diff --git a/testsuite/tests/singlecluster/defaults/section/__init__.py b/testsuite/tests/singlecluster/defaults/section/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/testsuite/tests/singlecluster/defaults/section/conftest.py b/testsuite/tests/singlecluster/defaults/section/conftest.py new file mode 100644 index 00000000..08914737 --- /dev/null +++ b/testsuite/tests/singlecluster/defaults/section/conftest.py @@ -0,0 +1,12 @@ +"""Conftest for RLP section_name targeting tests""" + +import pytest + + +@pytest.fixture(scope="module", autouse=True) +def commit(request, route, rate_limit, authorization): # pylint: disable=unused-argument + """Commits RateLimitPolicy after the HTTPRoute is created""" + for policy in [authorization, rate_limit]: + request.addfinalizer(policy.delete) + policy.commit() + policy.wait_for_ready() diff --git a/testsuite/tests/singlecluster/defaults/section/test_basic_listener.py b/testsuite/tests/singlecluster/defaults/section/test_basic_listener.py new file mode 100644 index 00000000..2e8b4ed6 --- /dev/null +++ b/testsuite/tests/singlecluster/defaults/section/test_basic_listener.py @@ -0,0 +1,48 @@ +"""Test enforcement of policies with defaults targeting a Gateway Listener""" + +import pytest + +from testsuite.httpx.auth import HttpxOidcClientAuth +from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy +from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit + +pytestmark = [pytest.mark.kuadrant_only] + +LIMIT = Limit(10, "10s") + + +@pytest.fixture(scope="module") +def authorization(cluster, blame, module_label, gateway, oidc_provider): + """Add oidc identity to defaults block of AuthPolicy""" + authorization = AuthPolicy.create_instance( + cluster, blame("authz"), gateway, labels={"testRun": module_label}, section_name="api" + ) + authorization.defaults.identity.add_oidc("default", oidc_provider.well_known["issuer"]) + return authorization + + +@pytest.fixture(scope="module") +def auth(oidc_provider): + """Returns Authentication object for HTTPX""" + return HttpxOidcClientAuth(oidc_provider.get_token, "authorization") + + +@pytest.fixture(scope="module") +def rate_limit(cluster, blame, module_label, gateway): + """Add a RateLimitPolicy targeting Gateway Listener.""" + rate_limit = RateLimitPolicy.create_instance( + cluster, blame("limit"), gateway, "api", labels={"testRun": module_label} + ) + rate_limit.defaults.add_limit("basic", [LIMIT]) + return rate_limit + + +def test_basic_listener(client, auth): + """Test the defaults policies are correctly applied to the Gateway's Listener.""" + assert client.get("/get").status_code == 401 + + responses = client.get_many("/get", LIMIT.limit - 1, auth=auth) + assert all( + r.status_code == 200 for r in responses + ), f"Rate Limited resource unexpectedly rejected requests {responses}" + assert client.get("/get", auth=auth).status_code == 429 diff --git a/testsuite/tests/singlecluster/defaults/section/test_basic_route_rule.py b/testsuite/tests/singlecluster/defaults/section/test_basic_route_rule.py new file mode 100644 index 00000000..9c2104f7 --- /dev/null +++ b/testsuite/tests/singlecluster/defaults/section/test_basic_route_rule.py @@ -0,0 +1,48 @@ +"""Test enforcement of policies with defaults targeting a specific HTTPRouteRule""" + +import pytest + +from testsuite.httpx.auth import HttpxOidcClientAuth +from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy +from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit + +pytestmark = [pytest.mark.kuadrant_only] + +LIMIT = Limit(10, "10s") + + +@pytest.fixture(scope="module") +def authorization(cluster, blame, module_label, route, oidc_provider): + """Add oidc identity targeting the first HTTPRouteRule""" + authorization = AuthPolicy.create_instance( + cluster, blame("authz"), route, labels={"testRun": module_label}, section_name="rule-1" + ) + authorization.defaults.identity.add_oidc("default", oidc_provider.well_known["issuer"]) + return authorization + + +@pytest.fixture(scope="module") +def auth(oidc_provider): + """Returns Authentication object for HTTPX""" + return HttpxOidcClientAuth(oidc_provider.get_token, "authorization") + + +@pytest.fixture(scope="module") +def rate_limit(cluster, blame, module_label, route): + """Add a RateLimitPolicy targeting the first HTTPRouteRule.""" + rate_limit = RateLimitPolicy.create_instance( + cluster, blame("limit"), route, "rule-1", labels={"testRun": module_label} + ) + rate_limit.defaults.add_limit("basic", [LIMIT]) + return rate_limit + + +def test_basic_authorization(client, auth): + """Test the defaults policies are correctly applied to the HTTPRouteRule.""" + assert client.get("/get").status_code == 401 + + responses = client.get_many("/get", LIMIT.limit - 1, auth=auth) + assert all( + r.status_code == 200 for r in responses + ), f"Rate Limited resource unexpectedly rejected requests {responses}" + assert client.get("/get", auth=auth).status_code == 429 diff --git a/testsuite/tests/singlecluster/overrides/section/__init__.py b/testsuite/tests/singlecluster/overrides/section/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/testsuite/tests/singlecluster/overrides/section/conftest.py b/testsuite/tests/singlecluster/overrides/section/conftest.py new file mode 100644 index 00000000..cce94b60 --- /dev/null +++ b/testsuite/tests/singlecluster/overrides/section/conftest.py @@ -0,0 +1,12 @@ +"""Conftest for overrides section_name targeting tests.""" + +import pytest + + +@pytest.fixture(scope="module", autouse=True) +def commit(request, route, rate_limit, override_rate_limit): # pylint: disable=unused-argument + """Commits RateLimitPolicy after the HTTPRoute is created""" + for policy in [rate_limit, override_rate_limit]: + request.addfinalizer(policy.delete) + policy.commit() + policy.wait_for_ready() diff --git a/testsuite/tests/singlecluster/overrides/section/test_listener_multiple.py b/testsuite/tests/singlecluster/overrides/section/test_listener_multiple.py new file mode 100644 index 00000000..0508fca0 --- /dev/null +++ b/testsuite/tests/singlecluster/overrides/section/test_listener_multiple.py @@ -0,0 +1,39 @@ +"""Test override overriding another policy aimed at the same Gateway Listener.""" + +import pytest + +from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit + +pytestmark = [pytest.mark.kuadrant_only] + +LIMIT = Limit(8, "5s") +OVERRIDE_LIMIT = Limit(6, "5s") + + +@pytest.fixture(scope="module") +def rate_limit(cluster, blame, module_label, gateway): + """Add a RateLimitPolicy targeting the first HTTPRouteRule.""" + rate_limit = RateLimitPolicy.create_instance( + cluster, blame("limit"), gateway, "api", labels={"testRun": module_label} + ) + rate_limit.defaults.add_limit("basic", [LIMIT]) + return rate_limit + + +@pytest.fixture(scope="module") +def override_rate_limit(cluster, blame, module_label, gateway): + """Add a RateLimitPolicy targeting the first HTTPRouteRule.""" + override_rate_limit = RateLimitPolicy.create_instance( + cluster, blame("limit"), gateway, "api", labels={"testRun": module_label} + ) + override_rate_limit.overrides.add_limit("override", [OVERRIDE_LIMIT]) + return override_rate_limit + + +def test_multiple_policies_listener_override(client): + """Test RateLimitPolicy with an override overriding a default policy targeting the same Gateway Listener""" + responses = client.get_many("/get", OVERRIDE_LIMIT.limit) + assert all( + r.status_code == 200 for r in responses + ), f"Rate Limited resource unexpectedly rejected requests {responses}" + assert client.get("/get").status_code == 429 diff --git a/testsuite/tests/singlecluster/overrides/section/test_rule_multiple.py b/testsuite/tests/singlecluster/overrides/section/test_rule_multiple.py new file mode 100644 index 00000000..c7e9349e --- /dev/null +++ b/testsuite/tests/singlecluster/overrides/section/test_rule_multiple.py @@ -0,0 +1,39 @@ +"""Test override overriding another policy aimed at the same Gateway Listener.""" + +import pytest + +from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit + +pytestmark = [pytest.mark.kuadrant_only] + +LIMIT = Limit(8, "5s") +OVERRIDE_LIMIT = Limit(6, "5s") + + +@pytest.fixture(scope="module") +def rate_limit(cluster, blame, module_label, route): + """Add a RateLimitPolicy targeting the first HTTPRouteRule.""" + rate_limit = RateLimitPolicy.create_instance( + cluster, blame("limit"), route, "rule-1", labels={"testRun": module_label} + ) + rate_limit.defaults.add_limit("basic", [LIMIT]) + return rate_limit + + +@pytest.fixture(scope="module") +def override_rate_limit(cluster, blame, module_label, route): + """Add a RateLimitPolicy targeting the first HTTPRouteRule.""" + override_rate_limit = RateLimitPolicy.create_instance( + cluster, blame("limit"), route, "rule-1", labels={"testRun": module_label} + ) + override_rate_limit.overrides.add_limit("override", [OVERRIDE_LIMIT]) + return override_rate_limit + + +def test_multiple_policies_rule_override(client): + """Test RateLimitPolicy with an override overriding a default policy targeting the same HTTPRouteRule""" + responses = client.get_many("/get", OVERRIDE_LIMIT.limit) + assert all( + r.status_code == 200 for r in responses + ), f"Rate Limited resource unexpectedly rejected requests {responses}" + assert client.get("/get").status_code == 429 diff --git a/testsuite/tests/singlecluster/overrides/test_gateway_multiple.py b/testsuite/tests/singlecluster/overrides/test_gateway_multiple.py new file mode 100644 index 00000000..fc4a3833 --- /dev/null +++ b/testsuite/tests/singlecluster/overrides/test_gateway_multiple.py @@ -0,0 +1,46 @@ +"""Test override overriding another policy aimed at the same Gateway.""" + +import pytest + +from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit + +pytestmark = [pytest.mark.kuadrant_only] + +LIMIT = Limit(10, "10s") +OVERRIDE_LIMIT = Limit(5, "10s") + + +@pytest.fixture(scope="module") +def rate_limit(cluster, blame, module_label, gateway): + """Add a RateLimitPolicy with a default limit targeting the Gateway.""" + rate_limit = RateLimitPolicy.create_instance(cluster, blame("limit"), gateway, labels={"testRun": module_label}) + rate_limit.defaults.add_limit("basic", [LIMIT]) + return rate_limit + + +@pytest.fixture(scope="module") +def override_rate_limit(cluster, blame, module_label, gateway): + """Add a RateLimitPolicy with an overrride targeting the Gateway.""" + override_rate_limit = RateLimitPolicy.create_instance( + cluster, blame("limit"), gateway, labels={"testRun": module_label} + ) + override_rate_limit.overrides.add_limit("override", [OVERRIDE_LIMIT]) + return override_rate_limit + + +@pytest.fixture(scope="module", autouse=True) +def commit(request, route, rate_limit, override_rate_limit): # pylint: disable=unused-argument + """Commits RateLimitPolicies after the HTTPRoute is created and checks correct status""" + for policy in [rate_limit, override_rate_limit]: + request.addfinalizer(policy.delete) + policy.commit() + policy.wait_for_ready() + + +def test_multiple_policies_gateway_override(client): + """Test RateLimitPolicy with an override overriding a default policy targeting the same Gateway.""" + responses = client.get_many("/get", OVERRIDE_LIMIT.limit) + assert all( + r.status_code == 200 for r in responses + ), f"Rate Limited resource unexpectedly rejected requests {responses}" + assert client.get("/get").status_code == 429 diff --git a/testsuite/tests/singlecluster/overrides/test_route_multiple.py b/testsuite/tests/singlecluster/overrides/test_route_multiple.py new file mode 100644 index 00000000..ff163065 --- /dev/null +++ b/testsuite/tests/singlecluster/overrides/test_route_multiple.py @@ -0,0 +1,46 @@ +"""Test override overriding another policy targeting the same HTTPRoute.""" + +import pytest + +from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit + +pytestmark = [pytest.mark.kuadrant_only] + +LIMIT = Limit(10, "10s") +OVERRIDE_LIMIT = Limit(5, "10s") + + +@pytest.fixture(scope="module") +def rate_limit(cluster, blame, module_label, route): + """Add a RateLimitPolicy targeting the first HTTPRouteRule.""" + rate_limit = RateLimitPolicy.create_instance(cluster, blame("limit"), route, labels={"testRun": module_label}) + rate_limit.defaults.add_limit("basic", [LIMIT]) + return rate_limit + + +@pytest.fixture(scope="module") +def override_rate_limit(cluster, blame, module_label, route): + """Add a RateLimitPolicy targeting the first HTTPRouteRule.""" + override_rate_limit = RateLimitPolicy.create_instance( + cluster, blame("limit"), route, labels={"testRun": module_label} + ) + override_rate_limit.overrides.add_limit("override", [OVERRIDE_LIMIT]) + return override_rate_limit + + +@pytest.fixture(scope="module", autouse=True) +def commit(request, rate_limit, override_rate_limit): # pylint: disable=unused-argument + """Commits RateLimitPolicy after the HTTPRoute is created""" + for policy in [rate_limit, override_rate_limit]: + request.addfinalizer(policy.delete) + policy.commit() + policy.wait_for_ready() + + +def test_multiple_policies_route_override(client): + """Test RateLimitPolicy with an override overriding a default policy targeting the same HTTPRoute""" + responses = client.get_many("/get", OVERRIDE_LIMIT.limit) + assert all( + r.status_code == 200 for r in responses + ), f"Rate Limited resource unexpectedly rejected requests {responses}" + assert client.get("/get").status_code == 429