def jwt_auth_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> JWTAuthMergeableSetup: tokens = {"master": get_token_from_file("master"), "minion": get_token_from_file("minion")} master_secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/jwt-auth-mergeable/jwt-master-secret.yaml") minion_secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/jwt-auth-mergeable/jwt-minion-secret.yaml") print("------------------------- Deploy JWT Auth Mergeable Minions Example -----------------------------------") create_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml", test_namespace) ingress_host = get_ingress_host_from_yaml(f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml") common_app = create_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, test_namespace) wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) wait_before_test(2) def fin(): print("Delete Master Secret:") if is_secret_present(kube_apis.v1, master_secret_name, test_namespace): delete_secret(kube_apis.v1, master_secret_name, test_namespace) print("Delete Minion Secret:") if is_secret_present(kube_apis.v1, minion_secret_name, test_namespace): delete_secret(kube_apis.v1, minion_secret_name, test_namespace) print("Clean up the JWT Auth Mergeable Minions Application:") delete_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, common_app, test_namespace) delete_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml", test_namespace) request.addfinalizer(fin) return JWTAuthMergeableSetup(ingress_controller_endpoint, ingress_host, master_secret_name, minion_secret_name, tokens)
def hsts_setup(request, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, ingress_controller, test_namespace) -> HSTSSetup: print( "------------------------- Deploy HSTS-Example -----------------------------------" ) create_items_from_yaml( kube_apis, f"{TEST_DATA}/hsts/{request.param}/hsts-ingress.yaml", test_namespace) ingress_name = get_name_from_yaml( f"{TEST_DATA}/hsts/{request.param}/hsts-ingress.yaml") ingress_host = get_first_ingress_host_from_yaml( f"{TEST_DATA}/hsts/{request.param}/hsts-ingress.yaml") create_example_app(kube_apis, "simple", test_namespace) wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) req_https_url = f"https://{ingress_controller_endpoint.public_ip}:" \ f"{ingress_controller_endpoint.port_ssl}/backend1" ensure_response_from_backend(req_https_url, ingress_host) def fin(): print("Clean up HSTS Example:") delete_common_app(kube_apis, "simple", test_namespace) delete_items_from_yaml( kube_apis, f"{TEST_DATA}/hsts/{request.param}/hsts-ingress.yaml", test_namespace) request.addfinalizer(fin) return HSTSSetup(ingress_controller_endpoint, f"{TEST_DATA}/hsts/{request.param}/hsts-ingress.yaml", ingress_name, ingress_host, test_namespace)
def wildcard_tls_secret_ingress_controller(cli_arguments, kube_apis, ingress_controller_prerequisites, wildcard_tls_secret_setup, request) -> IngressControllerWithSecret: """ Create a Wildcard Ingress Controller according to the installation type :param cli_arguments: pytest context :param kube_apis: client apis :param ingress_controller_prerequisites :param wildcard_tls_secret_setup: test-class prerequisites :param request: pytest fixture :return: IngressController object """ namespace = ingress_controller_prerequisites.namespace print("------------------------- Create IC and wildcard secret -----------------------------------") secret_name = create_secret_from_yaml(kube_apis.v1, namespace, f"{TEST_DATA}/wildcard-tls-secret/wildcard-tls-secret.yaml") extra_args = [f"-wildcard-tls-secret={namespace}/{secret_name}"] name = create_ingress_controller(kube_apis.v1, kube_apis.extensions_v1_beta1, cli_arguments, namespace, extra_args) ensure_connection_to_public_endpoint(wildcard_tls_secret_setup.public_endpoint.public_ip, wildcard_tls_secret_setup.public_endpoint.port, wildcard_tls_secret_setup.public_endpoint.port_ssl) def fin(): print("Remove IC and wildcard secret:") delete_ingress_controller(kube_apis.extensions_v1_beta1, name, cli_arguments['deployment-type'], namespace) if is_secret_present(kube_apis.v1, secret_name, namespace): delete_secret(kube_apis.v1, secret_name, namespace) request.addfinalizer(fin) return IngressControllerWithSecret(secret_name)
def tls_setup(request, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, ingress_controller, test_namespace) -> TLSSetup: print( "------------------------- Deploy TLS setup -----------------------------------" ) test_data_path = f"{TEST_DATA}/tls" ingress_path = f"{test_data_path}/{request.param}/ingress.yaml" create_ingress_from_yaml(kube_apis.networking_v1, test_namespace, ingress_path) wait_before_test(1) ingress_host = get_first_ingress_host_from_yaml(ingress_path) secret_name = get_name_from_yaml(f"{test_data_path}/tls-secret.yaml") ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) def fin(): print("Clean up TLS setup") delete_items_from_yaml(kube_apis, ingress_path, test_namespace) if is_secret_present(kube_apis.v1, secret_name, test_namespace): delete_secret(kube_apis.v1, secret_name, test_namespace) request.addfinalizer(fin) return TLSSetup(ingress_host, secret_name, f"{test_data_path}/tls-secret.yaml", f"{test_data_path}/new-tls-secret.yaml", f"{test_data_path}/invalid-tls-secret.yaml")
def external_name_setup(request, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, ingress_controller, test_namespace) -> ExternalNameSetup: print("------------------------- Deploy External-Name-Example -----------------------------------") ingress_name = create_ingress_from_yaml(kube_apis.extensions_v1_beta1, test_namespace, f"{TEST_DATA}/externalname-services/externalname-ingress.yaml") ingress_host = get_ingress_host_from_yaml(f"{TEST_DATA}/externalname-services/externalname-ingress.yaml") external_host = get_external_host_from_yaml(f"{TEST_DATA}/externalname-services/externalname-svc.yaml") config_map_name = ingress_controller_prerequisites.config_map["metadata"]["name"] replace_configmap_from_yaml(kube_apis.v1, config_map_name, ingress_controller_prerequisites.namespace, f"{TEST_DATA}/externalname-services/nginx-config.yaml") svc_name = create_service_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/externalname-services/externalname-svc.yaml") ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace) def fin(): print("Clean up External-Name-Example:") replace_configmap(kube_apis.v1, config_map_name, ingress_controller_prerequisites.namespace, ingress_controller_prerequisites.config_map) delete_ingress(kube_apis.extensions_v1_beta1, ingress_name, test_namespace) delete_service(kube_apis.v1, svc_name, test_namespace) request.addfinalizer(fin) return ExternalNameSetup(ingress_controller_endpoint, ingress_name, ingress_host, ic_pod_name, svc_name, external_host, test_namespace)
def test_response_codes_117_plus( self, ingress_controller, backend_setup, expected_responses, ingress_controller_prerequisites, ingress_controller_endpoint, ): """ Checks for ingressClass behaviour """ ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl, ) for item in ingresses_under_test: ensure_response_from_backend(backend_setup.req_url, backend_setup.ingress_hosts[item]) resp = requests.get( backend_setup.req_url, headers={"host": backend_setup.ingress_hosts[item]}) assert ( resp.status_code == expected_responses[item] ), f"Expected: {expected_responses[item]} response code for {backend_setup.ingress_hosts[item]}"
def backend_setup(request, kube_apis, ingress_controller_endpoint, test_namespace) -> BackendSetup: """ Deploy simple application and all the Ingress resources under test in one namespace. :param request: pytest fixture :param kube_apis: client apis :param ingress_controller_endpoint: public endpoint :param test_namespace: :return: BackendSetup """ print("------------------------- Deploy the backend -----------------------------------") create_example_app(kube_apis, "simple", test_namespace) req_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port}/backend1" wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) print("------------------------- Deploy ingresses under test -----------------------------------") ingress_hosts = {} for item in ingresses_under_test: src_ing_yaml = f"{TEST_DATA}/ingress-class/{item}-ingress.yaml" create_items_from_yaml(kube_apis, src_ing_yaml, test_namespace) ingress_hosts[item] = get_first_ingress_host_from_yaml(src_ing_yaml) wait_before_test(2) def fin(): print("Clean up:") delete_common_app(kube_apis, "simple", test_namespace) for item in ingresses_under_test: src_ing_yaml = f"{TEST_DATA}/ingress-class/{item}-ingress.yaml" delete_items_from_yaml(kube_apis, src_ing_yaml, test_namespace) request.addfinalizer(fin) return BackendSetup(req_url, ingress_hosts)
def jwt_auth_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> JWTAuthMergeableSetup: tokens = {"master": get_token_from_file("master"), "minion": get_token_from_file("minion")} master_secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/jwt-auth-mergeable/jwt-master-secret.yaml") minion_secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/jwt-auth-mergeable/jwt-minion-secret.yaml") print("------------------------- Deploy JWT Auth Mergeable Minions Example -----------------------------------") create_items_from_yaml(kube_apis, f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml", test_namespace) ingress_host = get_first_ingress_host_from_yaml(f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml") create_example_app(kube_apis, "simple", test_namespace) wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) wait_before_test(2) def fin(): print("Delete Master Secret:") if is_secret_present(kube_apis.v1, master_secret_name, test_namespace): delete_secret(kube_apis.v1, master_secret_name, test_namespace) print("Delete Minion Secret:") if is_secret_present(kube_apis.v1, minion_secret_name, test_namespace): delete_secret(kube_apis.v1, minion_secret_name, test_namespace) print("Clean up the JWT Auth Mergeable Minions Application:") delete_common_app(kube_apis, "simple", test_namespace) delete_items_from_yaml(kube_apis, f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml", test_namespace) request.addfinalizer(fin) return JWTAuthMergeableSetup(ingress_controller_endpoint, ingress_host, master_secret_name, minion_secret_name, tokens)
def auth_basic_secrets_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> AuthBasicSecretsSetup: with open(f"{TEST_DATA}/auth-basic-secrets/credentials/credentials.txt", "r") as credentials_file: credentials = credentials_file.read().replace('\n', '') print( "------------------------- Deploy Auth Basic Secrets Example -----------------------------------" ) create_items_from_yaml( kube_apis, f"{TEST_DATA}/auth-basic-secrets/{request.param}/auth-basic-secrets-ingress.yaml", test_namespace) ingress_host = get_first_ingress_host_from_yaml( f"{TEST_DATA}/auth-basic-secrets/{request.param}/auth-basic-secrets-ingress.yaml" ) create_example_app(kube_apis, "simple", test_namespace) wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) def fin(): print("Clean up the Auth Basic Secrets Application:") delete_common_app(kube_apis, "simple", test_namespace) delete_items_from_yaml( kube_apis, f"{TEST_DATA}/auth-basic-secrets/{request.param}/auth-basic-secrets-ingress.yaml", test_namespace) request.addfinalizer(fin) return AuthBasicSecretsSetup(ingress_controller_endpoint, ingress_host, credentials)
def smoke_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> SmokeSetup: print( "------------------------- Deploy Smoke Example -----------------------------------" ) secret_name = create_secret_from_yaml( kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml") create_items_from_yaml( kube_apis, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml", test_namespace) ingress_host = get_first_ingress_host_from_yaml( f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml") common_app = create_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, test_namespace) wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) def fin(): print("Clean up the Smoke Application:") delete_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, common_app, test_namespace) delete_items_from_yaml( kube_apis, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml", test_namespace) delete_secret(kube_apis.v1, secret_name, test_namespace) request.addfinalizer(fin) return SmokeSetup(ingress_controller_endpoint, ingress_host)
def smoke_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> SmokeSetup: print( "------------------------- Deploy Smoke Example -----------------------------------" ) secret_name = create_secret_from_yaml( kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml") create_items_from_yaml( kube_apis, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml", test_namespace) ingress_host = get_first_ingress_host_from_yaml( f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml") create_example_app(kube_apis, "simple", test_namespace) wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl, ) def fin(): print("Clean up the Smoke Application:") delete_common_app(kube_apis, "simple", test_namespace) delete_items_from_yaml( kube_apis, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml", test_namespace) delete_secret(kube_apis.v1, secret_name, test_namespace) write_to_json(f"reload-{get_test_file_name(request.node.fspath)}.json", reload_times) request.addfinalizer(fin) return SmokeSetup(ingress_controller_endpoint, ingress_host)
def ingress_setup(request, kube_apis, ingress_controller_endpoint, test_namespace) -> IngressSetup: print( "------------------------- Deploy Ingress Example -----------------------------------" ) secret_name = create_secret_from_yaml( kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml") create_items_from_yaml(kube_apis, f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml", test_namespace) ingress_host = get_first_ingress_host_from_yaml( f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml") create_example_app(kube_apis, "simple", test_namespace) wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl, ) req_url = f"https://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port_ssl}/backend1" def fin(): print("Clean up simple app") delete_common_app(kube_apis, "simple", test_namespace) delete_items_from_yaml( kube_apis, f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml", test_namespace) delete_secret(kube_apis.v1, secret_name, test_namespace) request.addfinalizer(fin) return IngressSetup(req_url, ingress_host)
def vs_externalname_setup(request, kube_apis, ingress_controller_prerequisites, virtual_server_setup) -> ExternalNameSetup: print("------------------------- Deploy External-Backend -----------------------------------") external_ns = create_namespace_with_name_from_yaml(kube_apis.v1, "external-ns", f"{TEST_DATA}/common/ns.yaml") external_svc_name = create_service_with_name(kube_apis.v1, external_ns, "external-backend-svc") create_deployment_with_name(kube_apis.apps_v1_api, external_ns, "external-backend") print("------------------------- Prepare ExternalName Setup -----------------------------------") external_svc_src = f"{TEST_DATA}/virtual-server-externalname/externalname-svc.yaml" external_svc_host = f"{external_svc_name}.{external_ns}.svc.cluster.local" config_map_name = ingress_controller_prerequisites.config_map["metadata"]["name"] replace_configmap_from_yaml(kube_apis.v1, config_map_name, ingress_controller_prerequisites.namespace, f"{TEST_DATA}/virtual-server-externalname/nginx-config.yaml") external_svc = create_service_from_yaml(kube_apis.v1, virtual_server_setup.namespace, external_svc_src) wait_before_test(2) ensure_connection_to_public_endpoint(virtual_server_setup.public_endpoint.public_ip, virtual_server_setup.public_endpoint.port, virtual_server_setup.public_endpoint.port_ssl) ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace) ensure_response_from_backend(virtual_server_setup.backend_1_url, virtual_server_setup.vs_host) def fin(): print("Clean up ExternalName Setup:") delete_namespace(kube_apis.v1, external_ns) replace_configmap(kube_apis.v1, config_map_name, ingress_controller_prerequisites.namespace, ingress_controller_prerequisites.config_map) request.addfinalizer(fin) return ExternalNameSetup(ic_pod_name, external_svc, external_svc_host)
def jwt_secrets_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> JWTSecretsSetup: with open(f"{TEST_DATA}/jwt-secrets/tokens/jwt-secrets-token.jwt", "r") as token_file: token = token_file.read().replace('\n', '') print( "------------------------- Deploy JWT Secrets Example -----------------------------------" ) create_items_from_yaml( kube_apis, f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml", test_namespace) ingress_host = get_first_ingress_host_from_yaml( f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml") create_example_app(kube_apis, "simple", test_namespace) wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) def fin(): print("Clean up the JWT Secrets Application:") delete_common_app(kube_apis, "simple", test_namespace) delete_items_from_yaml( kube_apis, f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml", test_namespace) request.addfinalizer(fin) return JWTSecretsSetup(ingress_controller_endpoint, ingress_host, token)
def wildcard_tls_secret_ingress_controller(cli_arguments, kube_apis, ingress_controller_prerequisites, wildcard_tls_secret_setup, request) -> IngressControllerWithSecret: """ Create a Wildcard Ingress Controller according to the installation type :param cli_arguments: pytest context :param kube_apis: client apis :param ingress_controller_prerequisites :param wildcard_tls_secret_setup: test-class prerequisites :param request: pytest fixture :return: IngressController object """ namespace = ingress_controller_prerequisites.namespace print("------------------------- Create IC and wildcard secret -----------------------------------") secret_name = create_secret_from_yaml(kube_apis.v1, namespace, f"{TEST_DATA}/wildcard-tls-secret/wildcard-tls-secret.yaml") extra_args = [f"-wildcard-tls-secret={namespace}/{secret_name}"] name = create_ingress_controller(kube_apis.v1, kube_apis.extensions_v1_beta1, cli_arguments, namespace, extra_args) ensure_connection_to_public_endpoint(wildcard_tls_secret_setup.public_endpoint.public_ip, wildcard_tls_secret_setup.public_endpoint.port, wildcard_tls_secret_setup.public_endpoint.port_ssl) def fin(): print("Remove IC and wildcard secret:") delete_ingress_controller(kube_apis.extensions_v1_beta1, name, cli_arguments['deployment-type'], namespace) if is_secret_present(kube_apis.v1, secret_name, namespace): delete_secret(kube_apis.v1, secret_name, namespace) request.addfinalizer(fin) return IngressControllerWithSecret(secret_name)
def vs_externalname_setup(request, kube_apis, ingress_controller_prerequisites, virtual_server_setup) -> ExternalNameSetup: print( "------------------------- Prepare ExternalName Setup -----------------------------------" ) external_svc_src = f"{TEST_DATA}/virtual-server-externalname/externalname-svc.yaml" external_svc_host = get_external_host_from_service_yaml(external_svc_src) config_map_name = ingress_controller_prerequisites.config_map["metadata"][ "name"] replace_configmap_from_yaml( kube_apis.v1, config_map_name, ingress_controller_prerequisites.namespace, f"{TEST_DATA}/virtual-server-externalname/nginx-config.yaml") external_svc = create_service_from_yaml(kube_apis.v1, virtual_server_setup.namespace, external_svc_src) wait_before_test(1) ensure_connection_to_public_endpoint( virtual_server_setup.public_endpoint.public_ip, virtual_server_setup.public_endpoint.port, virtual_server_setup.public_endpoint.port_ssl) ic_pod_name = get_first_pod_name( kube_apis.v1, ingress_controller_prerequisites.namespace) def fin(): print("Clean up ExternalName Setup:") replace_configmap(kube_apis.v1, config_map_name, ingress_controller_prerequisites.namespace, ingress_controller_prerequisites.config_map) request.addfinalizer(fin) return ExternalNameSetup(ic_pod_name, external_svc, external_svc_host)
def crd_ingress_controller(cli_arguments, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, request, crds) -> None: """ Create an Ingress Controller with CRD enabled. :param crds: the common ingress controller crds. :param cli_arguments: pytest context :param kube_apis: client apis :param ingress_controller_prerequisites :param ingress_controller_endpoint: :param request: pytest fixture to parametrize this method {type: complete|rbac-without-vs, extra_args: } 'type' type of test pre-configuration 'extra_args' list of IC cli arguments :return: """ namespace = ingress_controller_prerequisites.namespace name = "nginx-ingress" try: print( "------------------------- Update ClusterRole -----------------------------------" ) if request.param["type"] == "rbac-without-vs": patch_rbac(kube_apis.rbac_v1, f"{TEST_DATA}/virtual-server/rbac-without-vs.yaml") print( "------------------------- Create IC -----------------------------------" ) name = create_ingress_controller( kube_apis.v1, kube_apis.apps_v1_api, cli_arguments, namespace, request.param.get("extra_args", None), ) ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl, ) except ApiException as ex: # Finalizer method doesn't start if fixture creation was incomplete, ensure clean up here print("Restore the ClusterRole:") patch_rbac(kube_apis.rbac_v1, f"{DEPLOYMENTS}/rbac/rbac.yaml") print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) pytest.fail("IC setup failed") def fin(): print("Restore the ClusterRole:") patch_rbac(kube_apis.rbac_v1, f"{DEPLOYMENTS}/rbac/rbac.yaml") print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) request.addfinalizer(fin)
def ap_ingress_setup( request, kube_apis, ingress_controller_endpoint, test_namespace ) -> IngressSetup: """ Deploy a simple application and AppProtect manifests. :param request: pytest fixture :param kube_apis: client apis :param ingress_controller_endpoint: public endpoint :param test_namespace: :return: BackendSetup """ print("------------------------- Deploy backend application -------------------------") create_example_app(kube_apis, "simple", test_namespace) req_url = f"https://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port_ssl}/backend1" metrics_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.metrics_port}/metrics" wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl, ) print("------------------------- Deploy Secret -----------------------------") src_sec_yaml = f"{TEST_DATA}/appprotect/appprotect-secret.yaml" create_items_from_yaml(kube_apis, src_sec_yaml, test_namespace) print("------------------------- Deploy logconf -----------------------------") src_log_yaml = f"{TEST_DATA}/appprotect/logconf.yaml" log_name = create_ap_logconf_from_yaml(kube_apis.custom_objects, src_log_yaml, test_namespace) print(f"------------------------- Deploy appolicy: ---------------------------") src_pol_yaml = f"{TEST_DATA}/appprotect/dataguard-alarm.yaml" pol_name = create_ap_policy_from_yaml(kube_apis.custom_objects, src_pol_yaml, test_namespace) print("------------------------- Deploy ingress -----------------------------") ingress_host = {} src_ing_yaml = f"{TEST_DATA}/appprotect/appprotect-ingress.yaml" create_ingress_with_ap_annotations( kube_apis, src_ing_yaml, test_namespace, "dataguard-alarm", "True", "True", "127.0.0.1:514" ) ingress_host = get_first_ingress_host_from_yaml(src_ing_yaml) wait_before_test() def fin(): print("Clean up:") src_ing_yaml = f"{TEST_DATA}/appprotect/appprotect-ingress.yaml" delete_items_from_yaml(kube_apis, src_ing_yaml, test_namespace) delete_ap_policy(kube_apis.custom_objects, pol_name, test_namespace) delete_ap_logconf(kube_apis.custom_objects, log_name, test_namespace) delete_common_app(kube_apis, "simple", test_namespace) src_sec_yaml = f"{TEST_DATA}/appprotect/appprotect-secret.yaml" delete_items_from_yaml(kube_apis, src_sec_yaml, test_namespace) request.addfinalizer(fin) return IngressSetup(req_url, metrics_url, ingress_host)
def appprotect_setup(request, kube_apis, ingress_controller_endpoint, test_namespace) -> AppProtectSetup: """ Deploy simple application and all the AppProtect(dataguard-alarm) resources under test in one namespace. :param request: pytest fixture :param kube_apis: client apis :param ingress_controller_endpoint: public endpoint :param test_namespace: :return: BackendSetup """ print( "------------------------- Deploy simple backend application -------------------------" ) create_example_app(kube_apis, "simple", test_namespace) req_url = f"https://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port_ssl}/backend1" metrics_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.metrics_port}/metrics" wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl, ) print( "------------------------- Deploy Secret -----------------------------" ) src_sec_yaml = f"{TEST_DATA}/appprotect/appprotect-secret.yaml" create_items_from_yaml(kube_apis, src_sec_yaml, test_namespace) print( "------------------------- Deploy logconf -----------------------------" ) src_log_yaml = f"{TEST_DATA}/appprotect/logconf.yaml" log_name = create_ap_logconf_from_yaml(kube_apis.custom_objects, src_log_yaml, test_namespace) print( f"------------------------- Deploy dataguard-alarm appolicy ---------------------------" ) src_pol_yaml = f"{TEST_DATA}/appprotect/{ap_policy}.yaml" pol_name = create_ap_policy_from_yaml(kube_apis.custom_objects, src_pol_yaml, test_namespace) def fin(): print("Clean up:") delete_ap_policy(kube_apis.custom_objects, pol_name, test_namespace) delete_ap_logconf(kube_apis.custom_objects, log_name, test_namespace) delete_common_app(kube_apis, "simple", test_namespace) src_sec_yaml = f"{TEST_DATA}/appprotect/appprotect-secret.yaml" delete_items_from_yaml(kube_apis, src_sec_yaml, test_namespace) write_to_json(f"reload-{get_test_file_name(request.node.fspath)}.json", reload_times) request.addfinalizer(fin) return AppProtectSetup(req_url, metrics_url)
def crd_ingress_controller(cli_arguments, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, request) -> None: """ Create an Ingress Controller with CRD enabled. :param cli_arguments: pytest context :param kube_apis: client apis :param ingress_controller_prerequisites :param ingress_controller_endpoint: :param request: pytest fixture to parametrize this method {type: complete|rbac-without-vs, extra_args: } 'type' type of test pre-configuration 'extra_args' list of IC cli arguments :return: """ namespace = ingress_controller_prerequisites.namespace name = "nginx-ingress" vs_crd_name = get_name_from_yaml(f"{DEPLOYMENTS}/common/vs-definition.yaml") vsr_crd_name = get_name_from_yaml(f"{DEPLOYMENTS}/common/vsr-definition.yaml") try: print("------------------------- Update ClusterRole -----------------------------------") if request.param['type'] == 'rbac-without-vs': patch_rbac(kube_apis.rbac_v1_beta1, f"{TEST_DATA}/virtual-server/rbac-without-vs.yaml") print("------------------------- Register CRDs -----------------------------------") create_crd_from_yaml(kube_apis.api_extensions_v1_beta1, vs_crd_name, f"{DEPLOYMENTS}/common/vs-definition.yaml") create_crd_from_yaml(kube_apis.api_extensions_v1_beta1, vsr_crd_name, f"{DEPLOYMENTS}/common/vsr-definition.yaml") print("------------------------- Create IC -----------------------------------") name = create_ingress_controller(kube_apis.v1, kube_apis.apps_v1_api, cli_arguments, namespace, request.param.get('extra_args', None)) ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) except ApiException as ex: # Finalizer method doesn't start if fixture creation was incomplete, ensure clean up here print(f"Failed to complete CRD IC fixture: {ex}\nClean up the cluster as much as possible.") delete_crd(kube_apis.api_extensions_v1_beta1, vs_crd_name) delete_crd(kube_apis.api_extensions_v1_beta1, vsr_crd_name) print("Restore the ClusterRole:") patch_rbac(kube_apis.rbac_v1_beta1, f"{DEPLOYMENTS}/rbac/rbac.yaml") print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments['deployment-type'], namespace) def fin(): delete_crd(kube_apis.api_extensions_v1_beta1, vs_crd_name) delete_crd(kube_apis.api_extensions_v1_beta1, vsr_crd_name) print("Restore the ClusterRole:") patch_rbac(kube_apis.rbac_v1_beta1, f"{DEPLOYMENTS}/rbac/rbac.yaml") print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments['deployment-type'], namespace) request.addfinalizer(fin)
def crd_ingress_controller(cli_arguments, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, request) -> None: """ Create an Ingress Controller with CRD enabled. :param cli_arguments: pytest context :param kube_apis: client apis :param ingress_controller_prerequisites :param ingress_controller_endpoint: :param request: pytest fixture to parametrize this method {type: complete|rbac-without-vs, extra_args: } 'type' type of test pre-configuration 'extra_args' list of IC cli arguments :return: """ namespace = ingress_controller_prerequisites.namespace print( "------------------------- Update ClusterRole -----------------------------------" ) if request.param['type'] == 'rbac-without-vs': patch_rbac(kube_apis.rbac_v1_beta1, f"{TEST_DATA}/virtual-server/rbac-without-vs.yaml") print( "------------------------- Register CRD -----------------------------------" ) crd_names = create_crds_from_yaml( kube_apis.api_extensions_v1_beta1, f"{DEPLOYMENTS}/common/custom-resource-definitions.yaml") print( "------------------------- Create IC -----------------------------------" ) name = create_ingress_controller(kube_apis.v1, kube_apis.extensions_v1_beta1, cli_arguments, namespace, request.param.get('extra_args', None)) ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) def fin(): for crd_name in crd_names: print("Remove the CRD:") delete_crd(kube_apis.api_extensions_v1_beta1, crd_name) print("Remove the IC:") delete_ingress_controller(kube_apis.extensions_v1_beta1, name, cli_arguments['deployment-type'], namespace) print("Restore the ClusterRole:") patch_rbac(kube_apis.rbac_v1_beta1, f"{DEPLOYMENTS}/rbac/rbac.yaml") request.addfinalizer(fin)
def annotations_setup(request, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, ingress_controller, test_namespace) -> AnnotationsSetup: print( "------------------------- Deploy Annotations-Example -----------------------------------" ) create_items_from_yaml( kube_apis, f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml", test_namespace) ingress_name = get_names_from_yaml( f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml")[0] ingress_host = get_first_ingress_host_from_yaml( f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml") common_app = create_example_app(kube_apis, "simple", test_namespace) wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) ic_pod_name = get_first_pod_name( kube_apis.v1, ingress_controller_prerequisites.namespace) if request.param == 'mergeable': event_text = f"Configuration for {test_namespace}/{ingress_name}(Master) was added or updated" error_text = f"{event_text} but was not applied: Error reloading NGINX" else: event_text = f"Configuration for {test_namespace}/{ingress_name} was added or updated" error_text = f"{event_text}, but not applied: Error reloading NGINX" def fin(): print("Clean up Annotations Example:") replace_configmap_from_yaml( kube_apis.v1, ingress_controller_prerequisites.config_map['metadata']['name'], ingress_controller_prerequisites.namespace, f"{DEPLOYMENTS}/common/nginx-config.yaml") delete_common_app(kube_apis.v1, kube_apis.apps_v1_api, common_app, test_namespace) delete_items_from_yaml( kube_apis, f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml", test_namespace) request.addfinalizer(fin) return AnnotationsSetup( ingress_controller_endpoint, f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml", ingress_name, ingress_host, ic_pod_name, test_namespace, event_text, error_text)
def annotations_setup(request, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, ingress_controller, test_namespace) -> AnnotationsSetup: print("------------------------- Deploy Annotations-Example -----------------------------------") create_items_from_yaml(kube_apis, f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml", test_namespace) ingress_name = get_name_from_yaml(f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml") ingress_host = get_first_ingress_host_from_yaml(f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml") if request.param == 'mergeable': minions_info = get_minions_info_from_yaml(f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml") else: minions_info = None create_example_app(kube_apis, "simple", test_namespace) wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace) upstream_names = [] if request.param == 'mergeable': event_text = f"Configuration for {test_namespace}/{ingress_name} was added or updated" error_text = f"{test_namespace}/{ingress_name} was rejected: with error" for minion in minions_info: upstream_names.append(f"{test_namespace}-{minion['name']}-{ingress_host}-{minion['svc_name']}-80") else: event_text = f"Configuration for {test_namespace}/{ingress_name} was added or updated" error_text = f"{test_namespace}/{ingress_name} was rejected: with error" upstream_names.append(f"{test_namespace}-{ingress_name}-{ingress_host}-backend1-svc-80") upstream_names.append(f"{test_namespace}-{ingress_name}-{ingress_host}-backend2-svc-80") def fin(): print("Clean up Annotations Example:") replace_configmap_from_yaml(kube_apis.v1, ingress_controller_prerequisites.config_map['metadata']['name'], ingress_controller_prerequisites.namespace, f"{DEPLOYMENTS}/common/nginx-config.yaml") delete_common_app(kube_apis, "simple", test_namespace) delete_items_from_yaml(kube_apis, f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml", test_namespace) request.addfinalizer(fin) return AnnotationsSetup(ingress_controller_endpoint, f"{TEST_DATA}/annotations/{request.param}/annotations-ingress.yaml", ingress_name, ingress_host, ic_pod_name, test_namespace, event_text, error_text, upstream_names)
def simple_ingress_setup( request, kube_apis, ingress_controller_endpoint, test_namespace, ingress_controller, ) -> IngressSetup: """ Deploy simple application and all the Ingress resources under test in one namespace. :param request: pytest fixture :param kube_apis: client apis :param ingress_controller_endpoint: public endpoint :param test_namespace: :return: BackendSetup """ req_url = f"https://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port_ssl}/backend1" metrics_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.metrics_port}/metrics" secret_name = create_secret_from_yaml( kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml" ) create_example_app(kube_apis, "simple", test_namespace) create_items_from_yaml( kube_apis, f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml", test_namespace ) ingress_host = get_first_ingress_host_from_yaml( f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml" ) wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl, ) def fin(): print("Clean up the Application:") delete_common_app(kube_apis, "simple", test_namespace) delete_secret(kube_apis.v1, secret_name, test_namespace) delete_items_from_yaml( kube_apis, f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml", test_namespace ) request.addfinalizer(fin) return IngressSetup(req_url, metrics_url, ingress_host)
def jwt_secrets_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> JWTSecretsSetup: with open(f"{TEST_DATA}/jwt-secrets/tokens/jwt-secrets-token.jwt", "r") as token_file: token = token_file.read().replace('\n', '') print("------------------------- Deploy JWT Secrets Example -----------------------------------") create_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml", test_namespace) ingress_host = get_ingress_host_from_yaml(f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml") common_app = create_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, test_namespace) wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) def fin(): print("Clean up the JWT Secrets Application:") delete_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, common_app, test_namespace) delete_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/jwt-secrets/{request.param}/jwt-secrets-ingress.yaml", test_namespace) request.addfinalizer(fin) return JWTSecretsSetup(ingress_controller_endpoint, ingress_host, token)
def smoke_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> SmokeSetup: print("------------------------- Deploy Smoke Example -----------------------------------") secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml") create_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml", test_namespace) ingress_host = get_ingress_host_from_yaml(f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml") common_app = create_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, test_namespace) wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) def fin(): print("Clean up the Smoke Application:") delete_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, common_app, test_namespace) delete_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/smoke/{request.param}/smoke-ingress.yaml", test_namespace) delete_secret(kube_apis.v1, secret_name, test_namespace) request.addfinalizer(fin) return SmokeSetup(ingress_controller_endpoint, ingress_host)
def backend_setup(request, kube_apis, ingress_controller_endpoint) -> BackendSetup: """ Create 2 namespaces and deploy simple applications in them. :param request: pytest fixture :param kube_apis: client apis :param ingress_controller_endpoint: public endpoint :return: BackendSetup """ watched_namespace = create_namespace_with_name_from_yaml( kube_apis.v1, f"watched-ns", f"{TEST_DATA}/common/ns.yaml") foreign_namespace = create_namespace_with_name_from_yaml( kube_apis.v1, f"foreign-ns", f"{TEST_DATA}/common/ns.yaml") ingress_hosts = {} for ns in [watched_namespace, foreign_namespace]: print( f"------------------------- Deploy the backend in {ns} -----------------------------------" ) create_example_app(kube_apis, "simple", ns) src_ing_yaml = f"{TEST_DATA}/watch-namespace/{ns}-ingress.yaml" create_items_from_yaml(kube_apis, src_ing_yaml, ns) ingress_host = get_first_ingress_host_from_yaml(src_ing_yaml) ingress_hosts[f"{ns}-ingress"] = ingress_host req_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port}/backend1" wait_until_all_pods_are_ready(kube_apis.v1, ns) ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) def fin(): print("Clean up:") delete_namespace(kube_apis.v1, watched_namespace) delete_namespace(kube_apis.v1, foreign_namespace) request.addfinalizer(fin) return BackendSetup(req_url, ingress_hosts)
def external_name_setup(request, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, ingress_controller, test_namespace) -> ExternalNameSetup: print("------------------------- Deploy External-Backend -----------------------------------") external_ns = create_namespace_with_name_from_yaml(kube_apis.v1, "external-ns", f"{TEST_DATA}/common/ns.yaml") external_svc_name = create_service_with_name(kube_apis.v1, external_ns, "external-backend-svc") create_deployment_with_name(kube_apis.apps_v1_api, external_ns, "external-backend") print("------------------------- Deploy External-Name-Example -----------------------------------") ingress_name = create_ingress_from_yaml(kube_apis.networking_v1, test_namespace, f"{TEST_DATA}/externalname-services/externalname-ingress.yaml") ingress_host = get_first_ingress_host_from_yaml(f"{TEST_DATA}/externalname-services/externalname-ingress.yaml") external_host = f"{external_svc_name}.{external_ns}.svc.cluster.local" config_map_name = ingress_controller_prerequisites.config_map["metadata"]["name"] replace_configmap_from_yaml(kube_apis.v1, config_map_name, ingress_controller_prerequisites.namespace, f"{TEST_DATA}/externalname-services/nginx-config.yaml") svc_name = create_service_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/externalname-services/externalname-svc.yaml") ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace) def fin(): print("Clean up External-Name-Example:") delete_namespace(kube_apis.v1, external_ns) replace_configmap(kube_apis.v1, config_map_name, ingress_controller_prerequisites.namespace, ingress_controller_prerequisites.config_map) delete_ingress(kube_apis.networking_v1, ingress_name, test_namespace) delete_service(kube_apis.v1, svc_name, test_namespace) request.addfinalizer(fin) return ExternalNameSetup(ingress_controller_endpoint, ingress_name, ingress_host, ic_pod_name, svc_name, external_host, test_namespace)
def crd_ingress_controller_with_dos(cli_arguments, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, request, crds) -> None: """ Create an Ingress Controller with DOS CRDs enabled. :param crds: the common IC crds. :param cli_arguments: pytest context :param kube_apis: client apis :param ingress_controller_prerequisites :param ingress_controller_endpoint: :param request: pytest fixture to parametrize this method {extra_args: } 'extra_args' list of IC arguments :return: """ namespace = ingress_controller_prerequisites.namespace name = "nginx-ingress" try: print( "--------------------Create roles and bindings for AppProtect------------------------" ) rbac = configure_rbac_with_dos(kube_apis.rbac_v1) print( "------------------------- Register AP CRD -----------------------------------" ) dos_pol_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_apdospolicy.yaml") dos_log_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_apdoslogconfs.yaml" ) dos_protected_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_dosprotectedresources.yaml" ) create_crd_from_yaml( kube_apis.api_extensions_v1, dos_pol_crd_name, f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_apdospolicy.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1, dos_log_crd_name, f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_apdoslogconfs.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1, dos_protected_crd_name, f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_dosprotectedresources.yaml", ) print( "------------------------- Create syslog svc -----------------------" ) src_syslog_yaml = f"{TEST_DATA}/dos/dos-syslog.yaml" log_loc = f"/var/log/messages" create_items_from_yaml(kube_apis, src_syslog_yaml, namespace) before = time.time() wait_until_all_pods_are_ready(kube_apis.v1, namespace) after = time.time() print(f"All pods came up in {int(after-before)} seconds") print(f"syslog svc was created") print( "------------------------- Create dos arbitrator -----------------------" ) dos_arbitrator_name = create_dos_arbitrator( kube_apis.v1, kube_apis.apps_v1_api, namespace, ) print( "------------------------- Create IC -----------------------------------" ) name = create_ingress_controller( kube_apis.v1, kube_apis.apps_v1_api, cli_arguments, namespace, request.param.get("extra_args", None), ) ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl, ) except Exception as ex: print( f"Failed to complete CRD IC fixture: {ex}\nClean up the cluster as much as possible." ) delete_crd( kube_apis.api_extensions_v1, dos_pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1, dos_log_crd_name, ) delete_crd( kube_apis.api_extensions_v1, dos_protected_crd_name, ) print("Remove ap-rbac") cleanup_rbac(kube_apis.rbac_v1, rbac) print("Remove dos arbitrator:") delete_dos_arbitrator(kube_apis.v1, kube_apis.apps_v1_api, dos_arbitrator_name, namespace) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) pytest.fail("IC setup failed") def fin(): print("--------------Cleanup----------------") delete_crd( kube_apis.api_extensions_v1, dos_pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1, dos_log_crd_name, ) delete_crd( kube_apis.api_extensions_v1, dos_protected_crd_name, ) print("Remove ap-rbac") cleanup_rbac(kube_apis.rbac_v1, rbac) print("Remove dos arbitrator:") delete_dos_arbitrator(kube_apis.v1, kube_apis.apps_v1_api, dos_arbitrator_name, namespace) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) print("Remove the syslog svc:") delete_items_from_yaml(kube_apis, src_syslog_yaml, namespace) request.addfinalizer(fin)
def crd_ingress_controller_with_ed(cli_arguments, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, request, crds) -> None: """ Create an Ingress Controller with CRD enabled. :param crds: the common ingress controller crds. :param cli_arguments: pytest context :param kube_apis: client apis :param ingress_controller_prerequisites :param ingress_controller_endpoint: :param request: pytest fixture to parametrize this method {type: complete|rbac-without-vs, extra_args: } 'type' type of test pre-configuration 'extra_args' list of IC cli arguments :return: """ namespace = ingress_controller_prerequisites.namespace name = "nginx-ingress" print( "---------------------- Register DNSEndpoint CRD ------------------------------" ) external_dns_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds/externaldns.nginx.org_dnsendpoints.yaml") create_crd_from_yaml( kube_apis.api_extensions_v1, external_dns_crd_name, f"{DEPLOYMENTS}/common/crds/externaldns.nginx.org_dnsendpoints.yaml", ) try: print( "------------------------- Create IC -----------------------------------" ) name = create_ingress_controller( kube_apis.v1, kube_apis.apps_v1_api, cli_arguments, namespace, request.param.get("extra_args", None), ) ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl, ) print( "---------------- Replace ConfigMap with external-status-address --------------------" ) cm_source = f"{TEST_DATA}/virtual-server-external-dns/nginx-config.yaml" replace_configmap_from_yaml( kube_apis.v1, ingress_controller_prerequisites.config_map['metadata']['name'], ingress_controller_prerequisites.namespace, cm_source) except ApiException as ex: # Finalizer method doesn't start if fixture creation was incomplete, ensure clean up here print("Restore the ClusterRole:") patch_rbac(kube_apis.rbac_v1, f"{DEPLOYMENTS}/rbac/rbac.yaml") print("Remove the DNSEndpoint CRD:") delete_crd( kube_apis.api_extensions_v1, external_dns_crd_name, ) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) replace_configmap_from_yaml( kube_apis.v1, ingress_controller_prerequisites.config_map["metadata"]["name"], ingress_controller_prerequisites.namespace, f"{DEPLOYMENTS}/common/nginx-config.yaml", ) pytest.fail("IC setup failed") def fin(): print("Restore the ClusterRole:") patch_rbac(kube_apis.rbac_v1, f"{DEPLOYMENTS}/rbac/rbac.yaml") print("Remove the DNSEndpoint CRD:") delete_crd( kube_apis.api_extensions_v1, external_dns_crd_name, ) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) replace_configmap_from_yaml( kube_apis.v1, ingress_controller_prerequisites.config_map["metadata"]["name"], ingress_controller_prerequisites.namespace, f"{DEPLOYMENTS}/common/nginx-config.yaml", ) request.addfinalizer(fin)
def dos_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller_prerequisites, test_namespace) -> DosSetup: """ Deploy simple application and all the DOS resources under test in one namespace. :param request: pytest fixture :param kube_apis: client apis :param ingress_controller_endpoint: public endpoint :param ingress_controller_prerequisites: IC pre-requisites :param test_namespace: :return: DosSetup """ print(f"------------- Replace ConfigMap --------------") replace_configmap_from_yaml( kube_apis.v1, ingress_controller_prerequisites.config_map["metadata"]["name"], ingress_controller_prerequisites.namespace, f"{TEST_DATA}/dos/nginx-config.yaml") print( "------------------------- Deploy Dos backend application -------------------------" ) create_example_app(kube_apis, "dos", test_namespace) req_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port}/" wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl, ) print( "------------------------- Deploy Secret -----------------------------" ) src_sec_yaml = f"{TEST_DATA}/dos/dos-secret.yaml" create_items_from_yaml(kube_apis, src_sec_yaml, test_namespace) print( "------------------------- Deploy logconf -----------------------------" ) src_log_yaml = f"{TEST_DATA}/dos/dos-logconf.yaml" log_name = create_dos_logconf_from_yaml(kube_apis.custom_objects, src_log_yaml, test_namespace) print( f"------------------------- Deploy dospolicy ---------------------------" ) src_pol_yaml = f"{TEST_DATA}/dos/dos-policy.yaml" pol_name = create_dos_policy_from_yaml(kube_apis.custom_objects, src_pol_yaml, test_namespace) print( f"------------------------- Deploy protected resource ---------------------------" ) src_protected_yaml = f"{TEST_DATA}/dos/dos-protected.yaml" protected_name = create_dos_protected_from_yaml( kube_apis.custom_objects, src_protected_yaml, test_namespace, ingress_controller_prerequisites.namespace) for item in kube_apis.v1.list_namespaced_pod( ingress_controller_prerequisites.namespace).items: if "nginx-ingress" in item.metadata.name: nginx_reload(kube_apis.v1, item.metadata.name, ingress_controller_prerequisites.namespace) def fin(): print("Clean up:") delete_dos_policy(kube_apis.custom_objects, pol_name, test_namespace) delete_dos_logconf(kube_apis.custom_objects, log_name, test_namespace) delete_dos_protected(kube_apis.custom_objects, protected_name, test_namespace) delete_common_app(kube_apis, "dos", test_namespace) delete_items_from_yaml(kube_apis, src_sec_yaml, test_namespace) write_to_json(f"reload-{get_test_file_name(request.node.fspath)}.json", reload_times) request.addfinalizer(fin) return DosSetup(req_url, pol_name, log_name)
def crd_ingress_controller_with_ap(cli_arguments, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, request) -> None: """ Create an Ingress Controller with AppProtect CRD enabled. :param cli_arguments: pytest context :param kube_apis: client apis :param ingress_controller_prerequisites :param ingress_controller_endpoint: :param request: pytest fixture to parametrize this method {extra_args: } 'extra_args' list of IC arguments :return: """ namespace = ingress_controller_prerequisites.namespace name = "nginx-ingress" try: print( "--------------------Create roles and bindings for AppProtect------------------------" ) rbac = configure_rbac_with_ap(kube_apis.rbac_v1) print( "------------------------- Register AP CRD -----------------------------------" ) ap_pol_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_appolicies.yaml" ) ap_log_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_aplogconfs.yaml" ) ap_uds_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_apusersigs.yaml" ) vs_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_virtualservers.yaml" ) vsr_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_virtualserverroutes.yaml" ) pol_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_policies.yaml") ts_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_transportservers.yaml" ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, ap_pol_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_appolicies.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, ap_log_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_aplogconfs.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, ap_uds_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_apusersigs.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, vs_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_virtualservers.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, vsr_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_virtualserverroutes.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, pol_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_policies.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, ts_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_transportservers.yaml", ) print( "------------------------- Create IC -----------------------------------" ) name = create_ingress_controller( kube_apis.v1, kube_apis.apps_v1_api, cli_arguments, namespace, request.param.get("extra_args", None), ) ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl, ) except Exception as ex: print( f"Failed to complete CRD IC fixture: {ex}\nClean up the cluster as much as possible." ) delete_crd( kube_apis.api_extensions_v1_beta1, ap_pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ap_log_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ap_uds_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, vs_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, vsr_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ts_crd_name, ) print("Remove ap-rbac") cleanup_rbac(kube_apis.rbac_v1, rbac) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) def fin(): print("--------------Cleanup----------------") delete_crd( kube_apis.api_extensions_v1_beta1, ap_pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ap_log_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ap_uds_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, vs_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, vsr_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ts_crd_name, ) print("Remove ap-rbac") cleanup_rbac(kube_apis.rbac_v1, rbac) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) request.addfinalizer(fin)