diff --git a/testsuite/objects/__init__.py b/testsuite/objects/__init__.py index cc916054..d147edad 100644 --- a/testsuite/objects/__init__.py +++ b/testsuite/objects/__init__.py @@ -2,11 +2,8 @@ import abc from dataclasses import dataclass, is_dataclass, fields from copy import deepcopy -from functools import cached_property from typing import Literal, Union -from testsuite.objects.sections import Metadata, Identities, Authorizations, Responses - JSONValues = Union[None, str, int, bool, list["JSONValues"], dict[str, "JSONValues"]] @@ -147,50 +144,6 @@ def oidc_url(self): """Authorino oidc url""" -class Authorization(LifecycleObject): - """Object containing Authorization rules and configuration for either Authorino or Kuadrant""" - - @cached_property - @abc.abstractmethod - def authorization(self) -> Authorizations: - """Gives access to authorization settings""" - - @cached_property - @abc.abstractmethod - def identity(self) -> Identities: - """Gives access to identity settings""" - - @cached_property - @abc.abstractmethod - def metadata(self) -> Metadata: - """Gives access to metadata settings""" - - @cached_property - @abc.abstractmethod - def responses(self) -> Responses: - """Gives access to response settings""" - - @abc.abstractmethod - def add_host(self, hostname): - """Adds host""" - - @abc.abstractmethod - def remove_host(self, hostname): - """Remove host""" - - @abc.abstractmethod - def remove_all_hosts(self): - """Remove all hosts""" - - @abc.abstractmethod - def set_deny_with(self, code, value): - """Set denyWith""" - - @abc.abstractmethod - def add_rule(self, when: list[Rule]): - """Add rule for the skip of entire AuthConfig""" - - class PreexistingAuthorino(Authorino): """Authorino which is already deployed prior to the testrun""" diff --git a/testsuite/objects/sections.py b/testsuite/objects/sections.py deleted file mode 100644 index 21af511b..00000000 --- a/testsuite/objects/sections.py +++ /dev/null @@ -1,91 +0,0 @@ -"""Contains implementation for all AuthConfig sections""" -import abc - -from typing import TYPE_CHECKING - -if TYPE_CHECKING: - from testsuite.objects import Rule, ABCValue - - -class Authorizations(abc.ABC): - """Authorization configuration""" - - @abc.abstractmethod - def opa_policy(self, name, rego_policy, **common_features): - """Adds OPA inline Rego policy""" - - @abc.abstractmethod - def external_opa_policy(self, name, endpoint, ttl, **common_features): - """Adds OPA policy from external registry""" - - @abc.abstractmethod - def role_rule(self, name: str, role: str, path: str, **common_features): - """Adds a rule, which allows access to 'path' only to users with 'role'""" - - @abc.abstractmethod - def auth_rule(self, name: str, rule: "Rule", **common_features): - """Adds JSON pattern-matching authorization rule (authorization.json)""" - - @abc.abstractmethod - def kubernetes(self, name: str, user: "ABCValue", kube_attrs: dict, **common_features): - """Adds kubernetes authorization rule.""" - - -class Identities(abc.ABC): - """Identities configuration""" - - @abc.abstractmethod - def oidc(self, name, endpoint, credentials, selector, **common_features): - """Adds OIDC identity provider""" - - @abc.abstractmethod - def kubernetes(self, name: str, *audiences, **common_features): - """Adds Kubernetes identity""" - - @abc.abstractmethod - def api_key(self, name, all_namespaces, match_label, match_expression, credentials, selector, **common_features): - """Adds API Key identity""" - - @abc.abstractmethod - def mtls(self, name: str, selector_key: str, selector_value: str, **common_features): - """Adds mTLS identity""" - - @abc.abstractmethod - def anonymous(self, name, **common_features): - """Adds anonymous identity""" - - @abc.abstractmethod - def plain(self, name, auth_json, **common_features): - """Adds plain identity""" - - @abc.abstractmethod - def remove_all(self): - """Removes all identities from AuthConfig""" - - -class Metadata(abc.ABC): - """Metadata configuration""" - - @abc.abstractmethod - def http_metadata(self, name, endpoint, method, **common_features): - """Set metadata http external auth feature""" - - @abc.abstractmethod - def user_info_metadata(self, name, identity_source, **common_features): - """Set metadata OIDC user info""" - - @abc.abstractmethod - def uma_metadata(self, name, endpoint, credentials, **common_features): - """Set metadata User-Managed Access (UMA) resource registry""" - - -class Responses(abc.ABC): - """Responses configuration""" - - @abc.abstractmethod - def add(self, response, **common_features): - """Add response to AuthConfig""" - - @abc.abstractmethod - def add_simple(self, auth_json, name="auth-json", key="data", **common_features): - """Add simple response to AuthConfig""" diff --git a/testsuite/openshift/objects/auth_config/__init__.py b/testsuite/openshift/objects/auth_config/__init__.py index 6608dc21..2c1bf8c3 100644 --- a/testsuite/openshift/objects/auth_config/__init__.py +++ b/testsuite/openshift/objects/auth_config/__init__.py @@ -2,14 +2,14 @@ from functools import cached_property from typing import Dict, List -from testsuite.objects import Authorization, Responses, Metadata, Identities, Authorizations, Rule +from testsuite.objects import Rule from testsuite.openshift.client import OpenShiftClient from testsuite.openshift.objects import OpenShiftObject, modify -from .sections import AuthorizationsSection, IdentitySection, MetadataSection, ResponsesSection +from .sections import Identities, Metadata, Responses, Authorizations from ..route import Route -class AuthConfig(OpenShiftObject, Authorization): +class AuthConfig(OpenShiftObject): """Represents AuthConfig CR from Authorino""" @property @@ -20,22 +20,22 @@ def auth_section(self): @cached_property def authorization(self) -> Authorizations: """Gives access to authorization settings""" - return AuthorizationsSection(self, "authorization") + return Authorizations(self, "authorization") @cached_property def identity(self) -> Identities: """Gives access to identity settings""" - return IdentitySection(self, "identity") + return Identities(self, "identity") @cached_property def metadata(self) -> Metadata: """Gives access to metadata settings""" - return MetadataSection(self, "metadata") + return Metadata(self, "metadata") @cached_property def responses(self) -> Responses: """Gives access to response settings""" - return ResponsesSection(self, "response") + return Responses(self, "response") @classmethod def create_instance( diff --git a/testsuite/openshift/objects/auth_config/sections.py b/testsuite/openshift/objects/auth_config/sections.py index 22e6d4b0..0e0217a0 100644 --- a/testsuite/openshift/objects/auth_config/sections.py +++ b/testsuite/openshift/objects/auth_config/sections.py @@ -3,11 +3,7 @@ from testsuite.objects import ( asdict, - Identities, - Metadata, - Responses, MatchExpression, - Authorizations, Rule, Cache, ABCValue, @@ -60,7 +56,7 @@ def add_item( self.section.append(item) -class IdentitySection(Section, Identities): +class Identities(Section): """Section which contains identity configuration""" @modify @@ -147,7 +143,7 @@ def remove_all(self): self.section.clear() -class MetadataSection(Section, Metadata): +class Metadata(Section): """Section which contains metadata configuration""" @modify @@ -176,11 +172,18 @@ def uma_metadata(self, name, endpoint, credentials, **common_features): self.add_item(name, {"uma": {"endpoint": endpoint, "credentialsRef": {"name": credentials}}}, **common_features) -class ResponsesSection(Section, Responses): +class Responses(Section): """Section which contains response configuration""" def add_simple(self, auth_json, name="simple", key="data", **common_features): - self.add({"name": name, "json": {"properties": [{"name": key, "valueFrom": {"authJSON": auth_json}}]}}) + """Adds simple response to AuthConfig""" + self.add( + { + "name": name, + "json": {"properties": [{"name": key, "valueFrom": {"authJSON": auth_json}}]}, + **common_features, + } + ) @modify def add(self, response, **common_features): @@ -188,7 +191,7 @@ def add(self, response, **common_features): self.add_item(response.pop("name"), response, **common_features) -class AuthorizationsSection(Section, Authorizations): +class Authorizations(Section): """Section which contains authorization configuration""" @modify diff --git a/testsuite/tests/kuadrant/authorino/conftest.py b/testsuite/tests/kuadrant/authorino/conftest.py index a26adb24..4843480d 100644 --- a/testsuite/tests/kuadrant/authorino/conftest.py +++ b/testsuite/tests/kuadrant/authorino/conftest.py @@ -3,7 +3,7 @@ from weakget import weakget from testsuite.httpx.auth import HttpxOidcClientAuth -from testsuite.objects import Authorino, Authorization, PreexistingAuthorino +from testsuite.objects import Authorino, PreexistingAuthorino from testsuite.openshift.client import OpenShiftClient from testsuite.openshift.objects.api_key import APIKey from testsuite.openshift.objects.auth_config import AuthConfig @@ -48,7 +48,7 @@ def authorino(authorino, openshift, blame, request, testconfig, module_label, au @pytest.fixture(scope="module") def authorization( authorization, oidc_provider, authorino, envoy, authorization_name, openshift, module_label -) -> Authorization: +) -> AuthConfig: """In case of Authorino, AuthConfig used for authorization""" if authorization is None: authorization = AuthConfig.create_instance( diff --git a/testsuite/tests/kuadrant/authorino/operator/http/conftest.py b/testsuite/tests/kuadrant/authorino/operator/http/conftest.py index 045f53c7..f0987d60 100644 --- a/testsuite/tests/kuadrant/authorino/operator/http/conftest.py +++ b/testsuite/tests/kuadrant/authorino/operator/http/conftest.py @@ -1,13 +1,13 @@ """Conftest for all tests requiring custom deployment of Authorino""" import pytest -from testsuite.objects import Authorization from testsuite.httpx import HttpxBackoffClient +from testsuite.openshift.objects.auth_config import AuthConfig # pylint: disable=unused-argument @pytest.fixture(scope="module") -def authorization(authorization, wildcard_domain, openshift, module_label) -> Authorization: +def authorization(authorization, wildcard_domain, openshift, module_label) -> AuthConfig: """In case of Authorino, AuthConfig used for authorization""" authorization.remove_all_hosts() authorization.add_host(wildcard_domain) diff --git a/testsuite/tests/kuadrant/authorino/operator/tls/test_webhook.py b/testsuite/tests/kuadrant/authorino/operator/tls/test_webhook.py index fd217fee..f6250477 100644 --- a/testsuite/tests/kuadrant/authorino/operator/tls/test_webhook.py +++ b/testsuite/tests/kuadrant/authorino/operator/tls/test_webhook.py @@ -8,8 +8,9 @@ import openshift as oc from openshift import OpenShiftPythonException -from testsuite.objects import Authorization, Rule, ValueFrom +from testsuite.objects import Rule, ValueFrom from testsuite.certificates import CertInfo +from testsuite.openshift.objects.auth_config import AuthConfig from testsuite.utils import cert_builder from testsuite.openshift.objects.ingress import Ingress @@ -65,7 +66,7 @@ def authorino_parameters(authorino_parameters, specific_authorino_name): # pylint: disable=unused-argument @pytest.fixture(scope="module") -def authorization(authorization, openshift, module_label, authorino_domain) -> Authorization: +def authorization(authorization, openshift, module_label, authorino_domain) -> AuthConfig: """In case of Authorino, AuthConfig used for authorization""" # Authorino should have specific url so it is accessible by k8s webhook diff --git a/testsuite/tests/kuadrant/authorino/wristband/conftest.py b/testsuite/tests/kuadrant/authorino/wristband/conftest.py index 99699870..72745ec7 100644 --- a/testsuite/tests/kuadrant/authorino/wristband/conftest.py +++ b/testsuite/tests/kuadrant/authorino/wristband/conftest.py @@ -6,7 +6,6 @@ from testsuite.openshift.objects.auth_config import AuthConfig from testsuite.openshift.envoy import Envoy from testsuite.certificates import CertInfo -from testsuite.objects import Authorization from testsuite.utils import cert_builder @@ -61,7 +60,7 @@ def wristband_endpoint(openshift, authorino, authorization_name): @pytest.fixture(scope="module") -def authorization(authorization, wristband_secret, wristband_endpoint) -> Authorization: +def authorization(authorization, wristband_secret, wristband_endpoint) -> AuthConfig: """Add wristband response with the signing key to the AuthConfig""" authorization.responses.add( {