.openshift.objects.auth_config import AuthConfig
 from testsuite.objects import Authorino, Authorization, PreexistingAuthorino
 from testsuite.openshift.objects.authorino import AuthorinoCR
@@ -28,12 +29,19 @@ def authorino(authorino, openshift, blame, request, testconfig, label) -> Author
 
 # pylint: disable=unused-argument
 @pytest.fixture(scope="module")
-def authorization(authorization, authorino, envoy, blame, openshift, label) -> Authorization:
+def authorization(authorization, authorino, envoy, blame, openshift, label, rhsso_service_info) -> Authorization:
     """In case of Authorino, AuthConfig used for authorization"""
-    if authorization:
-        return authorization
+    if authorization is None:
+        authorization = AuthConfig.create_instance(openshift, blame("ac"), envoy.hostname, labels={"testRun": label})
+    authorization.add_oidc_identity("rhsso", rhsso_service_info.issuer_url())
+    return authorization
 
-    return AuthConfig.create_instance(openshift, blame("ac"), envoy.hostname, labels={"testRun": label})
+
+@pytest.fixture(scope="module")
+def auth(rhsso_service_info):
+    """Returns RHSSO authentication object for HTTPX"""
+    return HttpxOidcClientAuth(rhsso_service_info.client, "authorization",
+                               rhsso_service_info.username, rhsso_service_info.password)
 
 
 @pytest.fixture(scope="module")

diff --git a/testsuite/tests/kuadrant/authorino/identity/conftest.py b/testsuite/tests/kuadrant/authorino/identity/conftest.py
@@ -0,0 +1,9 @@
+"""Conftest for all Identity tests"""
+import pytest
+
+
+@pytest.fixture(scope="module")
+def authorization(authorization):
+    """For Identity tests remove all identities previously setup"""
+    authorization.remove_all_identities()
+    return authorization
diff --git a/...identity/rhsso/multiple_hosts/__init__.py → ...rant/authorino/multiple_hosts/__init__.py b/...identity/rhsso/multiple_hosts/__init__.py → ...rant/authorino/multiple_hosts/__init__.py
diff --git a/...identity/rhsso/multiple_hosts/conftest.py → ...rant/authorino/multiple_hosts/conftest.py b/...identity/rhsso/multiple_hosts/conftest.py → ...rant/authorino/multiple_hosts/conftest.py
diff --git a/...sso/multiple_hosts/test_multiple_hosts.py → ...ino/multiple_hosts/test_multiple_hosts.py b/...sso/multiple_hosts/test_multiple_hosts.py → ...ino/multiple_hosts/test_multiple_hosts.py
diff --git a/.../rhsso/multiple_hosts/test_remove_host.py → ...horino/multiple_hosts/test_remove_host.py b/.../rhsso/multiple_hosts/test_remove_host.py → ...horino/multiple_hosts/test_remove_host.py
diff --git a/testsuite/tests/kuadrant/authorino/operator/conftest.py b/testsuite/tests/kuadrant/authorino/operator/conftest.py
@@ -1,4 +1,6 @@
 """Conftest for all tests requiring custom deployment of Authorino"""
+from time import sleep
+
 import pytest
 from weakget import weakget
 
@@ -32,10 +34,14 @@ def authorino(openshift, blame, request, testconfig, authorino_parameters, label
     if not testconfig["authorino"]["deploy"]:
         return pytest.skip("Operator tests don't work with already deployed Authorino")
 
-    parameters = {"label_selectors": [f"testRun={label}"],
-                  **authorino_parameters}
+    if authorino_parameters.get("label_selectors"):
+        authorino_parameters["label_selectors"].append(f"testRun={label}")
+    else:
+        authorino_parameters["label_selectors"] = [f"testRun={label}"]
+
     authorino = AuthorinoCR.create_instance(openshift, blame("authorino"),
-                                            image=weakget(testconfig)["authorino"]["image"] % None, **parameters)
+                                            image=weakget(testconfig)["authorino"]["image"] % None,
+                                            **authorino_parameters)
     request.addfinalizer(lambda: authorino.delete(ignore_not_found=True))
     authorino.commit()
     authorino.wait_for_ready()

diff --git a/testsuite/tests/kuadrant/authorino/operator/test_sharding.py b/testsuite/tests/kuadrant/authorino/operator/test_sharding.py
@@ -0,0 +1,64 @@
+"""Test for authorino sharding"""
+import pytest
+
+from testsuite.openshift.httpbin import Envoy
+from testsuite.openshift.objects.auth_config import AuthConfig
+
+
+@pytest.fixture(scope="module")
+def authorino_parameters(authorino_parameters):
+    """Setup TLS for authorino"""
+    authorino_parameters["label_selectors"] = ["sharding=true"]
+    yield authorino_parameters
+
+
+@pytest.fixture(scope="module")
+def envoy(request, authorino, openshift, blame, backend, label):
+    """Envoy"""
+
+    def _envoy():
+        envoy = Envoy(openshift, authorino, blame("envoy"), label, backend.url)
+        request.addfinalizer(envoy.delete)
+        envoy.commit()
+        return envoy
+
+    return _envoy
+
+
+# pylint: disable=unused-argument
+@pytest.fixture(scope="module")
+def authorization(request, authorino, blame, openshift, label):
+    """In case of Authorino, AuthConfig used for authorization"""
+
+    def _authorization(envoy, sharding):
+        auth = AuthConfig.create_instance(openshift, blame("ac"), envoy.hostname,
+                                          labels={"testRun": label, "sharding": sharding})
+        request.addfinalizer(auth.delete)
+        auth.commit()
+        return auth
+
+    return _authorization
+
+
+def test_sharding(authorization, envoy):
+    """
+    Setup:
+        - Create Authorino that watch only AuthConfigs with label `sharding=true`
+    Test:
+        - Create AuthConfig with `sharding=true` label
+        - Create AuthConfig with `sharding=false` label
+        - Send a request to the first AuthConfig
+        - Assert that the response status code is 200
+        - Send a request to the second AuthConfig
+        - Assert that the response status code is 404
+    """
+    envoy1 = envoy()
+    envoy2 = envoy()
+    authorization(envoy1, "true")
+    authorization(envoy2, "false")
+
+    response = envoy1.client().get("/get")
+    assert response.status_code == 200
+
+    response = envoy2.client().get("/get")
+    assert response.status_code == 404