Add test for DNSPolicy health check with additional headers

testsuite/policy/dns_policy.py

@@ -11,10 +11,18 @@
 
 
 @dataclass
-class HealthCheck:  # pylint: disable=invalid-name
+class AdditionalHeadersRef:
+    """Object representing DNSPolicy additionalHeadersRef field"""
+
+    name: str
+
+
+@dataclass
+class HealthCheck:  # pylint: disable=invalid-name,too-many-instance-attributes
     """Object representing DNSPolicy health check specification"""
 
     allowInsecureCertificates: Optional[bool] = None
+    additionalHeadersRef: Optional[AdditionalHeadersRef] = None
     endpoint: Optional[str] = None
     expectedResponses: Optional[list[int]] = None
     failureThreshold: Optional[int] = None

testsuite/tests/mgc/dnspolicy/health_check/test_additional_headers.py

@@ -0,0 +1,71 @@
+"""Tests for DNSPolicy health checks - additional authentication headers sent with health check requests"""
+import pytest
+
+from testsuite.openshift.secret import Secret
+from testsuite.policy.dns_policy import HealthCheck, AdditionalHeadersRef
+from testsuite.gateway.gateway_api.reference_grant import ReferenceGrant
+
+pytestmark = [pytest.mark.mgc]
+
+HEADER_NAME = "test-header"
+HEADER_VALUE = "test-value"
+
+
+@pytest.fixture(scope="module", autouse=True)
+def mockserver_expectation(request, mockserver, module_label):
+    """Creates Mockserver Expectation which requires additional headers for successful request"""
+    request.addfinalizer(lambda: mockserver.clear_expectation(module_label))
+    mockserver.create_request_expectation(module_label, headers={HEADER_NAME: [HEADER_VALUE]})
+
+
+@pytest.fixture(scope="module")
+def headers_secret(request, hub_openshift, blame):
+    """Creates Secret with additional headers for DNSPolicy health check"""
+    secret_name = blame("headers")
+    headers_secret = Secret.create_instance(hub_openshift, secret_name, {HEADER_NAME: HEADER_VALUE})
+
+    request.addfinalizer(headers_secret.delete)
+    headers_secret.commit()
+    return secret_name
+
+
+@pytest.fixture(scope="module")
+def health_check(headers_secret, module_label):
+    """Returns healthy endpoint specification with additional authentication header for DNSPolicy health check"""
+    return HealthCheck(
+        allowInsecureCertificates=True,
+        additionalHeadersRef=AdditionalHeadersRef(name=headers_secret),
+        endpoint=f"/{module_label}",
+        interval="5s",
+        port=80,
+        protocol="http",
+    )
+
+
+@pytest.fixture(scope="module")
+def reference_grant(request, testconfig, gateway, module_label, blame):
+    """Creates ReferenceGrant object for cross namespace access to Mockserver service"""
+    # get tools project client if tools installed on a spoke cluster
+    tools_openshift = gateway.openshift.change_project(testconfig["tools"].project)
+    reference_grant = ReferenceGrant.create_instance(
+        gateway.openshift, tools_openshift, blame("ref-grnt"), {"app": module_label}
+    )
+    request.addfinalizer(reference_grant.delete)
+    reference_grant.commit()
+
+
+@pytest.fixture(scope="module")
+def backend(reference_grant, mockserver):  # pylint: disable=unused-argument
+    """Use mockserver as backend for health check requests to verify additional headers"""
+    return mockserver
+
+
+def test_additional_headers(dns_health_probe, mockserver, module_label):
+    """Test if additional headers in health check requests are used"""
+    assert dns_health_probe.is_healthy()
+
+    requests = mockserver.retrieve_requests(module_label)
+    assert len(requests) > 0
+
+    request_headers = requests[0]["headers"]
+    assert request_headers.get(HEADER_NAME) == [HEADER_VALUE]