From 480ac9c72115bc5f905a51c51fc23021ef0429a1 Mon Sep 17 00:00:00 2001 From: averevki Date: Wed, 12 Jun 2024 17:29:43 +0200 Subject: [PATCH] Add tests for Defaults --- .../kuadrant/defaults_overrides/__init__.py | 0 .../defaults_overrides/defaults/__init__.py | 0 .../defaults_overrides/defaults/test_basic.py | 45 +++++++++++++++++++ .../defaults/test_rules_exclusivity.py | 36 +++++++++++++++ 4 files changed, 81 insertions(+) create mode 100644 testsuite/tests/kuadrant/defaults_overrides/__init__.py create mode 100644 testsuite/tests/kuadrant/defaults_overrides/defaults/__init__.py create mode 100644 testsuite/tests/kuadrant/defaults_overrides/defaults/test_basic.py create mode 100644 testsuite/tests/kuadrant/defaults_overrides/defaults/test_rules_exclusivity.py diff --git a/testsuite/tests/kuadrant/defaults_overrides/__init__.py b/testsuite/tests/kuadrant/defaults_overrides/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/testsuite/tests/kuadrant/defaults_overrides/defaults/__init__.py b/testsuite/tests/kuadrant/defaults_overrides/defaults/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/testsuite/tests/kuadrant/defaults_overrides/defaults/test_basic.py b/testsuite/tests/kuadrant/defaults_overrides/defaults/test_basic.py new file mode 100644 index 000000000..ccb3386cf --- /dev/null +++ b/testsuite/tests/kuadrant/defaults_overrides/defaults/test_basic.py @@ -0,0 +1,45 @@ +"""Test basic enforcement of the rules inside the 'defaults' block of the AuthPolicy and RateLimitPolicy""" + +import pytest + +from testsuite.httpx.auth import HttpxOidcClientAuth +from testsuite.policy.rate_limit_policy import Limit + +pytestmark = [pytest.mark.kuadrant_only, pytest.mark.limitador] + +LIMIT = Limit(3, 5) + + +@pytest.fixture(scope="module") +def authorization(authorization, oidc_provider): + """Add oidc identity to defaults block of AuthPolicy""" + authorization.identity.add_oidc("default", oidc_provider.well_known["issuer"], defaults=True) + return authorization + + +@pytest.fixture(scope="module") +def auth(oidc_provider): + """Returns Authentication object for HTTPX""" + return HttpxOidcClientAuth(oidc_provider.get_token, "authorization") + + +@pytest.fixture(scope="module") +def rate_limit(rate_limit): + """Add basic requests limit to defaults block of RateLimitPolicy""" + rate_limit.add_limit("basic", [LIMIT], defaults=True) + return rate_limit + + +def test_basic(route, authorization, rate_limit, client, auth): + """Test if rules inside defaults block are enforced like any other normal rule""" + route.refresh() + assert route.is_affected_by(authorization) + + response = client.get("/get") + assert response.status_code == 401 # assert that AuthPolicy is enforced + + assert route.is_affected_by(rate_limit) + + responses = client.get_many("/get", LIMIT.limit, auth=auth) + responses.assert_all(status_code=200) + assert client.get("/get", auth=auth).status_code == 429 # assert that RateLimitPolicy is enforced diff --git a/testsuite/tests/kuadrant/defaults_overrides/defaults/test_rules_exclusivity.py b/testsuite/tests/kuadrant/defaults_overrides/defaults/test_rules_exclusivity.py new file mode 100644 index 000000000..3f2534ee4 --- /dev/null +++ b/testsuite/tests/kuadrant/defaults_overrides/defaults/test_rules_exclusivity.py @@ -0,0 +1,36 @@ +"""Test mutual exclusivity of defaults block and implicit defaults""" + +import pytest + +from testsuite.policy.rate_limit_policy import Limit + +pytestmark = [pytest.mark.kuadrant_only, pytest.mark.limitador] + + +@pytest.fixture(scope="module") +def authorization(authorization, oidc_provider): + """Create AuthPolicy with basic oidc rules inside and outside defaults block""" + authorization.identity.add_oidc("inside-defaults", oidc_provider.well_known["issuer"], defaults=True) + authorization.identity.add_oidc("outside-defaults", oidc_provider.well_known["issuer"]) + return authorization + + +@pytest.fixture(scope="module") +def rate_limit(rate_limit): + """Add basic rate limiting rules inside and outside defaults block""" + rate_limit.add_limit("basic", [Limit(2, 5)], defaults=True) + rate_limit.add_limit("basic", [Limit(2, 5)]) + return rate_limit + + +@pytest.fixture(scope="module") +def commit(): + """We need to try to commit objects during the actual test""" + return None + + +def test_rules_exclusivity(authorization, rate_limit): + """Test that server will reject object with implicit and explicit defaults defined simultaneously""" + for component in [authorization, rate_limit]: + result = component._object_def_action("create", auto_raise=False) # pylint: disable=protected-access + assert "Implicit and explicit defaults are mutually exclusive" in result.err()