def ingress_setup(request, kube_apis, ingress_controller_endpoint,
test_namespace) -> IngressSetup:
print(
"------------------------- Deploy Ingress Example -----------------------------------"
)
secret_name = create_secret_from_yaml(
kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml")
create_items_from_yaml(kube_apis,
f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml",
test_namespace)
ingress_host = get_first_ingress_host_from_yaml(
f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml")
create_example_app(kube_apis, "simple", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl,
)
req_url = f"https://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port_ssl}/backend1"
def fin():
print("Clean up simple app")
delete_common_app(kube_apis, "simple", test_namespace)
delete_items_from_yaml(
kube_apis, f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml",
test_namespace)
delete_secret(kube_apis.v1, secret_name, test_namespace)
request.addfinalizer(fin)
return IngressSetup(req_url, ingress_host)
def smoke_setup(request, kube_apis, ingress_controller_endpoint,
ingress_controller, test_namespace) -> SmokeSetup:
print(
"------------------------- Deploy Smoke Example -----------------------------------"
)
secret_name = create_secret_from_yaml(
kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml")
create_items_from_yaml(
kube_apis, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml",
test_namespace)
ingress_host = get_first_ingress_host_from_yaml(
f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml")
common_app = create_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1,
test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
def fin():
print("Clean up the Smoke Application:")
delete_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1,
common_app, test_namespace)
delete_items_from_yaml(
kube_apis, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml",
test_namespace)
delete_secret(kube_apis.v1, secret_name, test_namespace)
request.addfinalizer(fin)
return SmokeSetup(ingress_controller_endpoint, ingress_host)
def jwt_secrets_setup(request, kube_apis, ingress_controller_endpoint,
ingress_controller, test_namespace) -> JWTSecretsSetup:
with open(f"{TEST_DATA}/jwt-secrets/tokens/jwt-secrets-token.jwt",
"r") as token_file:
token = token_file.read().replace('\n', '')
print(
"------------------------- Deploy JWT Secrets Example -----------------------------------"
)
create_items_from_yaml(
kube_apis,
f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml",
test_namespace)
ingress_host = get_first_ingress_host_from_yaml(
f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml")
create_example_app(kube_apis, "simple", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
def fin():
print("Clean up the JWT Secrets Application:")
delete_common_app(kube_apis, "simple", test_namespace)
delete_items_from_yaml(
kube_apis,
f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return JWTSecretsSetup(ingress_controller_endpoint, ingress_host, token)
def wildcard_tls_secret_setup(request, kube_apis, ingress_controller_endpoint,
test_namespace) -> WildcardTLSSecretSetup:
ing_type = request.param
print(
"------------------------- Deploy Wildcard-Tls-Secret-Example -----------------------------------"
)
create_items_from_yaml(
kube_apis,
f"{TEST_DATA}/wildcard-tls-secret/{ing_type}/wildcard-secret-ingress.yaml",
test_namespace)
host = get_first_ingress_host_from_yaml(
f"{TEST_DATA}/wildcard-tls-secret/{ing_type}/wildcard-secret-ingress.yaml"
)
common_app = create_example_app(kube_apis, "simple", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
def fin():
print("Clean up Wildcard-Tls-Secret-Example:")
delete_items_from_yaml(
kube_apis,
f"{TEST_DATA}/wildcard-tls-secret/{ing_type}/wildcard-secret-ingress.yaml",
test_namespace)
delete_common_app(kube_apis.v1, kube_apis.apps_v1_api, common_app,
test_namespace)
request.addfinalizer(fin)
return WildcardTLSSecretSetup(ingress_controller_endpoint, test_namespace,
host)
def v_s_route_secure_app_setup(request, kube_apis, v_s_route_setup) -> None:
"""
Prepare a secure example app for Virtual Server Route.
1st namespace with backend1-svc and backend3-svc and deployment
and 2nd namespace with https backend2-svc and deployment.
:param request: internal pytest fixture
:param kube_apis: client apis
:param v_s_route_setup:
:return:
"""
print("---------------------- Deploy a VS Route Example Application ----------------------------")
create_items_from_yaml(kube_apis,
f"{TEST_DATA}/common/app/vsr/secure/multiple.yaml", v_s_route_setup.route_m.namespace)
create_items_from_yaml(kube_apis,
f"{TEST_DATA}/common/app/vsr/secure/single.yaml", v_s_route_setup.route_s.namespace)
wait_until_all_pods_are_ready(kube_apis.v1, v_s_route_setup.route_m.namespace)
wait_until_all_pods_are_ready(kube_apis.v1, v_s_route_setup.route_s.namespace)
def fin():
print("Clean up the Application:")
delete_items_from_yaml(kube_apis,
f"{TEST_DATA}/common/app/vsr/secure/multiple.yaml",
v_s_route_setup.route_m.namespace)
delete_items_from_yaml(kube_apis,
f"{TEST_DATA}/common/app/vsr/secure/single.yaml",
v_s_route_setup.route_s.namespace)
request.addfinalizer(fin)
def smoke_setup(request, kube_apis, ingress_controller_endpoint,
ingress_controller, test_namespace) -> SmokeSetup:
print(
"------------------------- Deploy Smoke Example -----------------------------------"
)
secret_name = create_secret_from_yaml(
kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml")
create_items_from_yaml(
kube_apis, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml",
test_namespace)
ingress_host = get_first_ingress_host_from_yaml(
f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml")
create_example_app(kube_apis, "simple", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl,
)
def fin():
print("Clean up the Smoke Application:")
delete_common_app(kube_apis, "simple", test_namespace)
delete_items_from_yaml(
kube_apis, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml",
test_namespace)
delete_secret(kube_apis.v1, secret_name, test_namespace)
write_to_json(f"reload-{get_test_file_name(request.node.fspath)}.json",
reload_times)
request.addfinalizer(fin)
return SmokeSetup(ingress_controller_endpoint, ingress_host)
def enable_exporter_port(cli_arguments, kube_apis,
ingress_controller_prerequisites,
ingress_controller) -> None:
"""
Set containerPort for Prometheus Exporter.
:param cli_arguments: context
:param kube_apis: client apis
:param ingress_controller_prerequisites
:param ingress_controller: IC name
:return:
"""
namespace = ingress_controller_prerequisites.namespace
port = V1ContainerPort(9113, None, None, "prometheus", "TCP")
print(
"------------------------- Enable 9113 port in IC -----------------------------------"
)
body = kube_apis.apps_v1_api.read_namespaced_deployment(
ingress_controller, namespace)
body.spec.template.spec.containers[0].ports.append(port)
if cli_arguments["deployment-type"] == "deployment":
kube_apis.apps_v1_api.patch_namespaced_deployment(
ingress_controller, namespace, body)
else:
kube_apis.apps_v1_api.patch_namespaced_daemon_set(
ingress_controller, namespace, body)
wait_until_all_pods_are_ready(kube_apis.v1, namespace)
def hsts_setup(request, kube_apis, ingress_controller_prerequisites,
ingress_controller_endpoint, ingress_controller,
test_namespace) -> HSTSSetup:
print(
"------------------------- Deploy HSTS-Example -----------------------------------"
)
create_items_from_yaml(
kube_apis, f"{TEST_DATA}/hsts/{request.param}/hsts-ingress.yaml",
test_namespace)
ingress_name = get_name_from_yaml(
f"{TEST_DATA}/hsts/{request.param}/hsts-ingress.yaml")
ingress_host = get_first_ingress_host_from_yaml(
f"{TEST_DATA}/hsts/{request.param}/hsts-ingress.yaml")
create_example_app(kube_apis, "simple", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
req_https_url = f"https://{ingress_controller_endpoint.public_ip}:" \
f"{ingress_controller_endpoint.port_ssl}/backend1"
ensure_response_from_backend(req_https_url, ingress_host)
def fin():
print("Clean up HSTS Example:")
delete_common_app(kube_apis, "simple", test_namespace)
delete_items_from_yaml(
kube_apis, f"{TEST_DATA}/hsts/{request.param}/hsts-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return HSTSSetup(ingress_controller_endpoint,
f"{TEST_DATA}/hsts/{request.param}/hsts-ingress.yaml",
ingress_name, ingress_host, test_namespace)
def jwt_auth_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> JWTAuthMergeableSetup:
tokens = {"master": get_token_from_file("master"), "minion": get_token_from_file("minion")}
master_secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace,
f"{TEST_DATA}/jwt-auth-mergeable/jwt-master-secret.yaml")
minion_secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace,
f"{TEST_DATA}/jwt-auth-mergeable/jwt-minion-secret.yaml")
print("------------------------- Deploy JWT Auth Mergeable Minions Example -----------------------------------")
create_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml", test_namespace)
ingress_host = get_ingress_host_from_yaml(f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml")
common_app = create_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
wait_before_test(2)
def fin():
print("Delete Master Secret:")
if is_secret_present(kube_apis.v1, master_secret_name, test_namespace):
delete_secret(kube_apis.v1, master_secret_name, test_namespace)
print("Delete Minion Secret:")
if is_secret_present(kube_apis.v1, minion_secret_name, test_namespace):
delete_secret(kube_apis.v1, minion_secret_name, test_namespace)
print("Clean up the JWT Auth Mergeable Minions Application:")
delete_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, common_app, test_namespace)
delete_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return JWTAuthMergeableSetup(ingress_controller_endpoint, ingress_host, master_secret_name, minion_secret_name, tokens)
def backend_setup(request, kube_apis, ingress_controller_endpoint, test_namespace) -> BackendSetup:
"""
Deploy simple application and all the Ingress resources under test in one namespace.
:param request: pytest fixture
:param kube_apis: client apis
:param ingress_controller_endpoint: public endpoint
:param test_namespace:
:return: BackendSetup
"""
print("------------------------- Deploy the backend -----------------------------------")
create_example_app(kube_apis, "simple", test_namespace)
req_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port}/backend1"
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
print("------------------------- Deploy ingresses under test -----------------------------------")
ingress_hosts = {}
for item in ingresses_under_test:
src_ing_yaml = f"{TEST_DATA}/ingress-class/{item}-ingress.yaml"
create_items_from_yaml(kube_apis, src_ing_yaml, test_namespace)
ingress_hosts[item] = get_first_ingress_host_from_yaml(src_ing_yaml)
wait_before_test(2)
def fin():
print("Clean up:")
delete_common_app(kube_apis, "simple", test_namespace)
for item in ingresses_under_test:
src_ing_yaml = f"{TEST_DATA}/ingress-class/{item}-ingress.yaml"
delete_items_from_yaml(kube_apis, src_ing_yaml, test_namespace)
request.addfinalizer(fin)
return BackendSetup(req_url, ingress_hosts)
def vsr_regexp_setup(request, kube_apis,
ingress_controller_prerequisites, ingress_controller_endpoint, test_namespace) -> VSRRegexpSetup:
"""
Prepare an example app for advanced routing VSR.
Single namespace with VS+VSR and simple app.
:param request: internal pytest fixture
:param kube_apis: client apis
:param ingress_controller_endpoint:
:param ingress_controller_prerequisites:
:param test_namespace:
:return:
"""
print("------------------------- Deploy Virtual Server -----------------------------------")
vs_src_yaml = f"{TEST_DATA}/{request.param['example']}/additional-case/virtual-server-exact-over-all.yaml"
vs_name = create_virtual_server_from_yaml(kube_apis.custom_objects, vs_src_yaml, test_namespace)
vs_host = get_first_host_from_yaml(vs_src_yaml)
print("------------------------- Deploy VSRs -----------------------------------")
for item in ['prefix', 'exact', 'regexp']:
create_v_s_route_from_yaml(kube_apis.custom_objects,
f"{TEST_DATA}/{request.param['example']}/additional-case/route-{item}.yaml",
test_namespace)
print("---------------------- Deploy simple app ----------------------------")
create_example_app(kube_apis, "extended", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
return VSRRegexpSetup(test_namespace, vs_host, vs_name)
def auth_basic_secrets_setup(request, kube_apis, ingress_controller_endpoint,
ingress_controller,
test_namespace) -> AuthBasicSecretsSetup:
with open(f"{TEST_DATA}/auth-basic-secrets/credentials/credentials.txt",
"r") as credentials_file:
credentials = credentials_file.read().replace('\n', '')
print(
"------------------------- Deploy Auth Basic Secrets Example -----------------------------------"
)
create_items_from_yaml(
kube_apis,
f"{TEST_DATA}/auth-basic-secrets/{request.param}/auth-basic-secrets-ingress.yaml",
test_namespace)
ingress_host = get_first_ingress_host_from_yaml(
f"{TEST_DATA}/auth-basic-secrets/{request.param}/auth-basic-secrets-ingress.yaml"
)
create_example_app(kube_apis, "simple", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
def fin():
print("Clean up the Auth Basic Secrets Application:")
delete_common_app(kube_apis, "simple", test_namespace)
delete_items_from_yaml(
kube_apis,
f"{TEST_DATA}/auth-basic-secrets/{request.param}/auth-basic-secrets-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return AuthBasicSecretsSetup(ingress_controller_endpoint, ingress_host,
credentials)
def jwt_auth_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> JWTAuthMergeableSetup:
tokens = {"master": get_token_from_file("master"), "minion": get_token_from_file("minion")}
master_secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace,
f"{TEST_DATA}/jwt-auth-mergeable/jwt-master-secret.yaml")
minion_secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace,
f"{TEST_DATA}/jwt-auth-mergeable/jwt-minion-secret.yaml")
print("------------------------- Deploy JWT Auth Mergeable Minions Example -----------------------------------")
create_items_from_yaml(kube_apis, f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml", test_namespace)
ingress_host = get_first_ingress_host_from_yaml(f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml")
create_example_app(kube_apis, "simple", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
wait_before_test(2)
def fin():
print("Delete Master Secret:")
if is_secret_present(kube_apis.v1, master_secret_name, test_namespace):
delete_secret(kube_apis.v1, master_secret_name, test_namespace)
print("Delete Minion Secret:")
if is_secret_present(kube_apis.v1, minion_secret_name, test_namespace):
delete_secret(kube_apis.v1, minion_secret_name, test_namespace)
print("Clean up the JWT Auth Mergeable Minions Application:")
delete_common_app(kube_apis, "simple", test_namespace)
delete_items_from_yaml(kube_apis, f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return JWTAuthMergeableSetup(ingress_controller_endpoint, ingress_host, master_secret_name, minion_secret_name, tokens)
def virtual_server_setup(request, kube_apis, crd_ingress_controller, ingress_controller_endpoint,
test_namespace) -> VirtualServerSetup:
"""
Prepare Virtual Server Example.
:param request: internal pytest fixture to parametrize this method:
{example: virtual-server|virtual-server-tls|..., app_type: simple|split|...}
'example' is a directory name in TEST_DATA,
'app_type' is a directory name in TEST_DATA/common/app
:param kube_apis: client apis
:param crd_ingress_controller:
:param ingress_controller_endpoint:
:param test_namespace:
:return: VirtualServerSetup
"""
print("------------------------- Deploy Virtual Server Example -----------------------------------")
vs_source = f"{TEST_DATA}/{request.param['example']}/standard/virtual-server.yaml"
vs_name = create_virtual_server_from_yaml(kube_apis.custom_objects,
vs_source,
test_namespace)
vs_host = get_first_vs_host_from_yaml(vs_source)
vs_paths = get_paths_from_vs_yaml(vs_source)
if request.param['app_type']:
create_example_app(kube_apis, request.param['app_type'], test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
def fin():
print("Clean up Virtual Server Example:")
delete_virtual_server(kube_apis.custom_objects, vs_name, test_namespace)
if request.param['app_type']:
delete_common_app(kube_apis, request.param['app_type'], test_namespace)
request.addfinalizer(fin)
return VirtualServerSetup(ingress_controller_endpoint, test_namespace, vs_host, vs_name, vs_paths)
def hello_app(request, kube_apis, test_namespace):
create_items_from_yaml(kube_apis, hello_app_yaml, test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
def fin():
delete_items_from_yaml(kube_apis, hello_app_yaml, test_namespace)
request.addfinalizer(fin)
def example_app_setup(request, kube_apis, v_s_route_setup) -> None:
"""
Prepare an example app.
1st namespace with backend1-svc and backend3-svc and deployment and 2nd namespace with backend2-svc and deployment.
:param request: internal pytest fixture
:param kube_apis: client apis
:param v_s_route_setup:
:return:
"""
print(
"---------------------- Deploy a VS Route Example Application ----------------------------"
)
svc_one = create_service_with_name(kube_apis.v1,
v_s_route_setup.route_m.namespace,
"backend1-svc")
svc_three = create_service_with_name(kube_apis.v1,
v_s_route_setup.route_m.namespace,
"backend3-svc")
deployment_one = create_deployment_with_name(
kube_apis.extensions_v1_beta1, v_s_route_setup.route_m.namespace,
"backend1")
deployment_three = create_deployment_with_name(
kube_apis.extensions_v1_beta1, v_s_route_setup.route_m.namespace,
"backend3")
svc_two = create_service_with_name(kube_apis.v1,
v_s_route_setup.route_s.namespace,
"backend2-svc")
deployment_two = create_deployment_with_name(
kube_apis.extensions_v1_beta1, v_s_route_setup.route_s.namespace,
"backend2")
wait_until_all_pods_are_ready(kube_apis.v1,
v_s_route_setup.route_m.namespace)
wait_until_all_pods_are_ready(kube_apis.v1,
v_s_route_setup.route_s.namespace)
# wait_before_test(2)
def fin():
print("Clean up the Application:")
delete_deployment(kube_apis.extensions_v1_beta1, deployment_one,
v_s_route_setup.route_m.namespace)
delete_service(kube_apis.v1, svc_one,
v_s_route_setup.route_m.namespace)
delete_deployment(kube_apis.extensions_v1_beta1, deployment_three,
v_s_route_setup.route_m.namespace)
delete_service(kube_apis.v1, svc_three,
v_s_route_setup.route_m.namespace)
delete_deployment(kube_apis.extensions_v1_beta1, deployment_two,
v_s_route_setup.route_s.namespace)
delete_service(kube_apis.v1, svc_two,
v_s_route_setup.route_s.namespace)
request.addfinalizer(fin)
def ap_ingress_setup(
request, kube_apis, ingress_controller_endpoint, test_namespace
) -> IngressSetup:
"""
Deploy a simple application and AppProtect manifests.
:param request: pytest fixture
:param kube_apis: client apis
:param ingress_controller_endpoint: public endpoint
:param test_namespace:
:return: BackendSetup
"""
print("------------------------- Deploy backend application -------------------------")
create_example_app(kube_apis, "simple", test_namespace)
req_url = f"https://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port_ssl}/backend1"
metrics_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.metrics_port}/metrics"
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl,
)
print("------------------------- Deploy Secret -----------------------------")
src_sec_yaml = f"{TEST_DATA}/appprotect/appprotect-secret.yaml"
create_items_from_yaml(kube_apis, src_sec_yaml, test_namespace)
print("------------------------- Deploy logconf -----------------------------")
src_log_yaml = f"{TEST_DATA}/appprotect/logconf.yaml"
log_name = create_ap_logconf_from_yaml(kube_apis.custom_objects, src_log_yaml, test_namespace)
print(f"------------------------- Deploy appolicy: ---------------------------")
src_pol_yaml = f"{TEST_DATA}/appprotect/dataguard-alarm.yaml"
pol_name = create_ap_policy_from_yaml(kube_apis.custom_objects, src_pol_yaml, test_namespace)
print("------------------------- Deploy ingress -----------------------------")
ingress_host = {}
src_ing_yaml = f"{TEST_DATA}/appprotect/appprotect-ingress.yaml"
create_ingress_with_ap_annotations(
kube_apis, src_ing_yaml, test_namespace, "dataguard-alarm", "True", "True", "127.0.0.1:514"
)
ingress_host = get_first_ingress_host_from_yaml(src_ing_yaml)
wait_before_test()
def fin():
print("Clean up:")
src_ing_yaml = f"{TEST_DATA}/appprotect/appprotect-ingress.yaml"
delete_items_from_yaml(kube_apis, src_ing_yaml, test_namespace)
delete_ap_policy(kube_apis.custom_objects, pol_name, test_namespace)
delete_ap_logconf(kube_apis.custom_objects, log_name, test_namespace)
delete_common_app(kube_apis, "simple", test_namespace)
src_sec_yaml = f"{TEST_DATA}/appprotect/appprotect-secret.yaml"
delete_items_from_yaml(kube_apis, src_sec_yaml, test_namespace)
request.addfinalizer(fin)
return IngressSetup(req_url, metrics_url, ingress_host)
def appprotect_setup(request, kube_apis, ingress_controller_endpoint,
test_namespace) -> AppProtectSetup:
"""
Deploy simple application and all the AppProtect(dataguard-alarm) resources under test in one namespace.
:param request: pytest fixture
:param kube_apis: client apis
:param ingress_controller_endpoint: public endpoint
:param test_namespace:
:return: BackendSetup
"""
print(
"------------------------- Deploy simple backend application -------------------------"
)
create_example_app(kube_apis, "simple", test_namespace)
req_url = f"https://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port_ssl}/backend1"
metrics_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.metrics_port}/metrics"
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl,
)
print(
"------------------------- Deploy Secret -----------------------------"
)
src_sec_yaml = f"{TEST_DATA}/appprotect/appprotect-secret.yaml"
create_items_from_yaml(kube_apis, src_sec_yaml, test_namespace)
print(
"------------------------- Deploy logconf -----------------------------"
)
src_log_yaml = f"{TEST_DATA}/appprotect/logconf.yaml"
log_name = create_ap_logconf_from_yaml(kube_apis.custom_objects,
src_log_yaml, test_namespace)
print(
f"------------------------- Deploy dataguard-alarm appolicy ---------------------------"
)
src_pol_yaml = f"{TEST_DATA}/appprotect/{ap_policy}.yaml"
pol_name = create_ap_policy_from_yaml(kube_apis.custom_objects,
src_pol_yaml, test_namespace)
def fin():
print("Clean up:")
delete_ap_policy(kube_apis.custom_objects, pol_name, test_namespace)
delete_ap_logconf(kube_apis.custom_objects, log_name, test_namespace)
delete_common_app(kube_apis, "simple", test_namespace)
src_sec_yaml = f"{TEST_DATA}/appprotect/appprotect-secret.yaml"
delete_items_from_yaml(kube_apis, src_sec_yaml, test_namespace)
write_to_json(f"reload-{get_test_file_name(request.node.fspath)}.json",
reload_times)
request.addfinalizer(fin)
return AppProtectSetup(req_url, metrics_url)
def transport_server_setup(
request, kube_apis, ingress_controller_prerequisites, test_namespace,
ingress_controller_endpoint) -> TransportServerSetup:
"""
Prepare Transport Server Example.
:param ingress_controller_endpoint:
:param ingress_controller_prerequisites:
:param request: internal pytest fixture to parametrize this method
:param kube_apis: client apis
:param test_namespace:
:return: TransportServerSetup
"""
print(
"------------------------- Deploy Transport Server Example -----------------------------------"
)
# deploy global config
global_config_file = (
f"{TEST_DATA}/{request.param['example']}/standard/global-configuration.yaml"
)
gc_resource = create_gc_from_yaml(kube_apis.custom_objects,
global_config_file, "nginx-ingress")
# deploy service_file
service_file = f"{TEST_DATA}/{request.param['example']}/standard/service_deployment.yaml"
create_items_from_yaml(kube_apis, service_file, test_namespace)
# deploy transport server
transport_server_file = f"{TEST_DATA}/{request.param['example']}/standard/transport-server.yaml"
ts_resource = create_ts_from_yaml(kube_apis.custom_objects,
transport_server_file, test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
def fin():
print("Clean up TransportServer Example:")
delete_ts(kube_apis.custom_objects, ts_resource, test_namespace)
delete_items_from_yaml(kube_apis, service_file, test_namespace)
delete_gc(kube_apis.custom_objects, gc_resource, "nginx-ingress")
request.addfinalizer(fin)
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
ic_namespace = ingress_controller_prerequisites.namespace
return TransportServerSetup(
ts_resource['metadata']['name'],
test_namespace,
ic_pod_name,
ic_namespace,
ingress_controller_endpoint,
ts_resource,
)
def vsr_adv_routing_setup(
request, kube_apis, ingress_controller_prerequisites,
ingress_controller_endpoint) -> VSRAdvancedRoutingSetup:
"""
Prepare an example app for advanced routing VSR.
Single namespace with VS+VSR and advanced-routing app.
:param request: internal pytest fixture
:param kube_apis: client apis
:param ingress_controller_endpoint:
:param ingress_controller_prerequisites:
:return:
"""
vs_routes_ns = get_route_namespace_from_vs_yaml(
f"{TEST_DATA}/{request.param['example']}/standard/virtual-server.yaml")
ns_1 = create_namespace_with_name_from_yaml(kube_apis.v1, vs_routes_ns[0],
f"{TEST_DATA}/common/ns.yaml")
print(
"------------------------- Deploy Virtual Server -----------------------------------"
)
vs_name = create_virtual_server_from_yaml(
kube_apis.custom_objects,
f"{TEST_DATA}/{request.param['example']}/standard/virtual-server.yaml",
ns_1)
vs_host = get_first_vs_host_from_yaml(
f"{TEST_DATA}/{request.param['example']}/standard/virtual-server.yaml")
print(
"------------------------- Deploy Virtual Server Route -----------------------------------"
)
vsr_name = create_v_s_route_from_yaml(
kube_apis.custom_objects,
f"{TEST_DATA}/{request.param['example']}/virtual-server-route-header.yaml",
ns_1)
vsr_paths = get_paths_from_vsr_yaml(
f"{TEST_DATA}/{request.param['example']}/virtual-server-route-header.yaml"
)
route = VirtualServerRoute(ns_1, vsr_name, vsr_paths)
backends_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port}{vsr_paths[0]}"
print(
"---------------------- Deploy advanced-routing app ----------------------------"
)
create_example_app(kube_apis, "advanced-routing", ns_1)
wait_until_all_pods_are_ready(kube_apis.v1, ns_1)
def fin():
print("Delete test namespace")
delete_namespace(kube_apis.v1, ns_1)
request.addfinalizer(fin)
return VSRAdvancedRoutingSetup(ns_1, vs_host, vs_name, route, backends_url)
def enable_prometheus_port(
cli_arguments, kube_apis, ingress_controller_prerequisites, crd_ingress_controller_with_ap
) -> None:
namespace = ingress_controller_prerequisites.namespace
port = V1ContainerPort(9113, None, None, "prometheus", "TCP")
print("------------------------- Enable 9113 port in IC ----------------------------")
body = kube_apis.apps_v1_api.read_namespaced_deployment("nginx-ingress", namespace)
body.spec.template.spec.containers[0].ports.append(port)
kube_apis.apps_v1_api.patch_namespaced_deployment("nginx-ingress", namespace, body)
wait_until_all_pods_are_ready(kube_apis.v1, namespace)
def backend_setup(request, kube_apis, ingress_controller_prerequisites,
test_namespace):
"""
Replace the ConfigMap and deploy the secret.
:param request: pytest fixture
:param kube_apis: client apis
:param test_namespace:
"""
app_name = request.param.get("app_type")
try:
print(
"------------------------- Replace ConfigMap with HTTP2 -------------------------"
)
cm_source = f"{TEST_DATA}/virtual-server-grpc/nginx-config.yaml"
replace_configmap_from_yaml(
kube_apis.v1,
ingress_controller_prerequisites.config_map['metadata']['name'],
ingress_controller_prerequisites.namespace, cm_source)
print(
"------------------------- Deploy Secret -----------------------------"
)
src_sec_yaml = f"{TEST_DATA}/virtual-server-grpc/tls-secret.yaml"
create_secret_from_yaml(kube_apis.v1, test_namespace, src_sec_yaml)
print(
"------------------------- Deploy App -----------------------------"
)
app_name = request.param.get("app_type")
create_example_app(kube_apis, app_name, test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
except Exception as ex:
print("Failed to complete setup, cleaning up..")
delete_items_from_yaml(kube_apis, src_sec_yaml, test_namespace)
replace_configmap_from_yaml(
kube_apis.v1,
ingress_controller_prerequisites.config_map['metadata']['name'],
ingress_controller_prerequisites.namespace,
f"{DEPLOYMENTS}/common/nginx-config.yaml")
delete_common_app(kube_apis, app_name, test_namespace)
pytest.fail(f"VS GRPC setup failed")
def fin():
print("Clean up:")
delete_items_from_yaml(kube_apis, src_sec_yaml, test_namespace)
replace_configmap_from_yaml(
kube_apis.v1,
ingress_controller_prerequisites.config_map['metadata']['name'],
ingress_controller_prerequisites.namespace,
f"{DEPLOYMENTS}/common/nginx-config.yaml")
delete_common_app(kube_apis, app_name, test_namespace)
request.addfinalizer(fin)
def annotations_setup(request, kube_apis, ingress_controller_prerequisites,
ingress_controller_endpoint, ingress_controller,
test_namespace) -> AnnotationsSetup:
print(
"------------------------- Deploy Annotations-Example -----------------------------------"
)
create_items_from_yaml(
kube_apis,
f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml",
test_namespace)
ingress_name = get_names_from_yaml(
f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml")[0]
ingress_host = get_first_ingress_host_from_yaml(
f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml")
common_app = create_example_app(kube_apis, "simple", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
if request.param == 'mergeable':
event_text = f"Configuration for {test_namespace}/{ingress_name}(Master) was added or updated"
error_text = f"{event_text} but was not applied: Error reloading NGINX"
else:
event_text = f"Configuration for {test_namespace}/{ingress_name} was added or updated"
error_text = f"{event_text}, but not applied: Error reloading NGINX"
def fin():
print("Clean up Annotations Example:")
replace_configmap_from_yaml(
kube_apis.v1,
ingress_controller_prerequisites.config_map['metadata']['name'],
ingress_controller_prerequisites.namespace,
f"{DEPLOYMENTS}/common/nginx-config.yaml")
delete_common_app(kube_apis.v1, kube_apis.apps_v1_api, common_app,
test_namespace)
delete_items_from_yaml(
kube_apis,
f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return AnnotationsSetup(
ingress_controller_endpoint,
f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml",
ingress_name, ingress_host, ic_pod_name, test_namespace, event_text,
error_text)
def annotations_setup(request,
kube_apis,
ingress_controller_prerequisites,
ingress_controller_endpoint, ingress_controller, test_namespace) -> AnnotationsSetup:
print("------------------------- Deploy Annotations-Example -----------------------------------")
create_items_from_yaml(kube_apis,
f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml",
test_namespace)
ingress_name = get_name_from_yaml(f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml")
ingress_host = get_first_ingress_host_from_yaml(f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml")
if request.param == 'mergeable':
minions_info = get_minions_info_from_yaml(f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml")
else:
minions_info = None
create_example_app(kube_apis, "simple", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
upstream_names = []
if request.param == 'mergeable':
event_text = f"Configuration for {test_namespace}/{ingress_name} was added or updated"
error_text = f"{test_namespace}/{ingress_name} was rejected: with error"
for minion in minions_info:
upstream_names.append(f"{test_namespace}-{minion['name']}-{ingress_host}-{minion['svc_name']}-80")
else:
event_text = f"Configuration for {test_namespace}/{ingress_name} was added or updated"
error_text = f"{test_namespace}/{ingress_name} was rejected: with error"
upstream_names.append(f"{test_namespace}-{ingress_name}-{ingress_host}-backend1-svc-80")
upstream_names.append(f"{test_namespace}-{ingress_name}-{ingress_host}-backend2-svc-80")
def fin():
print("Clean up Annotations Example:")
replace_configmap_from_yaml(kube_apis.v1,
ingress_controller_prerequisites.config_map['metadata']['name'],
ingress_controller_prerequisites.namespace,
f"{DEPLOYMENTS}/common/nginx-config.yaml")
delete_common_app(kube_apis, "simple", test_namespace)
delete_items_from_yaml(kube_apis,
f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return AnnotationsSetup(ingress_controller_endpoint,
f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml",
ingress_name, ingress_host, ic_pod_name, test_namespace, event_text, error_text,
upstream_names)
def simple_ingress_setup(
request,
kube_apis,
ingress_controller_endpoint,
test_namespace,
ingress_controller,
) -> IngressSetup:
"""
Deploy simple application and all the Ingress resources under test in one namespace.
:param request: pytest fixture
:param kube_apis: client apis
:param ingress_controller_endpoint: public endpoint
:param test_namespace:
:return: BackendSetup
"""
req_url = f"https://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port_ssl}/backend1"
metrics_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.metrics_port}/metrics"
secret_name = create_secret_from_yaml(
kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml"
)
create_example_app(kube_apis, "simple", test_namespace)
create_items_from_yaml(
kube_apis, f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml", test_namespace
)
ingress_host = get_first_ingress_host_from_yaml(
f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml"
)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl,
)
def fin():
print("Clean up the Application:")
delete_common_app(kube_apis, "simple", test_namespace)
delete_secret(kube_apis.v1, secret_name, test_namespace)
delete_items_from_yaml(
kube_apis, f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml", test_namespace
)
request.addfinalizer(fin)
return IngressSetup(req_url, metrics_url, ingress_host)
def wildcard_tls_secret_setup(request, kube_apis, ingress_controller_endpoint, test_namespace) -> WildcardTLSSecretSetup:
ing_type = request.param
print("------------------------- Deploy Wildcard-Tls-Secret-Example -----------------------------------")
create_items_from_yaml(kube_apis.extensions_v1_beta1,
f"{TEST_DATA}/wildcard-tls-secret/{ing_type}/wildcard-secret-ingress.yaml", test_namespace)
host = get_ingress_host_from_yaml(f"{TEST_DATA}/wildcard-tls-secret/{ing_type}/wildcard-secret-ingress.yaml")
common_app = create_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
def fin():
print("Clean up Wildcard-Tls-Secret-Example:")
delete_items_from_yaml(kube_apis.extensions_v1_beta1,
f"{TEST_DATA}/wildcard-tls-secret/{ing_type}/wildcard-secret-ingress.yaml",
test_namespace)
delete_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, common_app, test_namespace)
request.addfinalizer(fin)
return WildcardTLSSecretSetup(ingress_controller_endpoint, test_namespace, host)
def transport_server_setup(request, kube_apis,
test_namespace) -> TransportServerSetup:
"""
Prepare Transport Server Example.
:param request: internal pytest fixture to parametrize this method
:param kube_apis: client apis
:param test_namespace:
:return: TransportServerSetup
"""
print(
"------------------------- Deploy Transport Server Example -----------------------------------"
)
# deploy global config
global_config_file = (
f"{TEST_DATA}/{request.param['example']}/standard/global-configuration.yaml"
)
gc_resource = create_gc_from_yaml(kube_apis.custom_objects,
global_config_file, "nginx-ingress")
# deploy dns
dns_file = f"{TEST_DATA}/{request.param['example']}/standard/dns.yaml"
create_items_from_yaml(kube_apis, dns_file, test_namespace)
# deploy transport server
transport_server_file = f"{TEST_DATA}/{request.param['example']}/standard/transport-server.yaml"
ts_resource = create_ts_from_yaml(kube_apis.custom_objects,
transport_server_file, test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
def fin():
print("Clean up TransportServer Example:")
delete_ts(kube_apis.custom_objects, ts_resource, test_namespace)
delete_items_from_yaml(kube_apis, dns_file, test_namespace)
delete_gc(kube_apis.custom_objects, gc_resource, "nginx-ingress")
request.addfinalizer(fin)
return TransportServerSetup(ts_resource["metadata"]["name"],
test_namespace)
def jwt_secrets_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> JWTSecretsSetup:
with open(f"{TEST_DATA}/jwt-secrets/tokens/jwt-secrets-token.jwt", "r") as token_file:
token = token_file.read().replace('\n', '')
print("------------------------- Deploy JWT Secrets Example -----------------------------------")
create_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml", test_namespace)
ingress_host = get_ingress_host_from_yaml(f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml")
common_app = create_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
def fin():
print("Clean up the JWT Secrets Application:")
delete_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, common_app, test_namespace)
delete_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return JWTSecretsSetup(ingress_controller_endpoint, ingress_host, token)
def smoke_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> SmokeSetup:
print("------------------------- Deploy Smoke Example -----------------------------------")
secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml")
create_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml", test_namespace)
ingress_host = get_ingress_host_from_yaml(f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml")
common_app = create_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
def fin():
print("Clean up the Smoke Application:")
delete_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, common_app, test_namespace)
delete_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml",
test_namespace)
delete_secret(kube_apis.v1, secret_name, test_namespace)
request.addfinalizer(fin)
return SmokeSetup(ingress_controller_endpoint, ingress_host)
def transport_server_tls_passthrough_setup(
request, kube_apis, test_namespace,
ingress_controller_endpoint) -> TransportServerTlsSetup:
"""
Prepare Transport Server Example.
:param request: internal pytest fixture to parametrize this method
:param kube_apis: client apis
:param test_namespace: namespace for test resources
:param ingress_controller_endpoint: ip and port information
:return TransportServerTlsSetup:
"""
print(
"------------------------- Deploy Transport Server with tls passthrough -----------------------------------"
)
# deploy secure_app
secure_app_file = f"{TEST_DATA}/{request.param['example']}/standard/secure-app.yaml"
create_items_from_yaml(kube_apis, secure_app_file, test_namespace)
# deploy transport server
transport_server_std_src = f"{TEST_DATA}/{request.param['example']}/standard/transport-server.yaml"
ts_resource = create_ts_from_yaml(kube_apis.custom_objects,
transport_server_std_src, test_namespace)
ts_host = get_first_host_from_yaml(transport_server_std_src)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
def fin():
print("Clean up TransportServer and app:")
delete_ts(kube_apis.custom_objects, ts_resource, test_namespace)
delete_items_from_yaml(kube_apis, secure_app_file, test_namespace)
request.addfinalizer(fin)
return TransportServerTlsSetup(
ingress_controller_endpoint,
ts_resource,
ts_resource["metadata"]["name"],
test_namespace,
ts_host,
)
def ap_generic_setup(kube_apis, vs_namespace, test_namespace, policy_method,
vs_yaml):
src_pol_yaml = f"{TEST_DATA}/ap-waf-grpc/policies/waf-block-{policy_method}.yaml"
print(
"------------------------- Deploy logconf -----------------------------"
)
global log_name
log_name = create_ap_logconf_from_yaml(kube_apis.custom_objects,
src_log_yaml, test_namespace)
print(
f"------------------------- Deploy AP policy ---------------------------"
)
src_appol_yaml = f"{TEST_DATA}/ap-waf-grpc/grpc-block-{policy_method}.yaml"
global ap_pol_name
ap_pol_name = create_ap_policy_from_yaml(kube_apis.custom_objects,
src_appol_yaml, test_namespace)
print(
"------------------------- Deploy Syslog -----------------------------"
)
create_items_from_yaml(kube_apis, src_syslog_yaml, test_namespace)
wait_before_test(20)
syslog_ep = get_service_endpoint(kube_apis, "syslog-svc", test_namespace)
print("------------------------- Deploy App -----------------------------")
create_example_app(kube_apis, "grpc-vs", vs_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, vs_namespace)
print(
"------------------------- Deploy Secret -----------------------------"
)
create_secret_from_yaml(kube_apis.v1, vs_namespace, src_vs_sec_yaml)
print(
f"------------------------- Deploy policy ---------------------------")
src_pol_name = create_ap_waf_policy_from_yaml(
kube_apis.custom_objects, src_pol_yaml, vs_namespace, test_namespace,
True, True, ap_pol_name, log_name, f"syslog:server={syslog_ep}:514")
print(
"------------------------- Deploy Virtual Server -----------------------------------"
)
vs_name = create_virtual_server_from_yaml(kube_apis.custom_objects,
vs_yaml, vs_namespace)
return (src_pol_name, vs_name)
def send_build_info(self, kube_apis, ingress_controller_prerequisites) -> str:
"""
Helper function to get pod logs
"""
retry = 0
ready = False
pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace
)
wait_until_all_pods_are_ready(kube_apis.v1, ingress_controller_prerequisites.namespace)
while(not ready):
time.sleep(1)
try:
api_response = kube_apis.v1.read_namespaced_pod_log(
name=pod_name,
namespace=ingress_controller_prerequisites.namespace,
limit_bytes=200,
)
logging.info(api_response)
ready = True
except Exception as ex:
if retry < 10:
retry += 1
print(f"Retry# {retry}")
else:
logging.exception(ex)
raise ex
br = io.StringIO(api_response)
_log = br.readline()
try:
_info = _log[_log.find("Version") :].strip()
logging.info(f"Version and GitCommit info: {_info}")
except Exception as e:
logging.exception(f"Tag labels not found")
return _info
def backend_setup(request, kube_apis,
ingress_controller_endpoint) -> BackendSetup:
"""
Create 2 namespaces and deploy simple applications in them.
:param request: pytest fixture
:param kube_apis: client apis
:param ingress_controller_endpoint: public endpoint
:return: BackendSetup
"""
watched_namespace = create_namespace_with_name_from_yaml(
kube_apis.v1, f"watched-ns", f"{TEST_DATA}/common/ns.yaml")
foreign_namespace = create_namespace_with_name_from_yaml(
kube_apis.v1, f"foreign-ns", f"{TEST_DATA}/common/ns.yaml")
ingress_hosts = {}
for ns in [watched_namespace, foreign_namespace]:
print(
f"------------------------- Deploy the backend in {ns} -----------------------------------"
)
create_example_app(kube_apis, "simple", ns)
src_ing_yaml = f"{TEST_DATA}/watch-namespace/{ns}-ingress.yaml"
create_items_from_yaml(kube_apis, src_ing_yaml, ns)
ingress_host = get_first_ingress_host_from_yaml(src_ing_yaml)
ingress_hosts[f"{ns}-ingress"] = ingress_host
req_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port}/backend1"
wait_until_all_pods_are_ready(kube_apis.v1, ns)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
def fin():
print("Clean up:")
delete_namespace(kube_apis.v1, watched_namespace)
delete_namespace(kube_apis.v1, foreign_namespace)
request.addfinalizer(fin)
return BackendSetup(req_url, ingress_hosts)
def backend_setup(request, kube_apis, ingress_controller_endpoint,
ingress_controller_prerequisites,
test_namespace) -> BackendSetup:
"""
Deploy a simple application and AppProtect manifests.
:param request: pytest fixture
:param kube_apis: client apis
:param ingress_controller_endpoint: public endpoint
:param test_namespace:
:return: BackendSetup
"""
try:
print(
"------------------------- Replace ConfigMap with HTTP2 -------------------------"
)
replace_configmap_from_yaml(
kube_apis.v1,
ingress_controller_prerequisites.config_map['metadata']['name'],
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/appprotect/grpc/nginx-config.yaml")
policy = request.param["policy"]
print(
"------------------------- Deploy backend application -------------------------"
)
create_example_app(kube_apis, "grpc", test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
print(
"------------------------- Deploy Secret -----------------------------"
)
src_sec_yaml = f"{TEST_DATA}/appprotect/appprotect-secret.yaml"
create_items_from_yaml(kube_apis, src_sec_yaml, test_namespace)
print(
"------------------------- Deploy logconf -----------------------------"
)
src_log_yaml = f"{TEST_DATA}/appprotect/logconf.yaml"
log_name = create_ap_logconf_from_yaml(kube_apis.custom_objects,
src_log_yaml, test_namespace)
print(
f"------------------------- Deploy appolicy: {policy} ---------------------------"
)
src_pol_yaml = f"{TEST_DATA}/appprotect/grpc/{policy}.yaml"
pol_name = create_ap_policy_from_yaml(kube_apis.custom_objects,
src_pol_yaml, test_namespace)
print(
"------------------------- Deploy Syslog -----------------------------"
)
src_syslog_yaml = f"{TEST_DATA}/appprotect/syslog.yaml"
create_items_from_yaml(kube_apis, src_syslog_yaml, test_namespace)
syslog_ep = get_service_endpoint(kube_apis, "syslog-svc",
test_namespace)
print(syslog_ep)
print(
"------------------------- Deploy ingress -----------------------------"
)
src_ing_yaml = f"{TEST_DATA}/appprotect/grpc/ingress.yaml"
create_ingress_with_ap_annotations(kube_apis, src_ing_yaml,
test_namespace, policy, "True",
"True", f"{syslog_ep}:514")
ingress_host = get_first_ingress_host_from_yaml(src_ing_yaml)
wait_before_test(40)
except Exception as ex:
print("Failed to complete setup, cleaning up..")
delete_items_from_yaml(kube_apis, src_syslog_yaml, test_namespace)
delete_items_from_yaml(kube_apis, src_ing_yaml, test_namespace)
delete_ap_policy(kube_apis.custom_objects, pol_name, test_namespace)
delete_ap_logconf(kube_apis.custom_objects, log_name, test_namespace)
delete_common_app(kube_apis, "grpc", test_namespace)
delete_items_from_yaml(kube_apis, src_sec_yaml, test_namespace)
replace_configmap_from_yaml(
kube_apis.v1,
ingress_controller_prerequisites.config_map['metadata']['name'],
ingress_controller_prerequisites.namespace,
f"{DEPLOYMENTS}/common/nginx-config.yaml")
pytest.fail(f"AP GRPC setup failed")
def fin():
print("Clean up:")
delete_items_from_yaml(kube_apis, src_syslog_yaml, test_namespace)
delete_items_from_yaml(kube_apis, src_ing_yaml, test_namespace)
delete_ap_policy(kube_apis.custom_objects, pol_name, test_namespace)
delete_ap_logconf(kube_apis.custom_objects, log_name, test_namespace)
delete_common_app(kube_apis, "grpc", test_namespace)
delete_items_from_yaml(kube_apis, src_sec_yaml, test_namespace)
replace_configmap_from_yaml(
kube_apis.v1,
ingress_controller_prerequisites.config_map['metadata']['name'],
ingress_controller_prerequisites.namespace,
f"{DEPLOYMENTS}/common/nginx-config.yaml")
request.addfinalizer(fin)
return BackendSetup(ingress_host, ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port_ssl)
