def test_rolling_deployment(namespace, api_gateway, from_deployment,
to_deployment, change):
from_file_path = to_resources_path(from_deployment)
retry_run(f"kubectl apply -f {from_file_path} -n {namespace}")
wait_for_status("mymodel", namespace)
wait_for_rollout("mymodel", namespace)
assert_model("mymodel", namespace, initial=True, endpoint=api_gateway)
old_pod_name = get_pod_name_for_sdep("mymodel", namespace)[0]
to_file_path = to_resources_path(to_deployment)
def _update_model():
retry_run(f"kubectl apply -f {to_file_path} -n {namespace}")
if change:
wait_for_pod_shutdown(old_pod_name, namespace)
wait_for_status("mymodel", namespace)
time.sleep(2) # Wait a little after deployment marked Available
assert_model_during_op(_update_model,
"mymodel",
namespace,
endpoint=api_gateway)
delete_cmd = f"kubectl delete --ignore-not-found -n {namespace}"
run(f"{delete_cmd} -f {from_file_path}", shell=True)
run(f"{delete_cmd} -f {to_file_path}", shell=True)
def test_xss_header(namespace):
sdep_name = "mymodel"
sdep_path = to_resources_path("graph-echo.json")
retry_run(f"kubectl apply -f {sdep_path} -n {namespace}")
wait_for_status(sdep_name, namespace)
wait_for_rollout(sdep_name, namespace)
res = initial_rest_request(sdep_name, namespace)
assert "X-Content-Type-Options" in res.headers
assert res.headers["X-Content-Type-Options"] == "nosniff"
def test_xss_escaping(namespace):
sdep_name = "mymodel"
sdep_path = to_resources_path("graph-echo.json")
retry_run(f"kubectl apply -f {sdep_path} -n {namespace}")
wait_for_status(sdep_name, namespace)
wait_for_rollout(sdep_name, namespace)
payload = '<div class="div-class"></div>'
expected = '\\u003cdiv class=\\"div-class\\"\\u003e\\u003c/div\\u003e'
res = rest_request(sdep_name, namespace, data=payload, dtype="strData")
# We need to compare raw text. Otherwise, Python interprets the escaped
# sequences.
assert res.text == f'{{"meta":{{}},"strData":"{expected}"}}\n'
def test_xss_escaping(namespace):
sdep_name = "mymodel"
sdep_path = to_resources_path("graph-echo.json")
retry_run(f"kubectl apply -f {sdep_path} -n {namespace}")
wait_for_status(sdep_name, namespace)
wait_for_rollout(sdep_name, namespace)
payload = '<div class="div-class"></div>'
# There is a small difference between the engine and the executor, where
# the engine will escape the `=` symbol as its unicode equivalent, so we
# need to consider both.
expected = '\\u003cdiv class=\\"div-class\\"\\u003e\\u003c/div\\u003e'
res = initial_rest_request(sdep_name, namespace, data=payload, dtype="strData")
# We need to compare raw text (instead of `.json()`). Otherwise, Python
# interprets the escaped sequences.
assert expected in res.text
