def test_jwt_policy_secret( self, kube_apis, crd_ingress_controller, virtual_server_setup, test_namespace, jwk_secret, ): """ Test jwt-policy with a valid and an invalid secret """ secret, pol_name, headers = self.setup_single_policy( kube_apis, test_namespace, valid_token, jwk_secret, jwt_pol_valid_src, virtual_server_setup.vs_host, ) print(f"Patch vs with policy: {jwt_vs_single_src}") delete_and_create_vs_from_yaml( kube_apis.custom_objects, virtual_server_setup.vs_name, jwt_vs_single_src, virtual_server_setup.namespace, ) wait_before_test() resp = requests.get(virtual_server_setup.backend_1_url, headers=headers) print(resp.status_code) crd_info = read_crd( kube_apis.custom_objects, virtual_server_setup.namespace, "virtualservers", virtual_server_setup.vs_name, ) delete_policy(kube_apis.custom_objects, pol_name, test_namespace) delete_secret(kube_apis.v1, secret, test_namespace) delete_and_create_vs_from_yaml( kube_apis.custom_objects, virtual_server_setup.vs_name, std_vs_src, virtual_server_setup.namespace, ) if jwk_secret == jwk_sec_valid_src: assert resp.status_code == 200 assert f"Request ID:" in resp.text assert crd_info["status"]["state"] == "Valid" elif jwk_secret == jwk_sec_invalid_src: assert resp.status_code == 500 assert f"Internal Server Error" in resp.text assert crd_info["status"]["state"] == "Warning" else: pytest.fail(f"Not a valid case or parameter")
def test_jwt_policy_token( self, kube_apis, crd_ingress_controller, virtual_server_setup, test_namespace, token, ): """ Test jwt-policy with no token, valid token and invalid token """ secret, pol_name, headers = self.setup_single_policy( kube_apis, test_namespace, token, jwk_sec_valid_src, jwt_pol_valid_src, virtual_server_setup.vs_host, ) print(f"Patch vs with policy: {jwt_vs_single_src}") delete_and_create_vs_from_yaml( kube_apis.custom_objects, virtual_server_setup.vs_name, jwt_vs_single_src, virtual_server_setup.namespace, ) wait_before_test() resp1 = requests.get( virtual_server_setup.backend_1_url, headers={"host": virtual_server_setup.vs_host}, ) print(resp1.status_code) resp2 = requests.get(virtual_server_setup.backend_1_url, headers=headers) print(resp2.status_code) delete_policy(kube_apis.custom_objects, pol_name, test_namespace) delete_secret(kube_apis.v1, secret, test_namespace) delete_and_create_vs_from_yaml( kube_apis.custom_objects, virtual_server_setup.vs_name, std_vs_src, virtual_server_setup.namespace, ) assert resp1.status_code == 401 assert f"401 Authorization Required" in resp1.text if token == valid_token: assert resp2.status_code == 200 assert f"Request ID:" in resp2.text else: assert resp2.status_code == 401 assert f"Authorization Required" in resp2.text
def test_jwt_policy_delete_policy( self, kube_apis, crd_ingress_controller, virtual_server_setup, test_namespace, ): """ Test if requests result in 500 when policy is deleted """ secret, pol_name, headers = self.setup_single_policy( kube_apis, test_namespace, valid_token, jwk_sec_valid_src, jwt_pol_valid_src, virtual_server_setup.vs_host, ) print(f"Patch vs with policy: {jwt_pol_valid_src}") delete_and_create_vs_from_yaml( kube_apis.custom_objects, virtual_server_setup.vs_name, jwt_vs_single_src, virtual_server_setup.namespace, ) wait_before_test() resp1 = requests.get(virtual_server_setup.backend_1_url, headers=headers) print(resp1.status_code) delete_policy(kube_apis.custom_objects, pol_name, test_namespace) resp2 = requests.get(virtual_server_setup.backend_1_url, headers=headers) print(resp2.status_code) delete_secret(kube_apis.v1, secret, test_namespace) delete_and_create_vs_from_yaml( kube_apis.custom_objects, virtual_server_setup.vs_name, std_vs_src, virtual_server_setup.namespace, ) assert resp1.status_code == 200 assert resp2.status_code == 500
def test_jwt_policy_override_spec( self, kube_apis, crd_ingress_controller, virtual_server_setup, test_namespace, ): """ Test if policy reference in route takes precedence over policy in spec """ secret, pol_name_1, pol_name_2, headers = self.setup_multiple_policies( kube_apis, test_namespace, valid_token, jwk_sec_valid_src, jwt_pol_valid_src, jwt_pol_multi_src, virtual_server_setup.vs_host, ) print( f"Patch vs with invalid policy in route and valid policy in spec") delete_and_create_vs_from_yaml( kube_apis.custom_objects, virtual_server_setup.vs_name, jwt_vs_override_spec_route_1, virtual_server_setup.namespace, ) wait_before_test() resp1 = requests.get(virtual_server_setup.backend_1_url, headers=headers) print(resp1.status_code) print( f"Patch vs with valid policy in route and invalid policy in spec") delete_and_create_vs_from_yaml( kube_apis.custom_objects, virtual_server_setup.vs_name, jwt_vs_override_spec_route_2, virtual_server_setup.namespace, ) wait_before_test() resp2 = requests.get(virtual_server_setup.backend_1_url, headers=headers) print(resp2.status_code) delete_policy(kube_apis.custom_objects, pol_name_1, test_namespace) delete_policy(kube_apis.custom_objects, pol_name_2, test_namespace) delete_secret(kube_apis.v1, secret, test_namespace) delete_and_create_vs_from_yaml( kube_apis.custom_objects, virtual_server_setup.vs_name, std_vs_src, virtual_server_setup.namespace, ) assert resp1.status_code == 401 # 401 unauthorized, since no token is attached to policy assert resp2.status_code == 200
def test_jwt_policy_override( self, kube_apis, crd_ingress_controller, virtual_server_setup, test_namespace, ): """ Test if first reference to a policy in the same context takes precedence """ secret, pol_name_1, pol_name_2, headers = self.setup_multiple_policies( kube_apis, test_namespace, valid_token, jwk_sec_valid_src, jwt_pol_valid_src, jwt_pol_multi_src, virtual_server_setup.vs_host, ) print(f"Patch vs with multiple policy in spec context") print( f"Patch vs with policy in order: {jwt_pol_multi_src} and {jwt_pol_valid_src}" ) delete_and_create_vs_from_yaml( kube_apis.custom_objects, virtual_server_setup.vs_name, jwt_vs_multi_1_src, virtual_server_setup.namespace, ) wait_before_test() resp1 = requests.get(virtual_server_setup.backend_1_url, headers=headers) print(resp1.status_code) print( f"Patch vs with policy in order: {jwt_pol_valid_src} and {jwt_pol_multi_src}" ) delete_and_create_vs_from_yaml( kube_apis.custom_objects, virtual_server_setup.vs_name, jwt_vs_multi_2_src, virtual_server_setup.namespace, ) wait_before_test() resp2 = requests.get(virtual_server_setup.backend_1_url, headers=headers) print(resp2.status_code) print(f"Patch vs with multiple policy in route context") delete_and_create_vs_from_yaml( kube_apis.custom_objects, virtual_server_setup.vs_name, jwt_vs_override_route, virtual_server_setup.namespace, ) wait_before_test() resp3 = requests.get(virtual_server_setup.backend_1_url, headers=headers) print(resp3.status_code) delete_policy(kube_apis.custom_objects, pol_name_1, test_namespace) delete_policy(kube_apis.custom_objects, pol_name_2, test_namespace) delete_secret(kube_apis.v1, secret, test_namespace) delete_and_create_vs_from_yaml( kube_apis.custom_objects, virtual_server_setup.vs_name, std_vs_src, virtual_server_setup.namespace, ) assert ( resp1.status_code == 401 ) # 401 unauthorized, since no token is attached to policy in spec context assert resp2.status_code == 200 assert ( resp3.status_code == 401 ) # 401 unauthorized, since no token is attached to policy in route context
def test_jwt_policy( self, kube_apis, crd_ingress_controller, virtual_server_setup, test_namespace, policy, ): """ Test jwt-policy with a valid and an invalid policy """ secret, pol_name, headers = self.setup_single_policy( kube_apis, test_namespace, valid_token, jwk_sec_valid_src, policy, virtual_server_setup.vs_host, ) print(f"Patch vs with policy: {policy}") policy_info = read_custom_resource(kube_apis.custom_objects, test_namespace, "policies", pol_name) if policy == jwt_pol_valid_src: vs_src = jwt_vs_single_src assert (policy_info["status"] and policy_info["status"]["reason"] == "AddedOrUpdated" and policy_info["status"]["state"] == "Valid") elif policy == jwt_pol_invalid_src: vs_src = jwt_vs_single_invalid_pol_src assert (policy_info["status"] and policy_info["status"]["reason"] == "Rejected" and policy_info["status"]["state"] == "Invalid") else: pytest.fail("Invalid configuration") delete_and_create_vs_from_yaml( kube_apis.custom_objects, virtual_server_setup.vs_name, vs_src, virtual_server_setup.namespace, ) wait_before_test() resp = requests.get(virtual_server_setup.backend_1_url, headers=headers) print(resp.status_code) crd_info = read_custom_resource( kube_apis.custom_objects, virtual_server_setup.namespace, "virtualservers", virtual_server_setup.vs_name, ) delete_policy(kube_apis.custom_objects, pol_name, test_namespace) delete_secret(kube_apis.v1, secret, test_namespace) delete_and_create_vs_from_yaml( kube_apis.custom_objects, virtual_server_setup.vs_name, std_vs_src, virtual_server_setup.namespace, ) if policy == jwt_pol_valid_src: assert resp.status_code == 200 assert f"Request ID:" in resp.text assert crd_info["status"]["state"] == "Valid" elif policy == jwt_pol_invalid_src: assert resp.status_code == 500 assert f"Internal Server Error" in resp.text assert crd_info["status"]["state"] == "Warning" else: pytest.fail(f"Not a valid case or parameter")