Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add reconciliation tests for DNSPolicy/TLSPolicy #239

Merged
merged 1 commit into from
Feb 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion testsuite/openshift/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
from dataclasses import dataclass, field
from typing import Optional, Literal

from openshift_client import APIObject, timeout
from openshift_client import APIObject, timeout, OpenShiftPythonException

from testsuite.lifecycle import LifecycleObject

Expand Down Expand Up @@ -32,6 +32,17 @@ def delete(self, ignore_not_found=True, cmd_args=None):
self.committed = False
return deleted

def wait_until(self, test_function, timelimit=90):
"""Waits until the test function succeeds for this object"""
try:
with timeout(timelimit):
success, _, _ = self.self_selector().until_all(
success_func=lambda obj: test_function(self.__class__(obj.model))
)
return success
except OpenShiftPythonException:
return False


def modify(func):
"""Wraps method of a subclass of OpenShiftObject to use modify_and_apply when the object
Expand Down
8 changes: 8 additions & 0 deletions testsuite/tests/mgc/reconciliation/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
"""Module containing tests for Reconciliation of MGC policies"""

from testsuite.policy.dns_policy import DNSPolicy


def dns_policy(openshift, name, parent, issuer, labels: dict[str, str] = None): # pylint: disable=unused-argument
averevki marked this conversation as resolved.
Show resolved Hide resolved
"""DNSPolicy constructor that ignores issues"""
return DNSPolicy.create_instance(openshift, name, parent, labels=labels)
40 changes: 40 additions & 0 deletions testsuite/tests/mgc/reconciliation/test_gw_doesnt_exist.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
"""Tests that DNSPolicy/TLSPolicy is rejected if the Gateway does not exist at all"""

import pytest

from testsuite.gateway import CustomReference
from testsuite.policy.tls_policy import TLSPolicy
from testsuite.tests.mgc.reconciliation import dns_policy

pytestmark = [pytest.mark.mgc]


@pytest.mark.parametrize(
"create_cr", [pytest.param(dns_policy, id="DNSPolicy"), pytest.param(TLSPolicy.create_instance, id="TLSPolicy")]
)
@pytest.mark.issue("https://github.com/Kuadrant/multicluster-gateway-controller/issues/361")
def test_no_gw(request, create_cr, hub_openshift, blame, module_label, cluster_issuer):
"""Tests that policy is rejected if the Gateway does not exist at all"""

def target_not_found(policy):
for condition in policy.model.status.conditions:
if (
condition.type == "Ready"
and condition.status == "False"
and 'Gateway.gateway.networking.k8s.io "does-not-exist" not found' in condition.message
and condition.reason == "TargetNotFound"
):
return True
return False

policy = create_cr(
hub_openshift,
blame("resource"),
averevki marked this conversation as resolved.
Show resolved Hide resolved
CustomReference(group="gateway.networking.k8s.io", kind="Gateway", name="does-not-exist"),
cluster_issuer,
labels={"app": module_label},
)
request.addfinalizer(policy.delete)
policy.commit()

assert policy.wait_until(target_not_found), "Policy did not reach expected status"
averevki marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
"""Tests that TLSPolicy is rejected if the issuer is invalid"""

import pytest
from openshift_client import selector

from testsuite.gateway import CustomReference
from testsuite.policy.tls_policy import TLSPolicy

pytestmark = [pytest.mark.mgc]


@pytest.fixture(scope="module")
def base_domain(hub_openshift):
"""Returns preconfigured base domain"""
zone = selector("managedzone/aws-mz", static_context=hub_openshift.context).object()
return zone.model["spec"]["domainName"]


def test_wrong_issuer_type(request, hub_gateway, hub_openshift, blame, module_label):
"""Tests that TLSPolicy is rejected if issuer does not have a correct type"""

def wrong_issuer_type(policy):
for condition in policy.model.status.conditions:
if (
condition.type == "Ready"
and condition.status == "False"
and 'invalid value "Gateway" for issuerRef.kind. Must be empty, "Issuer" or "ClusterIssuer"'
in condition.message
and condition.reason == "ReconciliationError"
):
return True
return False

policy = TLSPolicy.create_instance(
hub_openshift,
blame("resource"),
hub_gateway,
hub_gateway,
labels={"app": module_label},
)
request.addfinalizer(policy.delete)
policy.commit()

assert policy.wait_until(wrong_issuer_type), "Policy did not reach expected status"


def test_non_existing_issuer(request, hub_gateway, hub_openshift, blame, module_label):
"""Tests that TLSPolicy is rejected if issuer does not exist"""

def wrong_issuer(policy):
for condition in policy.model.status.conditions:
if (
condition.type == "Ready"
and condition.status == "False"
and 'ClusterIssuer.cert-manager.io "does-not-exist" not found' in condition.message
and condition.reason == "ReconciliationError"
):
return True
return False

policy = TLSPolicy.create_instance(
hub_openshift,
blame("resource"),
hub_gateway,
CustomReference(
group="cert-manager.io",
kind="ClusterIssuer",
name="does-not-exist",
),
labels={"app": module_label},
)
request.addfinalizer(policy.delete)
policy.commit()

assert policy.wait_until(wrong_issuer), "Policy did not reach expected status"
55 changes: 55 additions & 0 deletions testsuite/tests/mgc/reconciliation/test_same_target.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
"""Tests that DNSPolicy/TLSPolicy is rejected when the Gateway already has a policy of the same kind"""

import pytest
from openshift_client import selector

from testsuite.policy.tls_policy import TLSPolicy
from testsuite.tests.mgc.reconciliation import dns_policy

pytestmark = [pytest.mark.mgc]


@pytest.fixture(scope="module")
def base_domain(hub_openshift):
"""Returns preconfigured base domain"""
zone = selector("managedzone/aws-mz", static_context=hub_openshift.context).object()
return zone.model["spec"]["domainName"]
averevki marked this conversation as resolved.
Show resolved Hide resolved


@pytest.mark.parametrize(
"create_cr", [pytest.param(dns_policy, id="DNSPolicy"), pytest.param(TLSPolicy.create_instance, id="TLSPolicy")]
)
def test_two_policies_one_gw(request, create_cr, hub_gateway, client, blame, module_label, cluster_issuer):
"""Tests that policy is rejected when the Gateway already has a DNSPolicy"""

def two_dns_policies_error(policy):
for condition in policy.model.status.conditions:
if (
condition.type == "Ready"
and condition.status == "False"
and condition.reason == "ReconciliationError"
and "is already referenced by policy" in condition.message
):
return True
return False

# test that it works before the policy
response = client.get("get")
assert response.status_code == 200, "Original DNSPolicy does not work"

policy = create_cr(
hub_gateway.openshift,
blame("dns2"),
hub_gateway,
cluster_issuer,
labels={"app": module_label},
)
request.addfinalizer(policy.delete)
policy.commit()

# Wait for expected status
assert policy.wait_until(two_dns_policies_error), "Policy did not reach expected status"

# Test that the original policy still works
response = client.get("get")
assert response.status_code == 200
Loading