Skip to content

Commit

Permalink
Merge pull request Kuadrant#286 from pehala/improve_wristband
Browse files Browse the repository at this point in the history
Enhance wristband test
  • Loading branch information
pehala authored Nov 16, 2023
2 parents 15611dd + a8dddae commit e1f30b8
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 37 deletions.
76 changes: 43 additions & 33 deletions testsuite/tests/kuadrant/authorino/wristband/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -60,68 +60,78 @@ def gateway(request, authorino, openshift, blame, module_label, testconfig):


@pytest.fixture(scope="module")
def wristband_endpoint(openshift, authorino, authorization_name):
"""Authorino oidc wristband endpoint"""
return f"http://{authorino.oidc_url}:8083/{openshift.project}/{authorization_name}/wristband"
def wristband_name(blame):
"""Name of the wristband response Authorization"""
return blame("auth-wristband")


@pytest.fixture(scope="module")
def authorization(authorization, wristband_secret, wristband_endpoint) -> AuthConfig:
"""Add wristband response with the signing key to the AuthConfig"""
def wristband_endpoint(openshift, authorino, wristband_name):
"""Authorino oidc wristband endpoint"""
return f"http://{authorino.oidc_url}:8083/{openshift.project}/{wristband_name}/wristband"

authorization.responses.add_success_dynamic(
"wristband",
WristbandResponse(issuer=wristband_endpoint, signingKeyRefs=[WristbandSigningKeyRef(wristband_secret)]),
)

@pytest.fixture(scope="module")
def authorization(authorization, wristband_endpoint) -> AuthConfig:
"""Add wristband authentication to Authorization"""
authorization.identity.clear_all()
authorization.identity.add_oidc("edge-authenticated", wristband_endpoint)
return authorization


@pytest.fixture(scope="module")
def wristband_token(client, auth):
def wristband_token(wristband_hostname, auth):
"""Test token acquirement from oidc endpoint"""
response = client.get("/auth", auth=auth)
assert response.status_code == 200
with wristband_hostname.client() as client:
response = client.get("/auth", auth=auth)
assert response.status_code == 200

assert response.headers.get("wristband-token") is not None
return response.headers["wristband-token"]
assert response.headers.get("wristband-token") is not None
return response.headers["wristband-token"]


@pytest.fixture(scope="module")
def authenticated_route(exposer, gateway, blame):
"""Second envoy route, intended for the already authenticated user"""
def wristband_hostname(exposer, gateway, blame):
"""Hostname on which you can acquire wristband token"""
return exposer.expose_hostname(blame("route"), gateway)


@pytest.fixture(scope="module")
def authenticated_authorization(request, gateway, blame, authenticated_route, module_label, wristband_endpoint):
"""Second AuthConfig with authorino oidc endpoint, protecting route for the already authenticated user"""
route = EnvoyVirtualRoute.create_instance(gateway.openshift, blame("route"), gateway)
route.add_hostname(authenticated_route.hostname)
def wristband_authorization(
request,
gateway,
wristband_name,
oidc_provider,
wristband_hostname,
module_label,
wristband_endpoint,
wristband_secret,
):
"""Second AuthConfig with authorino oidc endpoint for getting the wristband token"""
route = EnvoyVirtualRoute.create_instance(gateway.openshift, wristband_name, gateway)
route.add_hostname(wristband_hostname.hostname)

request.addfinalizer(route.delete)
route.commit()

authorization = AuthConfig.create_instance(
gateway.openshift,
blame("auth-authenticated"),
wristband_name,
route,
labels={"testRun": module_label},
)
authorization.identity.add_oidc("edge-authenticated", wristband_endpoint)
return authorization


@pytest.fixture(scope="module")
def authenticated_client(authenticated_route):
"""Client with route for the already authenticated user"""
client = authenticated_route.client()
yield client
client.close()
authorization.identity.add_oidc("rhsso", oidc_provider.well_known["issuer"])
authorization.responses.add_success_dynamic(
"wristband",
WristbandResponse(issuer=wristband_endpoint, signingKeyRefs=[WristbandSigningKeyRef(wristband_secret)]),
)
return authorization


# pylint: disable=unused-argument
@pytest.fixture(scope="module", autouse=True)
def commit(request, commit, authenticated_authorization):
def commit(request, commit, wristband_authorization):
"""Commits all important stuff before tests"""
request.addfinalizer(authenticated_authorization.delete)
authenticated_authorization.commit()
request.addfinalizer(wristband_authorization.delete)
wristband_authorization.commit()
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,13 @@ def test_wristband_token_claims(oidc_provider, auth, wristband_token, wristband_
assert claim not in wristband_decoded


def test_wristband_success(authenticated_client, wristband_token):
def test_wristband_success(client, wristband_token):
"""Test api authentication with token that was acquired after successful authentication in the edge"""
response = authenticated_client.get("/get", headers={"Authorization": "Bearer " + wristband_token})
response = client.get("/get", headers={"Authorization": "Bearer " + wristband_token})
assert response.status_code == 200


def test_wristband_fail(authenticated_client, auth):
def test_wristband_fail(client, auth):
"""Test api authentication with token that only accepted in the edge"""
response = authenticated_client.get("/get", auth=auth) # oidc access token instead of wristband
response = client.get("/get", auth=auth) # oidc access token instead of wristband
assert response.status_code == 401

0 comments on commit e1f30b8

Please sign in to comment.