Merge pull request #518 from azgabur/managed_zone_refactor

Refactor due to ManagedZone removal

README.md

@@ -15,7 +15,21 @@ This repository contains end-to-end tests for Kuadrant project. It supports runn
 * Use `test` make target
 
 ### DNSPolicy tests
-* Existing ManagedZone, named `aws-mz` (name defined in `control_plane.managedzone`)
+* Existing DNS provider Secret named `aws-credentials` (name defined in `control_plane.provider_secret`) with annotation containing the base domain. Example AWS provider Secret:
+```yaml
+kind: Secret
+apiVersion: v1
+metadata:
+  name: aws-credentials
+  namespace: kuadrant
+  annotations:
+    base_domain: example.com
+data:
+  AWS_ACCESS_KEY_ID: <key>
+  AWS_REGION: <region>
+  AWS_SECRET_ACCESS_KEY: <key>
+type: kuadrant.io/aws
+```
 
 ### TLSPolicy tests
 * Existing self-signed ClusterIssuer or Issuer, named `selfsigned-issuer` (name defined in `control_plane.issuer.name`)

config/settings.local.yaml.tpl

@@ -45,7 +45,7 @@
 #  default_exposer: "kubernetes"                   # Force Exposer typem options: 'openshift', 'kind', 'kubernetes'
 #  control_plane:
 #    additional_clusters: []                       # List of additional clusters for Multicluster testing, see 'cluster' option for more details
-#    managedzone: aws-mz                           # Name of the ManagedZone resource
+#    provider_secret: "aws-credentials"            # Name of the Secret resource that contains DNS provider credentials
 #    issuer:                                       # Issuer object for testing TLSPolicy
 #      name: "selfsigned-cluster-issuer"           # Name of Issuer CR
 #      kind: "ClusterIssuer"                       # Kind of Issuer, can be "Issuer" or "ClusterIssuer"

config/settings.yaml

@@ -26,7 +26,7 @@ default:
       log_level: "debug"
   control_plane:
     additional_clusters: []
-    managedzone: "aws-mz"
+    provider_secret: "aws-credentials"
     issuer:
       name: "selfsigned-issuer"
       kind: "ClusterIssuer"

testsuite/config/__init__.py

@@ -50,7 +50,7 @@ def __init__(self, name, default, **kwargs) -> None:
             must_exist=True,
             messages={"condition": "{value} is not valid exposer"},
         ),
-        Validator("control_plane.managedzone", must_exist=True, ne=None),
+        Validator("control_plane.provider_secret", must_exist=True, ne=None),
         (
             Validator("control_plane.issuer.name", must_exist=True, ne=None)
             & Validator("control_plane.issuer.kind", must_exist=True, is_in={"Issuer", "ClusterIssuer"})

testsuite/gateway/gateway_api/hostname.py

@@ -42,14 +42,14 @@ class DNSPolicyExposer(Exposer):
 
     @cached_property
     def base_domain(self) -> str:
-        mz_name = settings["control_plane"]["managedzone"]
+        provider_secret_name = settings["control_plane"]["provider_secret"]
         try:
-            zone = selector(f"managedzone/{mz_name}", static_context=self.cluster.context).object()
+            secret = selector(f"secret/{provider_secret_name}", static_context=self.cluster.context).object()
         except OpenShiftPythonException as exc:
             raise OpenShiftPythonException(
-                f"Unable to find managedzone/{mz_name} in namespace {self.cluster.project}"
+                f"Unable to find secret/{provider_secret_name} in namespace {self.cluster.project}"
             ) from exc
-        return f'{generate_tail(5)}.{zone.model["spec"]["domainName"]}'
+        return f'{generate_tail(5)}.{secret.model["metadata"]["annotations"]["base_domain"]}'
 
     def expose_hostname(self, name, gateway: Gateway) -> Hostname:
         return StaticHostname(

testsuite/kuadrant/policy/dns.py

@@ -14,6 +14,7 @@ def create_instance(
         cluster: KubernetesClient,
         name: str,
         parent: Referencable,
+        provider_secret_name: str,
         labels: dict[str, str] = None,
     ):
         """Creates new instance of DNSPolicy"""
@@ -22,7 +23,11 @@ def create_instance(
             "apiVersion": "kuadrant.io/v1alpha1",
             "kind": "DNSPolicy",
             "metadata": {"name": name, "labels": labels},
-            "spec": {"targetRef": parent.reference, "routingStrategy": "simple"},
+            "spec": {
+                "targetRef": parent.reference,
+                "providerRefs": [{"name": provider_secret_name}],
+                "routingStrategy": "simple",
+            },
         }
 
         return cls(model, context=cluster.context)

testsuite/tests/conftest.py

@@ -274,3 +274,9 @@ def cluster_issuer(testconfig):
         kind=testconfig["control_plane"]["issuer"]["kind"],
         name=testconfig["control_plane"]["issuer"]["name"],
     )
+
+
+@pytest.fixture(scope="session")
+def dns_provider_secret(testconfig):
+    """Contains name of DNS provider secret"""
+    return testconfig["control_plane"]["provider_secret"]

testsuite/tests/multicluster/conftest.py

@@ -130,9 +130,11 @@ def wildcard_domain(base_domain):
 
 
 @pytest.fixture(scope="module")
-def dns_policy(blame, cluster, gateways, module_label):
+def dns_policy(blame, cluster, gateways, module_label, dns_provider_secret):
     """DNSPolicy fixture"""
-    policy = DNSPolicy.create_instance(cluster, blame("dns"), gateways[cluster], labels={"app": module_label})
+    policy = DNSPolicy.create_instance(
+        cluster, blame("dns"), gateways[cluster], dns_provider_secret, labels={"app": module_label}
+    )
     return policy
 
 

testsuite/tests/singlecluster/gateway/conftest.py

@@ -53,9 +53,11 @@ def exposer(request, cluster) -> Exposer:
 
 
 @pytest.fixture(scope="module")
-def dns_policy(blame, gateway, module_label):
+def dns_policy(blame, gateway, module_label, dns_provider_secret):
     """DNSPolicy fixture"""
-    policy = DNSPolicy.create_instance(gateway.cluster, blame("dns"), gateway, labels={"app": module_label})
+    policy = DNSPolicy.create_instance(
+        gateway.cluster, blame("dns"), gateway, dns_provider_secret, labels={"app": module_label}
+    )
     return policy
 
 

testsuite/tests/singlecluster/gateway/reconciliation/__init__.py

@@ -1,8 +1 @@
 """Module containing tests for Reconciliation of MGC policies"""
-
-from testsuite.kuadrant.policy.dns import DNSPolicy
-
-
-def dns_policy(cluster, name, parent, issuer, labels: dict[str, str] = None):  # pylint: disable=unused-argument
-    """DNSPolicy constructor to unify DNSPolicy and TLSPolicy signatures, so they could be parametrized"""
-    return DNSPolicy.create_instance(cluster, name, parent, labels=labels)

testsuite/tests/singlecluster/gateway/reconciliation/test_gw_doesnt_exist.py

@@ -4,8 +4,8 @@
 
 from testsuite.gateway import CustomReference
 from testsuite.kuadrant.policy.tls import TLSPolicy
+from testsuite.kuadrant.policy.dns import DNSPolicy
 from testsuite.kuadrant.policy import has_condition
-from . import dns_policy
 
 pytestmark = [pytest.mark.kuadrant_only]
 
@@ -17,21 +17,22 @@ def commit():
 
 
 @pytest.mark.parametrize(
-    "create_cr",
+    "policy_cr, issuer_or_secret",
     [
-        pytest.param(dns_policy, id="DNSPolicy", marks=[pytest.mark.dnspolicy]),
-        pytest.param(TLSPolicy.create_instance, id="TLSPolicy", marks=[pytest.mark.tlspolicy]),
+        pytest.param(DNSPolicy, "dns_provider_secret", id="DNSPolicy", marks=[pytest.mark.dnspolicy]),
+        pytest.param(TLSPolicy, "cluster_issuer", id="TLSPolicy", marks=[pytest.mark.tlspolicy]),
     ],
 )
 @pytest.mark.issue("https://github.com/Kuadrant/multicluster-gateway-controller/issues/361")
-def test_no_gw(request, create_cr, cluster, blame, module_label, cluster_issuer):
+def test_no_gw(request, policy_cr, issuer_or_secret, cluster, blame, module_label):
     """Tests that policy is rejected if the Gateway does not exist at all"""
-
-    policy = create_cr(
+    # depending on if DNSPolicy or TLSPolicy is tested the right object for the 4th parameter is passed
+    issuer_or_secret_obj = request.getfixturevalue(issuer_or_secret)
+    policy = policy_cr.create_instance(
         cluster,
         blame("resource"),
         CustomReference(group="gateway.networking.k8s.io", kind="Gateway", name="does-not-exist"),
-        cluster_issuer,
+        issuer_or_secret_obj,
         labels={"app": module_label},
     )
     request.addfinalizer(policy.delete)

testsuite/tests/singlecluster/gateway/reconciliation/test_same_target.py

@@ -3,31 +3,33 @@
 import pytest
 
 from testsuite.kuadrant.policy.tls import TLSPolicy
+from testsuite.kuadrant.policy.dns import DNSPolicy
 from testsuite.kuadrant.policy import has_condition
-from . import dns_policy
 
 pytestmark = [pytest.mark.kuadrant_only]
 
 
 @pytest.mark.parametrize(
-    "create_cr",
+    "policy_cr, issuer_or_secret",
     [
-        pytest.param(dns_policy, id="DNSPolicy", marks=[pytest.mark.dnspolicy]),
-        pytest.param(TLSPolicy.create_instance, id="TLSPolicy", marks=[pytest.mark.tlspolicy]),
+        pytest.param(DNSPolicy, "dns_provider_secret", id="DNSPolicy", marks=[pytest.mark.dnspolicy]),
+        pytest.param(TLSPolicy, "cluster_issuer", id="TLSPolicy", marks=[pytest.mark.tlspolicy]),
     ],
 )
-def test_two_policies_one_gw(request, create_cr, gateway, client, blame, module_label, cluster_issuer, auth):
+def test_two_policies_one_gw(request, policy_cr, issuer_or_secret, gateway, client, blame, module_label, auth):
     """Tests that policy is rejected when the Gateway already has a DNSPolicy"""
 
     # test that it works before the policy
     response = client.get("get", auth=auth)
     assert response.status_code == 200, "Original DNSPolicy does not work"
 
-    policy = create_cr(
+    # depending on if DNSPolicy or TLSPolicy is tested the right object for the 4th parameter is passed
+    issuer_or_secret_obj = request.getfixturevalue(issuer_or_secret)
+    policy = policy_cr.create_instance(
         gateway.cluster,
         blame("dns2"),
         gateway,
-        cluster_issuer,
+        issuer_or_secret_obj,
         labels={"app": module_label},
     )
     request.addfinalizer(policy.delete)