Skip to content

Commit a1be7ca

Browse files
fabriziosestitofabriziosestito
committed
test(integration): allow using different PolicyServer config accross tests
Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
1 parent 4f70c4c commit a1be7ca

File tree

2 files changed

+71
-42
lines changed

2 files changed

+71
-42
lines changed

tests/common/mod.rs

+6-27
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ use std::{
99
};
1010
use tempfile::tempdir;
1111

12-
pub(crate) async fn app() -> Router {
12+
pub(crate) fn default_test_config() -> Config {
1313
let policies = HashMap::from([
1414
(
1515
"pod-privileged".to_owned(),
@@ -47,32 +47,9 @@ pub(crate) async fn app() -> Router {
4747
context_aware_resources: BTreeSet::new(),
4848
},
4949
),
50-
(
51-
"invalid_settings".to_owned(),
52-
Policy {
53-
url: "ghcr.io/kubewarden/tests/sleeping-policy:v0.1.0".to_owned(),
54-
policy_mode: PolicyMode::Protect,
55-
allowed_to_mutate: None,
56-
settings: Some(HashMap::from([(
57-
"sleepMilliseconds".to_owned(),
58-
"abc".into(),
59-
)])),
60-
context_aware_resources: BTreeSet::new(),
61-
},
62-
),
63-
(
64-
"wrong_url".to_owned(),
65-
Policy {
66-
url: "ghcr.io/kubewarden/tests/not_existing:v0.1.0".to_owned(),
67-
policy_mode: PolicyMode::Protect,
68-
allowed_to_mutate: None,
69-
settings: None,
70-
context_aware_resources: BTreeSet::new(),
71-
},
72-
),
7350
]);
7451

75-
let config = Config {
52+
Config {
7653
addr: SocketAddr::from(([127, 0, 0, 1], 3001)),
7754
sources: None,
7855
policies,
@@ -93,9 +70,11 @@ pub(crate) async fn app() -> Router {
9370
daemon_stdout_file: None,
9471
daemon_stderr_file: None,
9572
enable_pprof: true,
96-
continue_on_errors: true,
97-
};
73+
continue_on_errors: false,
74+
}
75+
}
9876

77+
pub(crate) async fn app(config: Config) -> Router {
9978
let server = PolicyServer::new_from_config(config).await.unwrap();
10079

10180
server.router()

tests/integration_test.rs

+65-15
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,31 @@
11
mod common;
22

3+
use std::collections::{BTreeSet, HashMap};
4+
35
use common::app;
46

57
use axum::{
68
body::Body,
79
http::{self, header, Request},
810
};
911
use http_body_util::BodyExt;
10-
use policy_evaluator::admission_response::AdmissionResponseStatus;
11-
use policy_server::api::admission_review::AdmissionReviewResponse;
12+
use policy_evaluator::{
13+
admission_response::AdmissionResponseStatus,
14+
policy_fetcher::verify::config::VerificationConfigV1,
15+
};
16+
use policy_server::{
17+
api::admission_review::AdmissionReviewResponse,
18+
config::{Policy, PolicyMode},
19+
};
1220
use regex::Regex;
1321
use tower::ServiceExt;
1422

23+
use crate::common::default_test_config;
24+
1525
#[tokio::test]
1626
async fn test_validate() {
17-
let app = app().await;
27+
let config = default_test_config();
28+
let app = app(config).await;
1829

1930
let request = Request::builder()
2031
.method(http::Method::POST)
@@ -46,7 +57,8 @@ async fn test_validate() {
4657

4758
#[tokio::test]
4859
async fn test_validate_policy_not_found() {
49-
let app = app().await;
60+
let config = default_test_config();
61+
let app = app(config).await;
5062

5163
let request = Request::builder()
5264
.method(http::Method::POST)
@@ -64,7 +76,8 @@ async fn test_validate_policy_not_found() {
6476

6577
#[tokio::test]
6678
async fn test_validate_invalid_payload() {
67-
let app = app().await;
79+
let config = default_test_config();
80+
let app = app(config).await;
6881

6982
let request = Request::builder()
7083
.method(http::Method::POST)
@@ -80,7 +93,8 @@ async fn test_validate_invalid_payload() {
8093

8194
#[tokio::test]
8295
async fn test_validate_raw() {
83-
let app = app().await;
96+
let config = default_test_config();
97+
let app = app(config).await;
8498

8599
let request = Request::builder()
86100
.method(http::Method::POST)
@@ -107,7 +121,8 @@ async fn test_validate_raw() {
107121

108122
#[tokio::test]
109123
async fn test_validate_raw_policy_not_found() {
110-
let app = app().await;
124+
let config = default_test_config();
125+
let app = app(config).await;
111126

112127
let request = Request::builder()
113128
.method(http::Method::POST)
@@ -125,7 +140,8 @@ async fn test_validate_raw_policy_not_found() {
125140

126141
#[tokio::test]
127142
async fn test_validate_raw_invalid_payload() {
128-
let app = app().await;
143+
let config = default_test_config();
144+
let app = app(config).await;
129145

130146
let request = Request::builder()
131147
.method(http::Method::POST)
@@ -141,7 +157,8 @@ async fn test_validate_raw_invalid_payload() {
141157

142158
#[tokio::test]
143159
async fn test_audit() {
144-
let app = app().await;
160+
let config = default_test_config();
161+
let app = app(config).await;
145162

146163
let request = Request::builder()
147164
.method(http::Method::POST)
@@ -171,7 +188,8 @@ async fn test_audit() {
171188

172189
#[tokio::test]
173190
async fn test_audit_policy_not_found() {
174-
let app = app().await;
191+
let config = default_test_config();
192+
let app = app(config).await;
175193

176194
let request = Request::builder()
177195
.method(http::Method::POST)
@@ -189,7 +207,8 @@ async fn test_audit_policy_not_found() {
189207

190208
#[tokio::test]
191209
async fn test_audit_invalid_payload() {
192-
let app = app().await;
210+
let config = default_test_config();
211+
let app = app(config).await;
193212

194213
let request = Request::builder()
195214
.method(http::Method::POST)
@@ -205,7 +224,8 @@ async fn test_audit_invalid_payload() {
205224

206225
#[tokio::test]
207226
async fn test_timeout_protection_accept() {
208-
let app = app().await;
227+
let config = default_test_config();
228+
let app = app(config).await;
209229

210230
let request = Request::builder()
211231
.method(http::Method::POST)
@@ -226,7 +246,8 @@ async fn test_timeout_protection_accept() {
226246

227247
#[tokio::test]
228248
async fn test_timeout_protection_reject() {
229-
let app = app().await;
249+
let config = default_test_config();
250+
let app = app(config).await;
230251

231252
let request = Request::builder()
232253
.method(http::Method::POST)
@@ -256,7 +277,23 @@ async fn test_timeout_protection_reject() {
256277

257278
#[tokio::test]
258279
async fn test_policy_with_invalid_settings() {
259-
let app = app().await;
280+
let mut config = default_test_config();
281+
config.policies.insert(
282+
"invalid_settings".to_owned(),
283+
Policy {
284+
url: "ghcr.io/kubewarden/tests/sleeping-policy:v0.1.0".to_owned(),
285+
policy_mode: PolicyMode::Protect,
286+
allowed_to_mutate: None,
287+
settings: Some(HashMap::from([(
288+
"sleepMilliseconds".to_owned(),
289+
"abc".into(),
290+
)])),
291+
context_aware_resources: BTreeSet::new(),
292+
},
293+
);
294+
config.continue_on_errors = true;
295+
296+
let app = app(config).await;
260297

261298
let request = Request::builder()
262299
.method(http::Method::POST)
@@ -286,7 +323,20 @@ async fn test_policy_with_invalid_settings() {
286323

287324
#[tokio::test]
288325
async fn test_policy_with_wrong_url() {
289-
let app = app().await;
326+
let mut config = default_test_config();
327+
config.policies.insert(
328+
"wrong_url".to_owned(),
329+
Policy {
330+
url: "ghcr.io/kubewarden/tests/not_existing:v0.1.0".to_owned(),
331+
policy_mode: PolicyMode::Protect,
332+
allowed_to_mutate: None,
333+
settings: None,
334+
context_aware_resources: BTreeSet::new(),
335+
},
336+
);
337+
config.continue_on_errors = true;
338+
339+
let app = app(config).await;
290340

291341
let request = Request::builder()
292342
.method(http::Method::POST)

0 commit comments

Comments
 (0)