From a8dddaed0b39d67054893ed6b9fe664ba44f5f29 Mon Sep 17 00:00:00 2001 From: phala Date: Thu, 16 Nov 2023 14:44:46 +0100 Subject: [PATCH] Enhance wristband test - Use standard client in test methods - Improve fixture naming --- .../kuadrant/authorino/wristband/conftest.py | 76 +++++++++++-------- .../authorino/wristband/test_wristband.py | 8 +- 2 files changed, 47 insertions(+), 37 deletions(-) diff --git a/testsuite/tests/kuadrant/authorino/wristband/conftest.py b/testsuite/tests/kuadrant/authorino/wristband/conftest.py index 902c15c4..17399442 100644 --- a/testsuite/tests/kuadrant/authorino/wristband/conftest.py +++ b/testsuite/tests/kuadrant/authorino/wristband/conftest.py @@ -60,68 +60,78 @@ def gateway(request, authorino, openshift, blame, module_label, testconfig): @pytest.fixture(scope="module") -def wristband_endpoint(openshift, authorino, authorization_name): - """Authorino oidc wristband endpoint""" - return f"http://{authorino.oidc_url}:8083/{openshift.project}/{authorization_name}/wristband" +def wristband_name(blame): + """Name of the wristband response Authorization""" + return blame("auth-wristband") @pytest.fixture(scope="module") -def authorization(authorization, wristband_secret, wristband_endpoint) -> AuthConfig: - """Add wristband response with the signing key to the AuthConfig""" +def wristband_endpoint(openshift, authorino, wristband_name): + """Authorino oidc wristband endpoint""" + return f"http://{authorino.oidc_url}:8083/{openshift.project}/{wristband_name}/wristband" - authorization.responses.add_success_dynamic( - "wristband", - WristbandResponse(issuer=wristband_endpoint, signingKeyRefs=[WristbandSigningKeyRef(wristband_secret)]), - ) + +@pytest.fixture(scope="module") +def authorization(authorization, wristband_endpoint) -> AuthConfig: + """Add wristband authentication to Authorization""" + authorization.identity.clear_all() + authorization.identity.add_oidc("edge-authenticated", wristband_endpoint) return authorization @pytest.fixture(scope="module") -def wristband_token(client, auth): +def wristband_token(wristband_hostname, auth): """Test token acquirement from oidc endpoint""" - response = client.get("/auth", auth=auth) - assert response.status_code == 200 + with wristband_hostname.client() as client: + response = client.get("/auth", auth=auth) + assert response.status_code == 200 - assert response.headers.get("wristband-token") is not None - return response.headers["wristband-token"] + assert response.headers.get("wristband-token") is not None + return response.headers["wristband-token"] @pytest.fixture(scope="module") -def authenticated_route(exposer, gateway, blame): - """Second envoy route, intended for the already authenticated user""" +def wristband_hostname(exposer, gateway, blame): + """Hostname on which you can acquire wristband token""" return exposer.expose_hostname(blame("route"), gateway) @pytest.fixture(scope="module") -def authenticated_authorization(request, gateway, blame, authenticated_route, module_label, wristband_endpoint): - """Second AuthConfig with authorino oidc endpoint, protecting route for the already authenticated user""" - route = EnvoyVirtualRoute.create_instance(gateway.openshift, blame("route"), gateway) - route.add_hostname(authenticated_route.hostname) +def wristband_authorization( + request, + gateway, + wristband_name, + oidc_provider, + wristband_hostname, + module_label, + wristband_endpoint, + wristband_secret, +): + """Second AuthConfig with authorino oidc endpoint for getting the wristband token""" + route = EnvoyVirtualRoute.create_instance(gateway.openshift, wristband_name, gateway) + route.add_hostname(wristband_hostname.hostname) request.addfinalizer(route.delete) route.commit() authorization = AuthConfig.create_instance( gateway.openshift, - blame("auth-authenticated"), + wristband_name, route, labels={"testRun": module_label}, ) - authorization.identity.add_oidc("edge-authenticated", wristband_endpoint) - return authorization - -@pytest.fixture(scope="module") -def authenticated_client(authenticated_route): - """Client with route for the already authenticated user""" - client = authenticated_route.client() - yield client - client.close() + authorization.identity.add_oidc("rhsso", oidc_provider.well_known["issuer"]) + authorization.responses.add_success_dynamic( + "wristband", + WristbandResponse(issuer=wristband_endpoint, signingKeyRefs=[WristbandSigningKeyRef(wristband_secret)]), + ) + return authorization # pylint: disable=unused-argument @pytest.fixture(scope="module", autouse=True) -def commit(request, commit, authenticated_authorization): +def commit(request, commit, wristband_authorization): """Commits all important stuff before tests""" - request.addfinalizer(authenticated_authorization.delete) - authenticated_authorization.commit() + request.addfinalizer(wristband_authorization.delete) + wristband_authorization.commit() diff --git a/testsuite/tests/kuadrant/authorino/wristband/test_wristband.py b/testsuite/tests/kuadrant/authorino/wristband/test_wristband.py index 4877592f..9025063d 100644 --- a/testsuite/tests/kuadrant/authorino/wristband/test_wristband.py +++ b/testsuite/tests/kuadrant/authorino/wristband/test_wristband.py @@ -14,13 +14,13 @@ def test_wristband_token_claims(oidc_provider, auth, wristband_token, wristband_ assert claim not in wristband_decoded -def test_wristband_success(authenticated_client, wristband_token): +def test_wristband_success(client, wristband_token): """Test api authentication with token that was acquired after successful authentication in the edge""" - response = authenticated_client.get("/get", headers={"Authorization": "Bearer " + wristband_token}) + response = client.get("/get", headers={"Authorization": "Bearer " + wristband_token}) assert response.status_code == 200 -def test_wristband_fail(authenticated_client, auth): +def test_wristband_fail(client, auth): """Test api authentication with token that only accepted in the edge""" - response = authenticated_client.get("/get", auth=auth) # oidc access token instead of wristband + response = client.get("/get", auth=auth) # oidc access token instead of wristband assert response.status_code == 401