Refactor settings structure

README.md

@@ -77,8 +77,8 @@ The results and reports will be saved in `/test-run-results` in the container.
 ```bash
 podman run \
 	-v $HOME/.kube/config:/run/kubeconfig:z \
-	-e KUADRANT_OPENSHIFT__project=authorino \
-	-e KUADRANT_OPENSHIFT2__project=authorino2 \
+	-e KUADRANT_SERVICE_PROTECTION__PROJECT=authorino \
+	-e KUADRANT_SERVICE_PROTECTION__PROJECT2=authorino2 \
 	-e KUADRANT_AUTH0__url="AUTH0_URL" \
 	-e KUADRANT_AUTH0__client_id="AUTH0_CLIENT_ID" \
 	-e KUADRANT_AUTH0__client_secret="AUTH0_CLIENT_SECRET" \	
@@ -90,8 +90,8 @@ podman run \
 ```bash
 podman run \
 	-v $HOME/.kube/config:/run/kubeconfig:z \
-	-e KUADRANT_OPENSHIFT__project=authorino \
-	-e KUADRANT_OPENSHIFT2__project=authorino2 \
+	-e KUADRANT_SERVICE_PROTECTION__PROJECT=authorino \
+	-e KUADRANT_SERVICE_PROTECTION__PROJECT2=authorino2 \
 	-e KUADRANT_RHSSO__url="https://my-sso.net" \
 	-e KUADRANT_RHSSO__password="ADMIN_PASSWORD" \
 	-e KUADRANT_RHSSO__username="ADMIN_USERNAME" \

config/settings.local.yaml.tpl

@@ -1,12 +1,11 @@
 #default:
 #  skip_cleanup: false
-#  openshift:
-#    project: "kuadrant"                       # Optional: namespace for tests to run, if None uses current project
+#  gateway_api: true                           # True, if Testsuite should test with Gateway API enabled (e.g. Full Kuadrant) or individual components (e.g. Authorino)
+#  cluster:                                    # Workload cluster where tests should run, will get overriden if run on Multicluster
+#    project: "kuadrant"                       # Optional: Default namespace for this cluster
 #    api_url: "https://api.openshift.com"      # Optional: OpenShift API URL, if None it will OpenShift that you are logged in
 #    token: "KUADRANT_RULEZ"                   # Optional: OpenShift Token, if None it will OpenShift that you are logged in
 #    kubeconfig_path: "~/.kube/config"         # Optional: Kubeconfig to use, if None the default one is used
-#  openshift2:
-#    project: "kuadrant2"                      # Required: Secondary OpenShift project, for running tests across projects
 #  tools:
 #    project: "tools"                          # Optional: OpenShift project, where external tools are located
 #  rhsso:
@@ -27,22 +26,28 @@
 #    url: "HYPERFOIL_URL"
 #    generate_reports: True                      # True, if each test should generate a report
 #    report_dir: "reports"                       # Directory, to which the reports should be saved
-#  authorino:
-#    image: "quay.io/kuadrant/authorino:latest"  # If specified will override the authorino image
-#    deploy: false                               # If false, the testsuite will use already deployed authorino for testing
-#    auth_url: ""                                # authorization URL for already deployed Authorino
-#    oidc_url: ""                                # oidc URL for already deployed Authorino
-#    metrics_service_name: ""                    # controller metrics service name for already deployer Authorino
-#  envoy:
-#    image: "docker.io/envoyproxy/envoy:v1.23-latest"  # Envoy image, the testsuite should use, only for Authorino tests now
-#  kuadrant:
-#    enabled: true                               # True, if Testsuite should test Kuadrant instead of individual operators
-#    namespace: "kuadrant"                       # Namespaces where Kuadrant resides
-#    gateway:                                    # Reference to Gateway that should be used
+#  service_protection:
+#    system_project: "kuadrant-system"           # Namespace where Kuadrant resource resides
+#    project: "kuadrant"                         # Namespace where tests will run
+#    project2: "kuadrant2"                       # Second namespace for tests, that run across multiple namespaces
+#    envoy:
+#      image: "docker.io/envoyproxy/envoy:v1.23-latest"  # Envoy image, the testsuite should use, only for Authorino tests
+#    gateway:                                      # Optional: Reference to Gateway that should be used, if empty testsuite will create its own
 #       namespace: "istio-system"
 #       name: "istio-ingressgateway"
-#  mgc:
-#    spokes:
+#    authorino:
+#      image: "quay.io/kuadrant/authorino:latest"  # If specified will override the authorino image
+#      deploy: false                               # If false, the testsuite will use already deployed authorino for testing
+#      auth_url: ""                                # authorization URL for already deployed Authorino
+#      oidc_url: ""                                # oidc URL for already deployed Authorino
+#      metrics_service_name: ""                    # controller metrics service name for already deployer Authorino
+#  control_plane:
+#    hub:                                          # Hub cluster
+#      project: "multi-cluster-gateways"         # Optional: namespace where MGC resources are created and where the hub gateway will be created
+#      api_url: "https://api.openshift.com"      # Optional: OpenShift API URL, if None it will OpenShift that you are logged in
+#      token: "KUADRANT_RULEZ"                   # Optional: OpenShift Token, if None it will OpenShift that you are logged in
+#      kubeconfig_path: "~/.kube/config"         # Optional: Kubeconfig to use, if None the default one is used
+#    spokes:                                       # List of all spokes in the multi-cluster
 #      local-cluster:
 #        project: "kuadrant"                       # Optional: namespace for tests to run, if None uses current project
 #        api_url: "https://api.openshift.com"      # Optional: OpenShift API URL, if None it will OpenShift that you are logged in

config/settings.yaml

@@ -1,6 +1,8 @@
 default:
   skip_cleanup: false
   dynaconf_merge: true
+  gateway_api: true
+  cluster: {}
   tools:
     project: "tools"
   cfssl: "cfssl"
@@ -9,17 +11,18 @@ default:
     test_user:
       username: "testUser"
       password: "testPassword"
-  authorino:
-    deploy: true
-    log_level: "debug"
-  envoy:
-    image: "docker.io/envoyproxy/envoy:v1.23-latest"
-  kuadrant:
-    enabled: true
+  service_protection:
+    system_project: "kuadrant-system"
     project: "kuadrant"
+    project2: "kuadrant2"
+    envoy:
+      image: "docker.io/envoyproxy/envoy:v1.23-latest"
     gateway:
        project: "istio-system"
        name: "istio-ingressgateway"
+    authorino:
+      deploy: true
+      log_level: "debug"
   hyperfoil:
     generate_reports: True
     reports_dir: "reports"

testsuite/config/__init__.py

@@ -33,12 +33,16 @@ def __init__(self, name, default, **kwargs) -> None:
     envvar_prefix="KUADRANT",
     merge_enabled=True,
     validators=[
-        Validator("authorino.deploy", must_exist=True, eq=True)
-        | (Validator("authorino.auth_url", must_exist=True) & Validator("authorino.oidc_url", must_exist=True)),
+        Validator("service_protection.authorino.deploy", must_exist=True, eq=True)
+        | (
+            Validator("service_protection.authorino.auth_url", must_exist=True)
+            & Validator("service_protection.authorino.oidc_url", must_exist=True)
+        ),
         DefaultValueValidator("rhsso.url", default=fetch_route("no-ssl-sso")),
         DefaultValueValidator("rhsso.password", default=fetch_secret("credential-sso", "ADMIN_PASSWORD")),
         DefaultValueValidator("mockserver.url", default=fetch_route("mockserver", force_http=True)),
-        Validator("kuadrant.enable", must_exist=False, eq=False) | Validator("kuadrant.gateway.name", must_exist=True),
+        Validator("gateway_api", must_exist=False, eq=False)
+        | Validator("service_protection.gateway.name", must_exist=True),
     ],
     validate_only=["authorino", "kuadrant"],
     loaders=["dynaconf.loaders.env_loader", "testsuite.config.openshift_loader"],

testsuite/config/openshift_loader.py

@@ -1,35 +1,45 @@
 """Custom dynaconf loader for loading OpenShift settings and converting them to OpenshiftClients"""
-from weakget import weakget
 
 from testsuite.openshift.client import OpenShiftClient
 
 
-# pylint: disable=unused-argument
-def load(obj, env=None, silent=True, key=None, filename=None):
+def inject_client(obj, base_client, path):
+    """Injects OpenShiftClient in the settings, changes only project"""
+    original = obj.get(path, None)
+    if original:
+        obj[path] = base_client.change_project(original)
+    else:
+        obj[path] = base_client
+
+
+def load(obj, **_):
     """Creates all OpenShift clients"""
-    config = weakget(obj)
-    section = config["openshift"]
+    section = obj.setdefault("cluster", {})
     client = OpenShiftClient(
-        section["project"] % None, section["api_url"] % None, section["token"] % None, section["kubeconfig_path"] % None
+        section.get("project"), section.get("api_url"), section.get("token"), section.get("kubeconfig_path")
     )
-    obj["openshift"] = client
+    obj["cluster"] = client
 
     tools = None
     if "tools" in obj and "project" in obj["tools"]:
         tools = client.change_project(obj["tools"]["project"])
     obj["tools"] = tools
 
-    openshift2 = None
-    if "openshift2" in obj and "project" in obj["openshift2"]:
-        openshift2 = client.change_project(obj["openshift2"]["project"])
-    obj["openshift2"] = openshift2
+    service_protection = obj.setdefault("service_protection", {})
+    inject_client(service_protection, client, "system_project")
+    inject_client(service_protection, client, "project")
+    inject_client(service_protection, client, "project2")
+
+    control_plane = obj.setdefault("control_plane", {})
+    hub = control_plane.get("hub", {})
+    hub_client = OpenShiftClient(hub.get("project"), hub.get("api_url"), hub.get("token"), hub.get("kubeconfig_path"))
+    obj["control_plane"]["hub"] = hub_client
 
     clients = {}
-    spokes = weakget(obj)["mgc"]["spokes"] % {}
+    spokes = control_plane.setdefault("spokes", {})
     for name, value in spokes.items():
-        value = weakget(value)
         clients[name] = OpenShiftClient(
-            value["project"] % None, value["api_url"] % None, value["token"] % None, value["kubeconfig_path"] % None
+            value.get("project"), value.get("api_url"), value.get("token"), value.get("kubeconfig_path")
         )
     if len(clients) > 0:
-        obj["mgc"]["spokes"] = clients
+        control_plane["spokes"] = clients

testsuite/openshift/client.py

@@ -28,7 +28,7 @@ class OpenShiftClient:
 
     # pylint: disable=too-many-public-methods
 
-    def __init__(self, project: str, api_url: str = None, token: str = None, kubeconfig_path: str = None):
+    def __init__(self, project: str = None, api_url: str = None, token: str = None, kubeconfig_path: str = None):
         self._project = project
         self._api_url = api_url
         self._token = token

testsuite/tests/conftest.py

@@ -5,7 +5,6 @@
 import pytest
 from dynaconf import ValidationError
 from keycloak import KeycloakAuthenticationError
-from weakget import weakget
 
 from testsuite.certificates import CFSSLClient
 from testsuite.config import settings
@@ -92,19 +91,19 @@ def testconfig():
     return settings
 
 
-@pytest.fixture(scope="session")
+@pytest.fixture(scope="module")
 def openshift(testconfig):
     """OpenShift client for the primary namespace"""
-    client = testconfig["openshift"]
+    client = testconfig["service_protection"]["project"]
     if not client.connected:
         pytest.fail("You are not logged into Openshift or the namespace doesn't exist")
     return client
 
 
-@pytest.fixture(scope="session")
+@pytest.fixture(scope="module")
 def openshift2(testconfig):
     """OpenShift client for the secondary namespace located on the same cluster as primary Openshift"""
-    client = testconfig["openshift2"]
+    client = testconfig["service_protection"]["project2"]
     if client is None:
         pytest.skip("Openshift2 required but second_project was not set")
     if not client.connected:
@@ -215,15 +214,14 @@ def module_label(label):
     return randomize(label)
 
 
-@pytest.fixture(scope="session")
+@pytest.fixture(scope="module")
 def kuadrant(testconfig, openshift):
     """Returns Kuadrant instance if exists, or None"""
-    settings = weakget(testconfig)
-    if not settings["kuadrant"]["enabled"] % True:
+    if not testconfig.get("gateway_api", True):
         return None
 
     # Try if Kuadrant is deployed
-    kuadrant_openshift = openshift.change_project(settings["kuadrant"]["project"] % None)
+    kuadrant_openshift = testconfig["service_protection"]["system_project"]
     kuadrants = kuadrant_openshift.do_action("get", "kuadrant", "-o", "json", parse_output=True)
     if len(kuadrants.model["items"]) == 0:
         pytest.fail("Running Kuadrant tests, but Kuadrant resource was not found")
@@ -232,7 +230,7 @@ def kuadrant(testconfig, openshift):
     return True
 
 
-@pytest.fixture(scope="session")
+@pytest.fixture(scope="module")
 def backend(request, openshift, blame, label):
     """Deploys Httpbin backend"""
     httpbin = Httpbin(openshift, blame("httpbin"), label)
@@ -258,7 +256,14 @@ def proxy(request, kuadrant, authorino, openshift, blame, backend, module_label,
         gateway_object = request.getfixturevalue("gateway")
         envoy: Proxy = GatewayProxy(gateway_object, module_label, backend)
     else:
-        envoy = Envoy(openshift, authorino, blame("envoy"), module_label, backend, testconfig["envoy"]["image"])
+        envoy = Envoy(
+            openshift,
+            authorino,
+            blame("envoy"),
+            module_label,
+            backend,
+            testconfig["service_protection"]["envoy"]["image"],
+        )
     request.addfinalizer(envoy.delete)
     envoy.commit()
     return envoy
@@ -270,7 +275,7 @@ def route(proxy, module_label) -> Route:
     return proxy.expose_hostname(module_label)
 
 
-@pytest.fixture(scope="session")
+@pytest.fixture(scope="module")
 def wildcard_domain(openshift):
     """
     Wildcard domain of openshift cluster

testsuite/tests/kuadrant/authorino/conftest.py

@@ -1,6 +1,5 @@
 """Conftest for Authorino tests"""
 import pytest
-from weakget import weakget
 
 from testsuite.httpx.auth import HttpxOidcClientAuth
 from testsuite.objects import Authorino, PreexistingAuthorino
@@ -22,13 +21,14 @@ def authorino(authorino, openshift, blame, request, testconfig, module_label, au
     if authorino:
         return authorino
 
-    if not testconfig["authorino"]["deploy"]:
+    authorino_config = testconfig["service_protection"]["authorino"]
+    if not authorino_config["deploy"]:
         if len(authorino_parameters) > 0:
             return pytest.skip("Can't change parameters of already deployed Authorino")
         return PreexistingAuthorino(
-            testconfig["authorino"]["auth_url"],
-            testconfig["authorino"]["oidc_url"],
-            testconfig["authorino"]["metrics_service_name"],
+            authorino_config["auth_url"],
+            authorino_config["oidc_url"],
+            authorino_config["metrics_service_name"],
         )
 
     labels = authorino_parameters.setdefault("label_selectors", [])
@@ -38,8 +38,8 @@ def authorino(authorino, openshift, blame, request, testconfig, module_label, au
 
     authorino = AuthorinoCR.create_instance(
         openshift,
-        image=weakget(testconfig)["authorino"]["image"] % None,
-        log_level=weakget(testconfig)["authorino"]["log_level"] % None,
+        image=authorino_config.get("image"),
+        log_level=authorino_config.get("log_level"),
         **authorino_parameters,
     )
     request.addfinalizer(lambda: authorino.delete(ignore_not_found=True))

testsuite/tests/kuadrant/authorino/identity/api_key/test_api_key_context.py

@@ -12,7 +12,7 @@ def authorization(authorization, api_key):
     return authorization
 
 
-def tests_api_key_context(client, auth, api_key, module_label, testconfig):
+def tests_api_key_context(client, auth, api_key, module_label, openshift):
     """
     Test:
         - Make request with API key authentication
@@ -22,5 +22,5 @@ def tests_api_key_context(client, auth, api_key, module_label, testconfig):
     assert response.status_code == 200
     identity = extract_response(response)
     assert identity["data"]["api_key"] % None == api_key.model.data.api_key
-    assert identity["metadata"]["namespace"] % None == testconfig["openshift"].project
+    assert identity["metadata"]["namespace"] % None == openshift.project
     assert identity["metadata"]["labels"]["group"] % None == module_label

testsuite/tests/kuadrant/authorino/metrics/conftest.py

@@ -14,7 +14,7 @@ def run_on_kuadrant():
     return False
 
 
-@pytest.fixture(scope="session")
+@pytest.fixture(scope="module")
 def prometheus(request, openshift):
     """
     Return an instance of OpenShift metrics client

testsuite/tests/kuadrant/authorino/operator/tls/conftest.py

@@ -34,7 +34,7 @@ def cert_attributes_other(cert_attributes) -> Dict[str, str]:
     }
 
 
-@pytest.fixture(scope="session")
+@pytest.fixture(scope="module")
 def certificates(cfssl, authorino_domain, wildcard_domain, cert_attributes, cert_attributes_other):
     """
     Certificate hierarchy used for the tests
@@ -72,7 +72,7 @@ def _create_secret(certificate: Certificate, name: str, labels: Optional[Dict[st
     return _create_secret
 
 
-@pytest.fixture(scope="session")
+@pytest.fixture(scope="module")
 def authorino_domain(openshift):
     """
     Hostname of the upstream certificate sent to be validated by APIcast

testsuite/tests/kuadrant/authorino/operator/tls/mtls/conftest.py

@@ -17,7 +17,7 @@ def authorization(authorization, blame, selector, cert_attributes):
     return authorization
 
 
-@pytest.fixture(scope="session")
+@pytest.fixture(scope="module")
 def certificates(cfssl, authorino_domain, wildcard_domain, cert_attributes, cert_attributes_other):
     """Certificate hierarchy used for the mTLS tests"""
     chain = {

testsuite/tests/kuadrant/authorino/operator/tls/test_webhook.py

@@ -31,7 +31,7 @@ def specific_authorino_name(blame):
     return blame("authorino")
 
 
-@pytest.fixture(scope="session")
+@pytest.fixture(scope="module")
 def authorino_domain(openshift, specific_authorino_name):
     """
     Hostname of the upstream certificate sent to be validated by APIcast
@@ -40,7 +40,7 @@ def authorino_domain(openshift, specific_authorino_name):
     return f"{specific_authorino_name}-authorino-authorization.{openshift.project}.svc"
 
 
-@pytest.fixture(scope="session")
+@pytest.fixture(scope="module")
 def certificates(cfssl, authorino_domain, wildcard_domain):
     """Certificate hierarchy used for the tests.
     Authorino certificate has *hosts* set to *authorino_domain* value.