diff --git a/README.md b/README.md index 476ce00e..0a3b2952 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,21 @@ This repository contains end-to-end tests for Kuadrant project. It supports runn * Use `test` make target ### DNSPolicy tests -* Existing ManagedZone, named `aws-mz` (name defined in `control_plane.managedzone`) +* Existing DNS provider Secret named `aws-credentials` (name defined in `control_plane.provider_secret`) with annotation containing the base domain. Example AWS provider Secret: +```yaml +kind: Secret +apiVersion: v1 +metadata: + name: aws-credentials + namespace: kuadrant + annotations: + base_domain: example.com +data: + AWS_ACCESS_KEY_ID: + AWS_REGION: + AWS_SECRET_ACCESS_KEY: +type: kuadrant.io/aws +``` ### TLSPolicy tests * Existing self-signed ClusterIssuer or Issuer, named `selfsigned-issuer` (name defined in `control_plane.issuer.name`) diff --git a/config/settings.local.yaml.tpl b/config/settings.local.yaml.tpl index 26d61eea..f420b8de 100644 --- a/config/settings.local.yaml.tpl +++ b/config/settings.local.yaml.tpl @@ -45,7 +45,7 @@ # default_exposer: "kubernetes" # Force Exposer typem options: 'openshift', 'kind', 'kubernetes' # control_plane: # additional_clusters: [] # List of additional clusters for Multicluster testing, see 'cluster' option for more details -# managedzone: aws-mz # Name of the ManagedZone resource +# provider_secret: "aws-credentials" # Name of the Secret resource that contains DNS provider credentials # issuer: # Issuer object for testing TLSPolicy # name: "selfsigned-cluster-issuer" # Name of Issuer CR # kind: "ClusterIssuer" # Kind of Issuer, can be "Issuer" or "ClusterIssuer" diff --git a/config/settings.yaml b/config/settings.yaml index 89a0d0c4..f64f01fd 100644 --- a/config/settings.yaml +++ b/config/settings.yaml @@ -26,7 +26,7 @@ default: log_level: "debug" control_plane: additional_clusters: [] - managedzone: "aws-mz" + provider_secret: "aws-credentials" issuer: name: "selfsigned-issuer" kind: "ClusterIssuer" diff --git a/testsuite/config/__init__.py b/testsuite/config/__init__.py index dd33307e..6c351c38 100644 --- a/testsuite/config/__init__.py +++ b/testsuite/config/__init__.py @@ -50,7 +50,7 @@ def __init__(self, name, default, **kwargs) -> None: must_exist=True, messages={"condition": "{value} is not valid exposer"}, ), - Validator("control_plane.managedzone", must_exist=True, ne=None), + Validator("control_plane.provider_secret", must_exist=True, ne=None), ( Validator("control_plane.issuer.name", must_exist=True, ne=None) & Validator("control_plane.issuer.kind", must_exist=True, is_in={"Issuer", "ClusterIssuer"}) diff --git a/testsuite/gateway/gateway_api/hostname.py b/testsuite/gateway/gateway_api/hostname.py index 587e470c..d688aa30 100644 --- a/testsuite/gateway/gateway_api/hostname.py +++ b/testsuite/gateway/gateway_api/hostname.py @@ -42,14 +42,14 @@ class DNSPolicyExposer(Exposer): @cached_property def base_domain(self) -> str: - mz_name = settings["control_plane"]["managedzone"] + provider_secret_name = settings["control_plane"]["provider_secret"] try: - zone = selector(f"managedzone/{mz_name}", static_context=self.cluster.context).object() + secret = selector(f"secret/{provider_secret_name}", static_context=self.cluster.context).object() except OpenShiftPythonException as exc: raise OpenShiftPythonException( - f"Unable to find managedzone/{mz_name} in namespace {self.cluster.project}" + f"Unable to find secret/{provider_secret_name} in namespace {self.cluster.project}" ) from exc - return f'{generate_tail(5)}.{zone.model["spec"]["domainName"]}' + return f'{generate_tail(5)}.{secret.model["metadata"]["annotations"]["base_domain"]}' def expose_hostname(self, name, gateway: Gateway) -> Hostname: return StaticHostname( diff --git a/testsuite/kuadrant/policy/dns.py b/testsuite/kuadrant/policy/dns.py index 221fb2ee..481d7d67 100644 --- a/testsuite/kuadrant/policy/dns.py +++ b/testsuite/kuadrant/policy/dns.py @@ -14,6 +14,7 @@ def create_instance( cluster: KubernetesClient, name: str, parent: Referencable, + provider_secret_name: str, labels: dict[str, str] = None, ): """Creates new instance of DNSPolicy""" @@ -22,7 +23,11 @@ def create_instance( "apiVersion": "kuadrant.io/v1alpha1", "kind": "DNSPolicy", "metadata": {"name": name, "labels": labels}, - "spec": {"targetRef": parent.reference, "routingStrategy": "simple"}, + "spec": { + "targetRef": parent.reference, + "providerRefs": [{"name": provider_secret_name}], + "routingStrategy": "simple", + }, } return cls(model, context=cluster.context) diff --git a/testsuite/tests/conftest.py b/testsuite/tests/conftest.py index 2ba424ac..0ff0a589 100644 --- a/testsuite/tests/conftest.py +++ b/testsuite/tests/conftest.py @@ -274,3 +274,9 @@ def cluster_issuer(testconfig): kind=testconfig["control_plane"]["issuer"]["kind"], name=testconfig["control_plane"]["issuer"]["name"], ) + + +@pytest.fixture(scope="session") +def dns_provider_secret(testconfig): + """Contains name of DNS provider secret""" + return testconfig["control_plane"]["provider_secret"] diff --git a/testsuite/tests/multicluster/conftest.py b/testsuite/tests/multicluster/conftest.py index 7c2bed52..1c9f273f 100644 --- a/testsuite/tests/multicluster/conftest.py +++ b/testsuite/tests/multicluster/conftest.py @@ -130,9 +130,11 @@ def wildcard_domain(base_domain): @pytest.fixture(scope="module") -def dns_policy(blame, cluster, gateways, module_label): +def dns_policy(blame, cluster, gateways, module_label, dns_provider_secret): """DNSPolicy fixture""" - policy = DNSPolicy.create_instance(cluster, blame("dns"), gateways[cluster], labels={"app": module_label}) + policy = DNSPolicy.create_instance( + cluster, blame("dns"), gateways[cluster], dns_provider_secret, labels={"app": module_label} + ) return policy diff --git a/testsuite/tests/singlecluster/gateway/conftest.py b/testsuite/tests/singlecluster/gateway/conftest.py index 396ee805..f79d8f73 100644 --- a/testsuite/tests/singlecluster/gateway/conftest.py +++ b/testsuite/tests/singlecluster/gateway/conftest.py @@ -53,9 +53,11 @@ def exposer(request, cluster) -> Exposer: @pytest.fixture(scope="module") -def dns_policy(blame, gateway, module_label): +def dns_policy(blame, gateway, module_label, dns_provider_secret): """DNSPolicy fixture""" - policy = DNSPolicy.create_instance(gateway.cluster, blame("dns"), gateway, labels={"app": module_label}) + policy = DNSPolicy.create_instance( + gateway.cluster, blame("dns"), gateway, dns_provider_secret, labels={"app": module_label} + ) return policy diff --git a/testsuite/tests/singlecluster/gateway/reconciliation/__init__.py b/testsuite/tests/singlecluster/gateway/reconciliation/__init__.py index 90517190..e6cfc920 100644 --- a/testsuite/tests/singlecluster/gateway/reconciliation/__init__.py +++ b/testsuite/tests/singlecluster/gateway/reconciliation/__init__.py @@ -1,8 +1 @@ """Module containing tests for Reconciliation of MGC policies""" - -from testsuite.kuadrant.policy.dns import DNSPolicy - - -def dns_policy(cluster, name, parent, issuer, labels: dict[str, str] = None): # pylint: disable=unused-argument - """DNSPolicy constructor to unify DNSPolicy and TLSPolicy signatures, so they could be parametrized""" - return DNSPolicy.create_instance(cluster, name, parent, labels=labels) diff --git a/testsuite/tests/singlecluster/gateway/reconciliation/test_gw_doesnt_exist.py b/testsuite/tests/singlecluster/gateway/reconciliation/test_gw_doesnt_exist.py index 2aa80470..50142b25 100644 --- a/testsuite/tests/singlecluster/gateway/reconciliation/test_gw_doesnt_exist.py +++ b/testsuite/tests/singlecluster/gateway/reconciliation/test_gw_doesnt_exist.py @@ -4,8 +4,8 @@ from testsuite.gateway import CustomReference from testsuite.kuadrant.policy.tls import TLSPolicy +from testsuite.kuadrant.policy.dns import DNSPolicy from testsuite.kuadrant.policy import has_condition -from . import dns_policy pytestmark = [pytest.mark.kuadrant_only] @@ -17,21 +17,22 @@ def commit(): @pytest.mark.parametrize( - "create_cr", + "policy_cr, issuer_or_secret", [ - pytest.param(dns_policy, id="DNSPolicy", marks=[pytest.mark.dnspolicy]), - pytest.param(TLSPolicy.create_instance, id="TLSPolicy", marks=[pytest.mark.tlspolicy]), + pytest.param(DNSPolicy, "dns_provider_secret", id="DNSPolicy", marks=[pytest.mark.dnspolicy]), + pytest.param(TLSPolicy, "cluster_issuer", id="TLSPolicy", marks=[pytest.mark.tlspolicy]), ], ) @pytest.mark.issue("https://github.com/Kuadrant/multicluster-gateway-controller/issues/361") -def test_no_gw(request, create_cr, cluster, blame, module_label, cluster_issuer): +def test_no_gw(request, policy_cr, issuer_or_secret, cluster, blame, module_label): """Tests that policy is rejected if the Gateway does not exist at all""" - - policy = create_cr( + # depending on if DNSPolicy or TLSPolicy is tested the right object for the 4th parameter is passed + issuer_or_secret_obj = request.getfixturevalue(issuer_or_secret) + policy = policy_cr.create_instance( cluster, blame("resource"), CustomReference(group="gateway.networking.k8s.io", kind="Gateway", name="does-not-exist"), - cluster_issuer, + issuer_or_secret_obj, labels={"app": module_label}, ) request.addfinalizer(policy.delete) diff --git a/testsuite/tests/singlecluster/gateway/reconciliation/test_same_target.py b/testsuite/tests/singlecluster/gateway/reconciliation/test_same_target.py index 708c1336..7ccce631 100644 --- a/testsuite/tests/singlecluster/gateway/reconciliation/test_same_target.py +++ b/testsuite/tests/singlecluster/gateway/reconciliation/test_same_target.py @@ -3,31 +3,33 @@ import pytest from testsuite.kuadrant.policy.tls import TLSPolicy +from testsuite.kuadrant.policy.dns import DNSPolicy from testsuite.kuadrant.policy import has_condition -from . import dns_policy pytestmark = [pytest.mark.kuadrant_only] @pytest.mark.parametrize( - "create_cr", + "policy_cr, issuer_or_secret", [ - pytest.param(dns_policy, id="DNSPolicy", marks=[pytest.mark.dnspolicy]), - pytest.param(TLSPolicy.create_instance, id="TLSPolicy", marks=[pytest.mark.tlspolicy]), + pytest.param(DNSPolicy, "dns_provider_secret", id="DNSPolicy", marks=[pytest.mark.dnspolicy]), + pytest.param(TLSPolicy, "cluster_issuer", id="TLSPolicy", marks=[pytest.mark.tlspolicy]), ], ) -def test_two_policies_one_gw(request, create_cr, gateway, client, blame, module_label, cluster_issuer, auth): +def test_two_policies_one_gw(request, policy_cr, issuer_or_secret, gateway, client, blame, module_label, auth): """Tests that policy is rejected when the Gateway already has a DNSPolicy""" # test that it works before the policy response = client.get("get", auth=auth) assert response.status_code == 200, "Original DNSPolicy does not work" - policy = create_cr( + # depending on if DNSPolicy or TLSPolicy is tested the right object for the 4th parameter is passed + issuer_or_secret_obj = request.getfixturevalue(issuer_or_secret) + policy = policy_cr.create_instance( gateway.cluster, blame("dns2"), gateway, - cluster_issuer, + issuer_or_secret_obj, labels={"app": module_label}, ) request.addfinalizer(policy.delete)