Merge pull request #286 from pehala/improve_wristband

Enhance wristband test
Kuadrant · Nov 16, 2023 · e1f30b8 · e1f30b8
2 parents 15611dd + a8dddae
commit e1f30b8
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 37 deletions.
diff --git a/testsuite/tests/kuadrant/authorino/wristband/conftest.py b/testsuite/tests/kuadrant/authorino/wristband/conftest.py
@@ -60,68 +60,78 @@ def gateway(request, authorino, openshift, blame, module_label, testconfig):
 
 
 @pytest.fixture(scope="module")
-def wristband_endpoint(openshift, authorino, authorization_name):
-    """Authorino oidc wristband endpoint"""
-    return f"http://{authorino.oidc_url}:8083/{openshift.project}/{authorization_name}/wristband"
+def wristband_name(blame):
+    """Name of the wristband response Authorization"""
+    return blame("auth-wristband")
 
 
 @pytest.fixture(scope="module")
-def authorization(authorization, wristband_secret, wristband_endpoint) -> AuthConfig:
-    """Add wristband response with the signing key to the AuthConfig"""
+def wristband_endpoint(openshift, authorino, wristband_name):
+    """Authorino oidc wristband endpoint"""
+    return f"http://{authorino.oidc_url}:8083/{openshift.project}/{wristband_name}/wristband"
 
-    authorization.responses.add_success_dynamic(
-        "wristband",
-        WristbandResponse(issuer=wristband_endpoint, signingKeyRefs=[WristbandSigningKeyRef(wristband_secret)]),
-    )
+
+@pytest.fixture(scope="module")
+def authorization(authorization, wristband_endpoint) -> AuthConfig:
+    """Add wristband authentication to Authorization"""
+    authorization.identity.clear_all()
+    authorization.identity.add_oidc("edge-authenticated", wristband_endpoint)
     return authorization
 
 
 @pytest.fixture(scope="module")
-def wristband_token(client, auth):
+def wristband_token(wristband_hostname, auth):
     """Test token acquirement from oidc endpoint"""
-    response = client.get("/auth", auth=auth)
-    assert response.status_code == 200
+    with wristband_hostname.client() as client:
+        response = client.get("/auth", auth=auth)
+        assert response.status_code == 200
 
-    assert response.headers.get("wristband-token") is not None
-    return response.headers["wristband-token"]
+        assert response.headers.get("wristband-token") is not None
+        return response.headers["wristband-token"]
 
 
 @pytest.fixture(scope="module")
-def authenticated_route(exposer, gateway, blame):
-    """Second envoy route, intended for the already authenticated user"""
+def wristband_hostname(exposer, gateway, blame):
+    """Hostname on which you can acquire wristband token"""
     return exposer.expose_hostname(blame("route"), gateway)
 
 
 @pytest.fixture(scope="module")
-def authenticated_authorization(request, gateway, blame, authenticated_route, module_label, wristband_endpoint):
-    """Second AuthConfig with authorino oidc endpoint, protecting route for the already authenticated user"""
-    route = EnvoyVirtualRoute.create_instance(gateway.openshift, blame("route"), gateway)
-    route.add_hostname(authenticated_route.hostname)
+def wristband_authorization(
+    request,
+    gateway,
+    wristband_name,
+    oidc_provider,
+    wristband_hostname,
+    module_label,
+    wristband_endpoint,
+    wristband_secret,
+):
+    """Second AuthConfig with authorino oidc endpoint for getting the wristband token"""
+    route = EnvoyVirtualRoute.create_instance(gateway.openshift, wristband_name, gateway)
+    route.add_hostname(wristband_hostname.hostname)
 
     request.addfinalizer(route.delete)
     route.commit()
 
     authorization = AuthConfig.create_instance(
         gateway.openshift,
-        blame("auth-authenticated"),
+        wristband_name,
         route,
         labels={"testRun": module_label},
     )
-    authorization.identity.add_oidc("edge-authenticated", wristband_endpoint)
-    return authorization
-
 
-@pytest.fixture(scope="module")
-def authenticated_client(authenticated_route):
-    """Client with route for the already authenticated user"""
-    client = authenticated_route.client()
-    yield client
-    client.close()
+    authorization.identity.add_oidc("rhsso", oidc_provider.well_known["issuer"])
+    authorization.responses.add_success_dynamic(
+        "wristband",
+        WristbandResponse(issuer=wristband_endpoint, signingKeyRefs=[WristbandSigningKeyRef(wristband_secret)]),
+    )
+    return authorization
 
 
 # pylint: disable=unused-argument
 @pytest.fixture(scope="module", autouse=True)
-def commit(request, commit, authenticated_authorization):
+def commit(request, commit, wristband_authorization):
     """Commits all important stuff before tests"""
-    request.addfinalizer(authenticated_authorization.delete)
-    authenticated_authorization.commit()
+    request.addfinalizer(wristband_authorization.delete)
+    wristband_authorization.commit()
diff --git a/testsuite/tests/kuadrant/authorino/wristband/test_wristband.py b/testsuite/tests/kuadrant/authorino/wristband/test_wristband.py
@@ -14,13 +14,13 @@ def test_wristband_token_claims(oidc_provider, auth, wristband_token, wristband_
         assert claim not in wristband_decoded
 
 
-def test_wristband_success(authenticated_client, wristband_token):
+def test_wristband_success(client, wristband_token):
     """Test api authentication with token that was acquired after successful authentication in the edge"""
-    response = authenticated_client.get("/get", headers={"Authorization": "Bearer " + wristband_token})
+    response = client.get("/get", headers={"Authorization": "Bearer " + wristband_token})
     assert response.status_code == 200
 
 
-def test_wristband_fail(authenticated_client, auth):
+def test_wristband_fail(client, auth):
     """Test api authentication with token that only accepted in the edge"""
-    response = authenticated_client.get("/get", auth=auth)  # oidc access token instead of wristband
+    response = client.get("/get", auth=auth)  # oidc access token instead of wristband
     assert response.status_code == 401