def test_responses_after_crd_removal_on_the_fly(self, kube_apis, crd_ingress_controller, virtual_server_setup): print("\nStep 12: remove CRD and check") crd_name = get_names_from_yaml( f"{DEPLOYMENTS}/common/custom-resource-definitions.yaml")[0] delete_crd(kube_apis.api_extensions_v1_beta1, crd_name) wait_and_assert_status_code(404, virtual_server_setup.backend_1_url, virtual_server_setup.vs_host) wait_and_assert_status_code(404, virtual_server_setup.backend_2_url, virtual_server_setup.vs_host) print("Step 13: restore CRD and VS and check") create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, crd_name, f"{DEPLOYMENTS}/common/custom-resource-definitions.yaml") wait_before_test(1) create_virtual_server_from_yaml( kube_apis.custom_objects, f"{TEST_DATA}/virtual-server/standard/virtual-server.yaml", virtual_server_setup.namespace) wait_and_assert_status_code(200, virtual_server_setup.backend_1_url, virtual_server_setup.vs_host) wait_and_assert_status_code(200, virtual_server_setup.backend_2_url, virtual_server_setup.vs_host)
def appprotect_setup(request, kube_apis, test_namespace) -> None: """ Deploy simple application and all the AppProtect(dataguard-alarm) resources under test in one namespace. :param request: pytest fixture :param kube_apis: client apis :param ingress_controller_endpoint: public endpoint :param test_namespace: """ print( "------------------------- Deploy logconf -----------------------------" ) src_log_yaml = f"{TEST_DATA}/ap-waf/logconf.yaml" global log_name log_name = create_ap_logconf_from_yaml(kube_apis.custom_objects, src_log_yaml, test_namespace) print( "------------------------- Create UserSig CRD -----------------------------" ) ap_uds_crd_name = get_name_from_yaml(uds_crd) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, ap_uds_crd_name, uds_crd, ) wait_before_test() print( "------------------------- Create UserSig CRD resource-----------------------------" ) usersig_name = create_ap_usersig_from_yaml(kube_apis.custom_objects, uds_crd_resource, test_namespace) print( f"------------------------- Deploy dataguard-alarm appolicy ---------------------------" ) src_pol_yaml = f"{TEST_DATA}/ap-waf/{ap_policy_uds}.yaml" global ap_pol_name ap_pol_name = create_ap_policy_from_yaml(kube_apis.custom_objects, src_pol_yaml, test_namespace) def fin(): print("Clean up:") delete_ap_policy(kube_apis.custom_objects, ap_pol_name, test_namespace) delete_ap_usersig(kube_apis.custom_objects, usersig_name, test_namespace) delete_crd( kube_apis.api_extensions_v1_beta1, ap_uds_crd_name, ) delete_ap_logconf(kube_apis.custom_objects, log_name, test_namespace) request.addfinalizer(fin)
def crd_ingress_controller(cli_arguments, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, request) -> None: """ Create an Ingress Controller with CRD enabled. :param cli_arguments: pytest context :param kube_apis: client apis :param ingress_controller_prerequisites :param ingress_controller_endpoint: :param request: pytest fixture to parametrize this method {type: complete|rbac-without-vs, extra_args: } 'type' type of test pre-configuration 'extra_args' list of IC cli arguments :return: """ namespace = ingress_controller_prerequisites.namespace name = "nginx-ingress" vs_crd_name = get_name_from_yaml(f"{DEPLOYMENTS}/common/vs-definition.yaml") vsr_crd_name = get_name_from_yaml(f"{DEPLOYMENTS}/common/vsr-definition.yaml") try: print("------------------------- Update ClusterRole -----------------------------------") if request.param['type'] == 'rbac-without-vs': patch_rbac(kube_apis.rbac_v1_beta1, f"{TEST_DATA}/virtual-server/rbac-without-vs.yaml") print("------------------------- Register CRDs -----------------------------------") create_crd_from_yaml(kube_apis.api_extensions_v1_beta1, vs_crd_name, f"{DEPLOYMENTS}/common/vs-definition.yaml") create_crd_from_yaml(kube_apis.api_extensions_v1_beta1, vsr_crd_name, f"{DEPLOYMENTS}/common/vsr-definition.yaml") print("------------------------- Create IC -----------------------------------") name = create_ingress_controller(kube_apis.v1, kube_apis.apps_v1_api, cli_arguments, namespace, request.param.get('extra_args', None)) ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) except ApiException as ex: # Finalizer method doesn't start if fixture creation was incomplete, ensure clean up here print(f"Failed to complete CRD IC fixture: {ex}\nClean up the cluster as much as possible.") delete_crd(kube_apis.api_extensions_v1_beta1, vs_crd_name) delete_crd(kube_apis.api_extensions_v1_beta1, vsr_crd_name) print("Restore the ClusterRole:") patch_rbac(kube_apis.rbac_v1_beta1, f"{DEPLOYMENTS}/rbac/rbac.yaml") print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments['deployment-type'], namespace) def fin(): delete_crd(kube_apis.api_extensions_v1_beta1, vs_crd_name) delete_crd(kube_apis.api_extensions_v1_beta1, vsr_crd_name) print("Restore the ClusterRole:") patch_rbac(kube_apis.rbac_v1_beta1, f"{DEPLOYMENTS}/rbac/rbac.yaml") print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments['deployment-type'], namespace) request.addfinalizer(fin)
def crd_ingress_controller(cli_arguments, kube_apis, ingress_controller_prerequisites, request) -> None: """ Create an Ingress Controller with CRD enabled. :param cli_arguments: pytest context :param kube_apis: client apis :param ingress_controller_prerequisites :param request: pytest fixture to parametrize this method {type: complete|rbac-without-vs, extra_args: } 'type' type of test pre-configuration 'extra_args' list of IC cli arguments :return: """ namespace = ingress_controller_prerequisites.namespace print("------------------------- Update ClusterRole -----------------------------------") if request.param['type'] == 'rbac-without-vs': patch_rbac(kube_apis.rbac_v1_beta1, f"{TEST_DATA}/virtual-server/rbac-without-vs.yaml") print("------------------------- Register CRD -----------------------------------") crd_name = create_crd_from_yaml(kube_apis.api_extensions_v1_beta1, f"{DEPLOYMENTS}/custom-resource-definitions/virtualserver.yaml") print("------------------------- Create IC -----------------------------------") name = create_ingress_controller(kube_apis.v1, kube_apis.extensions_v1_beta1, cli_arguments, namespace, request.param.get('extra_args', None)) def fin(): print("Remove the CRD:") delete_crd(kube_apis.api_extensions_v1_beta1, crd_name) print("Remove the IC:") delete_ingress_controller(kube_apis.extensions_v1_beta1, name, cli_arguments['deployment-type'], namespace) print("Restore ClusterRole:") patch_rbac(kube_apis.rbac_v1_beta1, f"{DEPLOYMENTS}/rbac/rbac.yaml") request.addfinalizer(fin)
def test_responses_after_crd_removal_on_the_fly(self, kube_apis, crd_ingress_controller, virtual_server_setup): print("\nStep 12: remove CRD and check") crd_name = get_names_from_yaml(f"{TEST_DATA}/virtual-server/virtualserver.yaml")[0] delete_crd(kube_apis.api_extensions_v1_beta1, crd_name) wait_before_test(1) resp = requests.get(virtual_server_setup.backend_1_url, headers={"host": virtual_server_setup.vs_host}) assert resp.status_code == 404 resp = requests.get(virtual_server_setup.backend_2_url, headers={"host": virtual_server_setup.vs_host}) assert resp.status_code == 404 print("Step 13: restore CRD and VS and check") create_crd_from_yaml(kube_apis.api_extensions_v1_beta1, f"{TEST_DATA}/virtual-server/virtualserver.yaml") create_virtual_server_from_yaml(kube_apis.custom_objects, f"{TEST_DATA}/virtual-server/standard/virtual-server.yaml", virtual_server_setup.namespace) wait_before_test(1) resp = requests.get(virtual_server_setup.backend_1_url, headers={"host": virtual_server_setup.vs_host}) assert resp.status_code == 200 resp = requests.get(virtual_server_setup.backend_2_url, headers={"host": virtual_server_setup.vs_host}) assert resp.status_code == 200
def crd_ingress_controller_with_ap(cli_arguments, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, request) -> None: """ Create an Ingress Controller with AppProtect CRD enabled. :param cli_arguments: pytest context :param kube_apis: client apis :param ingress_controller_prerequisites :param ingress_controller_endpoint: :param request: pytest fixture to parametrize this method {extra_args: } 'extra_args' list of IC arguments :return: """ namespace = ingress_controller_prerequisites.namespace name = "nginx-ingress" try: print( "--------------------Create roles and bindings for AppProtect------------------------" ) rbac = configure_rbac_with_ap(kube_apis.rbac_v1) print( "------------------------- Register AP CRD -----------------------------------" ) ap_pol_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_appolicies.yaml" ) ap_log_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_aplogconfs.yaml" ) ap_uds_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_apusersigs.yaml" ) vs_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_virtualservers.yaml" ) vsr_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_virtualserverroutes.yaml" ) pol_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_policies.yaml") ts_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_transportservers.yaml" ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, ap_pol_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_appolicies.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, ap_log_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_aplogconfs.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, ap_uds_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_apusersigs.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, vs_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_virtualservers.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, vsr_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_virtualserverroutes.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, pol_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_policies.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, ts_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_transportservers.yaml", ) print( "------------------------- Create IC -----------------------------------" ) name = create_ingress_controller( kube_apis.v1, kube_apis.apps_v1_api, cli_arguments, namespace, request.param.get("extra_args", None), ) ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl, ) except Exception as ex: print( f"Failed to complete CRD IC fixture: {ex}\nClean up the cluster as much as possible." ) delete_crd( kube_apis.api_extensions_v1_beta1, ap_pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ap_log_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ap_uds_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, vs_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, vsr_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ts_crd_name, ) print("Remove ap-rbac") cleanup_rbac(kube_apis.rbac_v1, rbac) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) def fin(): print("--------------Cleanup----------------") delete_crd( kube_apis.api_extensions_v1_beta1, ap_pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ap_log_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ap_uds_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, vs_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, vsr_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ts_crd_name, ) print("Remove ap-rbac") cleanup_rbac(kube_apis.rbac_v1, rbac) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) request.addfinalizer(fin)
def test_ap_enable_true_policy_correct_uds(self, kube_apis, crd_ingress_controller_with_ap, appprotect_setup, test_namespace): """ Test request with UDS rule string is rejected while AppProtect with User Defined Signatures is enabled in Ingress """ ap_uds_crd_name = get_name_from_yaml(uds_crd) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, ap_uds_crd_name, uds_crd, ) wait_before_test() usersig_name = create_ap_usersig_from_yaml(kube_apis.custom_objects, uds_crd_resource, test_namespace) # Apply dataguard-alarm AP policy with UDS delete_and_create_ap_policy_from_yaml( kube_apis.custom_objects, ap_policy, f"{TEST_DATA}/appprotect/{ap_policy_uds}.yaml", test_namespace, ) wait_before_test() create_ingress_with_ap_annotations(kube_apis, src_ing_yaml, test_namespace, ap_policy, "True", "True", "127.0.0.1:514") ingress_host = get_first_ingress_host_from_yaml(src_ing_yaml) print( "--------- Run test while AppProtect module is enabled with correct policy and UDS ---------" ) ap_crd_info = read_ap_crd(kube_apis.custom_objects, test_namespace, "appolicies", ap_policy) assert_ap_crd_info(ap_crd_info, ap_policy) wait_before_test(120) ensure_response_from_backend(appprotect_setup.req_url, ingress_host) print("----------------------- Send request ----------------------") response = requests.get(appprotect_setup.req_url, headers={"host": ingress_host}, verify=False, data="kic") print(response.text) # Restore default dataguard-alarm policy delete_and_create_ap_policy_from_yaml( kube_apis.custom_objects, ap_policy, f"{TEST_DATA}/appprotect/{ap_policy}.yaml", test_namespace, ) delete_ap_usersig(kube_apis.custom_objects, usersig_name, test_namespace) delete_crd( kube_apis.api_extensions_v1_beta1, ap_uds_crd_name, ) delete_items_from_yaml(kube_apis, src_ing_yaml, test_namespace) assert_invalid_responses(response)
def crd_ingress_controller_with_ed(cli_arguments, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, request, crds) -> None: """ Create an Ingress Controller with CRD enabled. :param crds: the common ingress controller crds. :param cli_arguments: pytest context :param kube_apis: client apis :param ingress_controller_prerequisites :param ingress_controller_endpoint: :param request: pytest fixture to parametrize this method {type: complete|rbac-without-vs, extra_args: } 'type' type of test pre-configuration 'extra_args' list of IC cli arguments :return: """ namespace = ingress_controller_prerequisites.namespace name = "nginx-ingress" print( "---------------------- Register DNSEndpoint CRD ------------------------------" ) external_dns_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds/externaldns.nginx.org_dnsendpoints.yaml") create_crd_from_yaml( kube_apis.api_extensions_v1, external_dns_crd_name, f"{DEPLOYMENTS}/common/crds/externaldns.nginx.org_dnsendpoints.yaml", ) try: print( "------------------------- Create IC -----------------------------------" ) name = create_ingress_controller( kube_apis.v1, kube_apis.apps_v1_api, cli_arguments, namespace, request.param.get("extra_args", None), ) ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl, ) print( "---------------- Replace ConfigMap with external-status-address --------------------" ) cm_source = f"{TEST_DATA}/virtual-server-external-dns/nginx-config.yaml" replace_configmap_from_yaml( kube_apis.v1, ingress_controller_prerequisites.config_map['metadata']['name'], ingress_controller_prerequisites.namespace, cm_source) except ApiException as ex: # Finalizer method doesn't start if fixture creation was incomplete, ensure clean up here print("Restore the ClusterRole:") patch_rbac(kube_apis.rbac_v1, f"{DEPLOYMENTS}/rbac/rbac.yaml") print("Remove the DNSEndpoint CRD:") delete_crd( kube_apis.api_extensions_v1, external_dns_crd_name, ) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) replace_configmap_from_yaml( kube_apis.v1, ingress_controller_prerequisites.config_map["metadata"]["name"], ingress_controller_prerequisites.namespace, f"{DEPLOYMENTS}/common/nginx-config.yaml", ) pytest.fail("IC setup failed") def fin(): print("Restore the ClusterRole:") patch_rbac(kube_apis.rbac_v1, f"{DEPLOYMENTS}/rbac/rbac.yaml") print("Remove the DNSEndpoint CRD:") delete_crd( kube_apis.api_extensions_v1, external_dns_crd_name, ) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) replace_configmap_from_yaml( kube_apis.v1, ingress_controller_prerequisites.config_map["metadata"]["name"], ingress_controller_prerequisites.namespace, f"{DEPLOYMENTS}/common/nginx-config.yaml", ) request.addfinalizer(fin)
def crd_ingress_controller_with_dos(cli_arguments, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, request, crds) -> None: """ Create an Ingress Controller with DOS CRDs enabled. :param crds: the common IC crds. :param cli_arguments: pytest context :param kube_apis: client apis :param ingress_controller_prerequisites :param ingress_controller_endpoint: :param request: pytest fixture to parametrize this method {extra_args: } 'extra_args' list of IC arguments :return: """ namespace = ingress_controller_prerequisites.namespace name = "nginx-ingress" try: print( "--------------------Create roles and bindings for AppProtect------------------------" ) rbac = configure_rbac_with_dos(kube_apis.rbac_v1) print( "------------------------- Register AP CRD -----------------------------------" ) dos_pol_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_apdospolicy.yaml") dos_log_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_apdoslogconfs.yaml" ) dos_protected_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_dosprotectedresources.yaml" ) create_crd_from_yaml( kube_apis.api_extensions_v1, dos_pol_crd_name, f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_apdospolicy.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1, dos_log_crd_name, f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_apdoslogconfs.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1, dos_protected_crd_name, f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_dosprotectedresources.yaml", ) print( "------------------------- Create syslog svc -----------------------" ) src_syslog_yaml = f"{TEST_DATA}/dos/dos-syslog.yaml" log_loc = f"/var/log/messages" create_items_from_yaml(kube_apis, src_syslog_yaml, namespace) before = time.time() wait_until_all_pods_are_ready(kube_apis.v1, namespace) after = time.time() print(f"All pods came up in {int(after-before)} seconds") print(f"syslog svc was created") print( "------------------------- Create dos arbitrator -----------------------" ) dos_arbitrator_name = create_dos_arbitrator( kube_apis.v1, kube_apis.apps_v1_api, namespace, ) print( "------------------------- Create IC -----------------------------------" ) name = create_ingress_controller( kube_apis.v1, kube_apis.apps_v1_api, cli_arguments, namespace, request.param.get("extra_args", None), ) ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl, ) except Exception as ex: print( f"Failed to complete CRD IC fixture: {ex}\nClean up the cluster as much as possible." ) delete_crd( kube_apis.api_extensions_v1, dos_pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1, dos_log_crd_name, ) delete_crd( kube_apis.api_extensions_v1, dos_protected_crd_name, ) print("Remove ap-rbac") cleanup_rbac(kube_apis.rbac_v1, rbac) print("Remove dos arbitrator:") delete_dos_arbitrator(kube_apis.v1, kube_apis.apps_v1_api, dos_arbitrator_name, namespace) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) pytest.fail("IC setup failed") def fin(): print("--------------Cleanup----------------") delete_crd( kube_apis.api_extensions_v1, dos_pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1, dos_log_crd_name, ) delete_crd( kube_apis.api_extensions_v1, dos_protected_crd_name, ) print("Remove ap-rbac") cleanup_rbac(kube_apis.rbac_v1, rbac) print("Remove dos arbitrator:") delete_dos_arbitrator(kube_apis.v1, kube_apis.apps_v1_api, dos_arbitrator_name, namespace) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) print("Remove the syslog svc:") delete_items_from_yaml(kube_apis, src_syslog_yaml, namespace) request.addfinalizer(fin)
def crds(kube_apis, request) -> None: """ Create an Ingress Controller with CRD enabled. :param kube_apis: client apis :param request: pytest fixture to parametrize this method {type: complete|rbac-without-vs, extra_args: } 'type' type of test pre-configuration 'extra_args' list of IC cli arguments :return: """ vs_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds/k8s.nginx.org_virtualservers.yaml") vsr_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds/k8s.nginx.org_virtualserverroutes.yaml") pol_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds/k8s.nginx.org_policies.yaml") ts_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds/k8s.nginx.org_transportservers.yaml") gc_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds/k8s.nginx.org_globalconfigurations.yaml") try: print( "------------------------- Register CRDs -----------------------------------" ) create_crd_from_yaml( kube_apis.api_extensions_v1, vs_crd_name, f"{DEPLOYMENTS}/common/crds/k8s.nginx.org_virtualservers.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1, vsr_crd_name, f"{DEPLOYMENTS}/common/crds/k8s.nginx.org_virtualserverroutes.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1, pol_crd_name, f"{DEPLOYMENTS}/common/crds/k8s.nginx.org_policies.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1, ts_crd_name, f"{DEPLOYMENTS}/common/crds/k8s.nginx.org_transportservers.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1, gc_crd_name, f"{DEPLOYMENTS}/common/crds/k8s.nginx.org_globalconfigurations.yaml", ) except ApiException as ex: # Finalizer method doesn't start if fixture creation was incomplete, ensure clean up here print( f"Failed to complete CRD IC fixture: {ex}\nClean up the cluster as much as possible." ) delete_crd(kube_apis.api_extensions_v1, vs_crd_name) delete_crd(kube_apis.api_extensions_v1, vsr_crd_name) delete_crd(kube_apis.api_extensions_v1, pol_crd_name) delete_crd(kube_apis.api_extensions_v1, ts_crd_name) delete_crd(kube_apis.api_extensions_v1, gc_crd_name) pytest.fail("IC setup failed") def fin(): delete_crd(kube_apis.api_extensions_v1, vs_crd_name) delete_crd(kube_apis.api_extensions_v1, vsr_crd_name) delete_crd(kube_apis.api_extensions_v1, pol_crd_name) delete_crd(kube_apis.api_extensions_v1, ts_crd_name) delete_crd(kube_apis.api_extensions_v1, gc_crd_name) request.addfinalizer(fin)