Merge pull request #450 from pehala/force_sni

Enable TLS tests on Kind/Kubernetes
Kuadrant · Jun 19, 2024 · 995ec8a · 995ec8a
2 parents d236912 + 410fd57
commit 995ec8a
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 8 deletions.
diff --git a/testsuite/gateway/exposers.py b/testsuite/gateway/exposers.py
@@ -2,7 +2,7 @@
 
 from testsuite.certificates import Certificate
 from testsuite.gateway import Exposer, Gateway, Hostname
-from testsuite.httpx import KuadrantClient
+from testsuite.httpx import KuadrantClient, ForceSNIClient
 from testsuite.openshift.route import OpenshiftRoute
 
 
@@ -56,7 +56,7 @@ def client(self, **kwargs) -> KuadrantClient:
         if self.verify or self.force_https:
             protocol = "https"
             kwargs.setdefault("verify", self.verify)
-        return KuadrantClient(base_url=f"{protocol}://{self.ip_getter()}", **kwargs)
+        return ForceSNIClient(base_url=f"{protocol}://{self.ip_getter()}", sni_hostname=self.hostname, **kwargs)
 
     @property
     def hostname(self):

diff --git a/testsuite/httpx/__init__.py b/testsuite/httpx/__init__.py
@@ -1,12 +1,26 @@
 """Common classes for Httpx"""
 
+import typing
+
 # I change return type of HTTPX client to Kuadrant Result
 # mypy: disable-error-code="override, return-value"
 from tempfile import NamedTemporaryFile
 from typing import Union, Iterable
 
 import backoff
-from httpx import Client, RequestError
+from httpx import Client, RequestError, USE_CLIENT_DEFAULT, Request
+from httpx._client import UseClientDefault
+from httpx._types import (
+    URLTypes,
+    RequestContent,
+    RequestData,
+    RequestFiles,
+    QueryParamTypes,
+    HeaderTypes,
+    CookieTypes,
+    TimeoutTypes,
+    RequestExtensions,
+)
 
 from testsuite.certificates import Certificate
 
@@ -171,3 +185,50 @@ def get_many(self, url, count, *, params=None, headers=None, auth=None) -> Resul
             responses.append(self.get(url, params=params, headers=headers, auth=auth))
 
         return responses
+
+
+class ForceSNIClient(KuadrantClient):
+    """Kuadrant client that forces SNI for each request"""
+
+    def __init__(
+        self,
+        *,
+        verify: Union[Certificate, bool] = True,
+        cert: Certificate = None,
+        retry_codes: Iterable[int] = None,
+        sni_hostname: str = None,
+        **kwargs,
+    ):
+        super().__init__(verify=verify, cert=cert, retry_codes=retry_codes, **kwargs)
+        self.sni_hostname = sni_hostname
+
+    def build_request(
+        self,
+        method: str,
+        url: URLTypes,
+        *,
+        content: RequestContent | None = None,
+        data: RequestData | None = None,
+        files: RequestFiles | None = None,
+        json: typing.Any | None = None,
+        params: QueryParamTypes | None = None,
+        headers: HeaderTypes | None = None,
+        cookies: CookieTypes | None = None,
+        timeout: TimeoutTypes | UseClientDefault = USE_CLIENT_DEFAULT,
+        extensions: RequestExtensions | None = None,
+    ) -> Request:
+        extensions = extensions or {}
+        extensions.setdefault("sni_hostname", self.sni_hostname)
+        return super().build_request(
+            method,
+            url,
+            content=content,
+            data=data,
+            files=files,
+            json=json,
+            params=params,
+            headers=headers,
+            cookies=cookies,
+            timeout=timeout,
+            extensions=extensions,
+        )
diff --git a/testsuite/tests/kuadrant/authorino/operator/tls/conftest.py b/testsuite/tests/kuadrant/authorino/operator/tls/conftest.py
@@ -8,7 +8,6 @@
 from testsuite.openshift import Selector
 from testsuite.gateway import Exposer
 from testsuite.gateway.envoy.tls import TLSEnvoy
-from testsuite.gateway.exposers import LoadBalancerServiceExposer, OpenShiftExposer
 from testsuite.openshift.secret import TLSSecret
 from testsuite.utils import cert_builder
 
@@ -183,12 +182,10 @@ def gateway(
 @pytest.fixture(scope="module")
 def exposer(request, testconfig, hub_openshift) -> Exposer:
     """Exposer object instance with TLS passthrough"""
-    if testconfig["default_exposer"] == LoadBalancerServiceExposer:
-        pytest.skip("TLS tests do not work on Kind")
-    exposer = OpenShiftExposer(hub_openshift)
+    exposer = testconfig["default_exposer"](hub_openshift)
+    exposer.passthrough = True
     request.addfinalizer(exposer.delete)
     exposer.commit()
-    exposer.passthrough = True
     return exposer