From 58e24e38d4cea788f48b01e39eef232a18804e5b Mon Sep 17 00:00:00 2001 From: averevki Date: Wed, 20 Dec 2023 19:05:29 +0100 Subject: [PATCH] Add test for DNSPolicy health check with additional headers --- testsuite/policy/dns_policy.py | 10 ++- .../health_check/test_additional_headers.py | 71 +++++++++++++++++++ 2 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 testsuite/tests/mgc/dnspolicy/health_check/test_additional_headers.py diff --git a/testsuite/policy/dns_policy.py b/testsuite/policy/dns_policy.py index 4d2774501..ac2ee43d3 100644 --- a/testsuite/policy/dns_policy.py +++ b/testsuite/policy/dns_policy.py @@ -11,10 +11,18 @@ @dataclass -class HealthCheck: # pylint: disable=invalid-name +class AdditionalHeadersRef: + """Object representing DNSPolicy additionalHeadersRef field""" + + name: str + + +@dataclass +class HealthCheck: # pylint: disable=invalid-name,too-many-instance-attributes """Object representing DNSPolicy health check specification""" allowInsecureCertificates: Optional[bool] = None + additionalHeadersRef: Optional[AdditionalHeadersRef] = None endpoint: Optional[str] = None expectedResponses: Optional[list[int]] = None failureThreshold: Optional[int] = None diff --git a/testsuite/tests/mgc/dnspolicy/health_check/test_additional_headers.py b/testsuite/tests/mgc/dnspolicy/health_check/test_additional_headers.py new file mode 100644 index 000000000..36601deba --- /dev/null +++ b/testsuite/tests/mgc/dnspolicy/health_check/test_additional_headers.py @@ -0,0 +1,71 @@ +"""Tests for DNSPolicy health checks - additional authentication headers sent with health check requests""" +import pytest + +from testsuite.openshift.secret import Secret +from testsuite.policy.dns_policy import HealthCheck, AdditionalHeadersRef +from testsuite.gateway.gateway_api.reference_grant import ReferenceGrant + +pytestmark = [pytest.mark.mgc] + +HEADER_NAME = "test-header" +HEADER_VALUE = "test-value" + + +@pytest.fixture(scope="module", autouse=True) +def mockserver_expectation(request, mockserver, module_label): + """Creates Mockserver Expectation which requires additional headers for successful request""" + request.addfinalizer(lambda: mockserver.clear_expectation(module_label)) + mockserver.create_request_expectation(module_label, headers={HEADER_NAME: [HEADER_VALUE]}) + + +@pytest.fixture(scope="module") +def headers_secret(request, hub_openshift, blame): + """Creates Secret with additional headers for DNSPolicy health check""" + secret_name = blame("headers") + headers_secret = Secret.create_instance(hub_openshift, secret_name, {HEADER_NAME: HEADER_VALUE}) + + request.addfinalizer(headers_secret.delete) + headers_secret.commit() + return secret_name + + +@pytest.fixture(scope="module") +def health_check(headers_secret, module_label): + """Returns healthy endpoint specification with additional authentication header for DNSPolicy health check""" + return HealthCheck( + allowInsecureCertificates=True, + additionalHeadersRef=AdditionalHeadersRef(name=headers_secret), + endpoint=f"/{module_label}", + interval="5s", + port=80, + protocol="http", + ) + + +@pytest.fixture(scope="module") +def reference_grant(request, testconfig, gateway, module_label, blame): + """Creates ReferenceGrant object for cross namespace access to Mockserver service""" + # get tools project client if tools installed on a spoke cluster + tools_openshift = gateway.openshift.change_project(testconfig["tools"].project) + reference_grant = ReferenceGrant.create_instance( + gateway.openshift, tools_openshift, blame("ref-grnt"), {"app": module_label} + ) + request.addfinalizer(reference_grant.delete) + reference_grant.commit() + + +@pytest.fixture(scope="module") +def backend(reference_grant, mockserver): # pylint: disable=unused-argument + """Use mockserver as backend for health check requests to verify additional headers""" + return mockserver + + +def test_additional_headers(dns_health_probe, mockserver, module_label): + """Test if additional headers in health check requests are used""" + assert dns_health_probe.is_healthy() + + requests = mockserver.retrieve_requests(module_label) + assert len(requests) > 0 + + request_headers = requests[0]["headers"] + assert request_headers.get(HEADER_NAME) == [HEADER_VALUE]