Merge pull request #50 from JaurbanRH/wildcard

Add tests for wildcard hosts

Author: pehala

testsuite/objects/__init__.py

@@ -60,6 +60,10 @@ def remove_all_hosts(self):
     def add_opa_policy(self, name, rego_policy):
         """Adds OPA inline Rego policy"""
 
+    @abc.abstractmethod
+    def add_response(self, response):
+        """Add response to AuthConfig"""
+
 
 class PreexistingAuthorino(Authorino):
     """Authorino which is already deployed prior to the testrun"""

testsuite/openshift/objects/auth_config.py

@@ -118,3 +118,8 @@ def add_opa_policy(self, name, rego_policy):
                 "inlineRego": rego_policy
             }
         })
+
+    @modify
+    def add_response(self, response):
+        """Add response to AuthConfig"""
+        self.model["spec"]["response"] = [response]

testsuite/tests/kuadrant/authorino/operator/clusterwide/test_wildcard_collision.py

@@ -0,0 +1,48 @@
+"""
+Test for wildcard collisions with clusterwide authorino
+"""
+
+import pytest
+
+from testsuite.openshift.objects.auth_config import AuthConfig
+
+
+# pylint: disable = unused-argument
+@pytest.fixture(scope="module")
+def authorization(authorino, blame, openshift, module_label, envoy, wildcard_domain):
+    """In case of Authorino, AuthConfig used for authorization"""
+    auth = AuthConfig.create_instance(openshift, blame("ac"), wildcard_domain, labels={"testRun": module_label})
+    auth.add_response({"name": "header", "json": {"properties": [{"name": "anything", "value": "one"}]}})
+    return auth
+
+
+# pylint: disable = unused-argument
+@pytest.fixture(scope="module")
+def authorization2(authorino, blame, openshift2, module_label, envoy, wildcard_domain):
+    """In case of Authorino, AuthConfig used for authorization"""
+    auth = AuthConfig.create_instance(openshift2, blame("ac"), wildcard_domain, labels={"testRun": module_label})
+    auth.add_response({"name": "header", "json": {"properties": [{"name": "anything", "value": "two"}]}})
+    return auth
+
+
+@pytest.mark.parametrize(("client_fixture", "auth_fixture", "hosts"), [
+    pytest.param("client", "authorization", "wildcard_domain", id="First namespace"),
+    pytest.param("client2", "authorization2", [], id="Second namespace"),
+])
+def test_wildcard_collision(client_fixture, auth_fixture, hosts, request):
+    """
+    Preparation:
+        - Create AuthConfig with host set to wildcard_domain
+        - Create AuthConfig with host set to wildcard_domain in another project
+    Test:
+        - Send request to authorino
+        - Assert that the correct AuthConfig was used
+    """
+    if hosts:
+        hosts = [request.getfixturevalue(hosts)]
+    client = request.getfixturevalue(client_fixture)
+    response = client.get("/get")
+    assert response.status_code == 200
+    assert response.json()["headers"]["Header"] == '{"anything":"one"}'
+    authorization = request.getfixturevalue(auth_fixture)
+    assert authorization.model.status.summary.hostsReady == hosts

testsuite/tests/kuadrant/authorino/operator/conftest.py

@@ -1,4 +1,6 @@
 """Conftest for all tests requiring custom deployment of Authorino"""
+from urllib.parse import urlparse
+
 import pytest
 from weakget import weakget
 
@@ -37,3 +39,12 @@ def authorino(openshift, blame, request, testconfig, cluster_wide, module_label,
     authorino.commit()
     authorino.wait_for_ready()
     return authorino
+
+
+@pytest.fixture(scope="session")
+def wildcard_domain(openshift):
+    """
+    Wildcard domain of openshift cluster
+    """
+    hostname = urlparse(openshift.api_url).hostname
+    return "*.apps." + hostname.split(".", 1)[1]

testsuite/tests/kuadrant/authorino/operator/test_wildcard.py

@@ -0,0 +1,25 @@
+"""
+Test for wildcard host
+"""
+import pytest
+
+from testsuite.openshift.objects.auth_config import AuthConfig
+
+
+# pylint: disable = unused-argument
+@pytest.fixture(scope="module")
+def authorization(authorino, blame, openshift, module_label):
+    """In case of Authorino, AuthConfig used for authorization"""
+    return AuthConfig.create_instance(openshift, blame("ac"), "*.redhat.com", labels={"testRun": module_label})
+
+
+def test_wildcard(client):
+    """
+    Preparation:
+        - Create AuthConfig with host set to `*.redhat.com`
+    Test:
+        - Send request to authorino
+        - Assert that request was successful
+    """
+    response = client.get("/get")
+    assert response.status_code == 200

testsuite/tests/kuadrant/authorino/operator/tls/conftest.py

@@ -1,5 +1,4 @@
 """Conftest for all TLS-enabled tests"""
-from urllib.parse import urlparse
 
 import pytest
 
@@ -46,16 +45,6 @@ def cfssl(testconfig):
     return client
 
 
-@pytest.fixture(scope="session")
-def wildcard_domain(openshift):
-    """
-    Hostname of the upstream certificate sent to be validated by APIcast
-    May be overwritten to configure different test cases
-    """
-    hostname = urlparse(openshift.api_url).hostname
-    return "*.apps." + hostname.split(".", 1)[1]
-
-
 @pytest.fixture(scope="session")
 def authorino_domain(openshift):
     """