Add tests for changing targetRef field in policies

Signed-off-by: emmaaroche <[email protected]>

Author: emmaaroche

testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/conftest.py

@@ -4,7 +4,7 @@
 
 import pytest
 
-from testsuite.gateway import GatewayRoute, GatewayListener, Hostname, Exposer
+from testsuite.gateway import GatewayRoute, Hostname, Exposer, GatewayListener
 from testsuite.gateway.gateway_api.gateway import KuadrantGateway
 from testsuite.gateway.gateway_api.hostname import DNSPolicyExposer
 from testsuite.gateway.gateway_api.route import HTTPRoute
@@ -81,6 +81,15 @@ def client2(route2, hostname2):  # pylint: disable=unused-argument
     client.close()
 
 
+@pytest.fixture(scope="module")
+def authorization():
+    """
+    Override the authorization fixture to prevent the creation of an AuthPolicy.
+    This ensures no authentication is enforced during the test
+    """
+    return None
+
+
 @pytest.fixture(scope="module")
 def dns_policy2(blame, gateway2, module_label, dns_provider_secret, request):
     """DNSPolicy fixture for Gateway 2"""

testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_authpolicy_target_ref.py

@@ -4,9 +4,19 @@
 
 import pytest
 
+from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy
+
 pytestmark = [pytest.mark.kuadrant_only, pytest.mark.dnspolicy]
 
 
+@pytest.fixture(scope="module")
+def authorization(oidc_provider, gateway, cluster, blame, module_label, route):  # pylint: disable=unused-argument
+    """Overwrite the authorization fixture and attach it to the gateway"""
+    policy = AuthPolicy.create_instance(cluster, blame("authz"), gateway, labels={"testRun": module_label})
+    policy.identity.add_oidc("default", oidc_provider.well_known["issuer"])
+    return policy
+
+
 def test_update_auth_policy_target_ref(
     gateway2, authorization, client, client2, auth, dns_policy, dns_policy2, change_target_ref
 ):  # pylint: disable=unused-argument

testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_dns_tls_policies_target_ref.py

@@ -0,0 +1,74 @@
+"""
+Test for changing targetRef field in DNSPolicy & TLSPolicy
+"""
+
+import pytest
+
+from testsuite.gateway import TLSGatewayListener
+from testsuite.gateway.gateway_api.gateway import KuadrantGateway
+
+pytestmark = [pytest.mark.kuadrant_only, pytest.mark.dnspolicy, pytest.mark.tlspolicy]
+
+
+@pytest.fixture(scope="module")
+def gateway(request, cluster, blame, wildcard_domain, module_label):
+    """Create Gateway 1 with TLSGatewayListener"""
+    gateway_name = blame("gw")
+    gw = KuadrantGateway.create_instance(
+        cluster,
+        gateway_name,
+        {"app": module_label},
+    )
+    gw.add_listener(TLSGatewayListener(hostname=wildcard_domain, gateway_name=gateway_name))
+    request.addfinalizer(gw.delete)
+    gw.commit()
+    gw.wait_for_ready()
+    return gw
+
+
+@pytest.fixture(scope="module")
+def gateway2(request, cluster, blame, wildcard_domain2, module_label):
+    """Create Gateway 2 with TLSGatewayListener"""
+    gateway_name = blame("gw2")
+    gw = KuadrantGateway.create_instance(
+        cluster,
+        gateway_name,
+        {"app": module_label},
+    )
+    gw.add_listener(TLSGatewayListener(hostname=wildcard_domain2, gateway_name=gateway_name))
+    request.addfinalizer(gw.delete)
+    gw.commit()
+    gw.wait_for_ready()
+    return gw
+
+
+def test_update_policies_target_ref(
+    route2, tls_policy, gateway, gateway2, client, dns_policy, change_target_ref, hostname2
+):  # pylint: disable=unused-argument
+    """Test updating the targetRef of both TLSPolicy and DNSPolicy from Gateway 1 to Gateway 2"""
+    assert gateway.wait_until(lambda obj: obj.is_affected_by(tls_policy))
+    assert gateway.wait_until(lambda obj: obj.is_affected_by(dns_policy))
+    assert gateway2.wait_until(lambda obj: not obj.is_affected_by(tls_policy))
+    assert gateway2.wait_until(lambda obj: not obj.is_affected_by(dns_policy))
+
+    response = client.get("/get")
+    assert not response.has_cert_verify_error()
+    assert not response.has_dns_error()
+    assert response.status_code == 200
+
+    change_target_ref(tls_policy, gateway2)
+    change_target_ref(dns_policy, gateway2)
+
+    assert gateway.wait_until(lambda obj: not obj.is_affected_by(tls_policy))
+    assert gateway.wait_until(lambda obj: not obj.is_affected_by(dns_policy))
+    assert gateway2.wait_until(lambda obj: obj.is_affected_by(tls_policy))
+    assert gateway2.wait_until(lambda obj: obj.is_affected_by(dns_policy))
+
+    client2 = hostname2.client()
+
+    response = client2.get("/get")
+    assert not response.has_cert_verify_error()
+    assert not response.has_dns_error()
+    assert response.status_code == 200
+
+    client2.close()

testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_ratelimitpolicy_target_ref.py

@@ -9,15 +9,6 @@
 pytestmark = [pytest.mark.kuadrant_only, pytest.mark.dnspolicy]
 
 
-@pytest.fixture(scope="module")
-def authorization():
-    """
-    Override the authorization fixture to prevent the creation of an AuthPolicy.
-    This ensures no authentication is enforced during the test
-    """
-    return None
-
-
 @pytest.fixture(scope="module")
 def rate_limit(cluster, blame, module_label, gateway, route):  # pylint: disable=unused-argument
     """RateLimitPolicy for testing"""