From 30be273b59ce663093a63cf4bffc3804f4a03c79 Mon Sep 17 00:00:00 2001 From: Alex Zgabur Date: Mon, 23 Oct 2023 19:15:40 +0200 Subject: [PATCH] AuthPolicy upgrade to v2 tests --- .../identity/api_key/test_auth_credentials.py | 2 +- .../test_extended_properties.py | 17 +++++++------- .../extended_properties/test_overwriting.py | 23 +++++++++++-------- .../test_token_normalization.py | 8 ++++--- .../priority/test_sequence_api_key.py | 4 ++-- .../{test_wrapper_key.py => test_headers.py} | 4 ++-- .../tests/kuadrant/authorino/test_redirect.py | 8 ++++++- 7 files changed, 39 insertions(+), 27 deletions(-) rename testsuite/tests/kuadrant/authorino/response/{test_wrapper_key.py => test_headers.py} (85%) diff --git a/testsuite/tests/kuadrant/authorino/identity/api_key/test_auth_credentials.py b/testsuite/tests/kuadrant/authorino/identity/api_key/test_auth_credentials.py index 258b73ab..f0a42151 100644 --- a/testsuite/tests/kuadrant/authorino/identity/api_key/test_auth_credentials.py +++ b/testsuite/tests/kuadrant/authorino/identity/api_key/test_auth_credentials.py @@ -4,7 +4,7 @@ from testsuite.objects import Credentials -@pytest.fixture(scope="module", params=["authorization_header", "custom_header", "query", "cookie"]) +@pytest.fixture(scope="module", params=["authorizationHeader", "customHeader", "queryString", "cookie"]) def credentials(request): """Location where are auth credentials passed""" return Credentials(request.param, "APIKEY") diff --git a/testsuite/tests/kuadrant/authorino/identity/extended_properties/test_extended_properties.py b/testsuite/tests/kuadrant/authorino/identity/extended_properties/test_extended_properties.py index 49f3c9f2..c0840134 100644 --- a/testsuite/tests/kuadrant/authorino/identity/extended_properties/test_extended_properties.py +++ b/testsuite/tests/kuadrant/authorino/identity/extended_properties/test_extended_properties.py @@ -1,7 +1,7 @@ """Basic tests for extended properties""" import pytest -from testsuite.objects import Value, ValueFrom, ExtendedProperty +from testsuite.objects import Value, ValueFrom, Property from testsuite.utils import extract_response @@ -16,13 +16,14 @@ def authorization(authorization, rhsso): authorization.identity.add_oidc( "rhsso", rhsso.well_known["issuer"], - extended_properties=[ - ExtendedProperty("property_static", Value("static")), - # ValueFrom points to the request uri - ExtendedProperty("property_dynamic", ValueFrom("context.request.http.path")), - ExtendedProperty("property_chain_static", ValueFrom("auth.identity.property_static")), - ExtendedProperty("property_chain_dynamic", ValueFrom("auth.identity.property_dynamic")), - ExtendedProperty("property_chain_self", ValueFrom("auth.identity.property_chain_self"), overwrite=True), + defaults_properties=[ + Property("property_static", Value("static")), + Property("property_dynamic", ValueFrom("context.request.http.path")), + Property("property_chain_static", ValueFrom("auth.identity.property_static")), + Property("property_chain_dynamic", ValueFrom("auth.identity.property_dynamic")), + ], + overrides_properties=[ + Property("property_chain_self", ValueFrom("auth.identity.property_chain_self")), ], ) authorization.responses.add_simple("auth.identity") diff --git a/testsuite/tests/kuadrant/authorino/identity/extended_properties/test_overwriting.py b/testsuite/tests/kuadrant/authorino/identity/extended_properties/test_overwriting.py index e0036ea2..ff029d19 100644 --- a/testsuite/tests/kuadrant/authorino/identity/extended_properties/test_overwriting.py +++ b/testsuite/tests/kuadrant/authorino/identity/extended_properties/test_overwriting.py @@ -1,24 +1,26 @@ """https://github.com/Kuadrant/authorino/pull/399""" import pytest -from testsuite.objects import ExtendedProperty, Value +from testsuite.objects import Value, Property from testsuite.utils import extract_response @pytest.fixture(scope="module") def authorization(authorization): """ - Add plain authentication with three extended properties: - explicit False, explicit True and missing which should be default False. + Add plain authentication with defaults and overrides properties. Add simple response to expose `auth.identity` part of AuthJson """ authorization.identity.add_plain( "plain", "context.request.http.headers.x-user|@fromstr", - extended_properties=[ - ExtendedProperty("name", Value("bar"), overwrite=False), - ExtendedProperty("age", Value(35), overwrite=True), - ExtendedProperty("group", Value("admin")), + defaults_properties=[ + Property("name", Value("bar")), + Property("group", Value("admin")), + ], + overrides_properties=[ + Property("age", Value(35)), + Property("expire", Value("1-12-1999")), ], ) authorization.responses.add_simple("auth.identity") @@ -28,9 +30,10 @@ def authorization(authorization): def test_overwrite(client): """ - Test the ExtendedProperty overwrite functionality overwriting the value in headers when True. + Test overriding and defaults capability. Defaults must not override the value in header but Overrides must do so. """ - response = client.get("/get", headers={"x-user": '{"name":"foo","age":30,"group":"guest"}'}) + response = client.get("/get", headers={"x-user": '{"name":"foo","age":30}'}) assert extract_response(response)["name"] % "MISSING" == "foo" assert extract_response(response)["age"] % "MISSING" == 35 - assert extract_response(response)["group"] % "MISSING" == "guest" + assert extract_response(response)["group"] % "MISSING" == "admin" + assert extract_response(response)["expire"] % "MISSING" == "1-12-1999" diff --git a/testsuite/tests/kuadrant/authorino/identity/extended_properties/test_token_normalization.py b/testsuite/tests/kuadrant/authorino/identity/extended_properties/test_token_normalization.py index 18bfc833..be2fd281 100644 --- a/testsuite/tests/kuadrant/authorino/identity/extended_properties/test_token_normalization.py +++ b/testsuite/tests/kuadrant/authorino/identity/extended_properties/test_token_normalization.py @@ -1,6 +1,6 @@ """https://github.com/Kuadrant/authorino/blob/main/docs/user-guides/token-normalization.md""" import pytest -from testsuite.objects import Value, ValueFrom, ExtendedProperty, Rule +from testsuite.objects import Value, ValueFrom, Property, Rule from testsuite.httpx.auth import HeaderApiKeyAuth, HttpxOidcClientAuth @@ -37,10 +37,12 @@ def authorization(authorization, rhsso, api_key): authorization.identity.add_oidc( "rhsso", rhsso.well_known["issuer"], - extended_properties=[ExtendedProperty("roles", ValueFrom("auth.identity.realm_access.roles"))], + overrides_properties=[Property("roles", ValueFrom("auth.identity.realm_access.roles"))], ) authorization.identity.add_api_key( - "api_key", selector=api_key.selector, extended_properties=[ExtendedProperty("roles", Value(["admin"]))] + "api_key", + selector=api_key.selector, + defaults_properties=[Property("roles", Value(["admin"]))], ) rule = Rule(selector="auth.identity.roles", operator="incl", value="admin") diff --git a/testsuite/tests/kuadrant/authorino/priority/test_sequence_api_key.py b/testsuite/tests/kuadrant/authorino/priority/test_sequence_api_key.py index bc7c450a..cae9e5d3 100644 --- a/testsuite/tests/kuadrant/authorino/priority/test_sequence_api_key.py +++ b/testsuite/tests/kuadrant/authorino/priority/test_sequence_api_key.py @@ -35,11 +35,11 @@ def authorization(authorization, first_api_key, second_api_key): authorization.identity.add_api_key( "priority-zero", selector=first_api_key.selector, - credentials=Credentials("authorization_header", "APIKEY"), + credentials=Credentials("authorizationHeader", "APIKEY"), priority=0, ) authorization.identity.add_api_key( - "priority-one", selector=second_api_key.selector, credentials=Credentials("query", "APIKEY"), priority=1 + "priority-one", selector=second_api_key.selector, credentials=Credentials("queryString", "APIKEY"), priority=1 ) return authorization diff --git a/testsuite/tests/kuadrant/authorino/response/test_wrapper_key.py b/testsuite/tests/kuadrant/authorino/response/test_headers.py similarity index 85% rename from testsuite/tests/kuadrant/authorino/response/test_wrapper_key.py rename to testsuite/tests/kuadrant/authorino/response/test_headers.py index d6909e3e..8ec7dee0 100644 --- a/testsuite/tests/kuadrant/authorino/response/test_wrapper_key.py +++ b/testsuite/tests/kuadrant/authorino/response/test_headers.py @@ -16,11 +16,11 @@ def header_name(request): def authorization(authorization, header_name): """Add response to Authorization""" authorization.responses.clear_all() # delete previous responses due to the parametrization - authorization.responses.add_json("header", [Property("anything", Value("one"))], wrapper_key=header_name) + authorization.responses.add_json(header_name, [Property("anything", Value("one"))]) return authorization -def test_wrapper_key_with(auth, client, header_name): +def test_headers(auth, client, header_name): """Tests that value in correct Header""" response = client.get("/get", auth=auth) assert response.status_code == 200 diff --git a/testsuite/tests/kuadrant/authorino/test_redirect.py b/testsuite/tests/kuadrant/authorino/test_redirect.py index 56539c82..8197fd7b 100644 --- a/testsuite/tests/kuadrant/authorino/test_redirect.py +++ b/testsuite/tests/kuadrant/authorino/test_redirect.py @@ -3,6 +3,8 @@ """ import pytest +from testsuite.objects import Property, ValueFrom + STATUS_CODE = 302 REDIRECT_URL = "http://anything.inavlid?redirect_to=" @@ -10,7 +12,11 @@ @pytest.fixture(scope="module") def authorization(authorization): """In case of Authorino, AuthConfig used for authorization""" - authorization.set_deny_with(STATUS_CODE, REDIRECT_URL + "{context.request.http.path}") + authorization.responses.set_deny_with( + "unauthenticated", + code=STATUS_CODE, + headers=[Property("Location", ValueFrom(REDIRECT_URL + "{context.request.http.path}"))], + ) return authorization