diff --git a/testsuite/tests/singlecluster/defaults/__init__.py b/testsuite/tests/singlecluster/defaults/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/testsuite/tests/singlecluster/defaults/test_basic.py b/testsuite/tests/singlecluster/defaults/test_basic.py new file mode 100644 index 00000000..3a6c4da9 --- /dev/null +++ b/testsuite/tests/singlecluster/defaults/test_basic.py @@ -0,0 +1,45 @@ +"""Test basic enforcement of the rules inside the 'defaults' block of the AuthPolicy and RateLimitPolicy""" + +import pytest + +from testsuite.httpx.auth import HttpxOidcClientAuth +from testsuite.kuadrant.policy.rate_limit import Limit + +pytestmark = [pytest.mark.kuadrant_only, pytest.mark.limitador] + +LIMIT = Limit(3, 5) + + +@pytest.fixture(scope="module") +def authorization(authorization, oidc_provider): + """Add oidc identity to defaults block of AuthPolicy""" + authorization.defaults.identity.add_oidc("default", oidc_provider.well_known["issuer"]) + return authorization + + +@pytest.fixture(scope="module") +def auth(oidc_provider): + """Returns Authentication object for HTTPX""" + return HttpxOidcClientAuth(oidc_provider.get_token, "authorization") + + +@pytest.fixture(scope="module") +def rate_limit(rate_limit): + """Add basic requests limit to defaults block of RateLimitPolicy""" + rate_limit.defaults.add_limit("basic", [LIMIT]) + return rate_limit + + +def test_basic(route, authorization, rate_limit, client, auth): + """Test if rules inside defaults block are enforced like any other normal rule""" + route.refresh() + assert route.is_affected_by(authorization) + + response = client.get("/get") + assert response.status_code == 401 # assert that AuthPolicy is enforced + + assert route.is_affected_by(rate_limit) + + responses = client.get_many("/get", LIMIT.limit, auth=auth) + responses.assert_all(status_code=200) + assert client.get("/get", auth=auth).status_code == 429 # assert that RateLimitPolicy is enforced diff --git a/testsuite/tests/singlecluster/defaults/test_rules_exclusivity.py b/testsuite/tests/singlecluster/defaults/test_rules_exclusivity.py new file mode 100644 index 00000000..0a5f6928 --- /dev/null +++ b/testsuite/tests/singlecluster/defaults/test_rules_exclusivity.py @@ -0,0 +1,44 @@ +"""Test mutual exclusivity of defaults block and implicit defaults""" + +import pytest +from openshift_client import OpenShiftPythonException + +from testsuite.kuadrant.policy.rate_limit import Limit + +pytestmark = [pytest.mark.kuadrant_only, pytest.mark.limitador] + + +@pytest.fixture(scope="module") +def authorization(authorization, oidc_provider): + """Create AuthPolicy with basic oidc rules inside and outside defaults block""" + authorization.defaults.identity.add_oidc("inside-defaults", oidc_provider.well_known["issuer"]) + authorization.rules.identity.add_oidc("outside-defaults", oidc_provider.well_known["issuer"]) + return authorization + + +@pytest.fixture(scope="module") +def rate_limit(rate_limit): + """Add basic rate limiting rules inside and outside defaults block""" + rate_limit.defaults.add_limit("inside-defaults", [Limit(2, 5)]) + rate_limit.limits.add_limit("outside-defaults", [Limit(2, 5)]) + return rate_limit + + +@pytest.fixture(scope="module") +def commit(): + """We need to try to commit objects during the actual test""" + return None + + +@pytest.mark.parametrize( + "component_fixture", + [ + pytest.param("authorization", id="AuthPolicy"), + pytest.param("rate_limit", id="RateLimitPolicy"), + ], +) +def test_rules_exclusivity(request, component_fixture): + """Test that server will reject object with implicit and explicit defaults defined simultaneously""" + component = request.getfixturevalue(component_fixture) + with pytest.raises(OpenShiftPythonException, match="Implicit and explicit defaults are mutually exclusive"): + component.commit()