def jwt_auth_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> JWTAuthMergeableSetup:
tokens = {"master": get_token_from_file("master"), "minion": get_token_from_file("minion")}
master_secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace,
f"{TEST_DATA}/jwt-auth-mergeable/jwt-master-secret.yaml")
minion_secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace,
f"{TEST_DATA}/jwt-auth-mergeable/jwt-minion-secret.yaml")
print("------------------------- Deploy JWT Auth Mergeable Minions Example -----------------------------------")
create_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml", test_namespace)
ingress_host = get_ingress_host_from_yaml(f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml")
common_app = create_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
wait_before_test(2)
def fin():
print("Delete Master Secret:")
if is_secret_present(kube_apis.v1, master_secret_name, test_namespace):
delete_secret(kube_apis.v1, master_secret_name, test_namespace)
print("Delete Minion Secret:")
if is_secret_present(kube_apis.v1, minion_secret_name, test_namespace):
delete_secret(kube_apis.v1, minion_secret_name, test_namespace)
print("Clean up the JWT Auth Mergeable Minions Application:")
delete_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, common_app, test_namespace)
delete_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return JWTAuthMergeableSetup(ingress_controller_endpoint, ingress_host, master_secret_name, minion_secret_name, tokens)
def hsts_setup(request, kube_apis, ingress_controller_prerequisites,
ingress_controller_endpoint, ingress_controller,
test_namespace) -> HSTSSetup:
print(
"------------------------- Deploy HSTS-Example -----------------------------------"
)
create_items_from_yaml(
kube_apis, f"{TEST_DATA}/hsts/{request.param}/hsts-ingress.yaml",
test_namespace)
ingress_name = get_name_from_yaml(
f"{TEST_DATA}/hsts/{request.param}/hsts-ingress.yaml")
ingress_host = get_first_ingress_host_from_yaml(
f"{TEST_DATA}/hsts/{request.param}/hsts-ingress.yaml")
create_example_app(kube_apis, "simple", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
req_https_url = f"https://{ingress_controller_endpoint.public_ip}:" \
f"{ingress_controller_endpoint.port_ssl}/backend1"
ensure_response_from_backend(req_https_url, ingress_host)
def fin():
print("Clean up HSTS Example:")
delete_common_app(kube_apis, "simple", test_namespace)
delete_items_from_yaml(
kube_apis, f"{TEST_DATA}/hsts/{request.param}/hsts-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return HSTSSetup(ingress_controller_endpoint,
f"{TEST_DATA}/hsts/{request.param}/hsts-ingress.yaml",
ingress_name, ingress_host, test_namespace)
def wildcard_tls_secret_ingress_controller(cli_arguments, kube_apis, ingress_controller_prerequisites,
wildcard_tls_secret_setup, request) -> IngressControllerWithSecret:
"""
Create a Wildcard Ingress Controller according to the installation type
:param cli_arguments: pytest context
:param kube_apis: client apis
:param ingress_controller_prerequisites
:param wildcard_tls_secret_setup: test-class prerequisites
:param request: pytest fixture
:return: IngressController object
"""
namespace = ingress_controller_prerequisites.namespace
print("------------------------- Create IC and wildcard secret -----------------------------------")
secret_name = create_secret_from_yaml(kube_apis.v1, namespace,
f"{TEST_DATA}/wildcard-tls-secret/wildcard-tls-secret.yaml")
extra_args = [f"-wildcard-tls-secret={namespace}/{secret_name}"]
name = create_ingress_controller(kube_apis.v1, kube_apis.extensions_v1_beta1, cli_arguments, namespace, extra_args)
ensure_connection_to_public_endpoint(wildcard_tls_secret_setup.public_endpoint.public_ip,
wildcard_tls_secret_setup.public_endpoint.port,
wildcard_tls_secret_setup.public_endpoint.port_ssl)
def fin():
print("Remove IC and wildcard secret:")
delete_ingress_controller(kube_apis.extensions_v1_beta1, name, cli_arguments['deployment-type'], namespace)
if is_secret_present(kube_apis.v1, secret_name, namespace):
delete_secret(kube_apis.v1, secret_name, namespace)
request.addfinalizer(fin)
return IngressControllerWithSecret(secret_name)
def tls_setup(request, kube_apis, ingress_controller_prerequisites,
ingress_controller_endpoint, ingress_controller,
test_namespace) -> TLSSetup:
print(
"------------------------- Deploy TLS setup -----------------------------------"
)
test_data_path = f"{TEST_DATA}/tls"
ingress_path = f"{test_data_path}/{request.param}/ingress.yaml"
create_ingress_from_yaml(kube_apis.networking_v1, test_namespace,
ingress_path)
wait_before_test(1)
ingress_host = get_first_ingress_host_from_yaml(ingress_path)
secret_name = get_name_from_yaml(f"{test_data_path}/tls-secret.yaml")
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
def fin():
print("Clean up TLS setup")
delete_items_from_yaml(kube_apis, ingress_path, test_namespace)
if is_secret_present(kube_apis.v1, secret_name, test_namespace):
delete_secret(kube_apis.v1, secret_name, test_namespace)
request.addfinalizer(fin)
return TLSSetup(ingress_host, secret_name,
f"{test_data_path}/tls-secret.yaml",
f"{test_data_path}/new-tls-secret.yaml",
f"{test_data_path}/invalid-tls-secret.yaml")
def external_name_setup(request, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, ingress_controller, test_namespace) -> ExternalNameSetup:
print("------------------------- Deploy External-Name-Example -----------------------------------")
ingress_name = create_ingress_from_yaml(kube_apis.extensions_v1_beta1, test_namespace,
f"{TEST_DATA}/externalname-services/externalname-ingress.yaml")
ingress_host = get_ingress_host_from_yaml(f"{TEST_DATA}/externalname-services/externalname-ingress.yaml")
external_host = get_external_host_from_yaml(f"{TEST_DATA}/externalname-services/externalname-svc.yaml")
config_map_name = ingress_controller_prerequisites.config_map["metadata"]["name"]
replace_configmap_from_yaml(kube_apis.v1, config_map_name,
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/externalname-services/nginx-config.yaml")
svc_name = create_service_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/externalname-services/externalname-svc.yaml")
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
def fin():
print("Clean up External-Name-Example:")
replace_configmap(kube_apis.v1, config_map_name, ingress_controller_prerequisites.namespace, ingress_controller_prerequisites.config_map)
delete_ingress(kube_apis.extensions_v1_beta1, ingress_name, test_namespace)
delete_service(kube_apis.v1, svc_name, test_namespace)
request.addfinalizer(fin)
return ExternalNameSetup(ingress_controller_endpoint, ingress_name, ingress_host, ic_pod_name, svc_name, external_host, test_namespace)
def test_response_codes_117_plus(
self,
ingress_controller,
backend_setup,
expected_responses,
ingress_controller_prerequisites,
ingress_controller_endpoint,
):
"""
Checks for ingressClass behaviour
"""
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl,
)
for item in ingresses_under_test:
ensure_response_from_backend(backend_setup.req_url,
backend_setup.ingress_hosts[item])
resp = requests.get(
backend_setup.req_url,
headers={"host": backend_setup.ingress_hosts[item]})
assert (
resp.status_code == expected_responses[item]
), f"Expected: {expected_responses[item]} response code for {backend_setup.ingress_hosts[item]}"
def backend_setup(request, kube_apis, ingress_controller_endpoint, test_namespace) -> BackendSetup:
"""
Deploy simple application and all the Ingress resources under test in one namespace.
:param request: pytest fixture
:param kube_apis: client apis
:param ingress_controller_endpoint: public endpoint
:param test_namespace:
:return: BackendSetup
"""
print("------------------------- Deploy the backend -----------------------------------")
create_example_app(kube_apis, "simple", test_namespace)
req_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port}/backend1"
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
print("------------------------- Deploy ingresses under test -----------------------------------")
ingress_hosts = {}
for item in ingresses_under_test:
src_ing_yaml = f"{TEST_DATA}/ingress-class/{item}-ingress.yaml"
create_items_from_yaml(kube_apis, src_ing_yaml, test_namespace)
ingress_hosts[item] = get_first_ingress_host_from_yaml(src_ing_yaml)
wait_before_test(2)
def fin():
print("Clean up:")
delete_common_app(kube_apis, "simple", test_namespace)
for item in ingresses_under_test:
src_ing_yaml = f"{TEST_DATA}/ingress-class/{item}-ingress.yaml"
delete_items_from_yaml(kube_apis, src_ing_yaml, test_namespace)
request.addfinalizer(fin)
return BackendSetup(req_url, ingress_hosts)
def jwt_auth_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> JWTAuthMergeableSetup:
tokens = {"master": get_token_from_file("master"), "minion": get_token_from_file("minion")}
master_secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace,
f"{TEST_DATA}/jwt-auth-mergeable/jwt-master-secret.yaml")
minion_secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace,
f"{TEST_DATA}/jwt-auth-mergeable/jwt-minion-secret.yaml")
print("------------------------- Deploy JWT Auth Mergeable Minions Example -----------------------------------")
create_items_from_yaml(kube_apis, f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml", test_namespace)
ingress_host = get_first_ingress_host_from_yaml(f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml")
create_example_app(kube_apis, "simple", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
wait_before_test(2)
def fin():
print("Delete Master Secret:")
if is_secret_present(kube_apis.v1, master_secret_name, test_namespace):
delete_secret(kube_apis.v1, master_secret_name, test_namespace)
print("Delete Minion Secret:")
if is_secret_present(kube_apis.v1, minion_secret_name, test_namespace):
delete_secret(kube_apis.v1, minion_secret_name, test_namespace)
print("Clean up the JWT Auth Mergeable Minions Application:")
delete_common_app(kube_apis, "simple", test_namespace)
delete_items_from_yaml(kube_apis, f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return JWTAuthMergeableSetup(ingress_controller_endpoint, ingress_host, master_secret_name, minion_secret_name, tokens)
def auth_basic_secrets_setup(request, kube_apis, ingress_controller_endpoint,
ingress_controller,
test_namespace) -> AuthBasicSecretsSetup:
with open(f"{TEST_DATA}/auth-basic-secrets/credentials/credentials.txt",
"r") as credentials_file:
credentials = credentials_file.read().replace('\n', '')
print(
"------------------------- Deploy Auth Basic Secrets Example -----------------------------------"
)
create_items_from_yaml(
kube_apis,
f"{TEST_DATA}/auth-basic-secrets/{request.param}/auth-basic-secrets-ingress.yaml",
test_namespace)
ingress_host = get_first_ingress_host_from_yaml(
f"{TEST_DATA}/auth-basic-secrets/{request.param}/auth-basic-secrets-ingress.yaml"
)
create_example_app(kube_apis, "simple", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
def fin():
print("Clean up the Auth Basic Secrets Application:")
delete_common_app(kube_apis, "simple", test_namespace)
delete_items_from_yaml(
kube_apis,
f"{TEST_DATA}/auth-basic-secrets/{request.param}/auth-basic-secrets-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return AuthBasicSecretsSetup(ingress_controller_endpoint, ingress_host,
credentials)
def smoke_setup(request, kube_apis, ingress_controller_endpoint,
ingress_controller, test_namespace) -> SmokeSetup:
print(
"------------------------- Deploy Smoke Example -----------------------------------"
)
secret_name = create_secret_from_yaml(
kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml")
create_items_from_yaml(
kube_apis, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml",
test_namespace)
ingress_host = get_first_ingress_host_from_yaml(
f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml")
common_app = create_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1,
test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
def fin():
print("Clean up the Smoke Application:")
delete_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1,
common_app, test_namespace)
delete_items_from_yaml(
kube_apis, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml",
test_namespace)
delete_secret(kube_apis.v1, secret_name, test_namespace)
request.addfinalizer(fin)
return SmokeSetup(ingress_controller_endpoint, ingress_host)
def smoke_setup(request, kube_apis, ingress_controller_endpoint,
ingress_controller, test_namespace) -> SmokeSetup:
print(
"------------------------- Deploy Smoke Example -----------------------------------"
)
secret_name = create_secret_from_yaml(
kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml")
create_items_from_yaml(
kube_apis, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml",
test_namespace)
ingress_host = get_first_ingress_host_from_yaml(
f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml")
create_example_app(kube_apis, "simple", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl,
)
def fin():
print("Clean up the Smoke Application:")
delete_common_app(kube_apis, "simple", test_namespace)
delete_items_from_yaml(
kube_apis, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml",
test_namespace)
delete_secret(kube_apis.v1, secret_name, test_namespace)
write_to_json(f"reload-{get_test_file_name(request.node.fspath)}.json",
reload_times)
request.addfinalizer(fin)
return SmokeSetup(ingress_controller_endpoint, ingress_host)
def ingress_setup(request, kube_apis, ingress_controller_endpoint,
test_namespace) -> IngressSetup:
print(
"------------------------- Deploy Ingress Example -----------------------------------"
)
secret_name = create_secret_from_yaml(
kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml")
create_items_from_yaml(kube_apis,
f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml",
test_namespace)
ingress_host = get_first_ingress_host_from_yaml(
f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml")
create_example_app(kube_apis, "simple", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl,
)
req_url = f"https://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port_ssl}/backend1"
def fin():
print("Clean up simple app")
delete_common_app(kube_apis, "simple", test_namespace)
delete_items_from_yaml(
kube_apis, f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml",
test_namespace)
delete_secret(kube_apis.v1, secret_name, test_namespace)
request.addfinalizer(fin)
return IngressSetup(req_url, ingress_host)
def vs_externalname_setup(request,
kube_apis,
ingress_controller_prerequisites,
virtual_server_setup) -> ExternalNameSetup:
print("------------------------- Deploy External-Backend -----------------------------------")
external_ns = create_namespace_with_name_from_yaml(kube_apis.v1, "external-ns", f"{TEST_DATA}/common/ns.yaml")
external_svc_name = create_service_with_name(kube_apis.v1, external_ns, "external-backend-svc")
create_deployment_with_name(kube_apis.apps_v1_api, external_ns, "external-backend")
print("------------------------- Prepare ExternalName Setup -----------------------------------")
external_svc_src = f"{TEST_DATA}/virtual-server-externalname/externalname-svc.yaml"
external_svc_host = f"{external_svc_name}.{external_ns}.svc.cluster.local"
config_map_name = ingress_controller_prerequisites.config_map["metadata"]["name"]
replace_configmap_from_yaml(kube_apis.v1, config_map_name,
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/virtual-server-externalname/nginx-config.yaml")
external_svc = create_service_from_yaml(kube_apis.v1, virtual_server_setup.namespace, external_svc_src)
wait_before_test(2)
ensure_connection_to_public_endpoint(virtual_server_setup.public_endpoint.public_ip,
virtual_server_setup.public_endpoint.port,
virtual_server_setup.public_endpoint.port_ssl)
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
ensure_response_from_backend(virtual_server_setup.backend_1_url, virtual_server_setup.vs_host)
def fin():
print("Clean up ExternalName Setup:")
delete_namespace(kube_apis.v1, external_ns)
replace_configmap(kube_apis.v1, config_map_name,
ingress_controller_prerequisites.namespace,
ingress_controller_prerequisites.config_map)
request.addfinalizer(fin)
return ExternalNameSetup(ic_pod_name, external_svc, external_svc_host)
def jwt_secrets_setup(request, kube_apis, ingress_controller_endpoint,
ingress_controller, test_namespace) -> JWTSecretsSetup:
with open(f"{TEST_DATA}/jwt-secrets/tokens/jwt-secrets-token.jwt",
"r") as token_file:
token = token_file.read().replace('\n', '')
print(
"------------------------- Deploy JWT Secrets Example -----------------------------------"
)
create_items_from_yaml(
kube_apis,
f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml",
test_namespace)
ingress_host = get_first_ingress_host_from_yaml(
f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml")
create_example_app(kube_apis, "simple", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
def fin():
print("Clean up the JWT Secrets Application:")
delete_common_app(kube_apis, "simple", test_namespace)
delete_items_from_yaml(
kube_apis,
f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return JWTSecretsSetup(ingress_controller_endpoint, ingress_host, token)
def wildcard_tls_secret_ingress_controller(cli_arguments, kube_apis, ingress_controller_prerequisites,
wildcard_tls_secret_setup, request) -> IngressControllerWithSecret:
"""
Create a Wildcard Ingress Controller according to the installation type
:param cli_arguments: pytest context
:param kube_apis: client apis
:param ingress_controller_prerequisites
:param wildcard_tls_secret_setup: test-class prerequisites
:param request: pytest fixture
:return: IngressController object
"""
namespace = ingress_controller_prerequisites.namespace
print("------------------------- Create IC and wildcard secret -----------------------------------")
secret_name = create_secret_from_yaml(kube_apis.v1, namespace,
f"{TEST_DATA}/wildcard-tls-secret/wildcard-tls-secret.yaml")
extra_args = [f"-wildcard-tls-secret={namespace}/{secret_name}"]
name = create_ingress_controller(kube_apis.v1, kube_apis.extensions_v1_beta1, cli_arguments, namespace, extra_args)
ensure_connection_to_public_endpoint(wildcard_tls_secret_setup.public_endpoint.public_ip,
wildcard_tls_secret_setup.public_endpoint.port,
wildcard_tls_secret_setup.public_endpoint.port_ssl)
def fin():
print("Remove IC and wildcard secret:")
delete_ingress_controller(kube_apis.extensions_v1_beta1, name, cli_arguments['deployment-type'], namespace)
if is_secret_present(kube_apis.v1, secret_name, namespace):
delete_secret(kube_apis.v1, secret_name, namespace)
request.addfinalizer(fin)
return IngressControllerWithSecret(secret_name)
def vs_externalname_setup(request, kube_apis, ingress_controller_prerequisites,
virtual_server_setup) -> ExternalNameSetup:
print(
"------------------------- Prepare ExternalName Setup -----------------------------------"
)
external_svc_src = f"{TEST_DATA}/virtual-server-externalname/externalname-svc.yaml"
external_svc_host = get_external_host_from_service_yaml(external_svc_src)
config_map_name = ingress_controller_prerequisites.config_map["metadata"][
"name"]
replace_configmap_from_yaml(
kube_apis.v1, config_map_name,
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/virtual-server-externalname/nginx-config.yaml")
external_svc = create_service_from_yaml(kube_apis.v1,
virtual_server_setup.namespace,
external_svc_src)
wait_before_test(1)
ensure_connection_to_public_endpoint(
virtual_server_setup.public_endpoint.public_ip,
virtual_server_setup.public_endpoint.port,
virtual_server_setup.public_endpoint.port_ssl)
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
def fin():
print("Clean up ExternalName Setup:")
replace_configmap(kube_apis.v1, config_map_name,
ingress_controller_prerequisites.namespace,
ingress_controller_prerequisites.config_map)
request.addfinalizer(fin)
return ExternalNameSetup(ic_pod_name, external_svc, external_svc_host)
def crd_ingress_controller(cli_arguments, kube_apis,
ingress_controller_prerequisites,
ingress_controller_endpoint, request, crds) -> None:
"""
Create an Ingress Controller with CRD enabled.
:param crds: the common ingress controller crds.
:param cli_arguments: pytest context
:param kube_apis: client apis
:param ingress_controller_prerequisites
:param ingress_controller_endpoint:
:param request: pytest fixture to parametrize this method
{type: complete|rbac-without-vs, extra_args: }
'type' type of test pre-configuration
'extra_args' list of IC cli arguments
:return:
"""
namespace = ingress_controller_prerequisites.namespace
name = "nginx-ingress"
try:
print(
"------------------------- Update ClusterRole -----------------------------------"
)
if request.param["type"] == "rbac-without-vs":
patch_rbac(kube_apis.rbac_v1,
f"{TEST_DATA}/virtual-server/rbac-without-vs.yaml")
print(
"------------------------- Create IC -----------------------------------"
)
name = create_ingress_controller(
kube_apis.v1,
kube_apis.apps_v1_api,
cli_arguments,
namespace,
request.param.get("extra_args", None),
)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl,
)
except ApiException as ex:
# Finalizer method doesn't start if fixture creation was incomplete, ensure clean up here
print("Restore the ClusterRole:")
patch_rbac(kube_apis.rbac_v1, f"{DEPLOYMENTS}/rbac/rbac.yaml")
print("Remove the IC:")
delete_ingress_controller(kube_apis.apps_v1_api, name,
cli_arguments["deployment-type"], namespace)
pytest.fail("IC setup failed")
def fin():
print("Restore the ClusterRole:")
patch_rbac(kube_apis.rbac_v1, f"{DEPLOYMENTS}/rbac/rbac.yaml")
print("Remove the IC:")
delete_ingress_controller(kube_apis.apps_v1_api, name,
cli_arguments["deployment-type"], namespace)
request.addfinalizer(fin)
def ap_ingress_setup(
request, kube_apis, ingress_controller_endpoint, test_namespace
) -> IngressSetup:
"""
Deploy a simple application and AppProtect manifests.
:param request: pytest fixture
:param kube_apis: client apis
:param ingress_controller_endpoint: public endpoint
:param test_namespace:
:return: BackendSetup
"""
print("------------------------- Deploy backend application -------------------------")
create_example_app(kube_apis, "simple", test_namespace)
req_url = f"https://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port_ssl}/backend1"
metrics_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.metrics_port}/metrics"
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl,
)
print("------------------------- Deploy Secret -----------------------------")
src_sec_yaml = f"{TEST_DATA}/appprotect/appprotect-secret.yaml"
create_items_from_yaml(kube_apis, src_sec_yaml, test_namespace)
print("------------------------- Deploy logconf -----------------------------")
src_log_yaml = f"{TEST_DATA}/appprotect/logconf.yaml"
log_name = create_ap_logconf_from_yaml(kube_apis.custom_objects, src_log_yaml, test_namespace)
print(f"------------------------- Deploy appolicy: ---------------------------")
src_pol_yaml = f"{TEST_DATA}/appprotect/dataguard-alarm.yaml"
pol_name = create_ap_policy_from_yaml(kube_apis.custom_objects, src_pol_yaml, test_namespace)
print("------------------------- Deploy ingress -----------------------------")
ingress_host = {}
src_ing_yaml = f"{TEST_DATA}/appprotect/appprotect-ingress.yaml"
create_ingress_with_ap_annotations(
kube_apis, src_ing_yaml, test_namespace, "dataguard-alarm", "True", "True", "127.0.0.1:514"
)
ingress_host = get_first_ingress_host_from_yaml(src_ing_yaml)
wait_before_test()
def fin():
print("Clean up:")
src_ing_yaml = f"{TEST_DATA}/appprotect/appprotect-ingress.yaml"
delete_items_from_yaml(kube_apis, src_ing_yaml, test_namespace)
delete_ap_policy(kube_apis.custom_objects, pol_name, test_namespace)
delete_ap_logconf(kube_apis.custom_objects, log_name, test_namespace)
delete_common_app(kube_apis, "simple", test_namespace)
src_sec_yaml = f"{TEST_DATA}/appprotect/appprotect-secret.yaml"
delete_items_from_yaml(kube_apis, src_sec_yaml, test_namespace)
request.addfinalizer(fin)
return IngressSetup(req_url, metrics_url, ingress_host)
def appprotect_setup(request, kube_apis, ingress_controller_endpoint,
test_namespace) -> AppProtectSetup:
"""
Deploy simple application and all the AppProtect(dataguard-alarm) resources under test in one namespace.
:param request: pytest fixture
:param kube_apis: client apis
:param ingress_controller_endpoint: public endpoint
:param test_namespace:
:return: BackendSetup
"""
print(
"------------------------- Deploy simple backend application -------------------------"
)
create_example_app(kube_apis, "simple", test_namespace)
req_url = f"https://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port_ssl}/backend1"
metrics_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.metrics_port}/metrics"
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl,
)
print(
"------------------------- Deploy Secret -----------------------------"
)
src_sec_yaml = f"{TEST_DATA}/appprotect/appprotect-secret.yaml"
create_items_from_yaml(kube_apis, src_sec_yaml, test_namespace)
print(
"------------------------- Deploy logconf -----------------------------"
)
src_log_yaml = f"{TEST_DATA}/appprotect/logconf.yaml"
log_name = create_ap_logconf_from_yaml(kube_apis.custom_objects,
src_log_yaml, test_namespace)
print(
f"------------------------- Deploy dataguard-alarm appolicy ---------------------------"
)
src_pol_yaml = f"{TEST_DATA}/appprotect/{ap_policy}.yaml"
pol_name = create_ap_policy_from_yaml(kube_apis.custom_objects,
src_pol_yaml, test_namespace)
def fin():
print("Clean up:")
delete_ap_policy(kube_apis.custom_objects, pol_name, test_namespace)
delete_ap_logconf(kube_apis.custom_objects, log_name, test_namespace)
delete_common_app(kube_apis, "simple", test_namespace)
src_sec_yaml = f"{TEST_DATA}/appprotect/appprotect-secret.yaml"
delete_items_from_yaml(kube_apis, src_sec_yaml, test_namespace)
write_to_json(f"reload-{get_test_file_name(request.node.fspath)}.json",
reload_times)
request.addfinalizer(fin)
return AppProtectSetup(req_url, metrics_url)
def crd_ingress_controller(cli_arguments, kube_apis, ingress_controller_prerequisites,
ingress_controller_endpoint,
request) -> None:
"""
Create an Ingress Controller with CRD enabled.
:param cli_arguments: pytest context
:param kube_apis: client apis
:param ingress_controller_prerequisites
:param ingress_controller_endpoint:
:param request: pytest fixture to parametrize this method
{type: complete|rbac-without-vs, extra_args: }
'type' type of test pre-configuration
'extra_args' list of IC cli arguments
:return:
"""
namespace = ingress_controller_prerequisites.namespace
name = "nginx-ingress"
vs_crd_name = get_name_from_yaml(f"{DEPLOYMENTS}/common/vs-definition.yaml")
vsr_crd_name = get_name_from_yaml(f"{DEPLOYMENTS}/common/vsr-definition.yaml")
try:
print("------------------------- Update ClusterRole -----------------------------------")
if request.param['type'] == 'rbac-without-vs':
patch_rbac(kube_apis.rbac_v1_beta1, f"{TEST_DATA}/virtual-server/rbac-without-vs.yaml")
print("------------------------- Register CRDs -----------------------------------")
create_crd_from_yaml(kube_apis.api_extensions_v1_beta1, vs_crd_name,
f"{DEPLOYMENTS}/common/vs-definition.yaml")
create_crd_from_yaml(kube_apis.api_extensions_v1_beta1, vsr_crd_name,
f"{DEPLOYMENTS}/common/vsr-definition.yaml")
print("------------------------- Create IC -----------------------------------")
name = create_ingress_controller(kube_apis.v1, kube_apis.apps_v1_api, cli_arguments, namespace,
request.param.get('extra_args', None))
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
except ApiException as ex:
# Finalizer method doesn't start if fixture creation was incomplete, ensure clean up here
print(f"Failed to complete CRD IC fixture: {ex}\nClean up the cluster as much as possible.")
delete_crd(kube_apis.api_extensions_v1_beta1, vs_crd_name)
delete_crd(kube_apis.api_extensions_v1_beta1, vsr_crd_name)
print("Restore the ClusterRole:")
patch_rbac(kube_apis.rbac_v1_beta1, f"{DEPLOYMENTS}/rbac/rbac.yaml")
print("Remove the IC:")
delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments['deployment-type'], namespace)
def fin():
delete_crd(kube_apis.api_extensions_v1_beta1, vs_crd_name)
delete_crd(kube_apis.api_extensions_v1_beta1, vsr_crd_name)
print("Restore the ClusterRole:")
patch_rbac(kube_apis.rbac_v1_beta1, f"{DEPLOYMENTS}/rbac/rbac.yaml")
print("Remove the IC:")
delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments['deployment-type'], namespace)
request.addfinalizer(fin)
def crd_ingress_controller(cli_arguments, kube_apis,
ingress_controller_prerequisites,
ingress_controller_endpoint, request) -> None:
"""
Create an Ingress Controller with CRD enabled.
:param cli_arguments: pytest context
:param kube_apis: client apis
:param ingress_controller_prerequisites
:param ingress_controller_endpoint:
:param request: pytest fixture to parametrize this method
{type: complete|rbac-without-vs, extra_args: }
'type' type of test pre-configuration
'extra_args' list of IC cli arguments
:return:
"""
namespace = ingress_controller_prerequisites.namespace
print(
"------------------------- Update ClusterRole -----------------------------------"
)
if request.param['type'] == 'rbac-without-vs':
patch_rbac(kube_apis.rbac_v1_beta1,
f"{TEST_DATA}/virtual-server/rbac-without-vs.yaml")
print(
"------------------------- Register CRD -----------------------------------"
)
crd_names = create_crds_from_yaml(
kube_apis.api_extensions_v1_beta1,
f"{DEPLOYMENTS}/common/custom-resource-definitions.yaml")
print(
"------------------------- Create IC -----------------------------------"
)
name = create_ingress_controller(kube_apis.v1,
kube_apis.extensions_v1_beta1,
cli_arguments, namespace,
request.param.get('extra_args', None))
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
def fin():
for crd_name in crd_names:
print("Remove the CRD:")
delete_crd(kube_apis.api_extensions_v1_beta1, crd_name)
print("Remove the IC:")
delete_ingress_controller(kube_apis.extensions_v1_beta1, name,
cli_arguments['deployment-type'], namespace)
print("Restore the ClusterRole:")
patch_rbac(kube_apis.rbac_v1_beta1, f"{DEPLOYMENTS}/rbac/rbac.yaml")
request.addfinalizer(fin)
def annotations_setup(request, kube_apis, ingress_controller_prerequisites,
ingress_controller_endpoint, ingress_controller,
test_namespace) -> AnnotationsSetup:
print(
"------------------------- Deploy Annotations-Example -----------------------------------"
)
create_items_from_yaml(
kube_apis,
f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml",
test_namespace)
ingress_name = get_names_from_yaml(
f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml")[0]
ingress_host = get_first_ingress_host_from_yaml(
f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml")
common_app = create_example_app(kube_apis, "simple", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
if request.param == 'mergeable':
event_text = f"Configuration for {test_namespace}/{ingress_name}(Master) was added or updated"
error_text = f"{event_text} but was not applied: Error reloading NGINX"
else:
event_text = f"Configuration for {test_namespace}/{ingress_name} was added or updated"
error_text = f"{event_text}, but not applied: Error reloading NGINX"
def fin():
print("Clean up Annotations Example:")
replace_configmap_from_yaml(
kube_apis.v1,
ingress_controller_prerequisites.config_map['metadata']['name'],
ingress_controller_prerequisites.namespace,
f"{DEPLOYMENTS}/common/nginx-config.yaml")
delete_common_app(kube_apis.v1, kube_apis.apps_v1_api, common_app,
test_namespace)
delete_items_from_yaml(
kube_apis,
f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return AnnotationsSetup(
ingress_controller_endpoint,
f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml",
ingress_name, ingress_host, ic_pod_name, test_namespace, event_text,
error_text)
def annotations_setup(request,
kube_apis,
ingress_controller_prerequisites,
ingress_controller_endpoint, ingress_controller, test_namespace) -> AnnotationsSetup:
print("------------------------- Deploy Annotations-Example -----------------------------------")
create_items_from_yaml(kube_apis,
f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml",
test_namespace)
ingress_name = get_name_from_yaml(f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml")
ingress_host = get_first_ingress_host_from_yaml(f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml")
if request.param == 'mergeable':
minions_info = get_minions_info_from_yaml(f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml")
else:
minions_info = None
create_example_app(kube_apis, "simple", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
upstream_names = []
if request.param == 'mergeable':
event_text = f"Configuration for {test_namespace}/{ingress_name} was added or updated"
error_text = f"{test_namespace}/{ingress_name} was rejected: with error"
for minion in minions_info:
upstream_names.append(f"{test_namespace}-{minion['name']}-{ingress_host}-{minion['svc_name']}-80")
else:
event_text = f"Configuration for {test_namespace}/{ingress_name} was added or updated"
error_text = f"{test_namespace}/{ingress_name} was rejected: with error"
upstream_names.append(f"{test_namespace}-{ingress_name}-{ingress_host}-backend1-svc-80")
upstream_names.append(f"{test_namespace}-{ingress_name}-{ingress_host}-backend2-svc-80")
def fin():
print("Clean up Annotations Example:")
replace_configmap_from_yaml(kube_apis.v1,
ingress_controller_prerequisites.config_map['metadata']['name'],
ingress_controller_prerequisites.namespace,
f"{DEPLOYMENTS}/common/nginx-config.yaml")
delete_common_app(kube_apis, "simple", test_namespace)
delete_items_from_yaml(kube_apis,
f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return AnnotationsSetup(ingress_controller_endpoint,
f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml",
ingress_name, ingress_host, ic_pod_name, test_namespace, event_text, error_text,
upstream_names)
def simple_ingress_setup(
request,
kube_apis,
ingress_controller_endpoint,
test_namespace,
ingress_controller,
) -> IngressSetup:
"""
Deploy simple application and all the Ingress resources under test in one namespace.
:param request: pytest fixture
:param kube_apis: client apis
:param ingress_controller_endpoint: public endpoint
:param test_namespace:
:return: BackendSetup
"""
req_url = f"https://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port_ssl}/backend1"
metrics_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.metrics_port}/metrics"
secret_name = create_secret_from_yaml(
kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml"
)
create_example_app(kube_apis, "simple", test_namespace)
create_items_from_yaml(
kube_apis, f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml", test_namespace
)
ingress_host = get_first_ingress_host_from_yaml(
f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml"
)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl,
)
def fin():
print("Clean up the Application:")
delete_common_app(kube_apis, "simple", test_namespace)
delete_secret(kube_apis.v1, secret_name, test_namespace)
delete_items_from_yaml(
kube_apis, f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml", test_namespace
)
request.addfinalizer(fin)
return IngressSetup(req_url, metrics_url, ingress_host)
def jwt_secrets_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> JWTSecretsSetup:
with open(f"{TEST_DATA}/jwt-secrets/tokens/jwt-secrets-token.jwt", "r") as token_file:
token = token_file.read().replace('\n', '')
print("------------------------- Deploy JWT Secrets Example -----------------------------------")
create_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml", test_namespace)
ingress_host = get_ingress_host_from_yaml(f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml")
common_app = create_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
def fin():
print("Clean up the JWT Secrets Application:")
delete_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, common_app, test_namespace)
delete_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return JWTSecretsSetup(ingress_controller_endpoint, ingress_host, token)
def smoke_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> SmokeSetup:
print("------------------------- Deploy Smoke Example -----------------------------------")
secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml")
create_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml", test_namespace)
ingress_host = get_ingress_host_from_yaml(f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml")
common_app = create_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
def fin():
print("Clean up the Smoke Application:")
delete_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, common_app, test_namespace)
delete_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml",
test_namespace)
delete_secret(kube_apis.v1, secret_name, test_namespace)
request.addfinalizer(fin)
return SmokeSetup(ingress_controller_endpoint, ingress_host)
def backend_setup(request, kube_apis,
ingress_controller_endpoint) -> BackendSetup:
"""
Create 2 namespaces and deploy simple applications in them.
:param request: pytest fixture
:param kube_apis: client apis
:param ingress_controller_endpoint: public endpoint
:return: BackendSetup
"""
watched_namespace = create_namespace_with_name_from_yaml(
kube_apis.v1, f"watched-ns", f"{TEST_DATA}/common/ns.yaml")
foreign_namespace = create_namespace_with_name_from_yaml(
kube_apis.v1, f"foreign-ns", f"{TEST_DATA}/common/ns.yaml")
ingress_hosts = {}
for ns in [watched_namespace, foreign_namespace]:
print(
f"------------------------- Deploy the backend in {ns} -----------------------------------"
)
create_example_app(kube_apis, "simple", ns)
src_ing_yaml = f"{TEST_DATA}/watch-namespace/{ns}-ingress.yaml"
create_items_from_yaml(kube_apis, src_ing_yaml, ns)
ingress_host = get_first_ingress_host_from_yaml(src_ing_yaml)
ingress_hosts[f"{ns}-ingress"] = ingress_host
req_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port}/backend1"
wait_until_all_pods_are_ready(kube_apis.v1, ns)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
def fin():
print("Clean up:")
delete_namespace(kube_apis.v1, watched_namespace)
delete_namespace(kube_apis.v1, foreign_namespace)
request.addfinalizer(fin)
return BackendSetup(req_url, ingress_hosts)
def external_name_setup(request,
kube_apis,
ingress_controller_prerequisites,
ingress_controller_endpoint, ingress_controller, test_namespace) -> ExternalNameSetup:
print("------------------------- Deploy External-Backend -----------------------------------")
external_ns = create_namespace_with_name_from_yaml(kube_apis.v1, "external-ns", f"{TEST_DATA}/common/ns.yaml")
external_svc_name = create_service_with_name(kube_apis.v1, external_ns, "external-backend-svc")
create_deployment_with_name(kube_apis.apps_v1_api, external_ns, "external-backend")
print("------------------------- Deploy External-Name-Example -----------------------------------")
ingress_name = create_ingress_from_yaml(kube_apis.networking_v1, test_namespace,
f"{TEST_DATA}/externalname-services/externalname-ingress.yaml")
ingress_host = get_first_ingress_host_from_yaml(f"{TEST_DATA}/externalname-services/externalname-ingress.yaml")
external_host = f"{external_svc_name}.{external_ns}.svc.cluster.local"
config_map_name = ingress_controller_prerequisites.config_map["metadata"]["name"]
replace_configmap_from_yaml(kube_apis.v1, config_map_name,
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/externalname-services/nginx-config.yaml")
svc_name = create_service_from_yaml(kube_apis.v1,
test_namespace, f"{TEST_DATA}/externalname-services/externalname-svc.yaml")
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
def fin():
print("Clean up External-Name-Example:")
delete_namespace(kube_apis.v1, external_ns)
replace_configmap(kube_apis.v1, config_map_name,
ingress_controller_prerequisites.namespace,
ingress_controller_prerequisites.config_map)
delete_ingress(kube_apis.networking_v1, ingress_name, test_namespace)
delete_service(kube_apis.v1, svc_name, test_namespace)
request.addfinalizer(fin)
return ExternalNameSetup(ingress_controller_endpoint,
ingress_name, ingress_host, ic_pod_name, svc_name, external_host, test_namespace)
def crd_ingress_controller_with_dos(cli_arguments, kube_apis,
ingress_controller_prerequisites,
ingress_controller_endpoint, request,
crds) -> None:
"""
Create an Ingress Controller with DOS CRDs enabled.
:param crds: the common IC crds.
:param cli_arguments: pytest context
:param kube_apis: client apis
:param ingress_controller_prerequisites
:param ingress_controller_endpoint:
:param request: pytest fixture to parametrize this method
{extra_args: }
'extra_args' list of IC arguments
:return:
"""
namespace = ingress_controller_prerequisites.namespace
name = "nginx-ingress"
try:
print(
"--------------------Create roles and bindings for AppProtect------------------------"
)
rbac = configure_rbac_with_dos(kube_apis.rbac_v1)
print(
"------------------------- Register AP CRD -----------------------------------"
)
dos_pol_crd_name = get_name_from_yaml(
f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_apdospolicy.yaml")
dos_log_crd_name = get_name_from_yaml(
f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_apdoslogconfs.yaml"
)
dos_protected_crd_name = get_name_from_yaml(
f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_dosprotectedresources.yaml"
)
create_crd_from_yaml(
kube_apis.api_extensions_v1,
dos_pol_crd_name,
f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_apdospolicy.yaml",
)
create_crd_from_yaml(
kube_apis.api_extensions_v1,
dos_log_crd_name,
f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_apdoslogconfs.yaml",
)
create_crd_from_yaml(
kube_apis.api_extensions_v1,
dos_protected_crd_name,
f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_dosprotectedresources.yaml",
)
print(
"------------------------- Create syslog svc -----------------------"
)
src_syslog_yaml = f"{TEST_DATA}/dos/dos-syslog.yaml"
log_loc = f"/var/log/messages"
create_items_from_yaml(kube_apis, src_syslog_yaml, namespace)
before = time.time()
wait_until_all_pods_are_ready(kube_apis.v1, namespace)
after = time.time()
print(f"All pods came up in {int(after-before)} seconds")
print(f"syslog svc was created")
print(
"------------------------- Create dos arbitrator -----------------------"
)
dos_arbitrator_name = create_dos_arbitrator(
kube_apis.v1,
kube_apis.apps_v1_api,
namespace,
)
print(
"------------------------- Create IC -----------------------------------"
)
name = create_ingress_controller(
kube_apis.v1,
kube_apis.apps_v1_api,
cli_arguments,
namespace,
request.param.get("extra_args", None),
)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl,
)
except Exception as ex:
print(
f"Failed to complete CRD IC fixture: {ex}\nClean up the cluster as much as possible."
)
delete_crd(
kube_apis.api_extensions_v1,
dos_pol_crd_name,
)
delete_crd(
kube_apis.api_extensions_v1,
dos_log_crd_name,
)
delete_crd(
kube_apis.api_extensions_v1,
dos_protected_crd_name,
)
print("Remove ap-rbac")
cleanup_rbac(kube_apis.rbac_v1, rbac)
print("Remove dos arbitrator:")
delete_dos_arbitrator(kube_apis.v1, kube_apis.apps_v1_api,
dos_arbitrator_name, namespace)
print("Remove the IC:")
delete_ingress_controller(kube_apis.apps_v1_api, name,
cli_arguments["deployment-type"], namespace)
pytest.fail("IC setup failed")
def fin():
print("--------------Cleanup----------------")
delete_crd(
kube_apis.api_extensions_v1,
dos_pol_crd_name,
)
delete_crd(
kube_apis.api_extensions_v1,
dos_log_crd_name,
)
delete_crd(
kube_apis.api_extensions_v1,
dos_protected_crd_name,
)
print("Remove ap-rbac")
cleanup_rbac(kube_apis.rbac_v1, rbac)
print("Remove dos arbitrator:")
delete_dos_arbitrator(kube_apis.v1, kube_apis.apps_v1_api,
dos_arbitrator_name, namespace)
print("Remove the IC:")
delete_ingress_controller(kube_apis.apps_v1_api, name,
cli_arguments["deployment-type"], namespace)
print("Remove the syslog svc:")
delete_items_from_yaml(kube_apis, src_syslog_yaml, namespace)
request.addfinalizer(fin)
def crd_ingress_controller_with_ed(cli_arguments, kube_apis,
ingress_controller_prerequisites,
ingress_controller_endpoint, request,
crds) -> None:
"""
Create an Ingress Controller with CRD enabled.
:param crds: the common ingress controller crds.
:param cli_arguments: pytest context
:param kube_apis: client apis
:param ingress_controller_prerequisites
:param ingress_controller_endpoint:
:param request: pytest fixture to parametrize this method
{type: complete|rbac-without-vs, extra_args: }
'type' type of test pre-configuration
'extra_args' list of IC cli arguments
:return:
"""
namespace = ingress_controller_prerequisites.namespace
name = "nginx-ingress"
print(
"---------------------- Register DNSEndpoint CRD ------------------------------"
)
external_dns_crd_name = get_name_from_yaml(
f"{DEPLOYMENTS}/common/crds/externaldns.nginx.org_dnsendpoints.yaml")
create_crd_from_yaml(
kube_apis.api_extensions_v1,
external_dns_crd_name,
f"{DEPLOYMENTS}/common/crds/externaldns.nginx.org_dnsendpoints.yaml",
)
try:
print(
"------------------------- Create IC -----------------------------------"
)
name = create_ingress_controller(
kube_apis.v1,
kube_apis.apps_v1_api,
cli_arguments,
namespace,
request.param.get("extra_args", None),
)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl,
)
print(
"---------------- Replace ConfigMap with external-status-address --------------------"
)
cm_source = f"{TEST_DATA}/virtual-server-external-dns/nginx-config.yaml"
replace_configmap_from_yaml(
kube_apis.v1,
ingress_controller_prerequisites.config_map['metadata']['name'],
ingress_controller_prerequisites.namespace, cm_source)
except ApiException as ex:
# Finalizer method doesn't start if fixture creation was incomplete, ensure clean up here
print("Restore the ClusterRole:")
patch_rbac(kube_apis.rbac_v1, f"{DEPLOYMENTS}/rbac/rbac.yaml")
print("Remove the DNSEndpoint CRD:")
delete_crd(
kube_apis.api_extensions_v1,
external_dns_crd_name,
)
print("Remove the IC:")
delete_ingress_controller(kube_apis.apps_v1_api, name,
cli_arguments["deployment-type"], namespace)
replace_configmap_from_yaml(
kube_apis.v1,
ingress_controller_prerequisites.config_map["metadata"]["name"],
ingress_controller_prerequisites.namespace,
f"{DEPLOYMENTS}/common/nginx-config.yaml",
)
pytest.fail("IC setup failed")
def fin():
print("Restore the ClusterRole:")
patch_rbac(kube_apis.rbac_v1, f"{DEPLOYMENTS}/rbac/rbac.yaml")
print("Remove the DNSEndpoint CRD:")
delete_crd(
kube_apis.api_extensions_v1,
external_dns_crd_name,
)
print("Remove the IC:")
delete_ingress_controller(kube_apis.apps_v1_api, name,
cli_arguments["deployment-type"], namespace)
replace_configmap_from_yaml(
kube_apis.v1,
ingress_controller_prerequisites.config_map["metadata"]["name"],
ingress_controller_prerequisites.namespace,
f"{DEPLOYMENTS}/common/nginx-config.yaml",
)
request.addfinalizer(fin)
def dos_setup(request, kube_apis, ingress_controller_endpoint,
ingress_controller_prerequisites, test_namespace) -> DosSetup:
"""
Deploy simple application and all the DOS resources under test in one namespace.
:param request: pytest fixture
:param kube_apis: client apis
:param ingress_controller_endpoint: public endpoint
:param ingress_controller_prerequisites: IC pre-requisites
:param test_namespace:
:return: DosSetup
"""
print(f"------------- Replace ConfigMap --------------")
replace_configmap_from_yaml(
kube_apis.v1,
ingress_controller_prerequisites.config_map["metadata"]["name"],
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/dos/nginx-config.yaml")
print(
"------------------------- Deploy Dos backend application -------------------------"
)
create_example_app(kube_apis, "dos", test_namespace)
req_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port}/"
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl,
)
print(
"------------------------- Deploy Secret -----------------------------"
)
src_sec_yaml = f"{TEST_DATA}/dos/dos-secret.yaml"
create_items_from_yaml(kube_apis, src_sec_yaml, test_namespace)
print(
"------------------------- Deploy logconf -----------------------------"
)
src_log_yaml = f"{TEST_DATA}/dos/dos-logconf.yaml"
log_name = create_dos_logconf_from_yaml(kube_apis.custom_objects,
src_log_yaml, test_namespace)
print(
f"------------------------- Deploy dospolicy ---------------------------"
)
src_pol_yaml = f"{TEST_DATA}/dos/dos-policy.yaml"
pol_name = create_dos_policy_from_yaml(kube_apis.custom_objects,
src_pol_yaml, test_namespace)
print(
f"------------------------- Deploy protected resource ---------------------------"
)
src_protected_yaml = f"{TEST_DATA}/dos/dos-protected.yaml"
protected_name = create_dos_protected_from_yaml(
kube_apis.custom_objects, src_protected_yaml, test_namespace,
ingress_controller_prerequisites.namespace)
for item in kube_apis.v1.list_namespaced_pod(
ingress_controller_prerequisites.namespace).items:
if "nginx-ingress" in item.metadata.name:
nginx_reload(kube_apis.v1, item.metadata.name,
ingress_controller_prerequisites.namespace)
def fin():
print("Clean up:")
delete_dos_policy(kube_apis.custom_objects, pol_name, test_namespace)
delete_dos_logconf(kube_apis.custom_objects, log_name, test_namespace)
delete_dos_protected(kube_apis.custom_objects, protected_name,
test_namespace)
delete_common_app(kube_apis, "dos", test_namespace)
delete_items_from_yaml(kube_apis, src_sec_yaml, test_namespace)
write_to_json(f"reload-{get_test_file_name(request.node.fspath)}.json",
reload_times)
request.addfinalizer(fin)
return DosSetup(req_url, pol_name, log_name)
def crd_ingress_controller_with_ap(cli_arguments, kube_apis,
ingress_controller_prerequisites,
ingress_controller_endpoint,
request) -> None:
"""
Create an Ingress Controller with AppProtect CRD enabled.
:param cli_arguments: pytest context
:param kube_apis: client apis
:param ingress_controller_prerequisites
:param ingress_controller_endpoint:
:param request: pytest fixture to parametrize this method
{extra_args: }
'extra_args' list of IC arguments
:return:
"""
namespace = ingress_controller_prerequisites.namespace
name = "nginx-ingress"
try:
print(
"--------------------Create roles and bindings for AppProtect------------------------"
)
rbac = configure_rbac_with_ap(kube_apis.rbac_v1)
print(
"------------------------- Register AP CRD -----------------------------------"
)
ap_pol_crd_name = get_name_from_yaml(
f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_appolicies.yaml"
)
ap_log_crd_name = get_name_from_yaml(
f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_aplogconfs.yaml"
)
ap_uds_crd_name = get_name_from_yaml(
f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_apusersigs.yaml"
)
vs_crd_name = get_name_from_yaml(
f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_virtualservers.yaml"
)
vsr_crd_name = get_name_from_yaml(
f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_virtualserverroutes.yaml"
)
pol_crd_name = get_name_from_yaml(
f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_policies.yaml")
ts_crd_name = get_name_from_yaml(
f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_transportservers.yaml"
)
create_crd_from_yaml(
kube_apis.api_extensions_v1_beta1,
ap_pol_crd_name,
f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_appolicies.yaml",
)
create_crd_from_yaml(
kube_apis.api_extensions_v1_beta1,
ap_log_crd_name,
f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_aplogconfs.yaml",
)
create_crd_from_yaml(
kube_apis.api_extensions_v1_beta1,
ap_uds_crd_name,
f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_apusersigs.yaml",
)
create_crd_from_yaml(
kube_apis.api_extensions_v1_beta1,
vs_crd_name,
f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_virtualservers.yaml",
)
create_crd_from_yaml(
kube_apis.api_extensions_v1_beta1,
vsr_crd_name,
f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_virtualserverroutes.yaml",
)
create_crd_from_yaml(
kube_apis.api_extensions_v1_beta1,
pol_crd_name,
f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_policies.yaml",
)
create_crd_from_yaml(
kube_apis.api_extensions_v1_beta1,
ts_crd_name,
f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_transportservers.yaml",
)
print(
"------------------------- Create IC -----------------------------------"
)
name = create_ingress_controller(
kube_apis.v1,
kube_apis.apps_v1_api,
cli_arguments,
namespace,
request.param.get("extra_args", None),
)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl,
)
except Exception as ex:
print(
f"Failed to complete CRD IC fixture: {ex}\nClean up the cluster as much as possible."
)
delete_crd(
kube_apis.api_extensions_v1_beta1,
ap_pol_crd_name,
)
delete_crd(
kube_apis.api_extensions_v1_beta1,
ap_log_crd_name,
)
delete_crd(
kube_apis.api_extensions_v1_beta1,
ap_uds_crd_name,
)
delete_crd(
kube_apis.api_extensions_v1_beta1,
vs_crd_name,
)
delete_crd(
kube_apis.api_extensions_v1_beta1,
vsr_crd_name,
)
delete_crd(
kube_apis.api_extensions_v1_beta1,
pol_crd_name,
)
delete_crd(
kube_apis.api_extensions_v1_beta1,
ts_crd_name,
)
print("Remove ap-rbac")
cleanup_rbac(kube_apis.rbac_v1, rbac)
print("Remove the IC:")
delete_ingress_controller(kube_apis.apps_v1_api, name,
cli_arguments["deployment-type"], namespace)
def fin():
print("--------------Cleanup----------------")
delete_crd(
kube_apis.api_extensions_v1_beta1,
ap_pol_crd_name,
)
delete_crd(
kube_apis.api_extensions_v1_beta1,
ap_log_crd_name,
)
delete_crd(
kube_apis.api_extensions_v1_beta1,
ap_uds_crd_name,
)
delete_crd(
kube_apis.api_extensions_v1_beta1,
vs_crd_name,
)
delete_crd(
kube_apis.api_extensions_v1_beta1,
vsr_crd_name,
)
delete_crd(
kube_apis.api_extensions_v1_beta1,
pol_crd_name,
)
delete_crd(
kube_apis.api_extensions_v1_beta1,
ts_crd_name,
)
print("Remove ap-rbac")
cleanup_rbac(kube_apis.rbac_v1, rbac)
print("Remove the IC:")
delete_ingress_controller(kube_apis.apps_v1_api, name,
cli_arguments["deployment-type"], namespace)
request.addfinalizer(fin)
