From 195a6c87af4aee737eab66677861e17d1b45379e Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Fri, 9 Aug 2024 10:14:26 +0200 Subject: [PATCH 1/5] test(kuttl): improve error output in python scripts --- tests/templates/kuttl/aas-user-info/test-regorule.py | 4 +++- tests/templates/kuttl/keycloak-user-info/test-regorule.py | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/templates/kuttl/aas-user-info/test-regorule.py b/tests/templates/kuttl/aas-user-info/test-regorule.py index ed92ec68..d8a4731b 100755 --- a/tests/templates/kuttl/aas-user-info/test-regorule.py +++ b/tests/templates/kuttl/aas-user-info/test-regorule.py @@ -43,8 +43,10 @@ def make_request(payload): response = make_request(payload) assertions(subject_id, response, "currentUserInfoById", [], {"e-mail": f"{subject_id}@example.com", "company": "openid"}) except Exception as e: + print(f"exception: {e}") if response is not None: - print(f"something went wrong. last response: {response}") + print(f"request body: {payload}") + print(f"response body: {response}") raise e print("Test successful!") diff --git a/tests/templates/kuttl/keycloak-user-info/test-regorule.py b/tests/templates/kuttl/keycloak-user-info/test-regorule.py index 829ab507..898815a7 100755 --- a/tests/templates/kuttl/keycloak-user-info/test-regorule.py +++ b/tests/templates/kuttl/keycloak-user-info/test-regorule.py @@ -55,8 +55,10 @@ def make_request(payload): response = make_request(payload) assertions(username, response, "currentUserInfoById", groups, {}) except Exception as e: + print(f"exception: {e}") if response is not None: - print(f"something went wrong. last response: {response}") + print(f"request body: {payload}") + print(f"response body: {response}") raise e print("Test successful!") From e0fecaa9d75d1454c4e1862d9f46c8b704a83021 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Fri, 9 Aug 2024 10:15:45 +0200 Subject: [PATCH 2/5] chore(kuttl): ruff formatting --- .../kuttl/aas-user-info/test-regorule.py | 24 ++++++++++++++----- .../kuttl/keycloak-user-info/test-regorule.py | 18 +++++++++----- 2 files changed, 30 insertions(+), 12 deletions(-) diff --git a/tests/templates/kuttl/aas-user-info/test-regorule.py b/tests/templates/kuttl/aas-user-info/test-regorule.py index d8a4731b..7032c984 100755 --- a/tests/templates/kuttl/aas-user-info/test-regorule.py +++ b/tests/templates/kuttl/aas-user-info/test-regorule.py @@ -4,7 +4,9 @@ import json -def assertions(username, response, opa_attribute, expected_groups, expected_attributes={}): +def assertions( + username, response, opa_attribute, expected_groups, expected_attributes={} +): assert "result" in response assert opa_attribute in response["result"] @@ -23,25 +25,35 @@ def assertions(username, response, opa_attribute, expected_groups, expected_attr # todo: split out customAttribute assertions print(f"Testing for {username} with customAttributes {expected_attributes}") custom_attributes = response["result"][opa_attribute]["customAttributes"] - assert custom_attributes == expected_attributes, f"got {custom_attributes}, expected: {expected_attributes}" + assert ( + custom_attributes == expected_attributes + ), f"got {custom_attributes}, expected: {expected_attributes}" if __name__ == "__main__": all_args = argparse.ArgumentParser() all_args.add_argument("-u", "--url", required=True, help="OPA service url") args = vars(all_args.parse_args()) - params = {'strict-builtin-errors': 'true'} + params = {"strict-builtin-errors": "true"} def make_request(payload): - return requests.post(args['url'], data=json.dumps(payload), params=params).json() + return requests.post( + args["url"], data=json.dumps(payload), params=params + ).json() for subject_id in ["alice", "bob"]: try: # todo: try this out locally until it works # url = 'http://test-opa-svc:8081/v1/data' - payload = {'input': {'id': subject_id}} + payload = {"input": {"id": subject_id}} response = make_request(payload) - assertions(subject_id, response, "currentUserInfoById", [], {"e-mail": f"{subject_id}@example.com", "company": "openid"}) + assertions( + subject_id, + response, + "currentUserInfoById", + [], + {"e-mail": f"{subject_id}@example.com", "company": "openid"}, + ) except Exception as e: print(f"exception: {e}") if response is not None: diff --git a/tests/templates/kuttl/keycloak-user-info/test-regorule.py b/tests/templates/kuttl/keycloak-user-info/test-regorule.py index 898815a7..d6268eae 100755 --- a/tests/templates/kuttl/keycloak-user-info/test-regorule.py +++ b/tests/templates/kuttl/keycloak-user-info/test-regorule.py @@ -10,7 +10,9 @@ } -def assertions(username, response, opa_attribute, expected_groups, expected_attributes={}): +def assertions( + username, response, opa_attribute, expected_groups, expected_attributes={} +): assert "result" in response assert opa_attribute in response["result"] @@ -29,29 +31,33 @@ def assertions(username, response, opa_attribute, expected_groups, expected_attr # todo: split out customAttribute assertions print(f"Testing for {username} with customAttributes {expected_attributes}") custom_attributes = response["result"][opa_attribute]["customAttributes"] - assert custom_attributes == expected_attributes, f"got {custom_attributes}, expected: {expected_attributes}" + assert ( + custom_attributes == expected_attributes + ), f"got {custom_attributes}, expected: {expected_attributes}" if __name__ == "__main__": all_args = argparse.ArgumentParser() all_args.add_argument("-u", "--url", required=True, help="OPA service url") args = vars(all_args.parse_args()) - params = {'strict-builtin-errors': 'true'} + params = {"strict-builtin-errors": "true"} def make_request(payload): - return requests.post(args['url'], data=json.dumps(payload), params=params).json() + return requests.post( + args["url"], data=json.dumps(payload), params=params + ).json() for username, groups in users_and_groups.items(): try: # todo: try this out locally until it works # url = 'http://test-opa-svc:8081/v1/data' - payload = {'input': {'username': username}} + payload = {"input": {"username": username}} response = make_request(payload) assertions(username, response, "currentUserInfoByUsername", groups, {}) # do the reverse lookup user_id = response["result"]["currentUserInfoByUsername"]["id"] - payload = {'input': {'id': user_id}} + payload = {"input": {"id": user_id}} response = make_request(payload) assertions(username, response, "currentUserInfoById", groups, {}) except Exception as e: From 1477028598eae11daf95ca27bc23c2c311e7e071 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Tue, 13 Aug 2024 13:00:39 +0200 Subject: [PATCH 3/5] chore(kuttl): improve error output in python scripts --- .../kuttl/aas-user-info/test-regorule.py | 24 +++++++++++-------- .../kuttl/keycloak-user-info/test-regorule.py | 24 +++++++++++-------- 2 files changed, 28 insertions(+), 20 deletions(-) diff --git a/tests/templates/kuttl/aas-user-info/test-regorule.py b/tests/templates/kuttl/aas-user-info/test-regorule.py index 7032c984..e95d6070 100755 --- a/tests/templates/kuttl/aas-user-info/test-regorule.py +++ b/tests/templates/kuttl/aas-user-info/test-regorule.py @@ -8,23 +8,24 @@ def assertions( username, response, opa_attribute, expected_groups, expected_attributes={} ): assert "result" in response - assert opa_attribute in response["result"] + result = response["result"] + assert opa_attribute in result, f"expected {opa_attribute} in {result}" # repeated the right hand side for better output on error - assert "customAttributes" in response["result"][opa_attribute] - assert "groups" in response["result"][opa_attribute] - assert "id" in response["result"][opa_attribute] - assert "username" in response["result"][opa_attribute] + assert "customAttributes" in result[opa_attribute] + assert "groups" in result[opa_attribute] + assert "id" in result[opa_attribute] + assert "username" in result[opa_attribute] # todo: split out group assertions print(f"Testing for {username} in groups {expected_groups}") - groups = sorted(response["result"][opa_attribute]["groups"]) + groups = sorted(result[opa_attribute]["groups"]) expected_groups = sorted(expected_groups) assert groups == expected_groups, f"got {groups}, expected: {expected_groups}" # todo: split out customAttribute assertions print(f"Testing for {username} with customAttributes {expected_attributes}") - custom_attributes = response["result"][opa_attribute]["customAttributes"] + custom_attributes = result[opa_attribute]["customAttributes"] assert ( custom_attributes == expected_attributes ), f"got {custom_attributes}, expected: {expected_attributes}" @@ -37,9 +38,12 @@ def assertions( params = {"strict-builtin-errors": "true"} def make_request(payload): - return requests.post( - args["url"], data=json.dumps(payload), params=params - ).json() + response = requests.post(args["url"], data=json.dumps(payload), params=params) + expected_status_code = 200 + assert ( + response.status_code == expected_status_code + ), f"got {response.status_code}, expected: {expected_status_code}" + return response.json() for subject_id in ["alice", "bob"]: try: diff --git a/tests/templates/kuttl/keycloak-user-info/test-regorule.py b/tests/templates/kuttl/keycloak-user-info/test-regorule.py index d6268eae..d8f3e20b 100755 --- a/tests/templates/kuttl/keycloak-user-info/test-regorule.py +++ b/tests/templates/kuttl/keycloak-user-info/test-regorule.py @@ -14,23 +14,24 @@ def assertions( username, response, opa_attribute, expected_groups, expected_attributes={} ): assert "result" in response - assert opa_attribute in response["result"] + result = response["result"] + assert opa_attribute in result, f"expected {opa_attribute} in {result}" # repeated the right hand side for better output on error - assert "customAttributes" in response["result"][opa_attribute] - assert "groups" in response["result"][opa_attribute] - assert "id" in response["result"][opa_attribute] - assert "username" in response["result"][opa_attribute] + assert "customAttributes" in result[opa_attribute] + assert "groups" in result[opa_attribute] + assert "id" in result[opa_attribute] + assert "username" in result[opa_attribute] # todo: split out group assertions print(f"Testing for {username} in groups {expected_groups}") - groups = sorted(response["result"][opa_attribute]["groups"]) + groups = sorted(result[opa_attribute]["groups"]) expected_groups = sorted(expected_groups) assert groups == expected_groups, f"got {groups}, expected: {expected_groups}" # todo: split out customAttribute assertions print(f"Testing for {username} with customAttributes {expected_attributes}") - custom_attributes = response["result"][opa_attribute]["customAttributes"] + custom_attributes = result[opa_attribute]["customAttributes"] assert ( custom_attributes == expected_attributes ), f"got {custom_attributes}, expected: {expected_attributes}" @@ -43,9 +44,12 @@ def assertions( params = {"strict-builtin-errors": "true"} def make_request(payload): - return requests.post( - args["url"], data=json.dumps(payload), params=params - ).json() + response = requests.post(args["url"], data=json.dumps(payload), params=params) + expected_status_code = 200 + assert ( + response.status_code == expected_status_code + ), f"got {response.status_code}, expected: {expected_status_code}" + return response.json() for username, groups in users_and_groups.items(): try: From cd3c31ed8bfff588fe2cc68c23a258a080f5ce65 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Tue, 13 Aug 2024 14:28:22 +0200 Subject: [PATCH 4/5] fix(kuttl): revert change from #580 --- .../kuttl/aas-user-info/10-install-opa.yaml.j2 | 16 ++++++++++++++++ .../templates/kuttl/aas-user-info/30-assert.yaml | 2 +- .../keycloak-user-info/10-install-opa.yaml.j2 | 16 ++++++++++++++++ .../kuttl/keycloak-user-info/30-assert.yaml | 2 +- 4 files changed, 34 insertions(+), 2 deletions(-) diff --git a/tests/templates/kuttl/aas-user-info/10-install-opa.yaml.j2 b/tests/templates/kuttl/aas-user-info/10-install-opa.yaml.j2 index 149a0a32..9e9ac895 100644 --- a/tests/templates/kuttl/aas-user-info/10-install-opa.yaml.j2 +++ b/tests/templates/kuttl/aas-user-info/10-install-opa.yaml.j2 @@ -5,6 +5,22 @@ commands: - script: | kubectl apply -n $NAMESPACE -f - < Date: Tue, 13 Aug 2024 15:14:03 +0200 Subject: [PATCH 5/5] fix(kuttl): use bundled userinfo code --- tests/templates/kuttl/aas-user-info/10-install-opa.yaml.j2 | 7 +++---- .../kuttl/keycloak-user-info/10-install-opa.yaml.j2 | 7 +++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/tests/templates/kuttl/aas-user-info/10-install-opa.yaml.j2 b/tests/templates/kuttl/aas-user-info/10-install-opa.yaml.j2 index 9e9ac895..089a221d 100644 --- a/tests/templates/kuttl/aas-user-info/10-install-opa.yaml.j2 +++ b/tests/templates/kuttl/aas-user-info/10-install-opa.yaml.j2 @@ -15,11 +15,10 @@ commands: test.rego: | package test - userInfoByUsername(username) := http.send({"method": "POST", "url": "http://127.0.0.1:9476/user", "body": {"username": username}, "headers": {"Content-Type": "application/json"}, "raise_error": true}).body - userInfoById(id) := http.send({"method": "POST", "url": "http://127.0.0.1:9476/user", "body": {"id": id}, "headers": {"Content-Type": "application/json"}, "raise_error": true}).body + import data.stackable.opa.userinfo.v1 as userinfo - currentUserInfoByUsername := userInfoByUsername(input.username) - currentUserInfoById := userInfoById(input.id) + currentUserInfoByUsername := userinfo.userInfoByUsername(input.username) + currentUserInfoById := userinfo.userInfoById(input.id) --- apiVersion: opa.stackable.tech/v1alpha1 kind: OpaCluster diff --git a/tests/templates/kuttl/keycloak-user-info/10-install-opa.yaml.j2 b/tests/templates/kuttl/keycloak-user-info/10-install-opa.yaml.j2 index cd80b3b0..22a7f21f 100644 --- a/tests/templates/kuttl/keycloak-user-info/10-install-opa.yaml.j2 +++ b/tests/templates/kuttl/keycloak-user-info/10-install-opa.yaml.j2 @@ -15,11 +15,10 @@ commands: test.rego: | package test - userInfoByUsername(username) := http.send({"method": "POST", "url": "http://127.0.0.1:9476/user", "body": {"username": username}, "headers": {"Content-Type": "application/json"}, "raise_error": true}).body - userInfoById(id) := http.send({"method": "POST", "url": "http://127.0.0.1:9476/user", "body": {"id": id}, "headers": {"Content-Type": "application/json"}, "raise_error": true}).body + import data.stackable.opa.userinfo.v1 as userinfo - currentUserInfoByUsername := userInfoByUsername(input.username) - currentUserInfoById := userInfoById(input.id) + currentUserInfoByUsername := userinfo.userInfoByUsername(input.username) + currentUserInfoById := userinfo.userInfoById(input.id) --- apiVersion: opa.stackable.tech/v1alpha1 kind: OpaCluster