Add tests for defaults

testsuite/tests/singlecluster/defaults/test_basic.py

@@ -0,0 +1,45 @@
+"""Test basic enforcement of the rules inside the 'defaults' block of the AuthPolicy and RateLimitPolicy"""
+
+import pytest
+
+from testsuite.httpx.auth import HttpxOidcClientAuth
+from testsuite.kuadrant.policy.rate_limit import Limit
+
+pytestmark = [pytest.mark.kuadrant_only, pytest.mark.limitador]
+
+LIMIT = Limit(3, 5)
+
+
+@pytest.fixture(scope="module")
+def authorization(authorization, oidc_provider):
+    """Add oidc identity to defaults block of AuthPolicy"""
+    authorization.defaults.identity.add_oidc("default", oidc_provider.well_known["issuer"])
+    return authorization
+
+
+@pytest.fixture(scope="module")
+def auth(oidc_provider):
+    """Returns Authentication object for HTTPX"""
+    return HttpxOidcClientAuth(oidc_provider.get_token, "authorization")
+
+
+@pytest.fixture(scope="module")
+def rate_limit(rate_limit):
+    """Add basic requests limit to defaults block of RateLimitPolicy"""
+    rate_limit.defaults.add_limit("basic", [LIMIT])
+    return rate_limit
+
+
+def test_basic(route, authorization, rate_limit, client, auth):
+    """Test if rules inside defaults block are enforced like any other normal rule"""
+    route.refresh()
+    assert route.is_affected_by(authorization)
+
+    response = client.get("/get")
+    assert response.status_code == 401  # assert that AuthPolicy is enforced
+
+    assert route.is_affected_by(rate_limit)
+
+    responses = client.get_many("/get", LIMIT.limit, auth=auth)
+    responses.assert_all(status_code=200)
+    assert client.get("/get", auth=auth).status_code == 429  # assert that RateLimitPolicy is enforced

testsuite/tests/singlecluster/defaults/test_rules_exclusivity.py

@@ -0,0 +1,44 @@
+"""Test mutual exclusivity of defaults block and implicit defaults"""
+
+import pytest
+from openshift_client import OpenShiftPythonException
+
+from testsuite.kuadrant.policy.rate_limit import Limit
+
+pytestmark = [pytest.mark.kuadrant_only, pytest.mark.limitador]
+
+
+@pytest.fixture(scope="module")
+def authorization(authorization, oidc_provider):
+    """Create AuthPolicy with basic oidc rules inside and outside defaults block"""
+    authorization.defaults.identity.add_oidc("inside-defaults", oidc_provider.well_known["issuer"])
+    authorization.rules.identity.add_oidc("outside-defaults", oidc_provider.well_known["issuer"])
+    return authorization
+
+
+@pytest.fixture(scope="module")
+def rate_limit(rate_limit):
+    """Add basic rate limiting rules inside and outside defaults block"""
+    rate_limit.defaults.add_limit("inside-defaults", [Limit(2, 5)])
+    rate_limit.limits.add_limit("outside-defaults", [Limit(2, 5)])
+    return rate_limit
+
+
+@pytest.fixture(scope="module")
+def commit():
+    """We need to try to commit objects during the actual test"""
+    return None
+
+
+@pytest.mark.parametrize(
+    "component_fixture",
+    [
+        pytest.param("authorization", id="AuthPolicy"),
+        pytest.param("rate_limit", id="RateLimitPolicy"),
+    ],
+)
+def test_rules_exclusivity(request, component_fixture):
+    """Test that server will reject object with implicit and explicit defaults defined simultaneously"""
+    component = request.getfixturevalue(component_fixture)
+    with pytest.raises(OpenShiftPythonException, match="Implicit and explicit defaults are mutually exclusive"):
+        component.commit()