From e86112967799ce18b996bf8d1465d4f269272f04 Mon Sep 17 00:00:00 2001 From: phala Date: Mon, 6 Nov 2023 15:18:38 +0100 Subject: [PATCH] Refactor settings structure - Better reflects currect structure of the project and components --- README.md | 8 ++-- config/settings.local.yaml.tpl | 41 +++++++++++-------- config/settings.yaml | 17 ++++---- testsuite/config/__init__.py | 10 +++-- testsuite/config/openshift_loader.py | 39 +++++++++++------- testsuite/openshift/client.py | 2 +- testsuite/tests/conftest.py | 29 +++++++------ .../tests/kuadrant/authorino/conftest.py | 13 +++--- .../identity/api_key/test_api_key_context.py | 4 +- .../kuadrant/authorino/metrics/conftest.py | 2 +- .../authorino/operator/tls/conftest.py | 2 +- .../authorino/operator/tls/mtls/conftest.py | 2 +- .../kuadrant/authorino/wristband/conftest.py | 2 +- testsuite/tests/mgc/conftest.py | 26 +++++++++--- 14 files changed, 120 insertions(+), 77 deletions(-) diff --git a/README.md b/README.md index 252596fb..b34a8c7c 100644 --- a/README.md +++ b/README.md @@ -77,8 +77,8 @@ The results and reports will be saved in `/test-run-results` in the container. ```bash podman run \ -v $HOME/.kube/config:/run/kubeconfig:z \ - -e KUADRANT_OPENSHIFT__project=authorino \ - -e KUADRANT_OPENSHIFT2__project=authorino2 \ + -e KUADRANT_SERVICE_PROTECTION__PROJECT=authorino \ + -e KUADRANT_SERVICE_PROTECTION__PROJECT2=authorino2 \ -e KUADRANT_AUTH0__url="AUTH0_URL" \ -e KUADRANT_AUTH0__client_id="AUTH0_CLIENT_ID" \ -e KUADRANT_AUTH0__client_secret="AUTH0_CLIENT_SECRET" \ @@ -90,8 +90,8 @@ podman run \ ```bash podman run \ -v $HOME/.kube/config:/run/kubeconfig:z \ - -e KUADRANT_OPENSHIFT__project=authorino \ - -e KUADRANT_OPENSHIFT2__project=authorino2 \ + -e KUADRANT_SERVICE_PROTECTION__PROJECT=authorino \ + -e KUADRANT_SERVICE_PROTECTION__PROJECT2=authorino2 \ -e KUADRANT_RHSSO__url="https://my-sso.net" \ -e KUADRANT_RHSSO__password="ADMIN_PASSWORD" \ -e KUADRANT_RHSSO__username="ADMIN_USERNAME" \ diff --git a/config/settings.local.yaml.tpl b/config/settings.local.yaml.tpl index a66b9641..cc74921d 100644 --- a/config/settings.local.yaml.tpl +++ b/config/settings.local.yaml.tpl @@ -1,12 +1,11 @@ #default: # skip_cleanup: false -# openshift: -# project: "kuadrant" # Optional: namespace for tests to run, if None uses current project +# gateway_api: true # True, if Testsuite should test with Gateway API enabled (e.g. Full Kuadrant) or individual components (e.g. Authorino) +# cluster: # Workload cluster where tests should run, will get overriden if run on Multicluster +# project: "kuadrant" # Optional: Default namespace for this cluster # api_url: "https://api.openshift.com" # Optional: OpenShift API URL, if None it will OpenShift that you are logged in # token: "KUADRANT_RULEZ" # Optional: OpenShift Token, if None it will OpenShift that you are logged in # kubeconfig_path: "~/.kube/config" # Optional: Kubeconfig to use, if None the default one is used -# openshift2: -# project: "kuadrant2" # Required: Secondary OpenShift project, for running tests across projects # tools: # project: "tools" # Optional: OpenShift project, where external tools are located # rhsso: @@ -27,22 +26,28 @@ # url: "HYPERFOIL_URL" # generate_reports: True # True, if each test should generate a report # report_dir: "reports" # Directory, to which the reports should be saved -# authorino: -# image: "quay.io/kuadrant/authorino:latest" # If specified will override the authorino image -# deploy: false # If false, the testsuite will use already deployed authorino for testing -# auth_url: "" # authorization URL for already deployed Authorino -# oidc_url: "" # oidc URL for already deployed Authorino -# metrics_service_name: "" # controller metrics service name for already deployer Authorino -# envoy: -# image: "docker.io/envoyproxy/envoy:v1.23-latest" # Envoy image, the testsuite should use, only for Authorino tests now -# kuadrant: -# enabled: true # True, if Testsuite should test Kuadrant instead of individual operators -# namespace: "kuadrant" # Namespaces where Kuadrant resides -# gateway: # Reference to Gateway that should be used +# service_protection: +# system_project: "kuadrant-system" # Namespace where Kuadrant resource resides +# project: "kuadrant" # Namespace where tests will run +# project2: "kuadrant2" # Second namespace for tests, that run across multiple namespaces +# envoy: +# image: "docker.io/envoyproxy/envoy:v1.23-latest" # Envoy image, the testsuite should use, only for Authorino tests +# gateway: # Optional: Reference to Gateway that should be used, if empty testsuite will create its own # namespace: "istio-system" # name: "istio-ingressgateway" -# mgc: -# spokes: +# authorino: +# image: "quay.io/kuadrant/authorino:latest" # If specified will override the authorino image +# deploy: false # If false, the testsuite will use already deployed authorino for testing +# auth_url: "" # authorization URL for already deployed Authorino +# oidc_url: "" # oidc URL for already deployed Authorino +# metrics_service_name: "" # controller metrics service name for already deployer Authorino +# control_plane: +# hub: # Hub cluster +# project: "multi-cluster-gateways" # Optional: namespace where MGC resources are created and where the hub gateway will be created +# api_url: "https://api.openshift.com" # Optional: OpenShift API URL, if None it will OpenShift that you are logged in +# token: "KUADRANT_RULEZ" # Optional: OpenShift Token, if None it will OpenShift that you are logged in +# kubeconfig_path: "~/.kube/config" # Optional: Kubeconfig to use, if None the default one is used +# spokes: # List of all spokes in the multi-cluster # local-cluster: # project: "kuadrant" # Optional: namespace for tests to run, if None uses current project # api_url: "https://api.openshift.com" # Optional: OpenShift API URL, if None it will OpenShift that you are logged in diff --git a/config/settings.yaml b/config/settings.yaml index c3daa1cb..d66902f3 100644 --- a/config/settings.yaml +++ b/config/settings.yaml @@ -1,6 +1,8 @@ default: skip_cleanup: false dynaconf_merge: true + gateway_api: true + cluster: {} tools: project: "tools" cfssl: "cfssl" @@ -9,17 +11,18 @@ default: test_user: username: "testUser" password: "testPassword" - authorino: - deploy: true - log_level: "debug" - envoy: - image: "docker.io/envoyproxy/envoy:v1.23-latest" - kuadrant: - enabled: true + service_protection: + system_project: "kuadrant-system" project: "kuadrant" + project2: "kuadrant2" + envoy: + image: "docker.io/envoyproxy/envoy:v1.23-latest" gateway: project: "istio-system" name: "istio-ingressgateway" + authorino: + deploy: true + log_level: "debug" hyperfoil: generate_reports: True reports_dir: "reports" diff --git a/testsuite/config/__init__.py b/testsuite/config/__init__.py index 39448c49..7544cc9e 100644 --- a/testsuite/config/__init__.py +++ b/testsuite/config/__init__.py @@ -33,12 +33,16 @@ def __init__(self, name, default, **kwargs) -> None: envvar_prefix="KUADRANT", merge_enabled=True, validators=[ - Validator("authorino.deploy", must_exist=True, eq=True) - | (Validator("authorino.auth_url", must_exist=True) & Validator("authorino.oidc_url", must_exist=True)), + Validator("service_protection.authorino.deploy", must_exist=True, eq=True) + | ( + Validator("service_protection.authorino.auth_url", must_exist=True) + & Validator("authorino.oidc_url", must_exist=True) + ), DefaultValueValidator("rhsso.url", default=fetch_route("no-ssl-sso")), DefaultValueValidator("rhsso.password", default=fetch_secret("credential-sso", "ADMIN_PASSWORD")), DefaultValueValidator("mockserver.url", default=fetch_route("mockserver", force_http=True)), - Validator("kuadrant.enable", must_exist=False, eq=False) | Validator("kuadrant.gateway.name", must_exist=True), + Validator("gateway_api", must_exist=False, eq=False) + | Validator("service_protection.gateway.name", must_exist=True), ], validate_only=["authorino", "kuadrant"], loaders=["dynaconf.loaders.env_loader", "testsuite.config.openshift_loader"], diff --git a/testsuite/config/openshift_loader.py b/testsuite/config/openshift_loader.py index 3803c7e9..8a3b161d 100644 --- a/testsuite/config/openshift_loader.py +++ b/testsuite/config/openshift_loader.py @@ -1,35 +1,46 @@ """Custom dynaconf loader for loading OpenShift settings and converting them to OpenshiftClients""" -from weakget import weakget from testsuite.openshift.client import OpenShiftClient -# pylint: disable=unused-argument +def inject_client(obj, base_client, path): + """Injects OpenShiftClient in the settings, changes only project""" + original = obj.get(path, None) + if original: + obj[path] = base_client.change_project(original) + else: + obj[path] = base_client + + +# pylint: disable=unused-argument, too-many-locals def load(obj, env=None, silent=True, key=None, filename=None): """Creates all OpenShift clients""" - config = weakget(obj) - section = config["openshift"] + section = obj.setdefault("cluster", {}) client = OpenShiftClient( - section["project"] % None, section["api_url"] % None, section["token"] % None, section["kubeconfig_path"] % None + section.get("project"), section.get("api_url"), section.get("token"), section.get("kubeconfig_path") ) - obj["openshift"] = client + obj["cluster"] = client tools = None if "tools" in obj and "project" in obj["tools"]: tools = client.change_project(obj["tools"]["project"]) obj["tools"] = tools - openshift2 = None - if "openshift2" in obj and "project" in obj["openshift2"]: - openshift2 = client.change_project(obj["openshift2"]["project"]) - obj["openshift2"] = openshift2 + service_protection = obj.setdefault("service_protection", {}) + inject_client(service_protection, client, "system_project") + inject_client(service_protection, client, "project") + inject_client(service_protection, client, "project2") + + control_plane = obj.setdefault("control_plane", {}) + hub = control_plane.get("hub", {}) + hub_client = OpenShiftClient(hub.get("project"), hub.get("api_url"), hub.get("token"), hub.get("kubeconfig_path")) + obj["control_plane"]["hub"] = hub_client clients = {} - spokes = weakget(obj)["mgc"]["spokes"] % {} + spokes = control_plane.setdefault("spokes", {}) for name, value in spokes.items(): - value = weakget(value) clients[name] = OpenShiftClient( - value["project"] % None, value["api_url"] % None, value["token"] % None, value["kubeconfig_path"] % None + value.get("project"), value.get("api_url"), value.get("token"), value.get("kubeconfig_path") ) if len(clients) > 0: - obj["mgc"]["spokes"] = clients + control_plane["spokes"] = clients diff --git a/testsuite/openshift/client.py b/testsuite/openshift/client.py index 3ef18780..d013b134 100644 --- a/testsuite/openshift/client.py +++ b/testsuite/openshift/client.py @@ -28,7 +28,7 @@ class OpenShiftClient: # pylint: disable=too-many-public-methods - def __init__(self, project: str, api_url: str = None, token: str = None, kubeconfig_path: str = None): + def __init__(self, project: str = None, api_url: str = None, token: str = None, kubeconfig_path: str = None): self._project = project self._api_url = api_url self._token = token diff --git a/testsuite/tests/conftest.py b/testsuite/tests/conftest.py index eafe27ea..7ead8c3f 100644 --- a/testsuite/tests/conftest.py +++ b/testsuite/tests/conftest.py @@ -5,7 +5,6 @@ import pytest from dynaconf import ValidationError from keycloak import KeycloakAuthenticationError -from weakget import weakget from testsuite.certificates import CFSSLClient from testsuite.config import settings @@ -92,19 +91,19 @@ def testconfig(): return settings -@pytest.fixture(scope="session") +@pytest.fixture(scope="module") def openshift(testconfig): """OpenShift client for the primary namespace""" - client = testconfig["openshift"] + client = testconfig["service_protection"]["project"] if not client.connected: pytest.fail("You are not logged into Openshift or the namespace doesn't exist") return client -@pytest.fixture(scope="session") +@pytest.fixture(scope="module") def openshift2(testconfig): """OpenShift client for the secondary namespace located on the same cluster as primary Openshift""" - client = testconfig["openshift2"] + client = testconfig["service_protection"]["project2"] if client is None: pytest.skip("Openshift2 required but second_project was not set") if not client.connected: @@ -215,15 +214,14 @@ def module_label(label): return randomize(label) -@pytest.fixture(scope="session") +@pytest.fixture(scope="module") def kuadrant(testconfig, openshift): """Returns Kuadrant instance if exists, or None""" - settings = weakget(testconfig) - if not settings["kuadrant"]["enabled"] % True: + if not testconfig.get("gateway_api", True): return None # Try if Kuadrant is deployed - kuadrant_openshift = openshift.change_project(settings["kuadrant"]["project"] % None) + kuadrant_openshift = testconfig["service_protection"]["system_project"] kuadrants = kuadrant_openshift.do_action("get", "kuadrant", "-o", "json", parse_output=True) if len(kuadrants.model["items"]) == 0: pytest.fail("Running Kuadrant tests, but Kuadrant resource was not found") @@ -232,7 +230,7 @@ def kuadrant(testconfig, openshift): return True -@pytest.fixture(scope="session") +@pytest.fixture(scope="module") def backend(request, openshift, blame, label): """Deploys Httpbin backend""" httpbin = Httpbin(openshift, blame("httpbin"), label) @@ -258,7 +256,14 @@ def proxy(request, kuadrant, authorino, openshift, blame, backend, module_label, gateway_object = request.getfixturevalue("gateway") envoy: Proxy = GatewayProxy(gateway_object, module_label, backend) else: - envoy = Envoy(openshift, authorino, blame("envoy"), module_label, backend, testconfig["envoy"]["image"]) + envoy = Envoy( + openshift, + authorino, + blame("envoy"), + module_label, + backend, + testconfig["service_protection"]["envoy"]["image"], + ) request.addfinalizer(envoy.delete) envoy.commit() return envoy @@ -270,7 +275,7 @@ def route(proxy, module_label) -> Route: return proxy.expose_hostname(module_label) -@pytest.fixture(scope="session") +@pytest.fixture(scope="module") def wildcard_domain(openshift): """ Wildcard domain of openshift cluster diff --git a/testsuite/tests/kuadrant/authorino/conftest.py b/testsuite/tests/kuadrant/authorino/conftest.py index 51844aa0..918b2318 100644 --- a/testsuite/tests/kuadrant/authorino/conftest.py +++ b/testsuite/tests/kuadrant/authorino/conftest.py @@ -22,13 +22,14 @@ def authorino(authorino, openshift, blame, request, testconfig, module_label, au if authorino: return authorino - if not testconfig["authorino"]["deploy"]: + authorino = testconfig["service_protection"]["authorino"] + if not authorino["deploy"]: if len(authorino_parameters) > 0: return pytest.skip("Can't change parameters of already deployed Authorino") return PreexistingAuthorino( - testconfig["authorino"]["auth_url"], - testconfig["authorino"]["oidc_url"], - testconfig["authorino"]["metrics_service_name"], + authorino["auth_url"], + authorino["oidc_url"], + authorino["metrics_service_name"], ) labels = authorino_parameters.setdefault("label_selectors", []) @@ -38,8 +39,8 @@ def authorino(authorino, openshift, blame, request, testconfig, module_label, au authorino = AuthorinoCR.create_instance( openshift, - image=weakget(testconfig)["authorino"]["image"] % None, - log_level=weakget(testconfig)["authorino"]["log_level"] % None, + image=weakget(testconfig)["service_protection"]["authorino"]["image"] % None, + log_level=weakget(testconfig)["service_protection"]["authorino"]["log_level"] % None, **authorino_parameters, ) request.addfinalizer(lambda: authorino.delete(ignore_not_found=True)) diff --git a/testsuite/tests/kuadrant/authorino/identity/api_key/test_api_key_context.py b/testsuite/tests/kuadrant/authorino/identity/api_key/test_api_key_context.py index c0c0bd36..fd2c5a12 100644 --- a/testsuite/tests/kuadrant/authorino/identity/api_key/test_api_key_context.py +++ b/testsuite/tests/kuadrant/authorino/identity/api_key/test_api_key_context.py @@ -12,7 +12,7 @@ def authorization(authorization, api_key): return authorization -def tests_api_key_context(client, auth, api_key, module_label, testconfig): +def tests_api_key_context(client, auth, api_key, module_label, openshift): """ Test: - Make request with API key authentication @@ -22,5 +22,5 @@ def tests_api_key_context(client, auth, api_key, module_label, testconfig): assert response.status_code == 200 identity = extract_response(response) assert identity["data"]["api_key"] % None == api_key.model.data.api_key - assert identity["metadata"]["namespace"] % None == testconfig["openshift"].project + assert identity["metadata"]["namespace"] % None == openshift.project assert identity["metadata"]["labels"]["group"] % None == module_label diff --git a/testsuite/tests/kuadrant/authorino/metrics/conftest.py b/testsuite/tests/kuadrant/authorino/metrics/conftest.py index 1485826f..bec53a95 100644 --- a/testsuite/tests/kuadrant/authorino/metrics/conftest.py +++ b/testsuite/tests/kuadrant/authorino/metrics/conftest.py @@ -14,7 +14,7 @@ def run_on_kuadrant(): return False -@pytest.fixture(scope="session") +@pytest.fixture(scope="module") def prometheus(request, openshift): """ Return an instance of OpenShift metrics client diff --git a/testsuite/tests/kuadrant/authorino/operator/tls/conftest.py b/testsuite/tests/kuadrant/authorino/operator/tls/conftest.py index d56c94c1..944c26b5 100644 --- a/testsuite/tests/kuadrant/authorino/operator/tls/conftest.py +++ b/testsuite/tests/kuadrant/authorino/operator/tls/conftest.py @@ -72,7 +72,7 @@ def _create_secret(certificate: Certificate, name: str, labels: Optional[Dict[st return _create_secret -@pytest.fixture(scope="session") +@pytest.fixture(scope="module") def authorino_domain(openshift): """ Hostname of the upstream certificate sent to be validated by APIcast diff --git a/testsuite/tests/kuadrant/authorino/operator/tls/mtls/conftest.py b/testsuite/tests/kuadrant/authorino/operator/tls/mtls/conftest.py index 045a7772..3fdf19d3 100644 --- a/testsuite/tests/kuadrant/authorino/operator/tls/mtls/conftest.py +++ b/testsuite/tests/kuadrant/authorino/operator/tls/mtls/conftest.py @@ -17,7 +17,7 @@ def authorization(authorization, blame, selector, cert_attributes): return authorization -@pytest.fixture(scope="session") +@pytest.fixture(scope="module") def certificates(cfssl, authorino_domain, wildcard_domain, cert_attributes, cert_attributes_other): """Certificate hierarchy used for the mTLS tests""" chain = { diff --git a/testsuite/tests/kuadrant/authorino/wristband/conftest.py b/testsuite/tests/kuadrant/authorino/wristband/conftest.py index c258590c..788997ea 100644 --- a/testsuite/tests/kuadrant/authorino/wristband/conftest.py +++ b/testsuite/tests/kuadrant/authorino/wristband/conftest.py @@ -34,7 +34,7 @@ def wristband_secret(blame, request, openshift, certificates) -> str: return wristband_secret_name -@pytest.fixture(scope="session") +@pytest.fixture(scope="module") def certificates(cfssl, wildcard_domain): """Certificate hierarchy used for the wristband tests""" chain = { diff --git a/testsuite/tests/mgc/conftest.py b/testsuite/tests/mgc/conftest.py index 3ba82ba5..740b5535 100644 --- a/testsuite/tests/mgc/conftest.py +++ b/testsuite/tests/mgc/conftest.py @@ -25,16 +25,25 @@ def backend(request, gateway, blame, label): @pytest.fixture(scope="session") def spokes(testconfig): """Returns Map of spokes names and their respective clients""" - spokes = weakget(testconfig)["mgc"]["spokes"] % {} + spokes = weakget(testconfig)["control_plane"]["spokes"] % {} assert len(spokes) > 0, "No spokes configured" return spokes +@pytest.fixture(scope="session") +def hub_openshift(testconfig): + """Openshift client for a Hub cluster""" + client = testconfig["control_plane"]["hub"] + if not client.connected: + pytest.fail("You are not logged into Openshift or the namespace doesn't exist") + return client + + @pytest.fixture(scope="module") -def upstream_gateway(request, openshift, blame, hostname, module_label): +def upstream_gateway(request, hub_openshift, blame, hostname, module_label): """Creates and returns configured and ready upstream Gateway""" upstream_gateway = MGCGateway.create_instance( - openshift=openshift, + openshift=hub_openshift, name=blame("mgc-gateway"), gateway_class="kuadrant-multi-cluster-gateway-instance-per-cluster", hostname=f"*.{hostname}", @@ -102,13 +111,18 @@ def gateway(upstream_gateway, spokes, hub_policies_commit): return gw +@pytest.fixture(scope="module") +def openshift(gateway): + """OpenShift client for the primary namespace""" + return gateway.openshift + + @pytest.fixture(scope="module", params=["aws-mz", "gcp-mz"]) -def base_domain(request, openshift): +def base_domain(request, hub_openshift): """Returns preconfigured base domain""" mz_name = request.param - with openshift.context: - zone = selector(f"managedzone/{mz_name}").object() + zone = selector(f"managedzone/{mz_name}", static_context=hub_openshift.context).object() return zone.model["spec"]["domainName"]