add ability to create jwt on tests

pdabelf5 · pdabelf5 · commit ea7652a881fc · 2024-11-11T16:39:51.000Z
diff --git a/deployments/common/plus-mgmt-configmap.yaml b/deployments/common/plus-mgmt-configmap.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-config-mgmt
+  namespace: nginx-ingress
+data:
diff --git a/deployments/deployment/nginx-plus-ingress.yaml b/deployments/deployment/nginx-plus-ingress.yaml
@@ -27,12 +27,12 @@ spec:
         - name: nginx-plus-license
           secret:
             secretName: license-token
-        - name: nim-ca
-          secret:
-            secretName: nim-ca
-        - name: nim-client-cert
-          secret:
-            secretName: nim-client-cert
+#      - name: nim-ca
+#        secret:
+#          secretName: nim-ca
+#      - name: nim-client-cert
+#        secret:
+#          secretName: nim-client-cert
 #      - name: nginx-etc
 #        emptyDir: {}
 #      - name: nginx-cache
@@ -81,10 +81,10 @@ spec:
         volumeMounts:
           - mountPath: /etc/nginx/license
             name: nginx-plus-license
-          - mountPath: /etc/nginx/secrets/mgmt
-            name: nim-ca
-          - mountPath: /etc/nginx/secrets/mgmt_client
-            name: nim-client-cert
+#        - mountPath: /etc/nginx/secrets/mgmt
+#          name: nim-ca
+#        - mountPath: /etc/nginx/secrets/mgmt_client
+#          name: nim-client-cert
 #        - mountPath: /var/cache/nginx
 #          name: nginx-cache
 #        - mountPath: /var/lib/nginx
diff --git a/internal/configs/configmaps.go b/internal/configs/configmaps.go
@@ -14,7 +14,6 @@ import (
 
 const (
 	minimumInterval = 60
-	defaultInterval = "1h"
 )
 
 // ParseConfigMap parses ConfigMap into ConfigParams.
@@ -567,8 +566,8 @@ func ParseMGMTConfigMap(ctx context.Context, cfgm *v1.ConfigMap, nginxPlus bool)
 			nl.Errorf(l, "Configmap %s/%s: Invalid value for the interval key: got %q: %v", cfgm.GetNamespace(), cfgm.GetName(), i, err)
 		}
 		if t.Seconds() < minimumInterval {
-			nl.Errorf(l, "Configmap %s/%s: Value too low for the interval key, got: %v, need higher than %ds.  Falling back to default %s", cfgm.GetNamespace(), cfgm.GetName(), i, minimumInterval, defaultInterval)
-			mgmtCfgParams.Interval = defaultInterval
+			nl.Errorf(l, "Configmap %s/%s: Value too low for the interval key, got: %v, need higher than %ds.", cfgm.GetNamespace(), cfgm.GetName(), i, minimumInterval)
+			mgmtCfgParams.Interval = ""
 		} else {
 			mgmtCfgParams.Interval = i
 		}
diff --git a/internal/configs/version1/nginx-plus.tmpl b/internal/configs/version1/nginx-plus.tmpl
@@ -360,8 +360,9 @@ stream {
 
 {{- if .NginxVersion.PlusGreaterThanOrEqualTo "nginx-plus-r33" }}
 mgmt {
+    #{{ .MGMTInterval }}#
     usage_report
-    {{- if ne .MGMTEndpoint "" }} endpoint={{ .MGMTEndpoint }} {{- end }} interval={{ .MGMTInterval }};
+    {{- if ne .MGMTEndpoint "" }} endpoint={{ .MGMTEndpoint }} {{- end }} {{- if ne .MGMTInterval "" }} interval={{ .MGMTInterval }} {{- end }};
     license_token /etc/nginx/license/license.jwt;
     {{ if .MGMTEnforceInitialReport -}}
     enforce_initial_report on;
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -55,6 +55,11 @@ def pytest_addoption(parser) -> None:
         default=DEFAULT_IC_TYPE,
         help="The type of the Ingress Controller: nginx-ingress or nginx-plus-ingress.",
     )
+    parser.addoption(
+        "--plus-jwt",
+        action="store",
+        help="The plus jwt for the Ingress Controller image.",
+    )
     parser.addoption(
         "--service",
         action="store",
diff --git a/tests/suite/fixtures/fixtures.py b/tests/suite/fixtures/fixtures.py
@@ -25,6 +25,7 @@
     create_configmap_from_yaml,
     create_namespace_with_name_from_yaml,
     create_ns_and_sa_from_yaml,
+    create_opaque_license_secret,
     create_secret_from_yaml,
     create_service_from_yaml,
     delete_namespace,
@@ -240,11 +241,20 @@ def ingress_controller_prerequisites(cli_arguments, kube_apis, request) -> Ingre
         ]
     )
     config_map_yaml = f"{DEPLOYMENTS}/common/nginx-config.yaml"
+    mgmt_config_map_yaml = f"{DEPLOYMENTS}/common/plus-mgmt-configmap.yaml"
     create_configmap_from_yaml(kube_apis.v1, namespace, config_map_yaml)
     with open(config_map_yaml) as f:
         config_map = yaml.safe_load(f)
+
     create_secret_from_yaml(kube_apis.v1, namespace, f"{TEST_DATA}/common/default-server-secret.yaml")
 
+    # setup Plus JWT configuration
+    if cli_arguments["ic-type"] == "nginx-plus-ingress" and "plus-jwt" in cli_arguments:
+        print("Create Plus JWT Secret:")
+        secret_name = create_opaque_license_secret(kube_apis.v1, namespace, cli_arguments["plus-jwt"])
+        print(f"Secret created: {secret_name}")
+        create_configmap_from_yaml(kube_apis.v1, namespace, mgmt_config_map_yaml)
+
     def fin():
         if request.config.getoption("--skip-fixture-teardown") == "no":
             print("Clean up prerequisites")
@@ -323,6 +333,11 @@ def cli_arguments(request) -> {}:
     result["ic-type"] = request.config.getoption("--ic-type")
     assert result["ic-type"] in ALLOWED_IC_TYPES, f"IC type {result['ic-type']} is not allowed"
     print(f"Tests will run against the IC of type: {result['ic-type']}")
+    if result["ic-type"] == "nginx-plus-ingress":
+        jwt = request.config.getoption("--plus-jwt", None)
+        assert jwt is not None and jwt != "", f"ic-type nginx-plus-ingress needs a jwt"
+        result["plus-jwt"] = jwt
+        print(f"Tests will use the Plus JWT: {result['plus-jwt']}")
 
     result["replicas"] = request.config.getoption("--replicas")
     print(f"Number of pods spun up will be : {result['replicas']}")
diff --git a/tests/suite/utils/resources_utils.py b/tests/suite/utils/resources_utils.py
@@ -10,7 +10,15 @@
 import pytest
 import requests
 import yaml
-from kubernetes.client import AppsV1Api, CoreV1Api, NetworkingV1Api, RbacAuthorizationV1Api, V1Service
+from kubernetes.client import (
+    AppsV1Api,
+    CoreV1Api,
+    NetworkingV1Api,
+    RbacAuthorizationV1Api,
+    V1ObjectMeta,
+    V1Secret,
+    V1Service,
+)
 from kubernetes.client.rest import ApiException
 from kubernetes.stream import stream
 from more_itertools import first
@@ -556,6 +564,15 @@ def create_secret(v1: CoreV1Api, namespace, body) -> str:
     return body["metadata"]["name"]
 
 
+def create_opaque_license_secret(v1: CoreV1Api, namespace, jwt, license_token_name="license-token") -> str:
+    sec = V1Secret()
+    sec.type = "Opaque"
+    sec.metadata = V1ObjectMeta(name=license_token_name)
+    sec.data = {"license.jwt": base64.b64encode(jwt.encode("ascii")).decode()}
+    v1.create_namespaced_secret(namespace=namespace, body=sec)
+    return license_token_name
+
+
 def replace_secret(v1: CoreV1Api, name, namespace, yaml_manifest) -> str:
     """
     Replace a secret based on yaml file.

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,6 @@ import (`
`14`	`14`
`15`	`15`	`const (`
`16`	`16`	`minimumInterval = 60`
`17`		`- defaultInterval = "1h"`
`18`	`17`	`)`
`19`	`18`
`20`	`19`	`// ParseConfigMap parses ConfigMap into ConfigParams.`
`@@ -567,8 +566,8 @@ func ParseMGMTConfigMap(ctx context.Context, cfgm *v1.ConfigMap, nginxPlus bool)`
`567`	`566`	`nl.Errorf(l, "Configmap %s/%s: Invalid value for the interval key: got %q: %v", cfgm.GetNamespace(), cfgm.GetName(), i, err)`
`568`	`567`	`}`
`569`	`568`	`if t.Seconds() < minimumInterval {`
`570`		`- nl.Errorf(l, "Configmap %s/%s: Value too low for the interval key, got: %v, need higher than %ds. Falling back to default %s", cfgm.GetNamespace(), cfgm.GetName(), i, minimumInterval, defaultInterval)`
`571`		`- mgmtCfgParams.Interval = defaultInterval`
	`569`	`+ nl.Errorf(l, "Configmap %s/%s: Value too low for the interval key, got: %v, need higher than %ds.", cfgm.GetNamespace(), cfgm.GetName(), i, minimumInterval)`
	`570`	`+ mgmtCfgParams.Interval = ""`
`572`	`571`	`} else {`
`573`	`572`	`mgmtCfgParams.Interval = i`
`574`	`573`	`}`