def fin():
print("Clean up Virtual Server Example:")
delete_virtual_server(kube_apis.custom_objects, vs_name,
test_namespace)
if request.param['app_type']:
delete_common_app(kube_apis, request.param['app_type'],
test_namespace)
def test_tls_passthrough_host_collision_vs(
self,
kube_apis,
crd_ingress_controller,
transport_server_tls_passthrough_setup,
test_namespace,
):
"""
Test host collision handling in TransportServer with VirtualServer.
"""
print("Step 1: Create VirtualServer with same host")
vs_src_same_host = (
f"{TEST_DATA}/transport-server-tls-passthrough/virtual-server-same-host.yaml"
)
vs_same_host_name = create_virtual_server_from_yaml(
kube_apis.custom_objects, vs_src_same_host, test_namespace)
wait_before_test(1)
response = read_vs(kube_apis.custom_objects, test_namespace,
vs_same_host_name)
delete_virtual_server(kube_apis.custom_objects, vs_same_host_name,
test_namespace)
assert (response["status"]["reason"] == "Rejected"
and response["status"]["message"]
== "Host is taken by another resource")
def test_responses_after_virtual_server_removal(self, kube_apis,
crd_ingress_controller,
virtual_server_setup):
print("\nStep 6: delete VS and check")
delete_virtual_server(kube_apis.custom_objects,
virtual_server_setup.vs_name,
virtual_server_setup.namespace)
wait_before_test(1)
resp = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code == 404
resp = requests.get(virtual_server_setup.backend_2_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code == 404
print("Step 7: restore VS and check")
create_virtual_server_from_yaml(
kube_apis.custom_objects,
f"{TEST_DATA}/virtual-server/standard/virtual-server.yaml",
virtual_server_setup.namespace)
wait_before_test(1)
resp = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code == 200
resp = requests.get(virtual_server_setup.backend_2_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code == 200
def test_virtual_server_behavior(self,
kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller,
virtual_server_setup):
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
print("Step 1: initial check")
step_1_list = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_vs_conf_exists(kube_apis, ic_pod_name, ingress_controller_prerequisites.namespace,
virtual_server_setup)
assert_response_200(virtual_server_setup)
print("Step 2: make a valid VirtualServer invalid and check")
patch_virtual_server_from_yaml(kube_apis.custom_objects,
virtual_server_setup.vs_name,
f"{TEST_DATA}/virtual-server-validation/virtual-server-invalid-cookie.yaml",
virtual_server_setup.namespace)
wait_before_test(1)
step_2_list = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_reject_event_emitted(virtual_server_setup, step_2_list, step_1_list)
assert_vs_conf_not_exists(kube_apis, ic_pod_name, ingress_controller_prerequisites.namespace,
virtual_server_setup)
assert_response_404(virtual_server_setup)
print("Step 3: update an invalid VirtualServer with another invalid and check")
patch_virtual_server_from_yaml(kube_apis.custom_objects,
virtual_server_setup.vs_name,
f"{TEST_DATA}/virtual-server-validation/virtual-server-no-default-action.yaml",
virtual_server_setup.namespace)
wait_before_test(1)
step_3_list = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_reject_event_emitted(virtual_server_setup, step_3_list, step_2_list)
assert_vs_conf_not_exists(kube_apis, ic_pod_name, ingress_controller_prerequisites.namespace,
virtual_server_setup)
assert_response_404(virtual_server_setup)
print("Step 4: make an invalid VirtualServer valid and check")
patch_virtual_server_from_yaml(kube_apis.custom_objects,
virtual_server_setup.vs_name,
f"{TEST_DATA}/virtual-server-validation/standard/virtual-server.yaml",
virtual_server_setup.namespace)
wait_before_test(1)
step_4_list = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_vs_conf_exists(kube_apis, ic_pod_name, ingress_controller_prerequisites.namespace,
virtual_server_setup)
assert_event_count_increased_in_list(virtual_server_setup, step_4_list, step_3_list)
assert_response_200(virtual_server_setup)
print("Step 5: delete VS and then create an invalid and check")
delete_virtual_server(kube_apis.custom_objects, virtual_server_setup.vs_name, virtual_server_setup.namespace)
create_virtual_server_from_yaml(kube_apis.custom_objects,
f"{TEST_DATA}/virtual-server-validation/virtual-server-invalid-cookie.yaml",
virtual_server_setup.namespace)
wait_before_test(1)
step_5_list = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_reject_event_emitted(virtual_server_setup, step_5_list, step_4_list)
assert_vs_conf_not_exists(kube_apis, ic_pod_name, ingress_controller_prerequisites.namespace,
virtual_server_setup)
assert_response_404(virtual_server_setup)
def fin():
print("Clean up the Virtual Server Route:")
delete_v_s_route(kube_apis.custom_objects, vsr_m_name, ns_1)
delete_v_s_route(kube_apis.custom_objects, vsr_s_name, ns_2)
print("Clean up Virtual Server:")
delete_virtual_server(kube_apis.custom_objects, vs_name, ns_1)
print("Delete test namespaces")
delete_namespace(kube_apis.v1, ns_1)
delete_namespace(kube_apis.v1, ns_2)
def restore_default_vs(self, kube_apis, virtual_server_setup) -> None:
"""
Restore VirtualServer without policy spec
"""
delete_virtual_server(kube_apis.custom_objects,
virtual_server_setup.vs_name,
virtual_server_setup.namespace)
create_virtual_server_from_yaml(kube_apis.custom_objects, std_vs_src,
virtual_server_setup.namespace)
wait_before_test()
def test_vs_batch_start(
self,
request,
kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller,
virtual_server_setup,
test_namespace,
):
"""
Pod startup time with simple VS
"""
resp = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code is 200
total_vs = int(request.config.getoption("--batch-resources"))
manifest = f"{TEST_DATA}/virtual-server/standard/virtual-server.yaml"
for i in range(1, total_vs + 1):
with open(manifest) as f:
doc = yaml.safe_load(f)
doc["metadata"]["name"] = f"virtual-server-{i}"
doc["spec"]["host"] = f"virtual-server-{i}.example.com"
kube_apis.custom_objects.create_namespaced_custom_object(
"k8s.nginx.org", "v1", test_namespace, "virtualservers",
doc)
print(
f"VirtualServer created with name '{doc['metadata']['name']}'"
)
print(f"Total resources deployed is {total_vs}")
wait_before_test()
ic_ns = ingress_controller_prerequisites.namespace
scale_deployment(kube_apis.v1, kube_apis.apps_v1_api, "nginx-ingress",
ic_ns, 0)
while get_pods_amount(kube_apis.v1, ic_ns) is not 0:
print(f"Number of replicas not 0, retrying...")
wait_before_test()
num = scale_deployment(kube_apis.v1, kube_apis.apps_v1_api,
"nginx-ingress", ic_ns, 1)
assert (get_total_vs(virtual_server_setup.metrics_url, "nginx")
== str(total_vs + 1) and get_last_reload_status(
virtual_server_setup.metrics_url, "nginx") == "1")
for i in range(1, total_vs + 1):
delete_virtual_server(kube_apis.custom_objects,
f"virtual-server-{i}", test_namespace)
assert num is None
def test_status_remove_vs(
self, kube_apis, crd_ingress_controller, v_s_route_setup, v_s_route_app_setup
):
"""
Test VirtualServerRoute status after deleting referenced VirtualServer
"""
delete_virtual_server(
kube_apis.custom_objects, v_s_route_setup.vs_name, v_s_route_setup.namespace,
)
response_m = read_crd(
kube_apis.custom_objects,
v_s_route_setup.route_m.namespace,
"virtualserverroutes",
v_s_route_setup.route_m.name,
)
response_s = read_crd(
kube_apis.custom_objects,
v_s_route_setup.route_s.namespace,
"virtualserverroutes",
v_s_route_setup.route_s.name,
)
vs_src = f"{TEST_DATA}/virtual-server-route-status/standard/virtual-server.yaml"
create_virtual_server_from_yaml(kube_apis.custom_objects, vs_src, v_s_route_setup.namespace)
assert (
response_m["status"]
and response_m["status"]["reason"] == "NoVirtualServerFound"
and not response_m["status"]["referencedBy"]
and response_m["status"]["state"] == "Warning"
)
assert (
response_s["status"]
and response_s["status"]["reason"] == "NoVirtualServerFound"
and not response_s["status"]["referencedBy"]
and response_s["status"]["state"] == "Warning"
)
def test_responses_and_events_in_flow(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller,
v_s_route_setup,
v_s_route_app_setup):
req_url = f"http://{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}"
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
vs_name = f"{v_s_route_setup.namespace}/{v_s_route_setup.vs_name}"
vsr_1_name = f"{v_s_route_setup.namespace}/{v_s_route_setup.route_m.name}"
vsr_2_name = f"{v_s_route_setup.route_s.namespace}/{v_s_route_setup.route_s.name}"
vsr_1_event_text = f"Configuration for {vsr_1_name} was added or updated"
vs_event_text = f"Configuration for {vs_name} was added or updated"
vsr_2_event_text = f"Configuration for {vsr_2_name} was added or updated"
initial_config = get_vs_nginx_template_conf(
kube_apis.v1, v_s_route_setup.namespace, v_s_route_setup.vs_name,
ic_pod_name, ingress_controller_prerequisites.namespace)
print("\nStep 1: initial check")
resp_1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
resp_2 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[1]}",
headers={"host": v_s_route_setup.vs_host})
resp_3 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
events_ns_1 = get_events(kube_apis.v1,
v_s_route_setup.route_m.namespace)
events_ns_2 = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
assert_responses_and_server_name(resp_1, resp_2, resp_3)
assert_locations_in_config(initial_config,
v_s_route_setup.route_m.paths)
assert_locations_in_config(initial_config,
v_s_route_setup.route_s.paths)
initial_count_vsr_1 = assert_event_and_get_count(
vsr_1_event_text, events_ns_1)
initial_count_vs = assert_event_and_get_count(vs_event_text,
events_ns_1)
initial_count_vsr_2 = assert_event_and_get_count(
vsr_2_event_text, events_ns_2)
print("\nStep 2: update multiple VSRoute and check")
patch_v_s_route_from_yaml(
kube_apis.custom_objects, v_s_route_setup.route_m.name,
f"{TEST_DATA}/virtual-server-route/route-multiple-updated.yaml",
v_s_route_setup.route_m.namespace)
new_vsr_paths = get_paths_from_vsr_yaml(
f"{TEST_DATA}/virtual-server-route/route-multiple-updated.yaml")
wait_before_test(1)
resp_1 = requests.get(f"{req_url}{new_vsr_paths[0]}",
headers={"host": v_s_route_setup.vs_host})
resp_2 = requests.get(f"{req_url}{new_vsr_paths[1]}",
headers={"host": v_s_route_setup.vs_host})
resp_3 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
assert_responses_and_server_name(resp_1, resp_2, resp_3)
events_ns_1 = get_events(kube_apis.v1,
v_s_route_setup.route_m.namespace)
events_ns_2 = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
assert_event_and_count(vsr_1_event_text, initial_count_vsr_1 + 1,
events_ns_1)
assert_event_and_count(vs_event_text, initial_count_vs + 1,
events_ns_1)
# 2nd VSRoute gets an event about update too
assert_event_and_count(vsr_2_event_text, initial_count_vsr_2 + 1,
events_ns_2)
print("\nStep 3: restore VSRoute and check")
patch_v_s_route_from_yaml(
kube_apis.custom_objects, v_s_route_setup.route_m.name,
f"{TEST_DATA}/virtual-server-route/route-multiple.yaml",
v_s_route_setup.route_m.namespace)
wait_before_test(1)
resp_1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
resp_2 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[1]}",
headers={"host": v_s_route_setup.vs_host})
resp_3 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
assert_responses_and_server_name(resp_1, resp_2, resp_3)
events_ns_1 = get_events(kube_apis.v1,
v_s_route_setup.route_m.namespace)
events_ns_2 = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
assert_event_and_count(vsr_1_event_text, initial_count_vsr_1 + 2,
events_ns_1)
assert_event_and_count(vs_event_text, initial_count_vs + 2,
events_ns_1)
assert_event_and_count(vsr_2_event_text, initial_count_vsr_2 + 2,
events_ns_2)
print("\nStep 4: update one backend service port and check")
svc_1 = read_service(kube_apis.v1, "backend1-svc",
v_s_route_setup.route_m.namespace)
svc_1.spec.ports[0].port = 8080
replace_service(kube_apis.v1, "backend1-svc",
v_s_route_setup.route_m.namespace, svc_1)
wait_before_test(1)
resp_1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
resp_2 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[1]}",
headers={"host": v_s_route_setup.vs_host})
assert resp_1.status_code == 502
assert resp_2.status_code == 200
events_ns_1 = get_events(kube_apis.v1,
v_s_route_setup.route_m.namespace)
events_ns_2 = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
assert_event_and_count(vsr_1_event_text, initial_count_vsr_1 + 3,
events_ns_1)
assert_event_and_count(vs_event_text, initial_count_vs + 3,
events_ns_1)
assert_event_and_count(vsr_2_event_text, initial_count_vsr_2 + 3,
events_ns_2)
print("\nStep 5: restore backend service and check")
svc_1 = read_service(kube_apis.v1, "backend1-svc",
v_s_route_setup.route_m.namespace)
svc_1.spec.ports[0].port = 80
replace_service(kube_apis.v1, "backend1-svc",
v_s_route_setup.route_m.namespace, svc_1)
wait_before_test(1)
resp_1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
resp_2 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[1]}",
headers={"host": v_s_route_setup.vs_host})
assert resp_1.status_code == 200
assert resp_2.status_code == 200
events_ns_1 = get_events(kube_apis.v1,
v_s_route_setup.route_m.namespace)
events_ns_2 = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
assert_event_and_count(vsr_1_event_text, initial_count_vsr_1 + 4,
events_ns_1)
assert_event_and_count(vs_event_text, initial_count_vs + 4,
events_ns_1)
assert_event_and_count(vsr_2_event_text, initial_count_vsr_2 + 4,
events_ns_2)
print("\nStep 6: remove VSRoute and check")
delete_v_s_route(kube_apis.custom_objects,
v_s_route_setup.route_m.name,
v_s_route_setup.namespace)
wait_before_test(1)
new_config = get_vs_nginx_template_conf(
kube_apis.v1, v_s_route_setup.namespace, v_s_route_setup.vs_name,
ic_pod_name, ingress_controller_prerequisites.namespace)
resp_1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
resp_2 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[1]}",
headers={"host": v_s_route_setup.vs_host})
resp_3 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
assert resp_1.status_code == 404
assert resp_2.status_code == 404
assert resp_3.status_code == 200
events_ns_1 = get_events(kube_apis.v1,
v_s_route_setup.route_m.namespace)
events_ns_2 = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
assert_locations_not_in_config(new_config,
v_s_route_setup.route_m.paths)
assert_event_and_count(vsr_1_event_text, initial_count_vsr_1 + 4,
events_ns_1)
assert_event_and_count(vs_event_text, initial_count_vs + 5,
events_ns_1)
assert_event_and_count(vsr_2_event_text, initial_count_vsr_2 + 5,
events_ns_2)
print("\nStep 7: restore VSRoute and check")
create_v_s_route_from_yaml(
kube_apis.custom_objects,
f"{TEST_DATA}/virtual-server-route/route-multiple.yaml",
v_s_route_setup.namespace)
wait_before_test(1)
new_config = get_vs_nginx_template_conf(
kube_apis.v1, v_s_route_setup.namespace, v_s_route_setup.vs_name,
ic_pod_name, ingress_controller_prerequisites.namespace)
resp_1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
resp_2 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[1]}",
headers={"host": v_s_route_setup.vs_host})
resp_3 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
assert_responses_and_server_name(resp_1, resp_2, resp_3)
events_ns_1 = get_events(kube_apis.v1,
v_s_route_setup.route_m.namespace)
events_ns_2 = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
assert_locations_in_config(new_config, v_s_route_setup.route_m.paths)
assert_event_and_count(vsr_1_event_text, 1, events_ns_1)
assert_event_and_count(vs_event_text, initial_count_vs + 6,
events_ns_1)
assert_event_and_count(vsr_2_event_text, initial_count_vsr_2 + 6,
events_ns_2)
print("\nStep 8: remove one backend service and check")
delete_service(kube_apis.v1, "backend1-svc",
v_s_route_setup.route_m.namespace)
wait_before_test(1)
resp_1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
resp_2 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[1]}",
headers={"host": v_s_route_setup.vs_host})
resp_3 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
assert resp_1.status_code == 502
assert resp_2.status_code == 200
assert resp_3.status_code == 200
events_ns_1 = get_events(kube_apis.v1,
v_s_route_setup.route_m.namespace)
events_ns_2 = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
assert_event_and_count(vsr_1_event_text, 2, events_ns_1)
assert_event_and_count(vs_event_text, initial_count_vs + 7,
events_ns_1)
assert_event_and_count(vsr_2_event_text, initial_count_vsr_2 + 7,
events_ns_2)
print("\nStep 9: restore backend service and check")
create_service_with_name(kube_apis.v1,
v_s_route_setup.route_m.namespace,
"backend1-svc")
wait_before_test(1)
resp_1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
resp_2 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[1]}",
headers={"host": v_s_route_setup.vs_host})
resp_3 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
assert_responses_and_server_name(resp_1, resp_2, resp_3)
events_ns_1 = get_events(kube_apis.v1,
v_s_route_setup.route_m.namespace)
events_ns_2 = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
assert_event_and_count(vsr_1_event_text, 3, events_ns_1)
assert_event_and_count(vs_event_text, initial_count_vs + 8,
events_ns_1)
assert_event_and_count(vsr_2_event_text, initial_count_vsr_2 + 8,
events_ns_2)
print("\nStep 10: remove VS and check")
delete_virtual_server(kube_apis.custom_objects,
v_s_route_setup.vs_name,
v_s_route_setup.namespace)
wait_before_test(1)
resp_1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
resp_2 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[1]}",
headers={"host": v_s_route_setup.vs_host})
resp_3 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
assert resp_1.status_code == 404
assert resp_2.status_code == 404
assert resp_3.status_code == 404
list0_list_ns_1 = get_events(kube_apis.v1,
v_s_route_setup.route_m.namespace)
list0_list_ns_2 = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
assert_event_and_count(vsr_1_event_text, 3, list0_list_ns_1)
assert_event_and_count(vs_event_text, initial_count_vs + 8,
list0_list_ns_1)
assert_event_and_count(vsr_2_event_text, initial_count_vsr_2 + 8,
list0_list_ns_2)
print("\nStep 11: restore VS and check")
create_virtual_server_from_yaml(
kube_apis.custom_objects,
f"{TEST_DATA}/virtual-server-route/standard/virtual-server.yaml",
v_s_route_setup.namespace)
wait_before_test(1)
resp_1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
resp_2 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[1]}",
headers={"host": v_s_route_setup.vs_host})
resp_3 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
assert_responses_and_server_name(resp_1, resp_2, resp_3)
list1_list_ns_1 = get_events(kube_apis.v1,
v_s_route_setup.route_m.namespace)
list1_list_ns_2 = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
assert_event_and_count(vsr_1_event_text, 4, list1_list_ns_1)
assert_event_and_count(vs_event_text, 1, list1_list_ns_1)
assert_event_and_count(vsr_2_event_text, initial_count_vsr_2 + 9,
list1_list_ns_2)
def fin():
print("Clean up Virtual Server Example:")
delete_virtual_server(kube_apis.custom_objects, vs_name,
test_namespace)
delete_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1,
common_app, test_namespace)
def test_ap_waf_policy_vs_batch_start(
self,
request,
kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller_with_ap,
virtual_server_setup,
appprotect_waf_setup,
test_namespace,
):
"""
Pod startup time with AP WAF Policy
"""
waf_spec_vs_src = f"{TEST_DATA}/ap-waf/virtual-server-waf-spec.yaml"
waf_pol_dataguard_src = f"{TEST_DATA}/ap-waf/policies/waf-dataguard.yaml"
print(f"Create waf policy")
create_ap_waf_policy_from_yaml(
kube_apis.custom_objects,
waf_pol_dataguard_src,
test_namespace,
test_namespace,
True,
False,
ap_pol_name,
log_name,
"syslog:server=127.0.0.1:514",
)
wait_before_test()
print(f"Patch vs with policy: {waf_spec_vs_src}")
patch_virtual_server_from_yaml(
kube_apis.custom_objects,
virtual_server_setup.vs_name,
waf_spec_vs_src,
virtual_server_setup.namespace,
)
wait_before_test(120)
print(
"----------------------- Send request with embedded malicious script----------------------"
)
response1 = requests.get(
virtual_server_setup.backend_1_url + "</script>",
headers={"host": virtual_server_setup.vs_host},
)
print(response1.status_code)
print(
"----------------------- Send request with blocked keyword in UDS----------------------"
)
response2 = requests.get(
virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host},
data="kic",
)
total_vs = int(request.config.getoption("--batch-resources"))
print(response2.status_code)
for i in range(1, total_vs + 1):
with open(waf_spec_vs_src) as f:
doc = yaml.safe_load(f)
doc["metadata"]["name"] = f"virtual-server-{i}"
doc["spec"]["host"] = f"virtual-server-{i}.example.com"
kube_apis.custom_objects.create_namespaced_custom_object(
"k8s.nginx.org", "v1", test_namespace, "virtualservers",
doc)
print(
f"VirtualServer created with name '{doc['metadata']['name']}'"
)
print(f"Total resources deployed is {total_vs}")
wait_before_test()
ic_ns = ingress_controller_prerequisites.namespace
scale_deployment(kube_apis.v1, kube_apis.apps_v1_api, "nginx-ingress",
ic_ns, 0)
while get_pods_amount(kube_apis.v1, ic_ns) is not 0:
print(f"Number of replicas not 0, retrying...")
wait_before_test()
num = scale_deployment(kube_apis.v1, kube_apis.apps_v1_api,
"nginx-ingress", ic_ns, 1)
assert (get_total_vs(virtual_server_setup.metrics_url, "nginx")
== str(total_vs + 1) and get_last_reload_status(
virtual_server_setup.metrics_url, "nginx") == "1")
for i in range(1, total_vs + 1):
delete_virtual_server(kube_apis.custom_objects,
f"virtual-server-{i}", test_namespace)
delete_policy(kube_apis.custom_objects, "waf-policy", test_namespace)
assert num is None
