From a77a220e6fc2230663f6ed919e7f399d99a0f264 Mon Sep 17 00:00:00 2001 From: Guilherme Cassolato Date: Tue, 3 Oct 2023 11:39:49 +0200 Subject: [PATCH] tests: unit tests for the AuthPolicy type --- api/v1beta2/authpolicy_types.go | 1 + api/v1beta2/authpolicy_types_test.go | 239 +++++++++++++++++++++++++++ 2 files changed, 240 insertions(+) create mode 100644 api/v1beta2/authpolicy_types_test.go diff --git a/api/v1beta2/authpolicy_types.go b/api/v1beta2/authpolicy_types.go index 71f51cf3b..2b76d35f0 100644 --- a/api/v1beta2/authpolicy_types.go +++ b/api/v1beta2/authpolicy_types.go @@ -248,6 +248,7 @@ func (ap *AuthPolicy) GetWrappedNamespace() gatewayapiv1beta1.Namespace { return gatewayapiv1beta1.Namespace(ap.Namespace) } +// GetRulesHostnames returns all hostnames referenced in the route selectors of the policy. func (ap *AuthPolicy) GetRulesHostnames() (ruleHosts []string) { ruleHosts = make([]string, 0) diff --git a/api/v1beta2/authpolicy_types_test.go b/api/v1beta2/authpolicy_types_test.go new file mode 100644 index 000000000..321854382 --- /dev/null +++ b/api/v1beta2/authpolicy_types_test.go @@ -0,0 +1,239 @@ +//go:build unit + +package v1beta2 + +import ( + "reflect" + "testing" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" + gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + gatewayapiv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/kuadrant/kuadrant-operator/pkg/common" +) + +func TestCommonAuthRuleSpecGetRouteSelectors(t *testing.T) { + spec := &CommonAuthRuleSpec{} + if spec.GetRouteSelectors() != nil { + t.Errorf("Expected nil route selectors") + } + routeSelector := testBuildRouteSelector() + spec.RouteSelectors = []RouteSelector{routeSelector} + result := spec.GetRouteSelectors() + if len(result) != 1 { + t.Errorf("Expected 1 route selector, got %d", len(result)) + } + if !reflect.DeepEqual(result[0], routeSelector) { + t.Errorf("Expected route selector %v, got %v", routeSelector, result[0]) + } +} + +func TestAuthPolicySpecGetRouteSelectors(t *testing.T) { + spec := &AuthPolicySpec{} + if spec.GetRouteSelectors() != nil { + t.Errorf("Expected nil route selectors") + } + routeSelector := testBuildRouteSelector() + spec.RouteSelectors = []RouteSelector{routeSelector} + result := spec.GetRouteSelectors() + if len(result) != 1 { + t.Errorf("Expected 1 route selector, got %d", len(result)) + } + if !reflect.DeepEqual(result[0], routeSelector) { + t.Errorf("Expected route selector %v, got %v", routeSelector, result[0]) + } +} + +func TestAuthPolicyTargetKey(t *testing.T) { + policy := &AuthPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-policy", + Namespace: "my-namespace", + }, + Spec: AuthPolicySpec{ + TargetRef: gatewayapiv1alpha2.PolicyTargetReference{ + Group: "gateway.networking.k8s.io", + Kind: "HTTPRoute", + Name: "my-route", + }, + }, + } + // targetRef missing namespace + expected := "my-namespace/my-route" + if result := policy.TargetKey().String(); result != expected { + t.Errorf("Expected target key %s, got %s", expected, result) + } + + // targetRef with namespace + policy.Spec.TargetRef.Namespace = ptr.To(gatewayapiv1beta1.Namespace("route-namespace")) + expected = "route-namespace/my-route" + if result := policy.TargetKey().String(); result != expected { + t.Errorf("Expected target key %s, got %s", expected, result) + } +} + +func TestAuthPolicyListGetItems(t *testing.T) { + list := &AuthPolicyList{} + if len(list.GetItems()) != 0 { + t.Errorf("Expected empty list of items") + } + policy := AuthPolicy{} + list.Items = []AuthPolicy{policy} + result := list.GetItems() + if len(result) != 1 { + t.Errorf("Expected 1 item, got %d", len(result)) + } + _, ok := result[0].(common.KuadrantPolicy) + if !ok { + t.Errorf("Expected item to be a KuadrantPolicy") + } +} + +func TestAuthPolicyGetRulesHostnames(t *testing.T) { + policy := &AuthPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-policy", + Namespace: "my-namespace", + }, + Spec: AuthPolicySpec{ + TargetRef: gatewayapiv1alpha2.PolicyTargetReference{ + Group: "gateway.networking.k8s.io", + Kind: "HTTPRoute", + Name: "my-route", + }, + }, + } + // no route selectors + result := policy.GetRulesHostnames() + if expected := 0; len(result) != expected { + t.Errorf("Expected %d hostnames, got %d", expected, len(result)) + } + policy.Spec.RouteSelectors = []RouteSelector{ + { + Hostnames: []gatewayapiv1beta1.Hostname{"*.kuadrant.io", "toystore.kuadrant.io"}, + }, + } + // 1 top-level route selectors with 2 hostnames + result = policy.GetRulesHostnames() + if expected := 2; len(result) != expected { + t.Errorf("Expected %d hostnames, got %d", expected, len(result)) + } + if expected := "*.kuadrant.io"; result[0] != expected { + t.Errorf("Expected hostname to be %s, got %s", expected, result[0]) + } + if expected := "toystore.kuadrant.io"; result[1] != expected { + t.Errorf("Expected hostname to be %s, got %s", expected, result[1]) + } + // + 1 authentication route selector with 1 hostname + policy.Spec.AuthScheme.Authentication = map[string]AuthenticationSpec{ + "my-authn": { + CommonAuthRuleSpec: CommonAuthRuleSpec{ + RouteSelectors: []RouteSelector{testBuildRouteSelector()}, + }, + }, + } + result = policy.GetRulesHostnames() + if expected := 3; len(result) != expected { + t.Errorf("Expected %d hostnames, got %d", expected, len(result)) + } + if expected := "*.kuadrant.io"; result[0] != expected { + t.Errorf("Expected hostname to be %s, got %s", expected, result[0]) + } + if expected := "toystore.kuadrant.io"; result[1] != expected { + t.Errorf("Expected hostname to be %s, got %s", expected, result[1]) + } + if expected := "toystore.kuadrant.io"; result[2] != expected { + t.Errorf("Expected hostname to be %s, got %s", expected, result[2]) + } + // + 1 metadata route selector with 1 hostname + policy.Spec.AuthScheme.Metadata = map[string]MetadataSpec{ + "my-metadata": { + CommonAuthRuleSpec: CommonAuthRuleSpec{ + RouteSelectors: []RouteSelector{testBuildRouteSelector()}, + }, + }, + } + result = policy.GetRulesHostnames() + if expected := 4; len(result) != expected { + t.Errorf("Expected %d hostnames, got %d", expected, len(result)) + } + if expected := "toystore.kuadrant.io"; result[3] != expected { + t.Errorf("Expected hostname to be %s, got %s", expected, result[3]) + } + // + 2 authorization route selector with 1 hostname each + policy.Spec.AuthScheme.Authorization = map[string]AuthorizationSpec{ + "my-authz": { + CommonAuthRuleSpec: CommonAuthRuleSpec{ + RouteSelectors: []RouteSelector{testBuildRouteSelector(), testBuildRouteSelector()}, + }, + }, + } + result = policy.GetRulesHostnames() + if expected := 6; len(result) != expected { + t.Errorf("Expected %d hostnames, got %d", expected, len(result)) + } + if expected := "toystore.kuadrant.io"; result[4] != expected { + t.Errorf("Expected hostname to be %s, got %s", expected, result[4]) + } + if expected := "toystore.kuadrant.io"; result[5] != expected { + t.Errorf("Expected hostname to be %s, got %s", expected, result[5]) + } + // + 1 response route selector with 2 hostnames + policy.Spec.AuthScheme.Response = &ResponseSpec{ + Success: WrappedSuccessResponseSpec{ + Headers: map[string]HeaderSuccessResponseSpec{ + "my-response": { + SuccessResponseSpec: SuccessResponseSpec{ + CommonAuthRuleSpec: CommonAuthRuleSpec{ + RouteSelectors: []RouteSelector{ + { + Hostnames: []gatewayapiv1beta1.Hostname{"*.kuadrant.io", "toystore.kuadrant.io"}, + }, + }, + }, + }, + }, + }, + }, + } + result = policy.GetRulesHostnames() + if expected := 8; len(result) != expected { + t.Errorf("Expected %d hostnames, got %d", expected, len(result)) + } + if expected := "*.kuadrant.io"; result[6] != expected { + t.Errorf("Expected hostname to be %s, got %s", expected, result[6]) + } + if expected := "toystore.kuadrant.io"; result[7] != expected { + t.Errorf("Expected hostname to be %s, got %s", expected, result[7]) + } + // + 1 callbacks route selector with 1 hostname + policy.Spec.AuthScheme.Callbacks = map[string]CallbackSpec{ + "my-callback": { + CommonAuthRuleSpec: CommonAuthRuleSpec{ + RouteSelectors: []RouteSelector{testBuildRouteSelector()}, + }, + }, + } + result = policy.GetRulesHostnames() + if expected := 9; len(result) != expected { + t.Errorf("Expected %d hostnames, got %d", expected, len(result)) + } + if expected := "toystore.kuadrant.io"; result[8] != expected { + t.Errorf("Expected hostname to be %s, got %s", expected, result[8]) + } +} + +func testBuildRouteSelector() RouteSelector { + return RouteSelector{ + Hostnames: []gatewayapiv1beta1.Hostname{"toystore.kuadrant.io"}, + Matches: []gatewayapiv1beta1.HTTPRouteMatch{ + { + Path: &gatewayapiv1beta1.HTTPPathMatch{ + Value: ptr.To("/toy"), + }, + }, + }, + } +}