|
10 | 10 | # APIM Samples imports |
11 | 11 | import console |
12 | 12 | import infrastructures |
13 | | -from apimtypes import INFRASTRUCTURE, APIM_SKU, APIMNetworkMode, API, PolicyFragment, HTTP_VERB, Output |
| 13 | +from apimtypes import INFRASTRUCTURE, APIM_SKU, APIMNetworkMode, API, PolicyFragment, Output |
14 | 14 |
|
15 | 15 |
|
16 | 16 | # ------------------------------ |
@@ -153,71 +153,83 @@ def test_infrastructure_creation_with_custom_apis(mock_utils, mock_apis): |
153 | 153 | assert any(api.name == 'test-api-2' for api in apis) |
154 | 154 | assert any(api.name == 'hello-world' for api in apis) |
155 | 155 |
|
| 156 | + |
156 | 157 | @pytest.mark.unit |
157 | | -def test_infrastructure_creation_calls_utils_functions(mock_utils, mock_az): |
158 | | - """Test that Infrastructure creation calls expected utility functions.""" |
159 | | - infra = infrastructures.Infrastructure( |
160 | | - infra=INFRASTRUCTURE.SIMPLE_APIM, |
161 | | - index=TEST_INDEX, |
162 | | - rg_location=TEST_LOCATION |
163 | | - ) |
| 158 | +def test_appgw_apim_pe_create_keyvault_certificate_returns_true_when_cert_exists(mock_utils, mock_az): |
| 159 | + """If the certificate already exists, do not attempt creation (PE).""" |
| 160 | + infra = infrastructures.AppGwApimPeInfrastructure(rg_location='eastus', index=1) |
| 161 | + mock_az.run.return_value = Mock(success=True) |
164 | 162 |
|
165 | | - mock_az.get_infra_rg_name.assert_called_once_with(INFRASTRUCTURE.SIMPLE_APIM, TEST_INDEX) |
166 | | - mock_utils.build_infrastructure_tags.assert_called_once_with(INFRASTRUCTURE.SIMPLE_APIM) |
| 163 | + assert infra._create_keyvault_certificate('test-kv') is True |
| 164 | + mock_az.run.assert_called_once() |
| 165 | + assert 'az keyvault certificate show' in mock_az.run.call_args.args[0] |
167 | 166 |
|
168 | | - # Initialize policy fragments to trigger utils calls |
169 | | - infra._define_policy_fragments() |
170 | | - infra._define_apis() |
171 | 167 |
|
172 | | - # Should call read_policy_xml for base policy fragments and APIs |
173 | | - assert mock_utils.read_policy_xml.call_count >= 6 # 5 base policy fragments + 1 hello-world API |
174 | | - assert mock_utils.determine_shared_policy_path.call_count >= 5 |
| 168 | +@pytest.mark.unit |
| 169 | +def test_appgw_apim_create_keyvault_certificate_returns_true_when_cert_exists(mock_utils, mock_az): |
| 170 | + """If the certificate already exists, do not attempt creation (Internal).""" |
| 171 | + infra = infrastructures.AppGwApimInfrastructure(rg_location='eastus', index=1) |
| 172 | + mock_az.run.return_value = Mock(success=True) |
| 173 | + |
| 174 | + assert infra._create_keyvault_certificate('test-kv') is True |
| 175 | + mock_az.run.assert_called_once() |
| 176 | + assert 'az keyvault certificate show' in mock_az.run.call_args.args[0] |
| 177 | + |
175 | 178 |
|
176 | 179 | @pytest.mark.unit |
177 | | -def test_infrastructure_base_policy_fragments_creation(mock_utils): |
178 | | - """Test that base policy fragments are created correctly.""" |
179 | | - infra = infrastructures.Infrastructure( |
180 | | - infra=INFRASTRUCTURE.SIMPLE_APIM, |
181 | | - index=TEST_INDEX, |
182 | | - rg_location=TEST_LOCATION |
183 | | - ) |
| 180 | +def test_appgw_apim_pe_create_keyvault_certificate_creates_with_escaped_policy_when_missing(mock_utils, mock_az): |
| 181 | + """If missing, create certificate and ensure policy string is escaped (PE).""" |
| 182 | + infra = infrastructures.AppGwApimPeInfrastructure(rg_location='eastus', index=1) |
| 183 | + mock_az.run.side_effect = [Mock(success=False), Mock(success=True)] |
184 | 184 |
|
185 | | - # Initialize policy fragments |
186 | | - infra._define_policy_fragments() |
| 185 | + assert infra._create_keyvault_certificate('test-kv') is True |
| 186 | + assert mock_az.run.call_count == 2 |
187 | 187 |
|
188 | | - # Check that all base policy fragments are created |
189 | | - expected_fragment_names = [ |
190 | | - 'AuthZ-Match-All', |
191 | | - 'AuthZ-Match-Any', |
192 | | - 'Http-Response-200', |
193 | | - 'Product-Match-Any', |
194 | | - 'Remove-Request-Headers' |
195 | | - ] |
| 188 | + create_cmd = mock_az.run.call_args.args[0] |
| 189 | + assert 'az keyvault certificate create' in create_cmd |
| 190 | + assert '--vault-name test-kv' in create_cmd |
| 191 | + assert f'--name {infra.CERT_NAME}' in create_cmd |
| 192 | + assert '--policy "' in create_cmd |
| 193 | + assert '\\"issuerParameters\\"' in create_cmd |
| 194 | + assert '\\"keyProperties\\"' in create_cmd |
| 195 | + assert '\\"x509CertificateProperties\\"' in create_cmd |
196 | 196 |
|
197 | | - base_fragment_names = [pf.name for pf in infra.base_pfs] |
198 | | - for expected_name in expected_fragment_names: |
199 | | - assert expected_name in base_fragment_names |
200 | 197 |
|
201 | 198 | @pytest.mark.unit |
202 | | -def test_infrastructure_base_apis_creation(mock_utils): |
203 | | - """Test that base APIs are created correctly.""" |
204 | | - infra = infrastructures.Infrastructure( |
205 | | - infra=INFRASTRUCTURE.SIMPLE_APIM, |
206 | | - index=TEST_INDEX, |
207 | | - rg_location=TEST_LOCATION |
208 | | - ) |
| 199 | +def test_appgw_apim_create_keyvault_certificate_creates_with_escaped_policy_when_missing(mock_utils, mock_az): |
| 200 | + """If missing, create certificate and ensure policy string is escaped (Internal).""" |
| 201 | + infra = infrastructures.AppGwApimInfrastructure(rg_location='eastus', index=1) |
| 202 | + mock_az.run.side_effect = [Mock(success=False), Mock(success=True)] |
209 | 203 |
|
210 | | - # Initialize APIs |
211 | | - infra._define_apis() |
| 204 | + assert infra._create_keyvault_certificate('test-kv') is True |
| 205 | + assert mock_az.run.call_count == 2 |
212 | 206 |
|
213 | | - # Check that hello-world API is created |
214 | | - assert len(infra.base_apis) == 1 |
215 | | - hello_world_api = infra.base_apis[0] |
216 | | - assert hello_world_api.name == 'hello-world' |
217 | | - assert hello_world_api.displayName == 'Hello World' |
218 | | - assert not hello_world_api.path |
219 | | - assert len(hello_world_api.operations) == 1 |
220 | | - assert hello_world_api.operations[0].method == HTTP_VERB.GET |
| 207 | + create_cmd = mock_az.run.call_args.args[0] |
| 208 | + assert 'az keyvault certificate create' in create_cmd |
| 209 | + assert '--vault-name test-kv' in create_cmd |
| 210 | + assert f'--name {infra.CERT_NAME}' in create_cmd |
| 211 | + assert '--policy "' in create_cmd |
| 212 | + assert '\\"issuerParameters\\"' in create_cmd |
| 213 | + assert '\\"keyProperties\\"' in create_cmd |
| 214 | + assert '\\"x509CertificateProperties\\"' in create_cmd |
| 215 | + |
| 216 | + |
| 217 | +@pytest.mark.unit |
| 218 | +def test_appgw_apim_pe_create_keyvault_certificate_returns_false_when_create_fails(mock_utils, mock_az): |
| 219 | + """If creation fails, return False (PE).""" |
| 220 | + infra = infrastructures.AppGwApimPeInfrastructure(rg_location='eastus', index=1) |
| 221 | + mock_az.run.side_effect = [Mock(success=False), Mock(success=False)] |
| 222 | + |
| 223 | + assert infra._create_keyvault_certificate('test-kv') is False |
| 224 | + |
| 225 | + |
| 226 | +@pytest.mark.unit |
| 227 | +def test_appgw_apim_create_keyvault_certificate_returns_false_when_create_fails(mock_utils, mock_az): |
| 228 | + """If creation fails, return False (Internal).""" |
| 229 | + infra = infrastructures.AppGwApimInfrastructure(rg_location='eastus', index=1) |
| 230 | + mock_az.run.side_effect = [Mock(success=False), Mock(success=False)] |
| 231 | + |
| 232 | + assert infra._create_keyvault_certificate('test-kv') is False |
221 | 233 |
|
222 | 234 |
|
223 | 235 | # ------------------------------ |
@@ -2368,32 +2380,72 @@ def test_appgw_apim_create_keyvault(mock_utils, mock_az): |
2368 | 2380 | assert isinstance(result, bool) |
2369 | 2381 |
|
2370 | 2382 |
|
2371 | | -def test_appgw_apim_pe_create_certificate(mock_utils, mock_az): |
2372 | | - """Test certificate creation for AppGwApimPeInfrastructure.""" |
2373 | | - infra = infrastructures.AppGwApimPeInfrastructure( |
2374 | | - rg_location='eastus', |
2375 | | - index=1 |
2376 | | - ) |
| 2383 | +@pytest.mark.unit |
| 2384 | +@pytest.mark.parametrize( |
| 2385 | + 'infra_factory', |
| 2386 | + [ |
| 2387 | + lambda: infrastructures.AppGwApimPeInfrastructure(rg_location='eastus', index=1), |
| 2388 | + lambda: infrastructures.AppGwApimInfrastructure(rg_location='eastus', index=1), |
| 2389 | + ] |
| 2390 | +) |
| 2391 | +def test_create_keyvault_certificate_returns_true_when_cert_exists(mock_utils, mock_az, infra_factory): |
| 2392 | + """If the certificate already exists, do not attempt creation.""" |
| 2393 | + infra = infra_factory() |
2377 | 2394 |
|
2378 | 2395 | mock_az.run.return_value = Mock(success=True) |
2379 | 2396 |
|
2380 | | - result = infra._create_keyvault_certificate('test-kv') |
| 2397 | + assert infra._create_keyvault_certificate('test-kv') is True |
| 2398 | + mock_az.run.assert_called_once() |
| 2399 | + assert 'az keyvault certificate show' in mock_az.run.call_args.args[0] |
2381 | 2400 |
|
2382 | | - assert isinstance(result, bool) |
2383 | 2401 |
|
| 2402 | +@pytest.mark.unit |
| 2403 | +@pytest.mark.parametrize( |
| 2404 | + 'infra_factory', |
| 2405 | + [ |
| 2406 | + lambda: infrastructures.AppGwApimPeInfrastructure(rg_location='eastus', index=1), |
| 2407 | + lambda: infrastructures.AppGwApimInfrastructure(rg_location='eastus', index=1), |
| 2408 | + ] |
| 2409 | +) |
| 2410 | +def test_create_keyvault_certificate_creates_with_escaped_policy_when_missing(mock_utils, mock_az, infra_factory): |
| 2411 | + """If missing, create certificate and ensure policy string is escaped for PowerShell.""" |
| 2412 | + infra = infra_factory() |
2384 | 2413 |
|
2385 | | -def test_appgw_apim_create_certificate(mock_utils, mock_az): |
2386 | | - """Test certificate creation for AppGwApimInfrastructure.""" |
2387 | | - infra = infrastructures.AppGwApimInfrastructure( |
2388 | | - rg_location='eastus', |
2389 | | - index=1 |
2390 | | - ) |
| 2414 | + show_output = Mock(success=False) |
| 2415 | + create_output = Mock(success=True) |
| 2416 | + mock_az.run.side_effect = [show_output, create_output] |
2391 | 2417 |
|
2392 | | - mock_az.run.return_value = Mock(success=True) |
| 2418 | + assert infra._create_keyvault_certificate('test-kv') is True |
2393 | 2419 |
|
2394 | | - result = infra._create_keyvault_certificate('test-kv') |
| 2420 | + assert mock_az.run.call_count == 2 |
| 2421 | + create_cmd = mock_az.run.call_args.args[0] |
| 2422 | + assert 'az keyvault certificate create' in create_cmd |
| 2423 | + assert '--vault-name test-kv' in create_cmd |
| 2424 | + assert f'--name {infra.CERT_NAME}' in create_cmd |
| 2425 | + assert '--policy "' in create_cmd |
| 2426 | + # Policy JSON should have escaped quotes (\") |
| 2427 | + assert '\\"issuerParameters\\"' in create_cmd |
| 2428 | + assert '\\"keyProperties\\"' in create_cmd |
| 2429 | + assert '\\"x509CertificateProperties\\"' in create_cmd |
2395 | 2430 |
|
2396 | | - assert isinstance(result, bool) |
| 2431 | + |
| 2432 | +@pytest.mark.unit |
| 2433 | +@pytest.mark.parametrize( |
| 2434 | + 'infra_factory', |
| 2435 | + [ |
| 2436 | + lambda: infrastructures.AppGwApimPeInfrastructure(rg_location='eastus', index=1), |
| 2437 | + lambda: infrastructures.AppGwApimInfrastructure(rg_location='eastus', index=1), |
| 2438 | + ] |
| 2439 | +) |
| 2440 | +def test_create_keyvault_certificate_returns_false_when_create_fails(mock_utils, mock_az, infra_factory): |
| 2441 | + """If creation fails, return False.""" |
| 2442 | + infra = infra_factory() |
| 2443 | + |
| 2444 | + show_output = Mock(success=False) |
| 2445 | + create_output = Mock(success=False) |
| 2446 | + mock_az.run.side_effect = [show_output, create_output] |
| 2447 | + |
| 2448 | + assert infra._create_keyvault_certificate('test-kv') is False |
2397 | 2449 |
|
2398 | 2450 |
|
2399 | 2451 | def test_afd_apim_aca_approve_private_links(mock_utils, mock_az): |
|
0 commit comments