Skip to content

Commit

Permalink
Merge pull request #267 from pehala/improve_settings
Browse files Browse the repository at this point in the history
Refactor settings structure
  • Loading branch information
pehala authored Nov 15, 2023
2 parents 3bcb381 + 9753077 commit f962698
Show file tree
Hide file tree
Showing 17 changed files with 127 additions and 86 deletions.
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -77,8 +77,8 @@ The results and reports will be saved in `/test-run-results` in the container.
```bash
podman run \
-v $HOME/.kube/config:/run/kubeconfig:z \
-e KUADRANT_OPENSHIFT__project=authorino \
-e KUADRANT_OPENSHIFT2__project=authorino2 \
-e KUADRANT_SERVICE_PROTECTION__PROJECT=authorino \
-e KUADRANT_SERVICE_PROTECTION__PROJECT2=authorino2 \
-e KUADRANT_AUTH0__url="AUTH0_URL" \
-e KUADRANT_AUTH0__client_id="AUTH0_CLIENT_ID" \
-e KUADRANT_AUTH0__client_secret="AUTH0_CLIENT_SECRET" \
Expand All @@ -90,8 +90,8 @@ podman run \
```bash
podman run \
-v $HOME/.kube/config:/run/kubeconfig:z \
-e KUADRANT_OPENSHIFT__project=authorino \
-e KUADRANT_OPENSHIFT2__project=authorino2 \
-e KUADRANT_SERVICE_PROTECTION__PROJECT=authorino \
-e KUADRANT_SERVICE_PROTECTION__PROJECT2=authorino2 \
-e KUADRANT_RHSSO__url="https://my-sso.net" \
-e KUADRANT_RHSSO__password="ADMIN_PASSWORD" \
-e KUADRANT_RHSSO__username="ADMIN_USERNAME" \
Expand Down
41 changes: 23 additions & 18 deletions config/settings.local.yaml.tpl
Original file line number Diff line number Diff line change
@@ -1,12 +1,11 @@
#default:
# skip_cleanup: false
# openshift:
# project: "kuadrant" # Optional: namespace for tests to run, if None uses current project
# gateway_api: true # True, if Testsuite should test with Gateway API enabled (e.g. Full Kuadrant) or individual components (e.g. Authorino)
# cluster: # Workload cluster where tests should run, will get overriden if run on Multicluster
# project: "kuadrant" # Optional: Default namespace for this cluster
# api_url: "https://api.openshift.com" # Optional: OpenShift API URL, if None it will OpenShift that you are logged in
# token: "KUADRANT_RULEZ" # Optional: OpenShift Token, if None it will OpenShift that you are logged in
# kubeconfig_path: "~/.kube/config" # Optional: Kubeconfig to use, if None the default one is used
# openshift2:
# project: "kuadrant2" # Required: Secondary OpenShift project, for running tests across projects
# tools:
# project: "tools" # Optional: OpenShift project, where external tools are located
# rhsso:
Expand All @@ -27,22 +26,28 @@
# url: "HYPERFOIL_URL"
# generate_reports: True # True, if each test should generate a report
# report_dir: "reports" # Directory, to which the reports should be saved
# authorino:
# image: "quay.io/kuadrant/authorino:latest" # If specified will override the authorino image
# deploy: false # If false, the testsuite will use already deployed authorino for testing
# auth_url: "" # authorization URL for already deployed Authorino
# oidc_url: "" # oidc URL for already deployed Authorino
# metrics_service_name: "" # controller metrics service name for already deployer Authorino
# envoy:
# image: "docker.io/envoyproxy/envoy:v1.23-latest" # Envoy image, the testsuite should use, only for Authorino tests now
# kuadrant:
# enabled: true # True, if Testsuite should test Kuadrant instead of individual operators
# namespace: "kuadrant" # Namespaces where Kuadrant resides
# gateway: # Reference to Gateway that should be used
# service_protection:
# system_project: "kuadrant-system" # Namespace where Kuadrant resource resides
# project: "kuadrant" # Namespace where tests will run
# project2: "kuadrant2" # Second namespace for tests, that run across multiple namespaces
# envoy:
# image: "docker.io/envoyproxy/envoy:v1.23-latest" # Envoy image, the testsuite should use, only for Authorino tests
# gateway: # Optional: Reference to Gateway that should be used, if empty testsuite will create its own
# namespace: "istio-system"
# name: "istio-ingressgateway"
# mgc:
# spokes:
# authorino:
# image: "quay.io/kuadrant/authorino:latest" # If specified will override the authorino image
# deploy: false # If false, the testsuite will use already deployed authorino for testing
# auth_url: "" # authorization URL for already deployed Authorino
# oidc_url: "" # oidc URL for already deployed Authorino
# metrics_service_name: "" # controller metrics service name for already deployer Authorino
# control_plane:
# hub: # Hub cluster
# project: "multi-cluster-gateways" # Optional: namespace where MGC resources are created and where the hub gateway will be created
# api_url: "https://api.openshift.com" # Optional: OpenShift API URL, if None it will OpenShift that you are logged in
# token: "KUADRANT_RULEZ" # Optional: OpenShift Token, if None it will OpenShift that you are logged in
# kubeconfig_path: "~/.kube/config" # Optional: Kubeconfig to use, if None the default one is used
# spokes: # List of all spokes in the multi-cluster
# local-cluster:
# project: "kuadrant" # Optional: namespace for tests to run, if None uses current project
# api_url: "https://api.openshift.com" # Optional: OpenShift API URL, if None it will OpenShift that you are logged in
Expand Down
17 changes: 10 additions & 7 deletions config/settings.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
default:
skip_cleanup: false
dynaconf_merge: true
gateway_api: true
cluster: {}
tools:
project: "tools"
cfssl: "cfssl"
Expand All @@ -9,17 +11,18 @@ default:
test_user:
username: "testUser"
password: "testPassword"
authorino:
deploy: true
log_level: "debug"
envoy:
image: "docker.io/envoyproxy/envoy:v1.23-latest"
kuadrant:
enabled: true
service_protection:
system_project: "kuadrant-system"
project: "kuadrant"
project2: "kuadrant2"
envoy:
image: "docker.io/envoyproxy/envoy:v1.23-latest"
gateway:
project: "istio-system"
name: "istio-ingressgateway"
authorino:
deploy: true
log_level: "debug"
hyperfoil:
generate_reports: True
reports_dir: "reports"
10 changes: 7 additions & 3 deletions testsuite/config/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -33,12 +33,16 @@ def __init__(self, name, default, **kwargs) -> None:
envvar_prefix="KUADRANT",
merge_enabled=True,
validators=[
Validator("authorino.deploy", must_exist=True, eq=True)
| (Validator("authorino.auth_url", must_exist=True) & Validator("authorino.oidc_url", must_exist=True)),
Validator("service_protection.authorino.deploy", must_exist=True, eq=True)
| (
Validator("service_protection.authorino.auth_url", must_exist=True)
& Validator("service_protection.authorino.oidc_url", must_exist=True)
),
DefaultValueValidator("rhsso.url", default=fetch_route("no-ssl-sso")),
DefaultValueValidator("rhsso.password", default=fetch_secret("credential-sso", "ADMIN_PASSWORD")),
DefaultValueValidator("mockserver.url", default=fetch_route("mockserver", force_http=True)),
Validator("kuadrant.enable", must_exist=False, eq=False) | Validator("kuadrant.gateway.name", must_exist=True),
Validator("gateway_api", must_exist=False, eq=False)
| Validator("service_protection.gateway.name", must_exist=True),
],
validate_only=["authorino", "kuadrant"],
loaders=["dynaconf.loaders.env_loader", "testsuite.config.openshift_loader"],
Expand Down
40 changes: 25 additions & 15 deletions testsuite/config/openshift_loader.py
Original file line number Diff line number Diff line change
@@ -1,35 +1,45 @@
"""Custom dynaconf loader for loading OpenShift settings and converting them to OpenshiftClients"""
from weakget import weakget

from testsuite.openshift.client import OpenShiftClient


# pylint: disable=unused-argument
def load(obj, env=None, silent=True, key=None, filename=None):
def inject_client(obj, base_client, path):
"""Injects OpenShiftClient in the settings, changes only project"""
original = obj.get(path, None)
if original:
obj[path] = base_client.change_project(original)
else:
obj[path] = base_client


def load(obj, **_):
"""Creates all OpenShift clients"""
config = weakget(obj)
section = config["openshift"]
section = obj.setdefault("cluster", {})
client = OpenShiftClient(
section["project"] % None, section["api_url"] % None, section["token"] % None, section["kubeconfig_path"] % None
section.get("project"), section.get("api_url"), section.get("token"), section.get("kubeconfig_path")
)
obj["openshift"] = client
obj["cluster"] = client

tools = None
if "tools" in obj and "project" in obj["tools"]:
tools = client.change_project(obj["tools"]["project"])
obj["tools"] = tools

openshift2 = None
if "openshift2" in obj and "project" in obj["openshift2"]:
openshift2 = client.change_project(obj["openshift2"]["project"])
obj["openshift2"] = openshift2
service_protection = obj.setdefault("service_protection", {})
inject_client(service_protection, client, "system_project")
inject_client(service_protection, client, "project")
inject_client(service_protection, client, "project2")

control_plane = obj.setdefault("control_plane", {})
hub = control_plane.get("hub", {})
hub_client = OpenShiftClient(hub.get("project"), hub.get("api_url"), hub.get("token"), hub.get("kubeconfig_path"))
obj["control_plane"]["hub"] = hub_client

clients = {}
spokes = weakget(obj)["mgc"]["spokes"] % {}
spokes = control_plane.setdefault("spokes", {})
for name, value in spokes.items():
value = weakget(value)
clients[name] = OpenShiftClient(
value["project"] % None, value["api_url"] % None, value["token"] % None, value["kubeconfig_path"] % None
value.get("project"), value.get("api_url"), value.get("token"), value.get("kubeconfig_path")
)
if len(clients) > 0:
obj["mgc"]["spokes"] = clients
control_plane["spokes"] = clients
2 changes: 1 addition & 1 deletion testsuite/openshift/client.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ class OpenShiftClient:

# pylint: disable=too-many-public-methods

def __init__(self, project: str, api_url: str = None, token: str = None, kubeconfig_path: str = None):
def __init__(self, project: str = None, api_url: str = None, token: str = None, kubeconfig_path: str = None):
self._project = project
self._api_url = api_url
self._token = token
Expand Down
29 changes: 17 additions & 12 deletions testsuite/tests/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
import pytest
from dynaconf import ValidationError
from keycloak import KeycloakAuthenticationError
from weakget import weakget

from testsuite.certificates import CFSSLClient
from testsuite.config import settings
Expand Down Expand Up @@ -92,19 +91,19 @@ def testconfig():
return settings


@pytest.fixture(scope="session")
@pytest.fixture(scope="module")
def openshift(testconfig):
"""OpenShift client for the primary namespace"""
client = testconfig["openshift"]
client = testconfig["service_protection"]["project"]
if not client.connected:
pytest.fail("You are not logged into Openshift or the namespace doesn't exist")
return client


@pytest.fixture(scope="session")
@pytest.fixture(scope="module")
def openshift2(testconfig):
"""OpenShift client for the secondary namespace located on the same cluster as primary Openshift"""
client = testconfig["openshift2"]
client = testconfig["service_protection"]["project2"]
if client is None:
pytest.skip("Openshift2 required but second_project was not set")
if not client.connected:
Expand Down Expand Up @@ -215,15 +214,14 @@ def module_label(label):
return randomize(label)


@pytest.fixture(scope="session")
@pytest.fixture(scope="module")
def kuadrant(testconfig, openshift):
"""Returns Kuadrant instance if exists, or None"""
settings = weakget(testconfig)
if not settings["kuadrant"]["enabled"] % True:
if not testconfig.get("gateway_api", True):
return None

# Try if Kuadrant is deployed
kuadrant_openshift = openshift.change_project(settings["kuadrant"]["project"] % None)
kuadrant_openshift = testconfig["service_protection"]["system_project"]
kuadrants = kuadrant_openshift.do_action("get", "kuadrant", "-o", "json", parse_output=True)
if len(kuadrants.model["items"]) == 0:
pytest.fail("Running Kuadrant tests, but Kuadrant resource was not found")
Expand All @@ -232,7 +230,7 @@ def kuadrant(testconfig, openshift):
return True


@pytest.fixture(scope="session")
@pytest.fixture(scope="module")
def backend(request, openshift, blame, label):
"""Deploys Httpbin backend"""
httpbin = Httpbin(openshift, blame("httpbin"), label)
Expand All @@ -258,7 +256,14 @@ def proxy(request, kuadrant, authorino, openshift, blame, backend, module_label,
gateway_object = request.getfixturevalue("gateway")
envoy: Proxy = GatewayProxy(gateway_object, module_label, backend)
else:
envoy = Envoy(openshift, authorino, blame("envoy"), module_label, backend, testconfig["envoy"]["image"])
envoy = Envoy(
openshift,
authorino,
blame("envoy"),
module_label,
backend,
testconfig["service_protection"]["envoy"]["image"],
)
request.addfinalizer(envoy.delete)
envoy.commit()
return envoy
Expand All @@ -270,7 +275,7 @@ def route(proxy, module_label) -> Route:
return proxy.expose_hostname(module_label)


@pytest.fixture(scope="session")
@pytest.fixture(scope="module")
def wildcard_domain(openshift):
"""
Wildcard domain of openshift cluster
Expand Down
14 changes: 7 additions & 7 deletions testsuite/tests/kuadrant/authorino/conftest.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
"""Conftest for Authorino tests"""
import pytest
from weakget import weakget

from testsuite.httpx.auth import HttpxOidcClientAuth
from testsuite.objects import Authorino, PreexistingAuthorino
Expand All @@ -22,13 +21,14 @@ def authorino(authorino, openshift, blame, request, testconfig, module_label, au
if authorino:
return authorino

if not testconfig["authorino"]["deploy"]:
authorino_config = testconfig["service_protection"]["authorino"]
if not authorino_config["deploy"]:
if len(authorino_parameters) > 0:
return pytest.skip("Can't change parameters of already deployed Authorino")
return PreexistingAuthorino(
testconfig["authorino"]["auth_url"],
testconfig["authorino"]["oidc_url"],
testconfig["authorino"]["metrics_service_name"],
authorino_config["auth_url"],
authorino_config["oidc_url"],
authorino_config["metrics_service_name"],
)

labels = authorino_parameters.setdefault("label_selectors", [])
Expand All @@ -38,8 +38,8 @@ def authorino(authorino, openshift, blame, request, testconfig, module_label, au

authorino = AuthorinoCR.create_instance(
openshift,
image=weakget(testconfig)["authorino"]["image"] % None,
log_level=weakget(testconfig)["authorino"]["log_level"] % None,
image=authorino_config.get("image"),
log_level=authorino_config.get("log_level"),
**authorino_parameters,
)
request.addfinalizer(lambda: authorino.delete(ignore_not_found=True))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ def authorization(authorization, api_key):
return authorization


def tests_api_key_context(client, auth, api_key, module_label, testconfig):
def tests_api_key_context(client, auth, api_key, module_label, openshift):
"""
Test:
- Make request with API key authentication
Expand All @@ -22,5 +22,5 @@ def tests_api_key_context(client, auth, api_key, module_label, testconfig):
assert response.status_code == 200
identity = extract_response(response)
assert identity["data"]["api_key"] % None == api_key.model.data.api_key
assert identity["metadata"]["namespace"] % None == testconfig["openshift"].project
assert identity["metadata"]["namespace"] % None == openshift.project
assert identity["metadata"]["labels"]["group"] % None == module_label
2 changes: 1 addition & 1 deletion testsuite/tests/kuadrant/authorino/metrics/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ def run_on_kuadrant():
return False


@pytest.fixture(scope="session")
@pytest.fixture(scope="module")
def prometheus(request, openshift):
"""
Return an instance of OpenShift metrics client
Expand Down
4 changes: 2 additions & 2 deletions testsuite/tests/kuadrant/authorino/operator/tls/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ def cert_attributes_other(cert_attributes) -> Dict[str, str]:
}


@pytest.fixture(scope="session")
@pytest.fixture(scope="module")
def certificates(cfssl, authorino_domain, wildcard_domain, cert_attributes, cert_attributes_other):
"""
Certificate hierarchy used for the tests
Expand Down Expand Up @@ -72,7 +72,7 @@ def _create_secret(certificate: Certificate, name: str, labels: Optional[Dict[st
return _create_secret


@pytest.fixture(scope="session")
@pytest.fixture(scope="module")
def authorino_domain(openshift):
"""
Hostname of the upstream certificate sent to be validated by APIcast
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ def authorization(authorization, blame, selector, cert_attributes):
return authorization


@pytest.fixture(scope="session")
@pytest.fixture(scope="module")
def certificates(cfssl, authorino_domain, wildcard_domain, cert_attributes, cert_attributes_other):
"""Certificate hierarchy used for the mTLS tests"""
chain = {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ def specific_authorino_name(blame):
return blame("authorino")


@pytest.fixture(scope="session")
@pytest.fixture(scope="module")
def authorino_domain(openshift, specific_authorino_name):
"""
Hostname of the upstream certificate sent to be validated by APIcast
Expand All @@ -40,7 +40,7 @@ def authorino_domain(openshift, specific_authorino_name):
return f"{specific_authorino_name}-authorino-authorization.{openshift.project}.svc"


@pytest.fixture(scope="session")
@pytest.fixture(scope="module")
def certificates(cfssl, authorino_domain, wildcard_domain):
"""Certificate hierarchy used for the tests.
Authorino certificate has *hosts* set to *authorino_domain* value.
Expand Down
Loading

0 comments on commit f962698

Please sign in to comment.