From 7fbd5ff13112a2ad674838cf262ce905b1354c1c Mon Sep 17 00:00:00 2001
From: jsmolar <jsmolar@redhat.com>
Date: Tue, 20 Jun 2023 14:36:03 +0200
Subject: [PATCH] Added test for rate limit with autz

---
 .../tests/kuadrant/test_rate_limit_authz.py   | 53 +++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 testsuite/tests/kuadrant/test_rate_limit_authz.py

diff --git a/testsuite/tests/kuadrant/test_rate_limit_authz.py b/testsuite/tests/kuadrant/test_rate_limit_authz.py
new file mode 100644
index 00000000..834bc75b
--- /dev/null
+++ b/testsuite/tests/kuadrant/test_rate_limit_authz.py
@@ -0,0 +1,53 @@
+"""
+Tests for authenticated rate limiting
+http://kuadrant.io/docs/kuadrant-operator/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.html
+"""
+
+import pytest
+
+from testsuite.httpx.auth import HttpxOidcClientAuth
+from testsuite.utils import fire_requests
+
+
+@pytest.fixture(scope="module")
+def rate_limit(rate_limit):
+    """Add limit to the policy"""
+    rate_limit.add_limit(5, 60, variable="userID")
+    return rate_limit
+
+
+@pytest.fixture(scope="module")
+def authorization(authorization):
+    """Adds JSON injection, that wraps the response as Envoy Dynamic Metadata for rate limit"""
+    authorization.responses.add(
+        {
+            "name": "auth-json",
+            "json": {
+                "properties": [{"name": "userID", "valueFrom": {"authJSON": "auth.identity.sub"}}],
+            },
+            "wrapper": "envoyDynamicMetadata",
+            "wrapperKey": "ext_auth_data",
+        },
+    )
+    return authorization
+
+
+@pytest.fixture(scope="module")
+def auth(oidc_provider):
+    """Returns RHSSO authentication object for HTTPX"""
+    return HttpxOidcClientAuth(oidc_provider.get_token, "authorization")
+
+
+@pytest.fixture(scope="module")
+def auth2(rhsso):
+    """Creates new RHSSO user and returns its authentication object for HTTPX"""
+    user = rhsso.realm.create_user("user2", "password", email="test@test.com")
+    return HttpxOidcClientAuth.from_user(rhsso.get_token, user=user)
+
+
+def test_multiple_iterations(client, auth, auth2):
+    """Tests that simple limit is applied successfully and works for multiple iterations"""
+    assert client.get("/get", auth=auth).status_code == 200
+    assert client.get("/get", auth=auth).status_code == 200
+    assert client.get("/get", auth=auth).status_code == 429
+    assert client.get("/get", auth=auth2).status_code == 200