Expand D&O tests: sectionName/Multiple policies with one target

Signed-off-by: Martin Hesko <[email protected]>

testsuite/tests/singlecluster/defaults/section/conftest.py

@@ -0,0 +1,12 @@
+"""Conftest for RLP section_name targeting tests"""
+
+import pytest
+
+
+@pytest.fixture(scope="module", autouse=True)
+def commit(request, route, rate_limit, authorization):  # pylint: disable=unused-argument
+    """Commits RateLimitPolicy after the HTTPRoute is created"""
+    for policy in [authorization, rate_limit]:
+        request.addfinalizer(policy.delete)
+        policy.commit()
+        policy.wait_for_ready()

testsuite/tests/singlecluster/defaults/section/test_basic_listener.py

@@ -0,0 +1,48 @@
+"""Test enforcement of policies with defaults targeting a Gateway Listener"""
+
+import pytest
+
+from testsuite.httpx.auth import HttpxOidcClientAuth
+from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy
+from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit
+
+pytestmark = [pytest.mark.kuadrant_only]
+
+LIMIT = Limit(10, "10s")
+
+
+@pytest.fixture(scope="module")
+def authorization(cluster, blame, module_label, gateway, oidc_provider):
+    """Add oidc identity to defaults block of AuthPolicy"""
+    authorization = AuthPolicy.create_instance(
+        cluster, blame("authz"), gateway, labels={"testRun": module_label}, section_name="api"
+    )
+    authorization.defaults.identity.add_oidc("default", oidc_provider.well_known["issuer"])
+    return authorization
+
+
+@pytest.fixture(scope="module")
+def auth(oidc_provider):
+    """Returns Authentication object for HTTPX"""
+    return HttpxOidcClientAuth(oidc_provider.get_token, "authorization")
+
+
+@pytest.fixture(scope="module")
+def rate_limit(cluster, blame, module_label, gateway):
+    """Add a RateLimitPolicy targeting Gateway Listener."""
+    rate_limit = RateLimitPolicy.create_instance(
+        cluster, blame("limit"), gateway, "api", labels={"testRun": module_label}
+    )
+    rate_limit.defaults.add_limit("basic", [LIMIT])
+    return rate_limit
+
+
+def test_basic_listener(client, auth):
+    """Test the defaults policies are correctly applied to the Gateway's Listener."""
+    assert client.get("/get").status_code == 401
+
+    responses = client.get_many("/get", LIMIT.limit - 1, auth=auth)
+    assert all(
+        r.status_code == 200 for r in responses
+    ), f"Rate Limited resource unexpectedly rejected requests {responses}"
+    assert client.get("/get", auth=auth).status_code == 429

testsuite/tests/singlecluster/defaults/section/test_basic_route_rule.py

@@ -0,0 +1,48 @@
+"""Test enforcement of policies with defaults targeting a specific HTTPRouteRule"""
+
+import pytest
+
+from testsuite.httpx.auth import HttpxOidcClientAuth
+from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy
+from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit
+
+pytestmark = [pytest.mark.kuadrant_only]
+
+LIMIT = Limit(10, "10s")
+
+
+@pytest.fixture(scope="module")
+def authorization(cluster, blame, module_label, route, oidc_provider):
+    """Add oidc identity targeting the first HTTPRouteRule"""
+    authorization = AuthPolicy.create_instance(
+        cluster, blame("authz"), route, labels={"testRun": module_label}, section_name="rule-1"
+    )
+    authorization.defaults.identity.add_oidc("default", oidc_provider.well_known["issuer"])
+    return authorization
+
+
+@pytest.fixture(scope="module")
+def auth(oidc_provider):
+    """Returns Authentication object for HTTPX"""
+    return HttpxOidcClientAuth(oidc_provider.get_token, "authorization")
+
+
+@pytest.fixture(scope="module")
+def rate_limit(cluster, blame, module_label, route):
+    """Add a RateLimitPolicy targeting the first HTTPRouteRule."""
+    rate_limit = RateLimitPolicy.create_instance(
+        cluster, blame("limit"), route, "rule-1", labels={"testRun": module_label}
+    )
+    rate_limit.defaults.add_limit("basic", [LIMIT])
+    return rate_limit
+
+
+def test_basic_authorization(client, auth):
+    """Test the defaults policies are correctly applied to the HTTPRouteRule."""
+    assert client.get("/get").status_code == 401
+
+    responses = client.get_many("/get", LIMIT.limit - 1, auth=auth)
+    assert all(
+        r.status_code == 200 for r in responses
+    ), f"Rate Limited resource unexpectedly rejected requests {responses}"
+    assert client.get("/get", auth=auth).status_code == 429

testsuite/tests/singlecluster/overrides/section/conftest.py

@@ -0,0 +1,12 @@
+"""Conftest for overrides section_name targeting tests."""
+
+import pytest
+
+
+@pytest.fixture(scope="module", autouse=True)
+def commit(request, route, rate_limit, override_rate_limit):  # pylint: disable=unused-argument
+    """Commits RateLimitPolicy after the HTTPRoute is created"""
+    for policy in [rate_limit, override_rate_limit]:
+        request.addfinalizer(policy.delete)
+        policy.commit()
+        policy.wait_for_ready()

testsuite/tests/singlecluster/overrides/section/test_listener_multiple.py

@@ -0,0 +1,39 @@
+"""Test override overriding another policy aimed at the same Gateway Listener."""
+
+import pytest
+
+from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit
+
+pytestmark = [pytest.mark.kuadrant_only]
+
+LIMIT = Limit(8, "5s")
+OVERRIDE_LIMIT = Limit(6, "5s")
+
+
+@pytest.fixture(scope="module")
+def rate_limit(cluster, blame, module_label, gateway):
+    """Add a RateLimitPolicy targeting the first HTTPRouteRule."""
+    rate_limit = RateLimitPolicy.create_instance(
+        cluster, blame("limit"), gateway, "api", labels={"testRun": module_label}
+    )
+    rate_limit.defaults.add_limit("basic", [LIMIT])
+    return rate_limit
+
+
+@pytest.fixture(scope="module")
+def override_rate_limit(cluster, blame, module_label, gateway):
+    """Add a RateLimitPolicy targeting the first HTTPRouteRule."""
+    override_rate_limit = RateLimitPolicy.create_instance(
+        cluster, blame("limit"), gateway, "api", labels={"testRun": module_label}
+    )
+    override_rate_limit.overrides.add_limit("override", [OVERRIDE_LIMIT])
+    return override_rate_limit
+
+
+def test_multiple_policies_listener_override(client):
+    """Test RateLimitPolicy with an override overriding a default policy targeting the same Gateway Listener"""
+    responses = client.get_many("/get", OVERRIDE_LIMIT.limit)
+    assert all(
+        r.status_code == 200 for r in responses
+    ), f"Rate Limited resource unexpectedly rejected requests {responses}"
+    assert client.get("/get").status_code == 429

testsuite/tests/singlecluster/overrides/section/test_rule_multiple.py

@@ -0,0 +1,39 @@
+"""Test override overriding another policy aimed at the same Gateway Listener."""
+
+import pytest
+
+from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit
+
+pytestmark = [pytest.mark.kuadrant_only]
+
+LIMIT = Limit(8, "5s")
+OVERRIDE_LIMIT = Limit(6, "5s")
+
+
+@pytest.fixture(scope="module")
+def rate_limit(cluster, blame, module_label, route):
+    """Add a RateLimitPolicy targeting the first HTTPRouteRule."""
+    rate_limit = RateLimitPolicy.create_instance(
+        cluster, blame("limit"), route, "rule-1", labels={"testRun": module_label}
+    )
+    rate_limit.defaults.add_limit("basic", [LIMIT])
+    return rate_limit
+
+
+@pytest.fixture(scope="module")
+def override_rate_limit(cluster, blame, module_label, route):
+    """Add a RateLimitPolicy targeting the first HTTPRouteRule."""
+    override_rate_limit = RateLimitPolicy.create_instance(
+        cluster, blame("limit"), route, "rule-1", labels={"testRun": module_label}
+    )
+    override_rate_limit.overrides.add_limit("override", [OVERRIDE_LIMIT])
+    return override_rate_limit
+
+
+def test_multiple_policies_rule_override(client):
+    """Test RateLimitPolicy with an override overriding a default policy targeting the same HTTPRouteRule"""
+    responses = client.get_many("/get", OVERRIDE_LIMIT.limit)
+    assert all(
+        r.status_code == 200 for r in responses
+    ), f"Rate Limited resource unexpectedly rejected requests {responses}"
+    assert client.get("/get").status_code == 429

testsuite/tests/singlecluster/overrides/test_gateway_multiple.py

@@ -0,0 +1,46 @@
+"""Test override overriding another policy aimed at the same Gateway."""
+
+import pytest
+
+from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit
+
+pytestmark = [pytest.mark.kuadrant_only]
+
+LIMIT = Limit(10, "10s")
+OVERRIDE_LIMIT = Limit(5, "10s")
+
+
+@pytest.fixture(scope="module")
+def rate_limit(cluster, blame, module_label, gateway):
+    """Add a RateLimitPolicy with a default limit targeting the Gateway."""
+    rate_limit = RateLimitPolicy.create_instance(cluster, blame("limit"), gateway, labels={"testRun": module_label})
+    rate_limit.defaults.add_limit("basic", [LIMIT])
+    return rate_limit
+
+
+@pytest.fixture(scope="module")
+def override_rate_limit(cluster, blame, module_label, gateway):
+    """Add a RateLimitPolicy with an overrride targeting the Gateway."""
+    override_rate_limit = RateLimitPolicy.create_instance(
+        cluster, blame("limit"), gateway, labels={"testRun": module_label}
+    )
+    override_rate_limit.overrides.add_limit("override", [OVERRIDE_LIMIT])
+    return override_rate_limit
+
+
+@pytest.fixture(scope="module", autouse=True)
+def commit(request, route, rate_limit, override_rate_limit):  # pylint: disable=unused-argument
+    """Commits RateLimitPolicies after the HTTPRoute is created and checks correct status"""
+    for policy in [rate_limit, override_rate_limit]:
+        request.addfinalizer(policy.delete)
+        policy.commit()
+        policy.wait_for_ready()
+
+
+def test_multiple_policies_gateway_override(client):
+    """Test RateLimitPolicy with an override overriding a default policy targeting the same Gateway."""
+    responses = client.get_many("/get", OVERRIDE_LIMIT.limit)
+    assert all(
+        r.status_code == 200 for r in responses
+    ), f"Rate Limited resource unexpectedly rejected requests {responses}"
+    assert client.get("/get").status_code == 429

testsuite/tests/singlecluster/overrides/test_route_multiple.py

@@ -0,0 +1,46 @@
+"""Test override overriding another policy targeting the same HTTPRoute."""
+
+import pytest
+
+from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit
+
+pytestmark = [pytest.mark.kuadrant_only]
+
+LIMIT = Limit(10, "10s")
+OVERRIDE_LIMIT = Limit(5, "10s")
+
+
+@pytest.fixture(scope="module")
+def rate_limit(cluster, blame, module_label, route):
+    """Add a RateLimitPolicy targeting the first HTTPRouteRule."""
+    rate_limit = RateLimitPolicy.create_instance(cluster, blame("limit"), route, labels={"testRun": module_label})
+    rate_limit.defaults.add_limit("basic", [LIMIT])
+    return rate_limit
+
+
+@pytest.fixture(scope="module")
+def override_rate_limit(cluster, blame, module_label, route):
+    """Add a RateLimitPolicy targeting the first HTTPRouteRule."""
+    override_rate_limit = RateLimitPolicy.create_instance(
+        cluster, blame("limit"), route, labels={"testRun": module_label}
+    )
+    override_rate_limit.overrides.add_limit("override", [OVERRIDE_LIMIT])
+    return override_rate_limit
+
+
+@pytest.fixture(scope="module", autouse=True)
+def commit(request, rate_limit, override_rate_limit):  # pylint: disable=unused-argument
+    """Commits RateLimitPolicy after the HTTPRoute is created"""
+    for policy in [rate_limit, override_rate_limit]:
+        request.addfinalizer(policy.delete)
+        policy.commit()
+        policy.wait_for_ready()
+
+
+def test_multiple_policies_route_override(client):
+    """Test RateLimitPolicy with an override overriding a default policy targeting the same HTTPRoute"""
+    responses = client.get_many("/get", OVERRIDE_LIMIT.limit)
+    assert all(
+        r.status_code == 200 for r in responses
+    ), f"Rate Limited resource unexpectedly rejected requests {responses}"
+    assert client.get("/get").status_code == 429