|
| 1 | +""" |
| 2 | +Test for changing targetRef field in policies (AuthPolicy and RateLimitPolicy) |
| 3 | +""" |
| 4 | + |
| 5 | +import pytest |
| 6 | + |
| 7 | +from testsuite.gateway import TLSGatewayListener, GatewayRoute |
| 8 | +from testsuite.gateway.envoy.route import EnvoyVirtualRoute |
| 9 | +from testsuite.gateway.gateway_api.gateway import KuadrantGateway |
| 10 | +from testsuite.gateway.gateway_api.route import HTTPRoute |
| 11 | +from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy |
| 12 | + |
| 13 | + |
| 14 | +@pytest.fixture(scope="module") |
| 15 | +def wildcard_domain2(base_domain): |
| 16 | + """Wildcard domain for Gateway B""" |
| 17 | + return f"*.{base_domain}-b" |
| 18 | + |
| 19 | + |
| 20 | +@pytest.fixture(scope="module") |
| 21 | +def gateway_b(request, cluster, blame, wildcard_domain2, module_label): # pylint: disable=unused-argument |
| 22 | + """Create and configure Gateway B""" |
| 23 | + gateway_name = blame("gw-b") |
| 24 | + gw = KuadrantGateway.create_instance(cluster, gateway_name, {"app": module_label}) |
| 25 | + gw.add_listener(TLSGatewayListener(hostname=wildcard_domain2, gateway_name=gateway_name)) |
| 26 | + request.addfinalizer(gw.delete) |
| 27 | + gw.commit() |
| 28 | + gw.wait_for_ready() |
| 29 | + return gw |
| 30 | + |
| 31 | + |
| 32 | +@pytest.fixture(scope="module") |
| 33 | +def route_b(request, kuadrant, wildcard_domain2, gateway_b, blame, backend, module_label) -> GatewayRoute: |
| 34 | + """Create and configure Route B""" |
| 35 | + if kuadrant: |
| 36 | + route = HTTPRoute.create_instance(gateway_b.cluster, blame("route-b"), gateway_b, {"app": module_label}) |
| 37 | + else: |
| 38 | + route = EnvoyVirtualRoute.create_instance(gateway_b.cluster, blame("route-b"), gateway_b) |
| 39 | + route.add_hostname(wildcard_domain2) |
| 40 | + route.add_backend(backend) |
| 41 | + request.addfinalizer(route.delete) |
| 42 | + route.commit() |
| 43 | + return route |
| 44 | + |
| 45 | + |
| 46 | +@pytest.fixture(scope="module") |
| 47 | +def rate_limit_policy(request, cluster, blame, module_label, gateway): |
| 48 | + """RateLimitPolicy for testing""" |
| 49 | + policy = RateLimitPolicy.create_instance(cluster, blame("limit"), gateway, labels={"testRun": module_label}) |
| 50 | + policy.add_limit("basic", [Limit(5, "10s")]) |
| 51 | + request.addfinalizer(policy.delete) |
| 52 | + policy.commit() |
| 53 | + return policy |
| 54 | + |
| 55 | + |
| 56 | +def test_update_ratelimit_policy_target_ref( |
| 57 | + gateway, gateway_b, rate_limit_policy, client, auth, route_b |
| 58 | +): # pylint: disable=unused-argument |
| 59 | + """Test updating the targetRef of a RateLimitPolicy from Gateway A to Gateway B""" |
| 60 | + initial_target_ref = rate_limit_policy.model["spec"]["targetRef"]["name"] |
| 61 | + assert ( |
| 62 | + initial_target_ref == gateway.model.metadata.name |
| 63 | + ), f"Initial targetRef mismatch: expected {gateway.model.metadata.name}, got {initial_target_ref}" |
| 64 | + |
| 65 | + response = client.get("/get", auth=auth) |
| 66 | + assert response.status_code == 200 |
| 67 | + |
| 68 | + rate_limit_policy.wait_for_ready() |
| 69 | + rate_limit_policy.refresh() |
| 70 | + |
| 71 | + rate_limit_policy.model["spec"]["targetRef"]["name"] = gateway_b.model.metadata.name |
| 72 | + res = rate_limit_policy.apply() |
| 73 | + assert res.status() == 0, res.err() |
| 74 | + |
| 75 | + rate_limit_policy.refresh() |
| 76 | + updated_target_ref = rate_limit_policy.model["spec"]["targetRef"]["name"] |
| 77 | + assert ( |
| 78 | + updated_target_ref == gateway_b.model.metadata.name |
| 79 | + ), f"Updated targetRef mismatch: expected {gateway_b.model.metadata.name}, got {updated_target_ref}" |
| 80 | + |
| 81 | + response = client.get("/get", auth=auth) |
| 82 | + assert response.status_code == 200 |
| 83 | + |
| 84 | + |
| 85 | +def test_update_auth_policy_target_ref( |
| 86 | + gateway, gateway_b, authorization, client, auth, route_b |
| 87 | +): # pylint: disable=unused-argument |
| 88 | + """Test updating the targetRef of an AuthPolicy from Gateway A to Gateway B""" |
| 89 | + # Update targetRef of the AuthPolicy to point to gateway A |
| 90 | + authorization.model["spec"]["targetRef"] = gateway.reference |
| 91 | + authorization.apply() |
| 92 | + authorization.wait_for_ready() |
| 93 | + authorization.refresh() |
| 94 | + |
| 95 | + initial_target_ref = authorization.model["spec"]["targetRef"]["name"] |
| 96 | + assert ( |
| 97 | + initial_target_ref == gateway.model.metadata.name |
| 98 | + ), f"Initial targetRef mismatch: expected {gateway.model.metadata.name}, got {initial_target_ref}" |
| 99 | + |
| 100 | + response = client.get("/get", auth=auth) |
| 101 | + assert response.status_code == 200 |
| 102 | + |
| 103 | + authorization.wait_for_ready() |
| 104 | + authorization.refresh() |
| 105 | + |
| 106 | + authorization.model["spec"]["targetRef"] = gateway_b.reference |
| 107 | + res = authorization.apply() |
| 108 | + assert res.status() == 0, res.err() |
| 109 | + |
| 110 | + authorization.refresh() |
| 111 | + updated_target_ref = authorization.model["spec"]["targetRef"]["name"] |
| 112 | + assert ( |
| 113 | + updated_target_ref == gateway_b.model.metadata.name |
| 114 | + ), f"Updated targetRef mismatch: expected {gateway_b.model.metadata.name}, got {updated_target_ref}" |
| 115 | + |
| 116 | + response = client.get("/get", auth=auth) |
| 117 | + assert response.status_code == 200 |
0 commit comments