Refactor settings structure

- Better reflects currect structure of the project and components

README.md

@@ -77,8 +77,8 @@ The results and reports will be saved in `/test-run-results` in the container.
 ```bash
 podman run \
 	-v $HOME/.kube/config:/run/kubeconfig:z \
-	-e KUADRANT_OPENSHIFT__project=authorino \
-	-e KUADRANT_OPENSHIFT2__project=authorino2 \
+	-e KUADRANT_SERVICE_PROTECTION__PROJECT=authorino \
+	-e KUADRANT_SERVICE_PROTECTION__PROJECT2=authorino2 \
 	-e KUADRANT_AUTH0__url="AUTH0_URL" \
 	-e KUADRANT_AUTH0__client_id="AUTH0_CLIENT_ID" \
 	-e KUADRANT_AUTH0__client_secret="AUTH0_CLIENT_SECRET" \	
@@ -90,8 +90,8 @@ podman run \
 ```bash
 podman run \
 	-v $HOME/.kube/config:/run/kubeconfig:z \
-	-e KUADRANT_OPENSHIFT__project=authorino \
-	-e KUADRANT_OPENSHIFT2__project=authorino2 \
+	-e KUADRANT_SERVICE_PROTECTION__PROJECT=authorino \
+	-e KUADRANT_SERVICE_PROTECTION__PROJECT2=authorino2 \
 	-e KUADRANT_RHSSO__url="https://my-sso.net" \
 	-e KUADRANT_RHSSO__password="ADMIN_PASSWORD" \
 	-e KUADRANT_RHSSO__username="ADMIN_USERNAME" \

config/settings.local.yaml.tpl

@@ -1,12 +1,11 @@
 #default:
 #  skip_cleanup: false
-#  openshift:
-#    project: "kuadrant"                       # Optional: namespace for tests to run, if None uses current project
+#  gateway_api: true                           # True, if Testsuite should test with Gateway API enabled (e.g. Full Kuadrant) or individual components (e.g. Authorino)
+#  cluster:                                    # Workload cluster where tests should run, will get overriden if run on Multicluster
+#    project: "kuadrant"                       # Optional: Default namespace for this cluster
 #    api_url: "https://api.openshift.com"      # Optional: OpenShift API URL, if None it will OpenShift that you are logged in
 #    token: "KUADRANT_RULEZ"                   # Optional: OpenShift Token, if None it will OpenShift that you are logged in
 #    kubeconfig_path: "~/.kube/config"         # Optional: Kubeconfig to use, if None the default one is used
-#  openshift2:
-#    project: "kuadrant2"                      # Required: Secondary OpenShift project, for running tests across projects
 #  tools:
 #    project: "tools"                          # Optional: OpenShift project, where external tools are located
 #  rhsso:
@@ -27,22 +26,28 @@
 #    url: "HYPERFOIL_URL"
 #    generate_reports: True                      # True, if each test should generate a report
 #    report_dir: "reports"                       # Directory, to which the reports should be saved
-#  authorino:
-#    image: "quay.io/kuadrant/authorino:latest"  # If specified will override the authorino image
-#    deploy: false                               # If false, the testsuite will use already deployed authorino for testing
-#    auth_url: ""                                # authorization URL for already deployed Authorino
-#    oidc_url: ""                                # oidc URL for already deployed Authorino
-#    metrics_service_name: ""                    # controller metrics service name for already deployer Authorino
-#  envoy:
-#    image: "docker.io/envoyproxy/envoy:v1.23-latest"  # Envoy image, the testsuite should use, only for Authorino tests now
-#  kuadrant:
-#    enabled: true                               # True, if Testsuite should test Kuadrant instead of individual operators
-#    namespace: "kuadrant"                       # Namespaces where Kuadrant resides
-#    gateway:                                    # Reference to Gateway that should be used
+#  service_protection:
+#    system_project: "kuadrant-system"           # Namespace where Kuadrant resource resides
+#    project: "kuadrant"                         # Namespace where tests will run
+#    project2: "kuadrant2"                       # Second namespace for tests, that run across multiple namespaces
+#    envoy:
+#      image: "docker.io/envoyproxy/envoy:v1.23-latest"  # Envoy image, the testsuite should use, only for Authorino tests
+#    gateway:                                      # Optional: Reference to Gateway that should be used, if empty testsuite will create its own
 #       namespace: "istio-system"
 #       name: "istio-ingressgateway"
-#  mgc:
-#    spokes:
+#    authorino:
+#      image: "quay.io/kuadrant/authorino:latest"  # If specified will override the authorino image
+#      deploy: false                               # If false, the testsuite will use already deployed authorino for testing
+#      auth_url: ""                                # authorization URL for already deployed Authorino
+#      oidc_url: ""                                # oidc URL for already deployed Authorino
+#      metrics_service_name: ""                    # controller metrics service name for already deployer Authorino
+#  control_plane:
+#    hub:                                          # Hub cluster
+#      project: "multi-cluster-gateways"         # Optional: namespace where MGC resources are created and where the hub gateway will be created
+#      api_url: "https://api.openshift.com"      # Optional: OpenShift API URL, if None it will OpenShift that you are logged in
+#      token: "KUADRANT_RULEZ"                   # Optional: OpenShift Token, if None it will OpenShift that you are logged in
+#      kubeconfig_path: "~/.kube/config"         # Optional: Kubeconfig to use, if None the default one is used
+#    spokes:                                       # List of all spokes in the multi-cluster
 #      local-cluster:
 #        project: "kuadrant"                       # Optional: namespace for tests to run, if None uses current project
 #        api_url: "https://api.openshift.com"      # Optional: OpenShift API URL, if None it will OpenShift that you are logged in

config/settings.yaml

@@ -1,6 +1,8 @@
 default:
   skip_cleanup: false
   dynaconf_merge: true
+  gateway_api: true
+  cluster: {}
   tools:
     project: "tools"
   cfssl: "cfssl"
@@ -9,17 +11,18 @@ default:
     test_user:
       username: "testUser"
       password: "testPassword"
-  authorino:
-    deploy: true
-    log_level: "debug"
-  envoy:
-    image: "docker.io/envoyproxy/envoy:v1.23-latest"
-  kuadrant:
-    enabled: true
+  service_protection:
+    system_project: "kuadrant-system"
     project: "kuadrant"
+    project2: "kuadrant2"
+    envoy:
+      image: "docker.io/envoyproxy/envoy:v1.23-latest"
     gateway:
        project: "istio-system"
        name: "istio-ingressgateway"
+    authorino:
+      deploy: true
+      log_level: "debug"
   hyperfoil:
     generate_reports: True
     reports_dir: "reports"

testsuite/config/__init__.py

@@ -33,12 +33,16 @@ def __init__(self, name, default, **kwargs) -> None:
     envvar_prefix="KUADRANT",
     merge_enabled=True,
     validators=[
-        Validator("authorino.deploy", must_exist=True, eq=True)
-        | (Validator("authorino.auth_url", must_exist=True) & Validator("authorino.oidc_url", must_exist=True)),
+        Validator("service_protection.authorino.deploy", must_exist=True, eq=True)
+        | (
+            Validator("service_protection.authorino.auth_url", must_exist=True)
+            & Validator("authorino.oidc_url", must_exist=True)
+        ),
         DefaultValueValidator("rhsso.url", default=fetch_route("no-ssl-sso")),
         DefaultValueValidator("rhsso.password", default=fetch_secret("credential-sso", "ADMIN_PASSWORD")),
         DefaultValueValidator("mockserver.url", default=fetch_route("mockserver", force_http=True)),
-        Validator("kuadrant.enable", must_exist=False, eq=False) | Validator("kuadrant.gateway.name", must_exist=True),
+        Validator("gateway_api", must_exist=False, eq=False)
+        | Validator("service_protection.gateway.name", must_exist=True),
     ],
     validate_only=["authorino", "kuadrant"],
     loaders=["dynaconf.loaders.env_loader", "testsuite.config.openshift_loader"],

testsuite/config/openshift_loader.py

@@ -1,35 +1,46 @@
 """Custom dynaconf loader for loading OpenShift settings and converting them to OpenshiftClients"""
-from weakget import weakget
 
 from testsuite.openshift.client import OpenShiftClient
 
 
-# pylint: disable=unused-argument
+def inject_client(obj, base_client, path):
+    """Injects OpenShiftClient in the settings, changes only project"""
+    original = obj.get(path, None)
+    if original:
+        obj[path] = base_client.change_project(original)
+    else:
+        obj[path] = base_client
+
+
+# pylint: disable=unused-argument, too-many-locals
 def load(obj, env=None, silent=True, key=None, filename=None):
     """Creates all OpenShift clients"""
-    config = weakget(obj)
-    section = config["openshift"]
+    section = obj.setdefault("cluster", {})
     client = OpenShiftClient(
-        section["project"] % None, section["api_url"] % None, section["token"] % None, section["kubeconfig_path"] % None
+        section.get("project"), section.get("api_url"), section.get("token"), section.get("kubeconfig_path")
     )
-    obj["openshift"] = client
+    obj["cluster"] = client
 
     tools = None
     if "tools" in obj and "project" in obj["tools"]:
         tools = client.change_project(obj["tools"]["project"])
     obj["tools"] = tools
 
-    openshift2 = None
-    if "openshift2" in obj and "project" in obj["openshift2"]:
-        openshift2 = client.change_project(obj["openshift2"]["project"])
-    obj["openshift2"] = openshift2
+    service_protection = obj.setdefault("service_protection", {})
+    inject_client(service_protection, client, "system_project")
+    inject_client(service_protection, client, "project")
+    inject_client(service_protection, client, "project2")
+
+    control_plane = obj.setdefault("control_plane", {})
+    hub = control_plane.get("hub", {})
+    hub_client = OpenShiftClient(hub.get("project"), hub.get("api_url"), hub.get("token"), hub.get("kubeconfig_path"))
+    obj["control_plane"]["hub"] = hub_client
 
     clients = {}
-    spokes = weakget(obj)["mgc"]["spokes"] % {}
+    spokes = control_plane.setdefault("spokes", {})
     for name, value in spokes.items():
-        value = weakget(value)
         clients[name] = OpenShiftClient(
-            value["project"] % None, value["api_url"] % None, value["token"] % None, value["kubeconfig_path"] % None
+            value.get("project"), value.get("api_url"), value.get("token"), value.get("kubeconfig_path")
         )
     if len(clients) > 0:
-        obj["mgc"]["spokes"] = clients
+        control_plane["spokes"] = clients

testsuite/openshift/client.py

@@ -28,7 +28,7 @@ class OpenShiftClient:
 
     # pylint: disable=too-many-public-methods
 
-    def __init__(self, project: str, api_url: str = None, token: str = None, kubeconfig_path: str = None):
+    def __init__(self, project: str = None, api_url: str = None, token: str = None, kubeconfig_path: str = None):
         self._project = project
         self._api_url = api_url
         self._token = token

testsuite/tests/conftest.py

@@ -5,7 +5,6 @@
 import pytest
 from dynaconf import ValidationError
 from keycloak import KeycloakAuthenticationError
-from weakget import weakget
 
 from testsuite.certificates import CFSSLClient
 from testsuite.config import settings
@@ -92,10 +91,10 @@ def testconfig():
     return settings
 
 
-@pytest.fixture(scope="session")
+@pytest.fixture(scope="module")
 def openshift(testconfig):
     """OpenShift client for the primary namespace"""
-    client = testconfig["openshift"]
+    client = testconfig["service_protection"]["project"]
     if not client.connected:
         pytest.fail("You are not logged into Openshift or the namespace doesn't exist")
     return client
@@ -104,7 +103,7 @@ def openshift(testconfig):
 @pytest.fixture(scope="session")
 def openshift2(testconfig):
     """OpenShift client for the secondary namespace located on the same cluster as primary Openshift"""
-    client = testconfig["openshift2"]
+    client = testconfig["service_protection"]["project2"]
     if client is None:
         pytest.skip("Openshift2 required but second_project was not set")
     if not client.connected:
@@ -215,15 +214,14 @@ def module_label(label):
     return randomize(label)
 
 
-@pytest.fixture(scope="session")
+@pytest.fixture(scope="module")
 def kuadrant(testconfig, openshift):
     """Returns Kuadrant instance if exists, or None"""
-    settings = weakget(testconfig)
-    if not settings["kuadrant"]["enabled"] % True:
+    if not testconfig.get("gateway_api", True):
         return None
 
     # Try if Kuadrant is deployed
-    kuadrant_openshift = openshift.change_project(settings["kuadrant"]["project"] % None)
+    kuadrant_openshift = testconfig["service_protection"]["system_project"]
     kuadrants = kuadrant_openshift.do_action("get", "kuadrant", "-o", "json", parse_output=True)
     if len(kuadrants.model["items"]) == 0:
         pytest.fail("Running Kuadrant tests, but Kuadrant resource was not found")
@@ -232,7 +230,7 @@ def kuadrant(testconfig, openshift):
     return True
 
 
-@pytest.fixture(scope="session")
+@pytest.fixture(scope="module")
 def backend(request, openshift, blame, label):
     """Deploys Httpbin backend"""
     httpbin = Httpbin(openshift, blame("httpbin"), label)
@@ -258,7 +256,14 @@ def proxy(request, kuadrant, authorino, openshift, blame, backend, module_label,
         gateway_object = request.getfixturevalue("gateway")
         envoy: Proxy = GatewayProxy(gateway_object, module_label, backend)
     else:
-        envoy = Envoy(openshift, authorino, blame("envoy"), module_label, backend, testconfig["envoy"]["image"])
+        envoy = Envoy(
+            openshift,
+            authorino,
+            blame("envoy"),
+            module_label,
+            backend,
+            testconfig["service_protection"]["envoy"]["image"],
+        )
     request.addfinalizer(envoy.delete)
     envoy.commit()
     return envoy
@@ -270,7 +275,7 @@ def route(proxy, module_label) -> Route:
     return proxy.expose_hostname(module_label)
 
 
-@pytest.fixture(scope="session")
+@pytest.fixture(scope="module")
 def wildcard_domain(openshift):
     """
     Wildcard domain of openshift cluster

testsuite/tests/kuadrant/authorino/conftest.py

@@ -22,13 +22,14 @@ def authorino(authorino, openshift, blame, request, testconfig, module_label, au
     if authorino:
         return authorino
 
-    if not testconfig["authorino"]["deploy"]:
+    authorino = testconfig["service_protection"]["authorino"]
+    if not authorino["deploy"]:
         if len(authorino_parameters) > 0:
             return pytest.skip("Can't change parameters of already deployed Authorino")
         return PreexistingAuthorino(
-            testconfig["authorino"]["auth_url"],
-            testconfig["authorino"]["oidc_url"],
-            testconfig["authorino"]["metrics_service_name"],
+            authorino["auth_url"],
+            authorino["oidc_url"],
+            authorino["metrics_service_name"],
         )
 
     labels = authorino_parameters.setdefault("label_selectors", [])
@@ -38,8 +39,8 @@ def authorino(authorino, openshift, blame, request, testconfig, module_label, au
 
     authorino = AuthorinoCR.create_instance(
         openshift,
-        image=weakget(testconfig)["authorino"]["image"] % None,
-        log_level=weakget(testconfig)["authorino"]["log_level"] % None,
+        image=weakget(testconfig)["service_protection"]["authorino"]["image"] % None,
+        log_level=weakget(testconfig)["service_protection"]["authorino"]["log_level"] % None,
         **authorino_parameters,
     )
     request.addfinalizer(lambda: authorino.delete(ignore_not_found=True))

testsuite/tests/mgc/conftest.py

@@ -25,16 +25,25 @@ def backend(request, gateway, blame, label):
 @pytest.fixture(scope="session")
 def spokes(testconfig):
     """Returns Map of spokes names and their respective clients"""
-    spokes = weakget(testconfig)["mgc"]["spokes"] % {}
+    spokes = weakget(testconfig)["control_plane"]["spokes"] % {}
     assert len(spokes) > 0, "No spokes configured"
     return spokes
 
 
+@pytest.fixture(scope="session")
+def hub_openshift(testconfig):
+    """Openshift client for a Hub cluster"""
+    client = testconfig["control_plane"]["hub"]
+    if not client.connected:
+        pytest.fail("You are not logged into Openshift or the namespace doesn't exist")
+    return client
+
+
 @pytest.fixture(scope="module")
-def upstream_gateway(request, openshift, blame, hostname, module_label):
+def upstream_gateway(request, hub_openshift, blame, hostname, module_label):
     """Creates and returns configured and ready upstream Gateway"""
     upstream_gateway = MGCGateway.create_instance(
-        openshift=openshift,
+        openshift=hub_openshift,
         name=blame("mgc-gateway"),
         gateway_class="kuadrant-multi-cluster-gateway-instance-per-cluster",
         hostname=f"*.{hostname}",
@@ -102,13 +111,18 @@ def gateway(upstream_gateway, spokes, hub_policies_commit):
     return gw
 
 
+@pytest.fixture(scope="module")
+def openshift(gateway):
+    """OpenShift client for the primary namespace"""
+    return gateway.openshift
+
+
 @pytest.fixture(scope="module", params=["aws-mz", "gcp-mz"])
-def base_domain(request, openshift):
+def base_domain(request, hub_openshift):
     """Returns preconfigured base domain"""
     mz_name = request.param
 
-    with openshift.context:
-        zone = selector(f"managedzone/{mz_name}").object()
+    zone = selector(f"managedzone/{mz_name}", static_context=hub_openshift.context).object()
     return zone.model["spec"]["domainName"]