def test_startup_time(self, request, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller, ingress_controller_endpoint,
vs_vsr_setup):
"""
Pod startup time with 1 VS and multiple VSRs.
"""
total_vsr = int(request.config.getoption("--batch-resources"))
ic_ns = ingress_controller_prerequisites.namespace
scale_deployment(kube_apis.v1, kube_apis.apps_v1_api, "nginx-ingress",
ic_ns, 0)
while get_pods_amount(kube_apis.v1, ic_ns) is not 0:
print(f"Number of replicas not 0, retrying...")
wait_before_test()
num = scale_deployment(kube_apis.v1, kube_apis.apps_v1_api,
"nginx-ingress", ic_ns, 1)
metrics_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.metrics_port}/metrics"
assert (get_total_vs(metrics_url, "nginx") == "1"
and get_total_vsr(metrics_url, "nginx") == str(total_vsr)
and get_last_reload_status(metrics_url, "nginx") == "1")
assert num is None
def test_ap_ingress_batch_start(
self,
request,
kube_apis,
crd_ingress_controller_with_ap,
ap_ingress_setup,
ingress_controller_prerequisites,
test_namespace,
):
"""
Pod startup time with AP Ingress
"""
print(
"------------- Run test for AP policy: dataguard-alarm --------------"
)
print(
f"Request URL: {ap_ingress_setup.req_url} and Host: {ap_ingress_setup.ingress_host}"
)
ensure_response_from_backend(ap_ingress_setup.req_url,
ap_ingress_setup.ingress_host,
check404=True)
total_ing = int(request.config.getoption("--batch-resources"))
manifest = f"{TEST_DATA}/appprotect/appprotect-ingress.yaml"
for i in range(1, total_ing + 1):
with open(manifest) as f:
doc = yaml.safe_load(f)
doc["metadata"]["name"] = f"appprotect-ingress-{i}"
doc["spec"]["rules"][0]["host"] = f"appprotect-{i}.example.com"
create_ingress(kube_apis.networking_v1, test_namespace, doc)
print(f"Total resources deployed is {total_ing}")
wait_before_test()
ic_ns = ingress_controller_prerequisites.namespace
scale_deployment(kube_apis.v1, kube_apis.apps_v1_api, "nginx-ingress",
ic_ns, 0)
while get_pods_amount(kube_apis.v1, ic_ns) is not 0:
print(f"Number of replicas not 0, retrying...")
wait_before_test()
num = scale_deployment(kube_apis.v1, kube_apis.apps_v1_api,
"nginx-ingress", ic_ns, 1)
assert (get_total_ingresses(ap_ingress_setup.metrics_url, "nginx")
== str(total_ing + 1) and get_last_reload_status(
ap_ingress_setup.metrics_url, "nginx") == "1")
for i in range(1, total_ing + 1):
delete_ingress(kube_apis.networking_v1, f"appprotect-ingress-{i}",
test_namespace)
assert num is None
def test_vs_batch_start(
self,
request,
kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller,
virtual_server_setup,
test_namespace,
):
"""
Pod startup time with simple VS
"""
resp = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code is 200
total_vs = int(request.config.getoption("--batch-resources"))
manifest = f"{TEST_DATA}/virtual-server/standard/virtual-server.yaml"
for i in range(1, total_vs + 1):
with open(manifest) as f:
doc = yaml.safe_load(f)
doc["metadata"]["name"] = f"virtual-server-{i}"
doc["spec"]["host"] = f"virtual-server-{i}.example.com"
kube_apis.custom_objects.create_namespaced_custom_object(
"k8s.nginx.org", "v1", test_namespace, "virtualservers",
doc)
print(
f"VirtualServer created with name '{doc['metadata']['name']}'"
)
print(f"Total resources deployed is {total_vs}")
wait_before_test()
ic_ns = ingress_controller_prerequisites.namespace
scale_deployment(kube_apis.v1, kube_apis.apps_v1_api, "nginx-ingress",
ic_ns, 0)
while get_pods_amount(kube_apis.v1, ic_ns) is not 0:
print(f"Number of replicas not 0, retrying...")
wait_before_test()
num = scale_deployment(kube_apis.v1, kube_apis.apps_v1_api,
"nginx-ingress", ic_ns, 1)
assert (get_total_vs(virtual_server_setup.metrics_url, "nginx")
== str(total_vs + 1) and get_last_reload_status(
virtual_server_setup.metrics_url, "nginx") == "1")
for i in range(1, total_vs + 1):
delete_virtual_server(kube_apis.custom_objects,
f"virtual-server-{i}", test_namespace)
assert num is None
def test_ap_waf_policy_vs_batch_start(
self,
request,
kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller_with_ap,
virtual_server_setup,
appprotect_waf_setup,
test_namespace,
):
"""
Pod startup time with AP WAF Policy
"""
waf_spec_vs_src = f"{TEST_DATA}/ap-waf/virtual-server-waf-spec.yaml"
waf_pol_dataguard_src = f"{TEST_DATA}/ap-waf/policies/waf-dataguard.yaml"
print(f"Create waf policy")
create_ap_waf_policy_from_yaml(
kube_apis.custom_objects,
waf_pol_dataguard_src,
test_namespace,
test_namespace,
True,
False,
ap_pol_name,
log_name,
"syslog:server=127.0.0.1:514",
)
wait_before_test()
print(f"Patch vs with policy: {waf_spec_vs_src}")
patch_virtual_server_from_yaml(
kube_apis.custom_objects,
virtual_server_setup.vs_name,
waf_spec_vs_src,
virtual_server_setup.namespace,
)
wait_before_test(120)
print(
"----------------------- Send request with embedded malicious script----------------------"
)
response1 = requests.get(
virtual_server_setup.backend_1_url + "</script>",
headers={"host": virtual_server_setup.vs_host},
)
print(response1.status_code)
print(
"----------------------- Send request with blocked keyword in UDS----------------------"
)
response2 = requests.get(
virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host},
data="kic",
)
total_vs = int(request.config.getoption("--batch-resources"))
print(response2.status_code)
for i in range(1, total_vs + 1):
with open(waf_spec_vs_src) as f:
doc = yaml.safe_load(f)
doc["metadata"]["name"] = f"virtual-server-{i}"
doc["spec"]["host"] = f"virtual-server-{i}.example.com"
kube_apis.custom_objects.create_namespaced_custom_object(
"k8s.nginx.org", "v1", test_namespace, "virtualservers",
doc)
print(
f"VirtualServer created with name '{doc['metadata']['name']}'"
)
print(f"Total resources deployed is {total_vs}")
wait_before_test()
ic_ns = ingress_controller_prerequisites.namespace
scale_deployment(kube_apis.v1, kube_apis.apps_v1_api, "nginx-ingress",
ic_ns, 0)
while get_pods_amount(kube_apis.v1, ic_ns) is not 0:
print(f"Number of replicas not 0, retrying...")
wait_before_test()
num = scale_deployment(kube_apis.v1, kube_apis.apps_v1_api,
"nginx-ingress", ic_ns, 1)
assert (get_total_vs(virtual_server_setup.metrics_url, "nginx")
== str(total_vs + 1) and get_last_reload_status(
virtual_server_setup.metrics_url, "nginx") == "1")
for i in range(1, total_vs + 1):
delete_virtual_server(kube_apis.custom_objects,
f"virtual-server-{i}", test_namespace)
delete_policy(kube_apis.custom_objects, "waf-policy", test_namespace)
assert num is None