diff --git a/testsuite/kuadrant/__init__.py b/testsuite/kuadrant/__init__.py index d2c482f5..9e6687a4 100644 --- a/testsuite/kuadrant/__init__.py +++ b/testsuite/kuadrant/__init__.py @@ -4,6 +4,7 @@ from openshift_client import selector +from testsuite.kuadrant.authorino import Authorino from testsuite.kubernetes import CustomResource from testsuite.kubernetes.deployment import Deployment from testsuite.utils import asdict @@ -43,14 +44,37 @@ def __getattr__(self, item): raise AttributeError(f"'{self.__class__.__name__}' object has no attribute '{item}'") from exc +class AuthorinoSection(KuadrantSection, Authorino): + """Authorino `spec.authorino` from KuadrantCR object""" + + def wait_for_ready(self): + return super(KuadrantSection, self).wait_for_ready() + + @property + def authorization_url(self): + """Return service endpoint for authorization""" + return f"{self.spec_name}-authorino-authorization.{self.namespace()}.svc.cluster.local" + + @property + def oidc_url(self): + """Return authorino oidc endpoint""" + return f"{self.spec_name}-authorino-oidc.{self.namespace()}.svc.cluster.local" + + @property + def metrics_service(self): + """Returns Authorino metrics service APIObject""" + with self.context: + return selector(f"service/{self.spec_name}-controller-metrics").object() + + class KuadrantCR(CustomResource): """Represents Kuadrant CR objects""" @property - def authorino(self) -> KuadrantSection: + def authorino(self) -> AuthorinoSection: """Returns spec.authorino from Kuadrant object""" self.model.spec.setdefault("authorino", {}) - return KuadrantSection(self, "authorino") + return AuthorinoSection(self, "authorino") @property def limitador(self) -> KuadrantSection: diff --git a/testsuite/kuadrant/authorino.py b/testsuite/kuadrant/authorino.py index f3c14af9..fadea296 100644 --- a/testsuite/kuadrant/authorino.py +++ b/testsuite/kuadrant/authorino.py @@ -6,7 +6,6 @@ from openshift_client import selector -from testsuite.lifecycle import LifecycleObject from testsuite.kubernetes import CustomResource from testsuite.kubernetes.client import KubernetesClient from testsuite.kubernetes.deployment import Deployment @@ -22,7 +21,7 @@ class TracingOptions: insecure: Optional[bool] = None -class Authorino(LifecycleObject): +class Authorino: """Authorino interface""" @abc.abstractmethod @@ -133,9 +132,3 @@ def authorization_url(self): @property def oidc_url(self): return self._oidc_url - - def commit(self): - return - - def delete(self): - return diff --git a/testsuite/tests/singlecluster/authorino/conftest.py b/testsuite/tests/singlecluster/authorino/conftest.py index 8152da97..0d56ca69 100644 --- a/testsuite/tests/singlecluster/authorino/conftest.py +++ b/testsuite/tests/singlecluster/authorino/conftest.py @@ -3,15 +3,18 @@ import pytest from testsuite.httpx.auth import HttpxOidcClientAuth -from testsuite.kubernetes.client import KubernetesClient -from testsuite.kubernetes.api_key import APIKey +from testsuite.kuadrant.authorino import AuthorinoCR, PreexistingAuthorino from testsuite.kuadrant.policy.authorization.auth_config import AuthConfig -from testsuite.kuadrant.authorino import AuthorinoCR, Authorino, PreexistingAuthorino +from testsuite.kubernetes.api_key import APIKey +from testsuite.kubernetes.client import KubernetesClient @pytest.fixture(scope="session") -def authorino(cluster, blame, request, testconfig, label) -> Authorino: +def authorino(kuadrant, cluster, blame, request, testconfig, label): """Authorino instance""" + if kuadrant: + return kuadrant.authorino + authorino_config = testconfig["service_protection"]["authorino"] if not authorino_config["deploy"]: return PreexistingAuthorino( diff --git a/testsuite/tests/singlecluster/authorino/metrics/conftest.py b/testsuite/tests/singlecluster/authorino/metrics/conftest.py index 560d5de3..ed68a1c3 100644 --- a/testsuite/tests/singlecluster/authorino/metrics/conftest.py +++ b/testsuite/tests/singlecluster/authorino/metrics/conftest.py @@ -1,11 +1,9 @@ """Conftest for the Authorino metrics tests""" -import yaml - import pytest +import yaml from openshift_client import selector -from testsuite.gateway.envoy import Envoy from testsuite.httpx import KuadrantClient from testsuite.kubernetes.config_map import ConfigMap from testsuite.kubernetes.service_monitor import ServiceMonitor, MetricsEndpoint @@ -39,39 +37,21 @@ def prometheus(cluster): yield Prometheus(client) -@pytest.fixture(scope="module") -def gateway(request, authorino, cluster, blame, label, testconfig) -> Envoy: - """Deploys Envoy that wires up the Backend behind the reverse-proxy and Authorino instance""" - gw = Envoy( - cluster, - blame("gw"), - authorino, - testconfig["service_protection"]["envoy"]["image"], - labels={"app": label}, - ) - request.addfinalizer(gw.delete) - gw.commit() - gw.wait_for_ready() - return gw - - -@pytest.fixture(scope="module") -def authorino(authorino, module_label): - """Label Authorino controller-metrics service for the proper discovery""" - authorino.metrics_service.label({"app": module_label}) - return authorino - - -@pytest.fixture(scope="module") -def service_monitor(cluster, prometheus, blame, module_label): # pylint: disable=unused-argument +@pytest.fixture(scope="package") +def service_monitor(cluster, request, blame, authorino): """Create ServiceMonitor object to follow Authorino /metrics and /server-metrics endpoints""" + label = {"app": blame("monitoring")} + authorino.metrics_service.label(label) endpoints = [MetricsEndpoint("/metrics", "http"), MetricsEndpoint("/server-metrics", "http")] - return ServiceMonitor.create_instance(cluster, blame("sm"), endpoints, match_labels={"app": module_label}) + monitor = ServiceMonitor.create_instance( + cluster.change_project(authorino.namespace()), blame("sm"), endpoints, match_labels=label + ) + request.addfinalizer(monitor.delete) + monitor.commit() + return monitor -@pytest.fixture(scope="module", autouse=True) -def commit(commit, prometheus, request, service_monitor): # pylint: disable=unused-argument - """Commit service monitor object""" - request.addfinalizer(service_monitor.delete) - service_monitor.commit() +@pytest.fixture(scope="package", autouse=True) +def wait_for_active_targets(prometheus, service_monitor): + """Waits for all endpoints in Service Monitor to become active targets""" assert prometheus.is_reconciled(service_monitor), "Service Monitor didn't get reconciled in time" diff --git a/testsuite/tests/singlecluster/authorino/metrics/test_deep_metrics.py b/testsuite/tests/singlecluster/authorino/metrics/test_deep_metrics.py index 72bcab49..04128899 100644 --- a/testsuite/tests/singlecluster/authorino/metrics/test_deep_metrics.py +++ b/testsuite/tests/singlecluster/authorino/metrics/test_deep_metrics.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.authorization import Value, JsonResponse -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") @@ -53,10 +53,12 @@ def deep_metrics(authorino, service_monitor, prometheus, client, auth): pytest.param("json", "RESPONSE_JSON", id="response"), ], ) -def test_deep_metrics(metric_name, metric_type, deep_metrics): +def test_deep_metrics(metric_name, metric_type, deep_metrics, authorization): """Test if each set evaluator metric is collected and correctly responds to the request sent""" metrics = deep_metrics.filter( - lambda x: x["metric"]["evaluator_name"] == metric_name and x["metric"]["evaluator_type"] == metric_type + lambda x: x["metric"]["evaluator_name"] == metric_name + and x["metric"]["evaluator_type"] == metric_type + and x["metric"]["authconfig"].endswith(authorization.name()) ) assert len(metrics.metrics) == 1 diff --git a/testsuite/tests/singlecluster/authorino/metrics/test_metrics.py b/testsuite/tests/singlecluster/authorino/metrics/test_metrics.py index fea89391..7e1594de 100644 --- a/testsuite/tests/singlecluster/authorino/metrics/test_metrics.py +++ b/testsuite/tests/singlecluster/authorino/metrics/test_metrics.py @@ -2,7 +2,7 @@ import pytest -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] +pytestmark = [pytest.mark.authorino] METRICS = [ "controller_runtime_reconcile_total",