Skip to content

Commit

Permalink
Make mgc test_smoke use TLSPolicy
Browse files Browse the repository at this point in the history
  • Loading branch information
Filip Čáp committed Oct 12, 2023
1 parent 1cac07a commit 69022bb
Show file tree
Hide file tree
Showing 4 changed files with 93 additions and 7 deletions.
17 changes: 16 additions & 1 deletion testsuite/openshift/objects/gateway_api/gateway.py
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,22 @@ def create_instance(
if placement is not None:
labels["cluster.open-cluster-management.io/placement"] = placement

return super(MGCGateway, cls).create_instance(openshift, name, gateway_class, hostname, labels)
instance = super(MGCGateway, cls).create_instance(openshift, name, gateway_class, hostname, labels)
instance.model["spec"]["listeners"] = [
{
"name": "api",
"port": 443,
"protocol": "HTTPS",
"hostname": hostname,
"allowedRoutes": {"namespaces": {"from": "All"}},
"tls": {
"mode": "Terminate",
"certificateRefs": [{"name": f"{name}-tls", "kind": "Secret"}],
},
}
]

return instance

def get_spoke_gateway(self, spokes: dict[str, OpenShiftClient]) -> "MGCGateway":
"""
Expand Down
31 changes: 31 additions & 0 deletions testsuite/openshift/objects/tlspolicy.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
"""Module for TLSPolicy related classes"""
from testsuite.openshift.client import OpenShiftClient
from testsuite.openshift.objects import OpenShiftObject
from testsuite.openshift.objects.gateway_api import Referencable


class TLSPolicy(OpenShiftObject):
"""TLSPolicy object"""

@classmethod
def create_instance(
cls,
openshift: OpenShiftClient,
name: str,
parent: Referencable,
issuer: Referencable,
labels: dict[str, str] = None,
):
"""Creates new instance of TLSPolicy"""

model = {
"apiVersion": "kuadrant.io/v1alpha1",
"kind": "TLSPolicy",
"metadata": {"name": name, "labels": labels},
"spec": {
"targetRef": parent.reference,
"issuerRef": issuer.reference,
},
}

return cls(model, context=openshift.context)
46 changes: 41 additions & 5 deletions testsuite/tests/mgc/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,12 @@

from testsuite.openshift.httpbin import Httpbin
from testsuite.openshift.objects.dnspolicy import DNSPolicy
from testsuite.openshift.objects.gateway_api import Referencable
from testsuite.openshift.objects.gateway_api.gateway import MGCGateway, GatewayProxy
from testsuite.openshift.objects.gateway_api.route import HTTPRoute
from testsuite.openshift.objects.proxy import Proxy
from testsuite.openshift.objects.route import Route
from testsuite.openshift.objects.tlspolicy import TLSPolicy


@pytest.fixture(scope="module")
Expand Down Expand Up @@ -41,7 +43,8 @@ def upstream_gateway(request, openshift, blame, hostname, module_label):
)
request.addfinalizer(upstream_gateway.delete)
upstream_gateway.commit()
upstream_gateway.wait_for_ready()
# we cannot wait here because of referencing not yet existent tls secret which would be provided later by tlspolicy
# upstream_gateway.wait_for_ready()

return upstream_gateway

Expand All @@ -61,6 +64,23 @@ def initial_host(hostname):
return f"route.{hostname}"


@pytest.fixture(scope="session")
def self_signed_cluster_issuer():
"""Reference to self-signed cluster certificate issuer"""

# todo: replace with a proper Ref class
class _Ref(Referencable):
@property
def reference(self) -> dict[str, str]:
return {
"group": "cert-manager.io",
"kind": "ClusterIssuer",
"name": "selfsigned-cluster-issuer",
}

return _Ref()


@pytest.fixture(scope="module")
def route(request, proxy, blame, gateway, initial_host, backend) -> Route:
"""Exposed Route object"""
Expand All @@ -77,9 +97,12 @@ def route(request, proxy, blame, gateway, initial_host, backend) -> Route:
return route


# pylint: disable=unused-argument
@pytest.fixture(scope="module")
def gateway(upstream_gateway, spokes):
def gateway(upstream_gateway, spokes, hub_policies_commit):
"""Downstream gateway, e.g. gateway on a spoke cluster"""
# wait for upstream gateway here to be able to get spoke gateways
upstream_gateway.wait_for_ready()
gw = upstream_gateway.get_spoke_gateway(spokes)
gw.wait_for_ready()
return gw
Expand Down Expand Up @@ -108,10 +131,23 @@ def dns_policy(blame, upstream_gateway, module_label):
return policy


@pytest.fixture(scope="module", autouse=True)
def commit(request, dns_policy):
@pytest.fixture(scope="module")
def tls_policy(blame, upstream_gateway, module_label, self_signed_cluster_issuer):
"""TLSPolicy fixture"""
policy = TLSPolicy.create_instance(
upstream_gateway.openshift,
blame("tls"),
parent=upstream_gateway,
issuer=self_signed_cluster_issuer,
labels={"app": module_label},
)
return policy


@pytest.fixture(scope="module")
def hub_policies_commit(request, upstream_gateway, dns_policy, tls_policy):
"""Commits all important stuff before tests"""
for component in [dns_policy]:
for component in [dns_policy, tls_policy]:
if component is not None:
request.addfinalizer(component.delete)
component.commit()
6 changes: 5 additions & 1 deletion testsuite/tests/mgc/test_basic.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@

import pytest

from testsuite.httpx import HttpxBackoffClient

pytestmark = [pytest.mark.mgc]


Expand All @@ -30,7 +32,9 @@ def test_smoke(route):
Tests whether the backend, exposed using the HTTPRoute and Gateway, was exposed correctly,
having a tls secured endpoint with a hostname managed by MGC
"""
backend_client = route.client(verify=False) # self-signed certificate; TBD
backend_client = HttpxBackoffClient(
base_url=f"https://{route.hostnames[0]}", verify=False
) # self-signed certificate

sleep(30) # wait for DNS record to propagate correctly; TBD

Expand Down

0 comments on commit 69022bb

Please sign in to comment.