From b3456b05cc40b86c8fb6d71b91ece50e025e1ac6 Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Mon, 27 Apr 2026 13:40:07 +0200 Subject: [PATCH 01/18] feat: initial setup. Signed-off-by: Alexander Cristurean --- testsuite/mockserver.py | 7 ++ testsuite/tests/singlecluster/conftest.py | 86 ++++++++++++++++++++++- 2 files changed, 90 insertions(+), 3 deletions(-) diff --git a/testsuite/mockserver.py b/testsuite/mockserver.py index 0b1d8d4a8..acc0a0ea8 100644 --- a/testsuite/mockserver.py +++ b/testsuite/mockserver.py @@ -75,3 +75,10 @@ def retrieve_requests(self, expectation_id): params={"type": "REQUESTS", "format": "JSON"}, json={"path": "/" + expectation_id}, ).json() + + def retrieve_all_requests(self): + """Retrieve all requests received by MockServer""" + return self.client.mockserver.retrieve.put( + params={"type": "REQUESTS", "format": "JSON"}, + json={}, + ).json() diff --git a/testsuite/tests/singlecluster/conftest.py b/testsuite/tests/singlecluster/conftest.py index d378d96e8..6f1f4edb5 100644 --- a/testsuite/tests/singlecluster/conftest.py +++ b/testsuite/tests/singlecluster/conftest.py @@ -1,22 +1,29 @@ """Configure all the components through Kuadrant, all methods are placeholders for now since we do not work with Kuadrant""" +import uuid from importlib import resources import pytest from openshift_client import selector from testsuite.backend.mockserver import MockserverBackend, MockserverBackendConfig +from testsuite.config import settings from testsuite.gateway import GatewayRoute, Gateway, Hostname, GatewayListener from testsuite.gateway.envoy import Envoy from testsuite.gateway.envoy.route import EnvoyVirtualRoute +from testsuite.gateway.exposers import OpenShiftExposer from testsuite.gateway.gateway_api.gateway import KuadrantGateway from testsuite.gateway.gateway_api.route import HTTPRoute +from testsuite.httpx import KuadrantClient from testsuite.kuadrant import KuadrantCR from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy from testsuite.kubernetes.api_key import APIKey from testsuite.kubernetes.client import KubernetesClient +from testsuite.kubernetes.openshift.route import OpenshiftRoute +from testsuite.kubernetes.service import Service, ServicePort +from testsuite.mockserver import Mockserver @pytest.fixture(scope="session") @@ -110,6 +117,34 @@ def backend(request, cluster, blame, label, mockserver_config): return mockserver +@pytest.fixture(scope="session") +def backend_mockserver(request, backend, cluster, blame, exposer): + """Mockserver API client for the backend, bypassing the gateway""" + match_labels = {"app": backend.label, "deployment": backend.name} + + if isinstance(exposer, OpenShiftExposer): + route = OpenshiftRoute.create_instance(cluster, blame("ms-api"), backend.name, "http") + request.addfinalizer(route.delete) + route.commit() + base_url = f"http://{route.hostname}" + else: + api_service = Service.create_instance( + cluster, + blame("ms-api"), + selector=match_labels, + ports=[ServicePort(name="http", port=8080, targetPort="api")], + labels={"app": backend.label}, + service_type="LoadBalancer", + ) + request.addfinalizer(api_service.delete) + api_service.commit() + api_service.wait_for_ready(slow_loadbalancers=settings["control_plane"]["slow_loadbalancers"]) + base_url = f"http://{api_service.refresh().external_ip}:8080" + + with KuadrantClient(base_url=base_url) as http_client: + yield Mockserver(http_client) + + @pytest.fixture(scope="session") def gateway(request, kuadrant, cluster, blame, label, testconfig, wildcard_domain) -> Gateway: """Deploys Gateway that wires up the Backend behind the reverse-proxy and Authorino instance""" @@ -159,13 +194,58 @@ def route(request, kuadrant, gateway, blame, hostname, backend, module_label) -> @pytest.fixture(scope="module") -def client(route, hostname): # pylint: disable=unused-argument - """Returns httpx client to be used for requests""" - client = hostname.client() +def _leak_tracker(): + """Accumulates tracking IDs of denied requests (401/403/429) for leak detection""" + return [] + + +DENIED_STATUS_CODES = {401, 403, 429} +TRACKING_HEADER = "X-Testsuite-Tracking" + + +@pytest.fixture(scope="module") +def client(route, hostname, _leak_tracker): # pylint: disable=unused-argument + """Returns httpx client to be used for requests, with upstream leak tracking""" + + def _inject_tracking_header(request): + request.headers[TRACKING_HEADER] = str(uuid.uuid4()) + + def _record_denied_response(response): + if response.status_code in DENIED_STATUS_CODES: + tracking_id = response.request.headers.get(TRACKING_HEADER) + if tracking_id: + _leak_tracker.append(tracking_id) + + client = hostname.client(event_hooks={"request": [_inject_tracking_header], "response": [_record_denied_response]}) yield client client.close() +@pytest.fixture(scope="module", autouse=True) +def _assert_no_upstream_leak(_leak_tracker, backend_mockserver): + """Asserts that requests denied by the gateway (401/403/429) did not reach the backend""" + yield + + if not _leak_tracker: + return + + denied_set = set(_leak_tracker) + all_requests = backend_mockserver.retrieve_all_requests() + + leaked = [] + for req in all_requests: + headers = req.get("headers", {}) + for name, values in headers.items(): + if name.lower() == TRACKING_HEADER.lower() and values: + if values[0] in denied_set: + leaked.append(values[0]) + + assert not leaked, ( + f"{len(leaked)} denied request(s) leaked to the upstream backend. " + f"The gateway returned a denial status (401/403/429) but the request still reached MockServer." + ) + + @pytest.fixture(scope="module") def create_api_key(blame, request, cluster): """Creates API key Secret""" From bd56c6a6a587df410294f17a7f8634fc9d6a9335 Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Wed, 29 Apr 2026 20:16:01 +0200 Subject: [PATCH 02/18] feat: stash key implementation. Signed-off-by: Alexander Cristurean --- testsuite/tests/singlecluster/conftest.py | 80 ++++++++++++----------- 1 file changed, 41 insertions(+), 39 deletions(-) diff --git a/testsuite/tests/singlecluster/conftest.py b/testsuite/tests/singlecluster/conftest.py index 6f1f4edb5..957cb2c03 100644 --- a/testsuite/tests/singlecluster/conftest.py +++ b/testsuite/tests/singlecluster/conftest.py @@ -25,6 +25,12 @@ from testsuite.kubernetes.service import Service, ServicePort from testsuite.mockserver import Mockserver +mockserver_stash_key = pytest.StashKey[str]() +denied_ids_stash_key = pytest.StashKey[set]() + +DENIED_STATUS_CODES = {401, 403, 429} +TRACKING_HEADER = "X-Testsuite-Tracking" + @pytest.fixture(scope="session") def second_namespace(testconfig, skip_or_fail) -> KubernetesClient: @@ -106,24 +112,18 @@ def mockserver_config(cluster, blame, label): @pytest.fixture(scope="session") -def backend(request, cluster, blame, label, mockserver_config): - """Deploys MockServer backend""" +def backend(request, cluster, blame, label, exposer, mockserver_config): + """Deploys MockServer backend and exposes its API for leak detection""" mockserver = MockserverBackend( cluster, blame("mockserver"), label, service_type="ClusterIP", config=mockserver_config ) request.addfinalizer(mockserver.delete) mockserver.commit() mockserver.wait_for_ready() - return mockserver - - -@pytest.fixture(scope="session") -def backend_mockserver(request, backend, cluster, blame, exposer): - """Mockserver API client for the backend, bypassing the gateway""" - match_labels = {"app": backend.label, "deployment": backend.name} + match_labels = {"app": mockserver.label, "deployment": mockserver.name} if isinstance(exposer, OpenShiftExposer): - route = OpenshiftRoute.create_instance(cluster, blame("ms-api"), backend.name, "http") + route = OpenshiftRoute.create_instance(cluster, blame("ms-api"), mockserver.name, "http") request.addfinalizer(route.delete) route.commit() base_url = f"http://{route.hostname}" @@ -133,7 +133,7 @@ def backend_mockserver(request, backend, cluster, blame, exposer): blame("ms-api"), selector=match_labels, ports=[ServicePort(name="http", port=8080, targetPort="api")], - labels={"app": backend.label}, + labels={"app": mockserver.label}, service_type="LoadBalancer", ) request.addfinalizer(api_service.delete) @@ -141,8 +141,8 @@ def backend_mockserver(request, backend, cluster, blame, exposer): api_service.wait_for_ready(slow_loadbalancers=settings["control_plane"]["slow_loadbalancers"]) base_url = f"http://{api_service.refresh().external_ip}:8080" - with KuadrantClient(base_url=base_url) as http_client: - yield Mockserver(http_client) + request.config.stash[mockserver_stash_key] = base_url + return mockserver @pytest.fixture(scope="session") @@ -194,56 +194,58 @@ def route(request, kuadrant, gateway, blame, hostname, backend, module_label) -> @pytest.fixture(scope="module") -def _leak_tracker(): - """Accumulates tracking IDs of denied requests (401/403/429) for leak detection""" - return [] - - -DENIED_STATUS_CODES = {401, 403, 429} -TRACKING_HEADER = "X-Testsuite-Tracking" - - -@pytest.fixture(scope="module") -def client(route, hostname, _leak_tracker): # pylint: disable=unused-argument +def client(route, hostname, request): # pylint: disable=unused-argument """Returns httpx client to be used for requests, with upstream leak tracking""" + denied_ids = request.config.stash.setdefault(denied_ids_stash_key, set()) - def _inject_tracking_header(request): - request.headers[TRACKING_HEADER] = str(uuid.uuid4()) + def _inject_tracking_header(req): + req.headers[TRACKING_HEADER] = str(uuid.uuid4()) def _record_denied_response(response): if response.status_code in DENIED_STATUS_CODES: tracking_id = response.request.headers.get(TRACKING_HEADER) if tracking_id: - _leak_tracker.append(tracking_id) + denied_ids.add(tracking_id) client = hostname.client(event_hooks={"request": [_inject_tracking_header], "response": [_record_denied_response]}) yield client client.close() -@pytest.fixture(scope="module", autouse=True) -def _assert_no_upstream_leak(_leak_tracker, backend_mockserver): - """Asserts that requests denied by the gateway (401/403/429) did not reach the backend""" - yield +@pytest.hookimpl(hookwrapper=True) +def pytest_runtest_makereport(item, call): # pylint: disable=unused-argument + """After each test, check if any denied requests leaked to the upstream MockServer backend""" + outcome = yield + report = outcome.get_result() - if not _leak_tracker: + if report.when != "call": return - denied_set = set(_leak_tracker) - all_requests = backend_mockserver.retrieve_all_requests() + base_url = item.config.stash.get(mockserver_stash_key, None) + denied_ids = item.config.stash.get(denied_ids_stash_key, None) + if base_url is None or not denied_ids: + return + + current_ids = set(denied_ids) + denied_ids.clear() + + ms = Mockserver(KuadrantClient(base_url=base_url)) + all_requests = ms.retrieve_all_requests() leaked = [] for req in all_requests: headers = req.get("headers", {}) for name, values in headers.items(): if name.lower() == TRACKING_HEADER.lower() and values: - if values[0] in denied_set: + if values[0] in current_ids: leaked.append(values[0]) - assert not leaked, ( - f"{len(leaked)} denied request(s) leaked to the upstream backend. " - f"The gateway returned a denial status (401/403/429) but the request still reached MockServer." - ) + if leaked: + report.outcome = "failed" + report.longrepr = ( + f"{len(leaked)} denied request(s) leaked to the upstream backend. " + f"The gateway returned a denial status (401/403/429) but the request still reached MockServer." + ) @pytest.fixture(scope="module") From 6ee36c0fadf20d2cbb88f2092c1ec36f3e792693 Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Mon, 4 May 2026 13:57:53 +0200 Subject: [PATCH 03/18] feat: data-plane marker. Signed-off-by: Alexander Cristurean --- Makefile | 3 + pyproject.toml | 1 + testsuite/httpx/__init__.py | 13 ++- .../opa/external_registry/test_cache.py | 2 +- .../test_external_registry.py | 2 +- .../opa/test_authorization_services.py | 2 +- .../authorization/opa/test_inline_rego.py | 2 +- .../authorization/spicedb/test_spicedb.py | 2 +- .../authorino/collisions/test_collisions.py | 2 +- .../test_authorization_condition.py | 2 +- .../test_identity_condition.py | 2 +- .../conditions/test_top_level_condition.py | 2 +- .../authorino/dinosaur/test_dinosaur.py | 2 +- .../anonymous/test_anonymous_identity.py | 2 +- .../identity/api_key/test_auth_credentials.py | 2 +- .../identity/api_key/test_match_expression.py | 2 +- .../identity/api_key/test_match_label.py | 2 +- .../identity/api_key/test_reconciliation.py | 2 +- .../identity/auth/test_auth_identity.py | 2 +- .../auth/test_multiple_auth_identities.py | 2 +- .../test_token_normalization.py | 2 +- .../keycloak/test_auth_credentials.py | 2 +- .../identity/keycloak/test_jwt_ttl.py | 2 +- .../identity/keycloak/test_keycloak_roles.py | 2 +- .../identity/plain/test_jwt_plain_identity.py | 2 +- .../identity/plain/test_jwt_user_story.py | 2 +- .../test_non_resource_attributes.py | 2 +- .../test_resource_attributes.py | 2 +- .../identity/token_review/test_audiences.py | 2 +- .../identity/token_review/test_host.py | 2 +- .../gateway_validation/test_multi_ca_trust.py | 2 +- .../identity/x509/test_cel_expression.py | 2 +- .../identity/x509/test_client_cert_header.py | 2 +- .../identity/x509/test_xfcc_forwarding.py | 2 +- .../authorino/metadata/test_http.py | 2 +- .../metadata/test_token_introspect.py | 2 +- .../authorino/metadata/test_uma.py | 2 +- .../authorino/metadata/test_user_info.py | 2 +- .../clusterwide/test_all_namespace_api_key.py | 2 +- .../operator/clusterwide/test_clusterwide.py | 2 +- .../operator/raw_http/test_raw_http.py | 2 +- .../test_x509_attributes.py | 2 +- .../gateway_validation/test_x509_identity.py | 2 +- .../test_x509_trust_chain.py | 2 +- .../authorino/wristband/test_wristband.py | 2 +- testsuite/tests/singlecluster/conftest.py | 86 +++++-------------- .../same_target/test_ab_strategy.py | 2 +- .../same_target/test_ba_stategy.py | 2 +- .../merge/auth_policy/test_default_merge.py | 2 +- .../merge/auth_policy/test_default_replace.py | 2 +- .../same_target/test_ab_strategy.py | 2 +- .../same_target/test_ba_startegy.py | 2 +- .../merge/rate_limit/test_default_merge.py | 2 +- .../merge/rate_limit/test_default_replace.py | 2 +- .../defaults/test_basic_authorization.py | 2 +- .../defaults/test_basic_rate_limit.py | 2 +- .../defaults/test_section_targeting.py | 2 +- .../test_credential_injection.py | 2 +- ...est_credential_injection_by_destination.py | 2 +- .../tests/singlecluster/egress/test_egress.py | 2 +- .../plan_policy/test_plan_policy.py | 2 +- ...st_authpolicy_section_targeting_gateway.py | 2 +- ...authpolicy_section_targeting_http_route.py | 2 +- .../gateway/mtls/test_mtls_behaviour.py | 2 +- .../test_update_authpolicy_target_ref.py | 2 +- .../test_update_ratelimitpolicy_target_ref.py | 2 +- .../scaling/test_auto_scale_gateway.py | 2 +- .../scaling/test_manual_scale_gateway.py | 2 +- .../test_authpolicy_attached_gateway.py | 2 +- .../auth/test_auth_on_gw_and_route.py | 2 +- .../auth/test_auth_on_routes.py | 2 +- .../rlp/test_rlp_on_gw_and_route.py | 2 +- .../rlp/test_rlp_on_routes.py | 2 +- .../limitador/collisions/test_collisions.py | 2 +- .../method/test_route_subset_method.py | 2 +- .../metrics/trlp_metrics/test_trlp_metrics.py | 2 +- .../trlp_metrics/test_trlp_metrics_stream.py | 2 +- .../limitador/section/test_listener.py | 2 +- .../limitador/section/test_multiple_rules.py | 2 +- .../section/test_multiple_same_listener.py | 2 +- .../section/test_multiple_same_rule.py | 2 +- .../limitador/section/test_route_rule.py | 2 +- .../limitador/storage/db/test_redis.py | 2 +- .../limitador/storage/db/test_redis_cached.py | 2 +- .../limitador/storage/disk/test_disk.py | 2 +- .../limitador/test_basic_limit.py | 2 +- .../limitador/test_multiple_iterations.py | 2 +- .../tokens_rate_limit/basic/test_trlp.py | 2 +- .../basic/test_trlp_streaming.py | 2 +- .../test_multiple_trlp_iterations.py | 2 +- .../test_multiple_trlp_stream_iterations.py | 2 +- .../same_target/test_ab_strategy.py | 2 +- .../same_target/test_ba_strategy.py | 2 +- .../merge/auth_policy/test_override_merge.py | 2 +- .../auth_policy/test_override_replace.py | 2 +- .../same_target/test_ab_strategy.py | 2 +- .../same_target/test_ba_startegy.py | 2 +- .../merge/rate_limit/test_override_merge.py | 2 +- .../merge/rate_limit/test_override_replace.py | 2 +- .../overrides/test_basic_auth.py | 2 +- .../overrides/test_basic_rate_limit.py | 2 +- .../overrides/test_multiple_rate_limit.py | 2 +- .../overrides/test_section_targeting.py | 2 +- .../test_rate_limit_anonymous.py | 2 +- .../singlecluster/test_rate_limit_authz.py | 2 +- .../test_kuadrant_tracing.py | 2 +- .../test_kuadrant_tracing_rate_limit_only.py | 2 +- .../policies/test_auth_policy.py | 2 +- .../policies/test_rate_limit_policy.py | 2 +- 109 files changed, 142 insertions(+), 171 deletions(-) diff --git a/Makefile b/Makefile index 9b6dd98a7..9ba8e579d 100644 --- a/Makefile +++ b/Makefile @@ -71,6 +71,9 @@ disruptive: poetry-no-dev ## Run disruptive tests egress-gateway: poetry-no-dev ## Run egress gateway tests $(PYTEST) -n4 -m 'egress_gateway' --dist loadfile --enforce $(flags) testsuite/tests/singlecluster/egress/ +data-plane data_plane: poetry-no-dev ## Run data plane leak detection tests + $(PYTEST) -n4 -m 'data_plane' --dist loadfile $(flags) testsuite/tests/singlecluster + kuadrantctl: poetry-no-dev ## Run Kuadrantctl tests $(PYTEST) -n4 --dist loadfile --enforce $(flags) testsuite/tests/kuadrantctl/ diff --git a/pyproject.toml b/pyproject.toml index cf71956b1..bdc6ca638 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -65,6 +65,7 @@ markers = [ "egress_gateway: Test is using egress gateway", "min_ocp_version: Minimum OpenShift version required for test (e.g., @pytest.mark.min_ocp_version((4, 20)))", "gateway_api_version: Gateway API version requirement (e.g., @pytest.mark.gateway_api_version((1, 5, 0)) or @pytest.mark.gateway_api_version((1, 5, 0), operator.eq))", + "data_plane: Test verifies data plane behavior and checks for upstream request leaks", ] filterwarnings = [ "ignore: WARNING the new order is not taken into account:UserWarning", diff --git a/testsuite/httpx/__init__.py b/testsuite/httpx/__init__.py index 33de39777..b8f81b6b5 100644 --- a/testsuite/httpx/__init__.py +++ b/testsuite/httpx/__init__.py @@ -2,6 +2,7 @@ import ssl import typing +import uuid # I change return type of HTTPX client to Kuadrant Result # mypy: disable-error-code="override, return-value" @@ -114,6 +115,9 @@ def assert_all(self, status_code): class KuadrantClient(Client): """Httpx client which retries unstable requests""" + TRACKING_HEADER = "X-Testsuite-Tracking" + GATEWAY_DENIED_CODES = {401, 403, 429} + def __init__( self, *, @@ -123,6 +127,7 @@ def __init__( **kwargs, ): self.files = [] + self.denied_request_ids: list[str] = [] self.retry_codes = {503} if retry_codes is None else set(retry_codes) _verify = None if isinstance(verify, Certificate): @@ -172,6 +177,9 @@ def request( timeout=None, extensions=None, ) -> Result: + headers = dict(headers) if headers else {} + tracking_id = headers.setdefault(self.TRACKING_HEADER, str(uuid.uuid4())) + try: response = super().request( method, @@ -188,7 +196,10 @@ def request( timeout=timeout, extensions=extensions, ) - return Result(self.retry_codes, response=response) + result = Result(self.retry_codes, response=response) + if result.status_code in self.GATEWAY_DENIED_CODES: + self.denied_request_ids.append(tracking_id) + return result except RequestError as e: return Result(self.retry_codes, error=e) diff --git a/testsuite/tests/singlecluster/authorino/authorization/opa/external_registry/test_cache.py b/testsuite/tests/singlecluster/authorino/authorization/opa/external_registry/test_cache.py index cc69a93bc..eaa8483a2 100644 --- a/testsuite/tests/singlecluster/authorino/authorization/opa/external_registry/test_cache.py +++ b/testsuite/tests/singlecluster/authorino/authorization/opa/external_registry/test_cache.py @@ -9,7 +9,7 @@ from testsuite.utils import rego_allow_header -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] KEY = "test-key" diff --git a/testsuite/tests/singlecluster/authorino/authorization/opa/external_registry/test_external_registry.py b/testsuite/tests/singlecluster/authorino/authorization/opa/external_registry/test_external_registry.py index 9a57dc0ac..39e40af6a 100644 --- a/testsuite/tests/singlecluster/authorino/authorization/opa/external_registry/test_external_registry.py +++ b/testsuite/tests/singlecluster/authorino/authorization/opa/external_registry/test_external_registry.py @@ -2,7 +2,7 @@ import pytest -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] def test_allowed_by_opa(client, auth, header): diff --git a/testsuite/tests/singlecluster/authorino/authorization/opa/test_authorization_services.py b/testsuite/tests/singlecluster/authorino/authorization/opa/test_authorization_services.py index d658a0f05..f55247562 100644 --- a/testsuite/tests/singlecluster/authorino/authorization/opa/test_authorization_services.py +++ b/testsuite/tests/singlecluster/authorino/authorization/opa/test_authorization_services.py @@ -16,7 +16,7 @@ from testsuite.httpx.auth import HttpxOidcClientAuth from testsuite.kuadrant.policy.authorization import JsonResponse, ValueFrom, Pattern -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/authorization/opa/test_inline_rego.py b/testsuite/tests/singlecluster/authorino/authorization/opa/test_inline_rego.py index 3c8b1afdf..33cb2f90f 100644 --- a/testsuite/tests/singlecluster/authorino/authorization/opa/test_inline_rego.py +++ b/testsuite/tests/singlecluster/authorino/authorization/opa/test_inline_rego.py @@ -4,7 +4,7 @@ from testsuite.utils import rego_allow_header -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/authorization/spicedb/test_spicedb.py b/testsuite/tests/singlecluster/authorino/authorization/spicedb/test_spicedb.py index a45a1e959..f0466ddf3 100644 --- a/testsuite/tests/singlecluster/authorino/authorization/spicedb/test_spicedb.py +++ b/testsuite/tests/singlecluster/authorino/authorization/spicedb/test_spicedb.py @@ -14,7 +14,7 @@ from testsuite.kubernetes.secret import Secret from testsuite.spicedb.spicedb import SpiceDB, SchemaConfig, RelationshipConfig -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/collisions/test_collisions.py b/testsuite/tests/singlecluster/authorino/collisions/test_collisions.py index 65125df41..96d192724 100644 --- a/testsuite/tests/singlecluster/authorino/collisions/test_collisions.py +++ b/testsuite/tests/singlecluster/authorino/collisions/test_collisions.py @@ -6,7 +6,7 @@ from testsuite.kuadrant.policy import has_condition from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/conditions/section_conditions/test_authorization_condition.py b/testsuite/tests/singlecluster/authorino/conditions/section_conditions/test_authorization_condition.py index 6150012e4..0aba41e88 100644 --- a/testsuite/tests/singlecluster/authorino/conditions/section_conditions/test_authorization_condition.py +++ b/testsuite/tests/singlecluster/authorino/conditions/section_conditions/test_authorization_condition.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.authorization import Pattern -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/conditions/section_conditions/test_identity_condition.py b/testsuite/tests/singlecluster/authorino/conditions/section_conditions/test_identity_condition.py index 6b9cac5cb..598075978 100644 --- a/testsuite/tests/singlecluster/authorino/conditions/section_conditions/test_identity_condition.py +++ b/testsuite/tests/singlecluster/authorino/conditions/section_conditions/test_identity_condition.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.policy.authorization import Pattern from testsuite.httpx.auth import HeaderApiKeyAuth -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/conditions/test_top_level_condition.py b/testsuite/tests/singlecluster/authorino/conditions/test_top_level_condition.py index a5ca77eca..c1677ae3c 100644 --- a/testsuite/tests/singlecluster/authorino/conditions/test_top_level_condition.py +++ b/testsuite/tests/singlecluster/authorino/conditions/test_top_level_condition.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import CelPredicate -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/dinosaur/test_dinosaur.py b/testsuite/tests/singlecluster/authorino/dinosaur/test_dinosaur.py index 31075f08c..5d8a5e9c4 100644 --- a/testsuite/tests/singlecluster/authorino/dinosaur/test_dinosaur.py +++ b/testsuite/tests/singlecluster/authorino/dinosaur/test_dinosaur.py @@ -4,7 +4,7 @@ import pytest -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] ERROR_MESSAGE = { "kind": "Error", diff --git a/testsuite/tests/singlecluster/authorino/identity/anonymous/test_anonymous_identity.py b/testsuite/tests/singlecluster/authorino/identity/anonymous/test_anonymous_identity.py index 882e9a627..4b040fb03 100644 --- a/testsuite/tests/singlecluster/authorino/identity/anonymous/test_anonymous_identity.py +++ b/testsuite/tests/singlecluster/authorino/identity/anonymous/test_anonymous_identity.py @@ -2,7 +2,7 @@ import pytest -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/api_key/test_auth_credentials.py b/testsuite/tests/singlecluster/authorino/identity/api_key/test_auth_credentials.py index 8b0181491..9352884ca 100644 --- a/testsuite/tests/singlecluster/authorino/identity/api_key/test_auth_credentials.py +++ b/testsuite/tests/singlecluster/authorino/identity/api_key/test_auth_credentials.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.authorization import Credentials -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module", params=["authorizationHeader", "customHeader", "queryString", "cookie"]) diff --git a/testsuite/tests/singlecluster/authorino/identity/api_key/test_match_expression.py b/testsuite/tests/singlecluster/authorino/identity/api_key/test_match_expression.py index 1a70eaec8..b2b802068 100644 --- a/testsuite/tests/singlecluster/authorino/identity/api_key/test_match_expression.py +++ b/testsuite/tests/singlecluster/authorino/identity/api_key/test_match_expression.py @@ -8,7 +8,7 @@ from testsuite.kubernetes import Selector, MatchExpression -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/api_key/test_match_label.py b/testsuite/tests/singlecluster/authorino/identity/api_key/test_match_label.py index 748c08285..f2b2afa81 100644 --- a/testsuite/tests/singlecluster/authorino/identity/api_key/test_match_label.py +++ b/testsuite/tests/singlecluster/authorino/identity/api_key/test_match_label.py @@ -2,7 +2,7 @@ import pytest -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/api_key/test_reconciliation.py b/testsuite/tests/singlecluster/authorino/identity/api_key/test_reconciliation.py index 5f2ade500..923cae452 100644 --- a/testsuite/tests/singlecluster/authorino/identity/api_key/test_reconciliation.py +++ b/testsuite/tests/singlecluster/authorino/identity/api_key/test_reconciliation.py @@ -5,7 +5,7 @@ from testsuite.httpx.auth import HeaderApiKeyAuth from testsuite.kubernetes import Selector -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="function") diff --git a/testsuite/tests/singlecluster/authorino/identity/auth/test_auth_identity.py b/testsuite/tests/singlecluster/authorino/identity/auth/test_auth_identity.py index 2bac2a1bb..689a2de33 100644 --- a/testsuite/tests/singlecluster/authorino/identity/auth/test_auth_identity.py +++ b/testsuite/tests/singlecluster/authorino/identity/auth/test_auth_identity.py @@ -6,7 +6,7 @@ from testsuite.oidc import OIDCProvider from testsuite.oidc.keycloak import Keycloak -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/auth/test_multiple_auth_identities.py b/testsuite/tests/singlecluster/authorino/identity/auth/test_multiple_auth_identities.py index cab22184e..b07bd299a 100644 --- a/testsuite/tests/singlecluster/authorino/identity/auth/test_multiple_auth_identities.py +++ b/testsuite/tests/singlecluster/authorino/identity/auth/test_multiple_auth_identities.py @@ -6,7 +6,7 @@ from testsuite.httpx.auth import HttpxOidcClientAuth -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/extended_properties/test_token_normalization.py b/testsuite/tests/singlecluster/authorino/identity/extended_properties/test_token_normalization.py index ec2e9d0df..d5677f434 100644 --- a/testsuite/tests/singlecluster/authorino/identity/extended_properties/test_token_normalization.py +++ b/testsuite/tests/singlecluster/authorino/identity/extended_properties/test_token_normalization.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.authorization import Pattern, Value, ValueFrom from testsuite.httpx.auth import HeaderApiKeyAuth, HttpxOidcClientAuth -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/keycloak/test_auth_credentials.py b/testsuite/tests/singlecluster/authorino/identity/keycloak/test_auth_credentials.py index 89e28051a..4302db0c4 100644 --- a/testsuite/tests/singlecluster/authorino/identity/keycloak/test_auth_credentials.py +++ b/testsuite/tests/singlecluster/authorino/identity/keycloak/test_auth_credentials.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.authorization import Credentials -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module", params=["authorizationHeader", "customHeader", "queryString", "cookie"]) diff --git a/testsuite/tests/singlecluster/authorino/identity/keycloak/test_jwt_ttl.py b/testsuite/tests/singlecluster/authorino/identity/keycloak/test_jwt_ttl.py index f94941b90..01a57cbad 100644 --- a/testsuite/tests/singlecluster/authorino/identity/keycloak/test_jwt_ttl.py +++ b/testsuite/tests/singlecluster/authorino/identity/keycloak/test_jwt_ttl.py @@ -7,7 +7,7 @@ import pytest -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] def test_jwt_ttl(client, auth, keycloak, create_jwt_auth, jwt_ttl): diff --git a/testsuite/tests/singlecluster/authorino/identity/keycloak/test_keycloak_roles.py b/testsuite/tests/singlecluster/authorino/identity/keycloak/test_keycloak_roles.py index db558b4f3..e18f712d6 100644 --- a/testsuite/tests/singlecluster/authorino/identity/keycloak/test_keycloak_roles.py +++ b/testsuite/tests/singlecluster/authorino/identity/keycloak/test_keycloak_roles.py @@ -3,7 +3,7 @@ import pytest from testsuite.httpx.auth import HttpxOidcClientAuth -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="function") diff --git a/testsuite/tests/singlecluster/authorino/identity/plain/test_jwt_plain_identity.py b/testsuite/tests/singlecluster/authorino/identity/plain/test_jwt_plain_identity.py index d7f8ee710..d45e37042 100644 --- a/testsuite/tests/singlecluster/authorino/identity/plain/test_jwt_plain_identity.py +++ b/testsuite/tests/singlecluster/authorino/identity/plain/test_jwt_plain_identity.py @@ -8,7 +8,7 @@ from testsuite.utils import extract_response from testsuite.gateway.envoy.jwt_plain_identity import JwtEnvoy -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/plain/test_jwt_user_story.py b/testsuite/tests/singlecluster/authorino/identity/plain/test_jwt_user_story.py index 4f92a7704..5e5dd91f9 100644 --- a/testsuite/tests/singlecluster/authorino/identity/plain/test_jwt_user_story.py +++ b/testsuite/tests/singlecluster/authorino/identity/plain/test_jwt_user_story.py @@ -13,7 +13,7 @@ logger = logging.getLogger(__name__) -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/subject_access_review/test_non_resource_attributes.py b/testsuite/tests/singlecluster/authorino/identity/subject_access_review/test_non_resource_attributes.py index 8cb9a2e13..6482ceb40 100644 --- a/testsuite/tests/singlecluster/authorino/identity/subject_access_review/test_non_resource_attributes.py +++ b/testsuite/tests/singlecluster/authorino/identity/subject_access_review/test_non_resource_attributes.py @@ -6,7 +6,7 @@ from testsuite.kuadrant.policy.authorization import ValueFrom from testsuite.kubernetes.cluster_role import ClusterRole, Rule -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/subject_access_review/test_resource_attributes.py b/testsuite/tests/singlecluster/authorino/identity/subject_access_review/test_resource_attributes.py index 6dfd53b77..6e7d2da21 100644 --- a/testsuite/tests/singlecluster/authorino/identity/subject_access_review/test_resource_attributes.py +++ b/testsuite/tests/singlecluster/authorino/identity/subject_access_review/test_resource_attributes.py @@ -6,7 +6,7 @@ from testsuite.kuadrant.policy.authorization import ValueFrom, Value, ResourceAttributes from testsuite.kubernetes.cluster_role import ClusterRole, Rule -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/token_review/test_audiences.py b/testsuite/tests/singlecluster/authorino/identity/token_review/test_audiences.py index 2cc2ef1d5..a67995bc5 100644 --- a/testsuite/tests/singlecluster/authorino/identity/token_review/test_audiences.py +++ b/testsuite/tests/singlecluster/authorino/identity/token_review/test_audiences.py @@ -2,7 +2,7 @@ import pytest -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] TEST_AUDIENCES = ["test-aud1", "test-aud2", "test-aud3"] diff --git a/testsuite/tests/singlecluster/authorino/identity/token_review/test_host.py b/testsuite/tests/singlecluster/authorino/identity/token_review/test_host.py index bdd776eb1..9ce695575 100644 --- a/testsuite/tests/singlecluster/authorino/identity/token_review/test_host.py +++ b/testsuite/tests/singlecluster/authorino/identity/token_review/test_host.py @@ -2,7 +2,7 @@ import pytest -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/x509/gateway_validation/test_multi_ca_trust.py b/testsuite/tests/singlecluster/authorino/identity/x509/gateway_validation/test_multi_ca_trust.py index 817deda09..cacc09b77 100644 --- a/testsuite/tests/singlecluster/authorino/identity/x509/gateway_validation/test_multi_ca_trust.py +++ b/testsuite/tests/singlecluster/authorino/identity/x509/gateway_validation/test_multi_ca_trust.py @@ -15,7 +15,7 @@ from testsuite.kuadrant.policy.authorization import X509Source from ..conftest import XFCC_HEADER_NAME -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.gateway_api_version((1, 5, 0))] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.gateway_api_version((1, 5, 0)), pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/x509/test_cel_expression.py b/testsuite/tests/singlecluster/authorino/identity/x509/test_cel_expression.py index cfcacbf69..5635e9cd2 100644 --- a/testsuite/tests/singlecluster/authorino/identity/x509/test_cel_expression.py +++ b/testsuite/tests/singlecluster/authorino/identity/x509/test_cel_expression.py @@ -10,7 +10,7 @@ from testsuite.kubernetes import Selector from testsuite.kuadrant.policy.authorization import X509Source -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] CERT_HEADER_NAME = "pem-encoded-client-cert" diff --git a/testsuite/tests/singlecluster/authorino/identity/x509/test_client_cert_header.py b/testsuite/tests/singlecluster/authorino/identity/x509/test_client_cert_header.py index 889245dec..222a3e648 100644 --- a/testsuite/tests/singlecluster/authorino/identity/x509/test_client_cert_header.py +++ b/testsuite/tests/singlecluster/authorino/identity/x509/test_client_cert_header.py @@ -11,7 +11,7 @@ from testsuite.kubernetes import Selector from testsuite.kuadrant.policy.authorization import X509Source -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] CLIENT_CERT_HEADER_NAME = "Client-Cert" diff --git a/testsuite/tests/singlecluster/authorino/identity/x509/test_xfcc_forwarding.py b/testsuite/tests/singlecluster/authorino/identity/x509/test_xfcc_forwarding.py index 7380baea6..4a1061fb0 100644 --- a/testsuite/tests/singlecluster/authorino/identity/x509/test_xfcc_forwarding.py +++ b/testsuite/tests/singlecluster/authorino/identity/x509/test_xfcc_forwarding.py @@ -12,7 +12,7 @@ from testsuite.gateway.gateway_api.gateway import KuadrantGateway from .conftest import XFCC_HEADER_NAME -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/metadata/test_http.py b/testsuite/tests/singlecluster/authorino/metadata/test_http.py index 728004890..1d6c14650 100644 --- a/testsuite/tests/singlecluster/authorino/metadata/test_http.py +++ b/testsuite/tests/singlecluster/authorino/metadata/test_http.py @@ -12,7 +12,7 @@ from testsuite.utils import ContentType -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] ALLOWED_COUNTRY = {"countryCode": "SK"} diff --git a/testsuite/tests/singlecluster/authorino/metadata/test_token_introspect.py b/testsuite/tests/singlecluster/authorino/metadata/test_token_introspect.py index 50bbed371..963076a9b 100644 --- a/testsuite/tests/singlecluster/authorino/metadata/test_token_introspect.py +++ b/testsuite/tests/singlecluster/authorino/metadata/test_token_introspect.py @@ -8,7 +8,7 @@ from testsuite.httpx.auth import HttpxOidcClientAuth -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/metadata/test_uma.py b/testsuite/tests/singlecluster/authorino/metadata/test_uma.py index 51c907770..136663c38 100644 --- a/testsuite/tests/singlecluster/authorino/metadata/test_uma.py +++ b/testsuite/tests/singlecluster/authorino/metadata/test_uma.py @@ -12,7 +12,7 @@ from testsuite.httpx.auth import HttpxOidcClientAuth -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] VALIDATE_RESOURCE_OWNER = """ metadata := object.get(input.auth.metadata, "resource-data", [])[0] diff --git a/testsuite/tests/singlecluster/authorino/metadata/test_user_info.py b/testsuite/tests/singlecluster/authorino/metadata/test_user_info.py index de523a99f..ea7bee0c5 100644 --- a/testsuite/tests/singlecluster/authorino/metadata/test_user_info.py +++ b/testsuite/tests/singlecluster/authorino/metadata/test_user_info.py @@ -8,7 +8,7 @@ from testsuite.httpx.auth import HttpxOidcClientAuth from testsuite.kuadrant.policy.authorization import Pattern -pytestmark = [pytest.mark.authorino] +pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/operator/clusterwide/test_all_namespace_api_key.py b/testsuite/tests/singlecluster/authorino/operator/clusterwide/test_all_namespace_api_key.py index 07ba36d4e..85d339828 100644 --- a/testsuite/tests/singlecluster/authorino/operator/clusterwide/test_all_namespace_api_key.py +++ b/testsuite/tests/singlecluster/authorino/operator/clusterwide/test_all_namespace_api_key.py @@ -7,7 +7,7 @@ from testsuite.httpx.auth import HeaderApiKeyAuth -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/operator/clusterwide/test_clusterwide.py b/testsuite/tests/singlecluster/authorino/operator/clusterwide/test_clusterwide.py index aa85cc741..349f652d0 100644 --- a/testsuite/tests/singlecluster/authorino/operator/clusterwide/test_clusterwide.py +++ b/testsuite/tests/singlecluster/authorino/operator/clusterwide/test_clusterwide.py @@ -2,7 +2,7 @@ import pytest -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] @pytest.mark.parametrize( diff --git a/testsuite/tests/singlecluster/authorino/operator/raw_http/test_raw_http.py b/testsuite/tests/singlecluster/authorino/operator/raw_http/test_raw_http.py index 9e3e7366d..040db08a1 100644 --- a/testsuite/tests/singlecluster/authorino/operator/raw_http/test_raw_http.py +++ b/testsuite/tests/singlecluster/authorino/operator/raw_http/test_raw_http.py @@ -4,7 +4,7 @@ import pytest -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] def test_authorized_via_http(client, auth): diff --git a/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_attributes.py b/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_attributes.py index 4373ff567..f02c09612 100644 --- a/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_attributes.py +++ b/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_attributes.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.authorization import Pattern -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_identity.py b/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_identity.py index 93984f713..c8ce13c88 100644 --- a/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_identity.py +++ b/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_identity.py @@ -5,7 +5,7 @@ from testsuite.httpx import Result -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] def test_x509_success(envoy_authority, valid_cert, hostname): diff --git a/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_trust_chain.py b/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_trust_chain.py index 6b63f6622..97aced74b 100644 --- a/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_trust_chain.py +++ b/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_trust_chain.py @@ -2,7 +2,7 @@ import pytest -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/authorino/wristband/test_wristband.py b/testsuite/tests/singlecluster/authorino/wristband/test_wristband.py index 0dce32873..2dd9a9818 100644 --- a/testsuite/tests/singlecluster/authorino/wristband/test_wristband.py +++ b/testsuite/tests/singlecluster/authorino/wristband/test_wristband.py @@ -3,7 +3,7 @@ import pytest import jwt -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] def test_wristband_token_claims(oidc_provider, auth, wristband_token, wristband_endpoint, certificates): diff --git a/testsuite/tests/singlecluster/conftest.py b/testsuite/tests/singlecluster/conftest.py index 957cb2c03..773d65902 100644 --- a/testsuite/tests/singlecluster/conftest.py +++ b/testsuite/tests/singlecluster/conftest.py @@ -1,7 +1,6 @@ """Configure all the components through Kuadrant, all methods are placeholders for now since we do not work with Kuadrant""" -import uuid from importlib import resources import pytest @@ -25,12 +24,6 @@ from testsuite.kubernetes.service import Service, ServicePort from testsuite.mockserver import Mockserver -mockserver_stash_key = pytest.StashKey[str]() -denied_ids_stash_key = pytest.StashKey[set]() - -DENIED_STATUS_CODES = {401, 403, 429} -TRACKING_HEADER = "X-Testsuite-Tracking" - @pytest.fixture(scope="session") def second_namespace(testconfig, skip_or_fail) -> KubernetesClient: @@ -112,36 +105,14 @@ def mockserver_config(cluster, blame, label): @pytest.fixture(scope="session") -def backend(request, cluster, blame, label, exposer, mockserver_config): - """Deploys MockServer backend and exposes its API for leak detection""" +def backend(request, cluster, blame, label, mockserver_config): + """Deploys MockServer backend""" mockserver = MockserverBackend( cluster, blame("mockserver"), label, service_type="ClusterIP", config=mockserver_config ) request.addfinalizer(mockserver.delete) mockserver.commit() mockserver.wait_for_ready() - - match_labels = {"app": mockserver.label, "deployment": mockserver.name} - if isinstance(exposer, OpenShiftExposer): - route = OpenshiftRoute.create_instance(cluster, blame("ms-api"), mockserver.name, "http") - request.addfinalizer(route.delete) - route.commit() - base_url = f"http://{route.hostname}" - else: - api_service = Service.create_instance( - cluster, - blame("ms-api"), - selector=match_labels, - ports=[ServicePort(name="http", port=8080, targetPort="api")], - labels={"app": mockserver.label}, - service_type="LoadBalancer", - ) - request.addfinalizer(api_service.delete) - api_service.commit() - api_service.wait_for_ready(slow_loadbalancers=settings["control_plane"]["slow_loadbalancers"]) - base_url = f"http://{api_service.refresh().external_ip}:8080" - - request.config.stash[mockserver_stash_key] = base_url return mockserver @@ -194,55 +165,40 @@ def route(request, kuadrant, gateway, blame, hostname, backend, module_label) -> @pytest.fixture(scope="module") -def client(route, hostname, request): # pylint: disable=unused-argument - """Returns httpx client to be used for requests, with upstream leak tracking""" - denied_ids = request.config.stash.setdefault(denied_ids_stash_key, set()) - - def _inject_tracking_header(req): - req.headers[TRACKING_HEADER] = str(uuid.uuid4()) - - def _record_denied_response(response): - if response.status_code in DENIED_STATUS_CODES: - tracking_id = response.request.headers.get(TRACKING_HEADER) - if tracking_id: - denied_ids.add(tracking_id) - - client = hostname.client(event_hooks={"request": [_inject_tracking_header], "response": [_record_denied_response]}) +def client(route, hostname): # pylint: disable=unused-argument + """Returns httpx client to be used for requests""" + client = hostname.client() yield client client.close() -@pytest.hookimpl(hookwrapper=True) -def pytest_runtest_makereport(item, call): # pylint: disable=unused-argument - """After each test, check if any denied requests leaked to the upstream MockServer backend""" - outcome = yield - report = outcome.get_result() - - if report.when != "call": +def pytest_runtest_teardown(item): + """Verifies that denied requests did not leak to the upstream backend""" + if "data_plane" not in [m.name for m in item.iter_markers()]: return - base_url = item.config.stash.get(mockserver_stash_key, None) - denied_ids = item.config.stash.get(denied_ids_stash_key, None) - if base_url is None or not denied_ids: + client = item.funcargs.get("client") + backend = item.funcargs.get("backend") + if client is None or backend is None or not hasattr(backend, "api_url"): return - current_ids = set(denied_ids) - denied_ids.clear() + denied_ids = set(client.denied_request_ids) + client.denied_request_ids.clear() + if not denied_ids: + return - ms = Mockserver(KuadrantClient(base_url=base_url)) + ms = Mockserver(KuadrantClient(base_url=backend.api_url)) all_requests = ms.retrieve_all_requests() + tracking_header = KuadrantClient.TRACKING_HEADER.lower() leaked = [] for req in all_requests: - headers = req.get("headers", {}) - for name, values in headers.items(): - if name.lower() == TRACKING_HEADER.lower() and values: - if values[0] in current_ids: - leaked.append(values[0]) + for name, values in req.get("headers", {}).items(): + if name.lower() == tracking_header and values and values[0] in denied_ids: + leaked.append(values[0]) if leaked: - report.outcome = "failed" - report.longrepr = ( + pytest.fail( f"{len(leaked)} denied request(s) leaked to the upstream backend. " f"The gateway returned a denial status (401/403/429) but the request still reached MockServer." ) diff --git a/testsuite/tests/singlecluster/defaults/merge/auth_policy/same_target/test_ab_strategy.py b/testsuite/tests/singlecluster/defaults/merge/auth_policy/same_target/test_ab_strategy.py index 26370dccd..8db500171 100644 --- a/testsuite/tests/singlecluster/defaults/merge/auth_policy/same_target/test_ab_strategy.py +++ b/testsuite/tests/singlecluster/defaults/merge/auth_policy/same_target/test_ab_strategy.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import has_condition -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/defaults/merge/auth_policy/same_target/test_ba_stategy.py b/testsuite/tests/singlecluster/defaults/merge/auth_policy/same_target/test_ba_stategy.py index e5ca26d9c..e87bf0430 100644 --- a/testsuite/tests/singlecluster/defaults/merge/auth_policy/same_target/test_ba_stategy.py +++ b/testsuite/tests/singlecluster/defaults/merge/auth_policy/same_target/test_ba_stategy.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import has_condition -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/defaults/merge/auth_policy/test_default_merge.py b/testsuite/tests/singlecluster/defaults/merge/auth_policy/test_default_merge.py index d0b09da14..62459f00a 100644 --- a/testsuite/tests/singlecluster/defaults/merge/auth_policy/test_default_merge.py +++ b/testsuite/tests/singlecluster/defaults/merge/auth_policy/test_default_merge.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import has_condition -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/defaults/merge/auth_policy/test_default_replace.py b/testsuite/tests/singlecluster/defaults/merge/auth_policy/test_default_replace.py index 4dde1eec5..ab24116aa 100644 --- a/testsuite/tests/singlecluster/defaults/merge/auth_policy/test_default_replace.py +++ b/testsuite/tests/singlecluster/defaults/merge/auth_policy/test_default_replace.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import has_condition -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/defaults/merge/rate_limit/same_target/test_ab_strategy.py b/testsuite/tests/singlecluster/defaults/merge/rate_limit/same_target/test_ab_strategy.py index 9ad27a06d..2a6de86b2 100644 --- a/testsuite/tests/singlecluster/defaults/merge/rate_limit/same_target/test_ab_strategy.py +++ b/testsuite/tests/singlecluster/defaults/merge/rate_limit/same_target/test_ab_strategy.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.policy import has_condition from testsuite.tests.singlecluster.defaults.merge.rate_limit.conftest import MERGE_LIMIT, MERGE_LIMIT2 -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/defaults/merge/rate_limit/same_target/test_ba_startegy.py b/testsuite/tests/singlecluster/defaults/merge/rate_limit/same_target/test_ba_startegy.py index 0628ba696..84b1a8611 100644 --- a/testsuite/tests/singlecluster/defaults/merge/rate_limit/same_target/test_ba_startegy.py +++ b/testsuite/tests/singlecluster/defaults/merge/rate_limit/same_target/test_ba_startegy.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.policy import has_condition from testsuite.tests.singlecluster.defaults.merge.rate_limit.conftest import MERGE_LIMIT2, LIMIT -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/defaults/merge/rate_limit/test_default_merge.py b/testsuite/tests/singlecluster/defaults/merge/rate_limit/test_default_merge.py index 797680a56..413500a60 100644 --- a/testsuite/tests/singlecluster/defaults/merge/rate_limit/test_default_merge.py +++ b/testsuite/tests/singlecluster/defaults/merge/rate_limit/test_default_merge.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.policy import CelPredicate, has_condition from testsuite.tests.singlecluster.defaults.merge.rate_limit.conftest import LIMIT, MERGE_LIMIT, MERGE_LIMIT2 -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/defaults/merge/rate_limit/test_default_replace.py b/testsuite/tests/singlecluster/defaults/merge/rate_limit/test_default_replace.py index a1c5a5db9..f4942a1da 100644 --- a/testsuite/tests/singlecluster/defaults/merge/rate_limit/test_default_replace.py +++ b/testsuite/tests/singlecluster/defaults/merge/rate_limit/test_default_replace.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.policy import CelPredicate, has_condition from testsuite.tests.singlecluster.defaults.merge.rate_limit.conftest import MERGE_LIMIT2, LIMIT -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/defaults/test_basic_authorization.py b/testsuite/tests/singlecluster/defaults/test_basic_authorization.py index 641d8c1c1..6f16273a9 100644 --- a/testsuite/tests/singlecluster/defaults/test_basic_authorization.py +++ b/testsuite/tests/singlecluster/defaults/test_basic_authorization.py @@ -4,7 +4,7 @@ from testsuite.httpx.auth import HttpxOidcClientAuth -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/defaults/test_basic_rate_limit.py b/testsuite/tests/singlecluster/defaults/test_basic_rate_limit.py index d07cc102d..f97537c8a 100644 --- a/testsuite/tests/singlecluster/defaults/test_basic_rate_limit.py +++ b/testsuite/tests/singlecluster/defaults/test_basic_rate_limit.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] LIMIT = Limit(3, "5s") diff --git a/testsuite/tests/singlecluster/defaults/test_section_targeting.py b/testsuite/tests/singlecluster/defaults/test_section_targeting.py index 180027065..6dc57c57e 100644 --- a/testsuite/tests/singlecluster/defaults/test_section_targeting.py +++ b/testsuite/tests/singlecluster/defaults/test_section_targeting.py @@ -6,7 +6,7 @@ from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] LIMIT = Limit(5, "10s") diff --git a/testsuite/tests/singlecluster/egress/credentials_injection/test_credential_injection.py b/testsuite/tests/singlecluster/egress/credentials_injection/test_credential_injection.py index 5cb16d41f..3fb4cee10 100644 --- a/testsuite/tests/singlecluster/egress/credentials_injection/test_credential_injection.py +++ b/testsuite/tests/singlecluster/egress/credentials_injection/test_credential_injection.py @@ -17,7 +17,7 @@ from ..conftest import EGRESS_HOSTNAME -pytestmark = [pytest.mark.kuadrant_only, pytest.mark.egress_gateway] +pytestmark = [pytest.mark.kuadrant_only, pytest.mark.egress_gateway, pytest.mark.data_plane] VAULT_API_KEY = "pretty-random-api-key-to-use-for-egress-credential-injection-test-41894726" K8S_TOKEN_AUDIENCE = "https://kubernetes.default.svc.cluster.local" diff --git a/testsuite/tests/singlecluster/egress/credentials_injection/test_credential_injection_by_destination.py b/testsuite/tests/singlecluster/egress/credentials_injection/test_credential_injection_by_destination.py index 03cea08e3..0c5b4f001 100644 --- a/testsuite/tests/singlecluster/egress/credentials_injection/test_credential_injection_by_destination.py +++ b/testsuite/tests/singlecluster/egress/credentials_injection/test_credential_injection_by_destination.py @@ -18,7 +18,7 @@ from ..conftest import EGRESS_HOSTNAME -pytestmark = [pytest.mark.kuadrant_only, pytest.mark.egress_gateway] +pytestmark = [pytest.mark.kuadrant_only, pytest.mark.egress_gateway, pytest.mark.data_plane] SERVICE1_API_KEY = "pretty-random-api-key-to-use-for-egress-test-41894726" SERVICE2_API_KEY = "sk-fake-service2-key-for-egress-test-9876543210" diff --git a/testsuite/tests/singlecluster/egress/test_egress.py b/testsuite/tests/singlecluster/egress/test_egress.py index cd131599f..77ccdc6cd 100644 --- a/testsuite/tests/singlecluster/egress/test_egress.py +++ b/testsuite/tests/singlecluster/egress/test_egress.py @@ -16,7 +16,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit from .conftest import EGRESS_HOSTNAME -pytestmark = [pytest.mark.kuadrant_only, pytest.mark.egress_gateway] +pytestmark = [pytest.mark.kuadrant_only, pytest.mark.egress_gateway, pytest.mark.data_plane] LIMIT = Limit(3, "5s") diff --git a/testsuite/tests/singlecluster/extensions/plan_policy/test_plan_policy.py b/testsuite/tests/singlecluster/extensions/plan_policy/test_plan_policy.py index 720f458f2..aa89053d0 100644 --- a/testsuite/tests/singlecluster/extensions/plan_policy/test_plan_policy.py +++ b/testsuite/tests/singlecluster/extensions/plan_policy/test_plan_policy.py @@ -5,7 +5,7 @@ from testsuite.httpx.auth import HttpxOidcClientAuth from testsuite.kuadrant.extensions.plan_policy import PlanPolicy, Plan -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.extensions] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.extensions, pytest.mark.data_plane] PLANS = { "gold": Plan( diff --git a/testsuite/tests/singlecluster/gateway/authpolicy/test_authpolicy_section_targeting_gateway.py b/testsuite/tests/singlecluster/gateway/authpolicy/test_authpolicy_section_targeting_gateway.py index 8ce8f95e6..c959a6e34 100644 --- a/testsuite/tests/singlecluster/gateway/authpolicy/test_authpolicy_section_targeting_gateway.py +++ b/testsuite/tests/singlecluster/gateway/authpolicy/test_authpolicy_section_targeting_gateway.py @@ -12,7 +12,7 @@ from testsuite.gateway.gateway_api.route import HTTPRoute from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] MANAGED_LISTENER_NAME = "managed-listener" UNMANAGED_LISTENER_NAME = "unmanaged-listener" diff --git a/testsuite/tests/singlecluster/gateway/authpolicy/test_authpolicy_section_targeting_http_route.py b/testsuite/tests/singlecluster/gateway/authpolicy/test_authpolicy_section_targeting_http_route.py index 0a2d2c979..9b6c7d000 100644 --- a/testsuite/tests/singlecluster/gateway/authpolicy/test_authpolicy_section_targeting_http_route.py +++ b/testsuite/tests/singlecluster/gateway/authpolicy/test_authpolicy_section_targeting_http_route.py @@ -6,7 +6,7 @@ import pytest from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/gateway/mtls/test_mtls_behaviour.py b/testsuite/tests/singlecluster/gateway/mtls/test_mtls_behaviour.py index 8395995b3..9389e86bd 100644 --- a/testsuite/tests/singlecluster/gateway/mtls/test_mtls_behaviour.py +++ b/testsuite/tests/singlecluster/gateway/mtls/test_mtls_behaviour.py @@ -4,7 +4,7 @@ import pytest -pytestmark = [pytest.mark.disruptive] +pytestmark = [pytest.mark.disruptive, pytest.mark.data_plane] component_cases = [ pytest.param(["limitador"], id="limitador-only"), diff --git a/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_authpolicy_target_ref.py b/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_authpolicy_target_ref.py index 2f3197f05..2e7c86039 100644 --- a/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_authpolicy_target_ref.py +++ b/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_authpolicy_target_ref.py @@ -6,7 +6,7 @@ from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.dnspolicy] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.dnspolicy, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_ratelimitpolicy_target_ref.py b/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_ratelimitpolicy_target_ref.py index 7b269a834..2c0b3342a 100644 --- a/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_ratelimitpolicy_target_ref.py +++ b/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_ratelimitpolicy_target_ref.py @@ -6,7 +6,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy -pytestmark = [pytest.mark.dnspolicy, pytest.mark.limitador] +pytestmark = [pytest.mark.dnspolicy, pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/gateway/scaling/test_auto_scale_gateway.py b/testsuite/tests/singlecluster/gateway/scaling/test_auto_scale_gateway.py index 5ed7f9c68..7f9a76d70 100644 --- a/testsuite/tests/singlecluster/gateway/scaling/test_auto_scale_gateway.py +++ b/testsuite/tests/singlecluster/gateway/scaling/test_auto_scale_gateway.py @@ -10,7 +10,7 @@ from testsuite.kubernetes.horizontal_pod_autoscaler import HorizontalPodAutoscaler from testsuite.tests.singlecluster.gateway.scaling.conftest import LIMIT -pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] METRIC_NAME = "mocked_metric" diff --git a/testsuite/tests/singlecluster/gateway/scaling/test_manual_scale_gateway.py b/testsuite/tests/singlecluster/gateway/scaling/test_manual_scale_gateway.py index 40d0e33b3..a6e5df046 100644 --- a/testsuite/tests/singlecluster/gateway/scaling/test_manual_scale_gateway.py +++ b/testsuite/tests/singlecluster/gateway/scaling/test_manual_scale_gateway.py @@ -7,7 +7,7 @@ from testsuite.tests.singlecluster.gateway.scaling.conftest import LIMIT -pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.mark.flaky(reruns=0) diff --git a/testsuite/tests/singlecluster/gateway/test_authpolicy_attached_gateway.py b/testsuite/tests/singlecluster/gateway/test_authpolicy_attached_gateway.py index b00cf388a..fe9cf0b02 100644 --- a/testsuite/tests/singlecluster/gateway/test_authpolicy_attached_gateway.py +++ b/testsuite/tests/singlecluster/gateway/test_authpolicy_attached_gateway.py @@ -2,7 +2,7 @@ import pytest -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/identical_hostnames/auth/test_auth_on_gw_and_route.py b/testsuite/tests/singlecluster/identical_hostnames/auth/test_auth_on_gw_and_route.py index b69730ba4..c63db78d8 100644 --- a/testsuite/tests/singlecluster/identical_hostnames/auth/test_auth_on_gw_and_route.py +++ b/testsuite/tests/singlecluster/identical_hostnames/auth/test_auth_on_gw_and_route.py @@ -10,7 +10,7 @@ from testsuite.kuadrant.policy import has_condition from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/identical_hostnames/auth/test_auth_on_routes.py b/testsuite/tests/singlecluster/identical_hostnames/auth/test_auth_on_routes.py index a0ecc8b4e..0da8a33e6 100644 --- a/testsuite/tests/singlecluster/identical_hostnames/auth/test_auth_on_routes.py +++ b/testsuite/tests/singlecluster/identical_hostnames/auth/test_auth_on_routes.py @@ -9,7 +9,7 @@ from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/identical_hostnames/rlp/test_rlp_on_gw_and_route.py b/testsuite/tests/singlecluster/identical_hostnames/rlp/test_rlp_on_gw_and_route.py index 0b8e806bc..7e41bc4cf 100644 --- a/testsuite/tests/singlecluster/identical_hostnames/rlp/test_rlp_on_gw_and_route.py +++ b/testsuite/tests/singlecluster/identical_hostnames/rlp/test_rlp_on_gw_and_route.py @@ -11,7 +11,7 @@ from testsuite.kuadrant.policy import has_condition from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit -pytestmark = [pytest.mark.limitador] +pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] LIMIT = Limit(2, "10s") diff --git a/testsuite/tests/singlecluster/identical_hostnames/rlp/test_rlp_on_routes.py b/testsuite/tests/singlecluster/identical_hostnames/rlp/test_rlp_on_routes.py index e959b0aa7..5d7445241 100644 --- a/testsuite/tests/singlecluster/identical_hostnames/rlp/test_rlp_on_routes.py +++ b/testsuite/tests/singlecluster/identical_hostnames/rlp/test_rlp_on_routes.py @@ -10,7 +10,7 @@ from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit -pytestmark = [pytest.mark.limitador] +pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] LIMIT = Limit(2, "10s") diff --git a/testsuite/tests/singlecluster/limitador/collisions/test_collisions.py b/testsuite/tests/singlecluster/limitador/collisions/test_collisions.py index 17b87070a..92dd6ff41 100644 --- a/testsuite/tests/singlecluster/limitador/collisions/test_collisions.py +++ b/testsuite/tests/singlecluster/limitador/collisions/test_collisions.py @@ -8,7 +8,7 @@ FIRST_LIMIT = Limit(3, "5s") SECOND_LIMIT = Limit(6, "5s") -pytestmark = [pytest.mark.limitador] +pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/method/test_route_subset_method.py b/testsuite/tests/singlecluster/limitador/method/test_route_subset_method.py index a47aa5676..189ad433f 100644 --- a/testsuite/tests/singlecluster/limitador/method/test_route_subset_method.py +++ b/testsuite/tests/singlecluster/limitador/method/test_route_subset_method.py @@ -6,7 +6,7 @@ from testsuite.kuadrant.policy import CelPredicate from testsuite.kuadrant.policy.rate_limit import Limit -pytestmark = [pytest.mark.limitador] +pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/metrics/trlp_metrics/test_trlp_metrics.py b/testsuite/tests/singlecluster/limitador/metrics/trlp_metrics/test_trlp_metrics.py index 7bd425b2e..a2777964a 100644 --- a/testsuite/tests/singlecluster/limitador/metrics/trlp_metrics/test_trlp_metrics.py +++ b/testsuite/tests/singlecluster/limitador/metrics/trlp_metrics/test_trlp_metrics.py @@ -9,7 +9,7 @@ from .conftest import MODEL_NAME, USERS -pytestmark = [pytest.mark.observability, pytest.mark.limitador] +pytestmark = [pytest.mark.observability, pytest.mark.limitador, pytest.mark.data_plane] basic_request = { diff --git a/testsuite/tests/singlecluster/limitador/metrics/trlp_metrics/test_trlp_metrics_stream.py b/testsuite/tests/singlecluster/limitador/metrics/trlp_metrics/test_trlp_metrics_stream.py index 72878a699..12fb644cf 100644 --- a/testsuite/tests/singlecluster/limitador/metrics/trlp_metrics/test_trlp_metrics_stream.py +++ b/testsuite/tests/singlecluster/limitador/metrics/trlp_metrics/test_trlp_metrics_stream.py @@ -8,7 +8,7 @@ from .conftest import MODEL_NAME, USERS -pytestmark = [pytest.mark.observability, pytest.mark.limitador] +pytestmark = [pytest.mark.observability, pytest.mark.limitador, pytest.mark.data_plane] streaming_request = { "model": MODEL_NAME, diff --git a/testsuite/tests/singlecluster/limitador/section/test_listener.py b/testsuite/tests/singlecluster/limitador/section/test_listener.py index 606faf711..c3e9c331b 100644 --- a/testsuite/tests/singlecluster/limitador/section/test_listener.py +++ b/testsuite/tests/singlecluster/limitador/section/test_listener.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy -pytestmark = [pytest.mark.limitador] +pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/section/test_multiple_rules.py b/testsuite/tests/singlecluster/limitador/section/test_multiple_rules.py index 1e0898351..a4abf7095 100644 --- a/testsuite/tests/singlecluster/limitador/section/test_multiple_rules.py +++ b/testsuite/tests/singlecluster/limitador/section/test_multiple_rules.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy -pytestmark = [pytest.mark.limitador] +pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/section/test_multiple_same_listener.py b/testsuite/tests/singlecluster/limitador/section/test_multiple_same_listener.py index d866cace7..26b5358d2 100644 --- a/testsuite/tests/singlecluster/limitador/section/test_multiple_same_listener.py +++ b/testsuite/tests/singlecluster/limitador/section/test_multiple_same_listener.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy -pytestmark = [pytest.mark.limitador] +pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/section/test_multiple_same_rule.py b/testsuite/tests/singlecluster/limitador/section/test_multiple_same_rule.py index c52f62a12..ab8832994 100644 --- a/testsuite/tests/singlecluster/limitador/section/test_multiple_same_rule.py +++ b/testsuite/tests/singlecluster/limitador/section/test_multiple_same_rule.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy -pytestmark = [pytest.mark.limitador] +pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/section/test_route_rule.py b/testsuite/tests/singlecluster/limitador/section/test_route_rule.py index d94f7283a..978d0616e 100644 --- a/testsuite/tests/singlecluster/limitador/section/test_route_rule.py +++ b/testsuite/tests/singlecluster/limitador/section/test_route_rule.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy -pytestmark = [pytest.mark.limitador] +pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/storage/db/test_redis.py b/testsuite/tests/singlecluster/limitador/storage/db/test_redis.py index 0a10772b0..b3f96afaf 100644 --- a/testsuite/tests/singlecluster/limitador/storage/db/test_redis.py +++ b/testsuite/tests/singlecluster/limitador/storage/db/test_redis.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.limitador import Redis from ..conftest import LIMIT -pytestmark = [pytest.mark.limitador, pytest.mark.disruptive] +pytestmark = [pytest.mark.limitador, pytest.mark.disruptive, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/storage/db/test_redis_cached.py b/testsuite/tests/singlecluster/limitador/storage/db/test_redis_cached.py index 8d7804914..cc1b53552 100644 --- a/testsuite/tests/singlecluster/limitador/storage/db/test_redis_cached.py +++ b/testsuite/tests/singlecluster/limitador/storage/db/test_redis_cached.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.limitador import RedisCached from ..conftest import LIMIT -pytestmark = [pytest.mark.limitador, pytest.mark.disruptive] +pytestmark = [pytest.mark.limitador, pytest.mark.disruptive, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/storage/disk/test_disk.py b/testsuite/tests/singlecluster/limitador/storage/disk/test_disk.py index 82022415c..5e60c7d89 100644 --- a/testsuite/tests/singlecluster/limitador/storage/disk/test_disk.py +++ b/testsuite/tests/singlecluster/limitador/storage/disk/test_disk.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.limitador import Disk from ..conftest import LIMIT -pytestmark = [pytest.mark.limitador, pytest.mark.disruptive] +pytestmark = [pytest.mark.limitador, pytest.mark.disruptive, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/test_basic_limit.py b/testsuite/tests/singlecluster/limitador/test_basic_limit.py index f18f8ce34..864188c10 100644 --- a/testsuite/tests/singlecluster/limitador/test_basic_limit.py +++ b/testsuite/tests/singlecluster/limitador/test_basic_limit.py @@ -6,7 +6,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit -pytestmark = [pytest.mark.limitador] +pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture( diff --git a/testsuite/tests/singlecluster/limitador/test_multiple_iterations.py b/testsuite/tests/singlecluster/limitador/test_multiple_iterations.py index 6d893c23b..164ef6bfe 100644 --- a/testsuite/tests/singlecluster/limitador/test_multiple_iterations.py +++ b/testsuite/tests/singlecluster/limitador/test_multiple_iterations.py @@ -8,7 +8,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit -pytestmark = [pytest.mark.limitador] +pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/tokens_rate_limit/basic/test_trlp.py b/testsuite/tests/singlecluster/limitador/tokens_rate_limit/basic/test_trlp.py index eefb0a54a..ae603dbd4 100644 --- a/testsuite/tests/singlecluster/limitador/tokens_rate_limit/basic/test_trlp.py +++ b/testsuite/tests/singlecluster/limitador/tokens_rate_limit/basic/test_trlp.py @@ -11,7 +11,7 @@ from .conftest import FREE_USER_LIMIT, PAID_USER_LIMIT -pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] basic_request = { "model": "meta-llama/Llama-3.1-8B-Instruct", diff --git a/testsuite/tests/singlecluster/limitador/tokens_rate_limit/basic/test_trlp_streaming.py b/testsuite/tests/singlecluster/limitador/tokens_rate_limit/basic/test_trlp_streaming.py index 51e48ced1..90acb0a6c 100644 --- a/testsuite/tests/singlecluster/limitador/tokens_rate_limit/basic/test_trlp_streaming.py +++ b/testsuite/tests/singlecluster/limitador/tokens_rate_limit/basic/test_trlp_streaming.py @@ -9,7 +9,7 @@ from .conftest import FREE_USER_LIMIT -pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] streaming_request = { "model": "meta-llama/Llama-3.1-8B-Instruct", diff --git a/testsuite/tests/singlecluster/limitador/tokens_rate_limit/multiple_iterations/test_multiple_trlp_iterations.py b/testsuite/tests/singlecluster/limitador/tokens_rate_limit/multiple_iterations/test_multiple_trlp_iterations.py index d5639642c..6b3a1ba13 100644 --- a/testsuite/tests/singlecluster/limitador/tokens_rate_limit/multiple_iterations/test_multiple_trlp_iterations.py +++ b/testsuite/tests/singlecluster/limitador/tokens_rate_limit/multiple_iterations/test_multiple_trlp_iterations.py @@ -7,7 +7,7 @@ from .conftest import LIMIT -pytestmark = [pytest.mark.limitador] +pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] basic_request = { diff --git a/testsuite/tests/singlecluster/limitador/tokens_rate_limit/multiple_iterations/test_multiple_trlp_stream_iterations.py b/testsuite/tests/singlecluster/limitador/tokens_rate_limit/multiple_iterations/test_multiple_trlp_stream_iterations.py index 655ae581f..3d3c1c931 100644 --- a/testsuite/tests/singlecluster/limitador/tokens_rate_limit/multiple_iterations/test_multiple_trlp_stream_iterations.py +++ b/testsuite/tests/singlecluster/limitador/tokens_rate_limit/multiple_iterations/test_multiple_trlp_stream_iterations.py @@ -10,7 +10,7 @@ from .conftest import LIMIT -pytestmark = [pytest.mark.limitador] +pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] streaming_request = { diff --git a/testsuite/tests/singlecluster/overrides/merge/auth_policy/same_target/test_ab_strategy.py b/testsuite/tests/singlecluster/overrides/merge/auth_policy/same_target/test_ab_strategy.py index 3831c4341..7876ab19a 100644 --- a/testsuite/tests/singlecluster/overrides/merge/auth_policy/same_target/test_ab_strategy.py +++ b/testsuite/tests/singlecluster/overrides/merge/auth_policy/same_target/test_ab_strategy.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import has_condition -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/overrides/merge/auth_policy/same_target/test_ba_strategy.py b/testsuite/tests/singlecluster/overrides/merge/auth_policy/same_target/test_ba_strategy.py index 3426c0607..0105ce55a 100644 --- a/testsuite/tests/singlecluster/overrides/merge/auth_policy/same_target/test_ba_strategy.py +++ b/testsuite/tests/singlecluster/overrides/merge/auth_policy/same_target/test_ba_strategy.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import has_condition -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/overrides/merge/auth_policy/test_override_merge.py b/testsuite/tests/singlecluster/overrides/merge/auth_policy/test_override_merge.py index 6aa1bfd6e..7d7b85539 100644 --- a/testsuite/tests/singlecluster/overrides/merge/auth_policy/test_override_merge.py +++ b/testsuite/tests/singlecluster/overrides/merge/auth_policy/test_override_merge.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import has_condition -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/overrides/merge/auth_policy/test_override_replace.py b/testsuite/tests/singlecluster/overrides/merge/auth_policy/test_override_replace.py index 5f46b4f30..2763f58b2 100644 --- a/testsuite/tests/singlecluster/overrides/merge/auth_policy/test_override_replace.py +++ b/testsuite/tests/singlecluster/overrides/merge/auth_policy/test_override_replace.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import has_condition -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/overrides/merge/rate_limit/same_target/test_ab_strategy.py b/testsuite/tests/singlecluster/overrides/merge/rate_limit/same_target/test_ab_strategy.py index d19b264a5..2c8ece62e 100644 --- a/testsuite/tests/singlecluster/overrides/merge/rate_limit/same_target/test_ab_strategy.py +++ b/testsuite/tests/singlecluster/overrides/merge/rate_limit/same_target/test_ab_strategy.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.policy import has_condition from testsuite.tests.singlecluster.overrides.merge.rate_limit.conftest import OVERRIDE_LIMIT, OVERRIDE_LIMIT2 -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/overrides/merge/rate_limit/same_target/test_ba_startegy.py b/testsuite/tests/singlecluster/overrides/merge/rate_limit/same_target/test_ba_startegy.py index 297a4791e..c6d4b727c 100644 --- a/testsuite/tests/singlecluster/overrides/merge/rate_limit/same_target/test_ba_startegy.py +++ b/testsuite/tests/singlecluster/overrides/merge/rate_limit/same_target/test_ba_startegy.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.policy import has_condition from testsuite.tests.singlecluster.overrides.merge.rate_limit.conftest import OVERRIDE_LIMIT, OVERRIDE_LIMIT2 -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/overrides/merge/rate_limit/test_override_merge.py b/testsuite/tests/singlecluster/overrides/merge/rate_limit/test_override_merge.py index 7fe584fcd..6f574712b 100644 --- a/testsuite/tests/singlecluster/overrides/merge/rate_limit/test_override_merge.py +++ b/testsuite/tests/singlecluster/overrides/merge/rate_limit/test_override_merge.py @@ -6,7 +6,7 @@ from testsuite.tests.singlecluster.defaults.test_basic_rate_limit import LIMIT from testsuite.tests.singlecluster.overrides.merge.rate_limit.conftest import OVERRIDE_LIMIT2, OVERRIDE_LIMIT -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/overrides/merge/rate_limit/test_override_replace.py b/testsuite/tests/singlecluster/overrides/merge/rate_limit/test_override_replace.py index adba76160..37436e9b4 100644 --- a/testsuite/tests/singlecluster/overrides/merge/rate_limit/test_override_replace.py +++ b/testsuite/tests/singlecluster/overrides/merge/rate_limit/test_override_replace.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.policy import CelPredicate, has_condition from testsuite.tests.singlecluster.overrides.merge.rate_limit.conftest import LIMIT, OVERRIDE_LIMIT2, OVERRIDE_LIMIT -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/overrides/test_basic_auth.py b/testsuite/tests/singlecluster/overrides/test_basic_auth.py index b24164d65..b64680344 100644 --- a/testsuite/tests/singlecluster/overrides/test_basic_auth.py +++ b/testsuite/tests/singlecluster/overrides/test_basic_auth.py @@ -4,7 +4,7 @@ from testsuite.httpx.auth import HttpxOidcClientAuth -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/overrides/test_basic_rate_limit.py b/testsuite/tests/singlecluster/overrides/test_basic_rate_limit.py index aa5b54def..a8134fb15 100644 --- a/testsuite/tests/singlecluster/overrides/test_basic_rate_limit.py +++ b/testsuite/tests/singlecluster/overrides/test_basic_rate_limit.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] OVERRIDE_LIMIT = Limit(3, "5s") ROUTE_LIMIT = Limit(2, "5s") diff --git a/testsuite/tests/singlecluster/overrides/test_multiple_rate_limit.py b/testsuite/tests/singlecluster/overrides/test_multiple_rate_limit.py index bcd288e6c..5a807a320 100644 --- a/testsuite/tests/singlecluster/overrides/test_multiple_rate_limit.py +++ b/testsuite/tests/singlecluster/overrides/test_multiple_rate_limit.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] LIMIT = Limit(10, "10s") OVERRIDE_LIMIT = Limit(5, "10s") diff --git a/testsuite/tests/singlecluster/overrides/test_section_targeting.py b/testsuite/tests/singlecluster/overrides/test_section_targeting.py index 5cb22bbb2..40144b078 100644 --- a/testsuite/tests/singlecluster/overrides/test_section_targeting.py +++ b/testsuite/tests/singlecluster/overrides/test_section_targeting.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] LIMIT = Limit(8, "5s") OVERRIDE_LIMIT = Limit(3, "5s") diff --git a/testsuite/tests/singlecluster/test_rate_limit_anonymous.py b/testsuite/tests/singlecluster/test_rate_limit_anonymous.py index 2beff94f1..9db41d97a 100644 --- a/testsuite/tests/singlecluster/test_rate_limit_anonymous.py +++ b/testsuite/tests/singlecluster/test_rate_limit_anonymous.py @@ -7,7 +7,7 @@ from testsuite.kuadrant.policy.authorization import JsonResponse, ValueFrom from testsuite.kuadrant.policy.rate_limit import Limit -pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/test_rate_limit_authz.py b/testsuite/tests/singlecluster/test_rate_limit_authz.py index 43d453d66..adc96ad8f 100644 --- a/testsuite/tests/singlecluster/test_rate_limit_authz.py +++ b/testsuite/tests/singlecluster/test_rate_limit_authz.py @@ -7,7 +7,7 @@ from testsuite.kuadrant.policy.authorization import ValueFrom, JsonResponse from testsuite.kuadrant.policy.rate_limit import Limit -pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing.py b/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing.py index 9ff86b214..0a24fe045 100644 --- a/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing.py +++ b/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing.py @@ -8,7 +8,7 @@ import os import pytest -pytestmark = [pytest.mark.observability, pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only] +pytestmark = [pytest.mark.observability, pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing_rate_limit_only.py b/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing_rate_limit_only.py index 980c22d5c..257a1c19a 100644 --- a/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing_rate_limit_only.py +++ b/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing_rate_limit_only.py @@ -8,7 +8,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy -pytestmark = [pytest.mark.observability, pytest.mark.limitador] +pytestmark = [pytest.mark.observability, pytest.mark.limitador, pytest.mark.data_plane] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/ui/console_plugin/policies/test_auth_policy.py b/testsuite/tests/singlecluster/ui/console_plugin/policies/test_auth_policy.py index 0c3b93629..bbc16437a 100644 --- a/testsuite/tests/singlecluster/ui/console_plugin/policies/test_auth_policy.py +++ b/testsuite/tests/singlecluster/ui/console_plugin/policies/test_auth_policy.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy from testsuite.page_objects.policies.auth_policy import AuthListPage, AuthNewPageYaml -pytestmark = [pytest.mark.ui] +pytestmark = [pytest.mark.ui, pytest.mark.data_plane] def test_auth_policy_ui(request, navigator, cluster, blame, gateway, client): diff --git a/testsuite/tests/singlecluster/ui/console_plugin/policies/test_rate_limit_policy.py b/testsuite/tests/singlecluster/ui/console_plugin/policies/test_rate_limit_policy.py index 53eae14d1..974f1da48 100644 --- a/testsuite/tests/singlecluster/ui/console_plugin/policies/test_rate_limit_policy.py +++ b/testsuite/tests/singlecluster/ui/console_plugin/policies/test_rate_limit_policy.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit from testsuite.page_objects.policies.rate_limit_policy import RateLimitNewPageYaml, RateLimitListPage -pytestmark = [pytest.mark.ui] +pytestmark = [pytest.mark.ui, pytest.mark.data_plane] @pytest.mark.flaky(reruns=0) From 2b9473a8a98c6782eb0141063f323e950d4c735b Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Wed, 6 May 2026 11:31:25 +0200 Subject: [PATCH 04/18] feat: some changes. Signed-off-by: Alexander Cristurean # Conflicts: # testsuite/backend/mockserver.py --- testsuite/backend/__init__.py | 38 +++++++++++++++++-- testsuite/gateway/__init__.py | 20 ++++++++-- testsuite/gateway/exposers.py | 29 ++++++++++++-- testsuite/gateway/gateway_api/hostname.py | 8 +++- testsuite/tests/multicluster/conftest.py | 2 +- .../authorization/opa/test_inline_rego.py | 10 +++-- .../tests/singlecluster/authorino/conftest.py | 4 +- testsuite/tests/singlecluster/conftest.py | 36 +++++++++++------- .../health_check/test_additional_headers.py | 8 ++-- 9 files changed, 118 insertions(+), 37 deletions(-) diff --git a/testsuite/backend/__init__.py b/testsuite/backend/__init__.py index f0af91507..cce06f225 100644 --- a/testsuite/backend/__init__.py +++ b/testsuite/backend/__init__.py @@ -2,23 +2,34 @@ from abc import abstractmethod from functools import cached_property +from typing import TYPE_CHECKING, Optional -from testsuite.gateway import Referencable +from testsuite.gateway import Referencable, Exposable from testsuite.lifecycle import LifecycleObject from testsuite.kubernetes.client import KubernetesClient from testsuite.utils.constants import HTTP_API_PORT +if TYPE_CHECKING: + from testsuite.gateway import Hostname, Exposer -class Backend(LifecycleObject, Referencable): + +class Backend(LifecycleObject, Referencable, Exposable): """Backend (workload) deployed in Kubernetes""" def __init__(self, cluster: KubernetesClient, name: str, label: str): - self.cluster = cluster + self._cluster = cluster self.name = name self.label = label self.deployment = None self.service = None + self._admin_hostname: Optional["Hostname"] = None + self._admin_service = None + + @property + def cluster(self) -> KubernetesClient: + """Returns KubernetesClient""" + return self._cluster @property def reference(self): @@ -30,6 +41,24 @@ def reference(self): "namespace": self.cluster.project, } + @property + def service_name(self) -> str: + return self.name + + @property + def match_labels(self) -> dict[str, str]: + """Pod selector labels used by this backend's deployment""" + return {"app": self.label, "deployment": self.name} + + @property + def admin_hostname(self) -> Optional["Hostname"]: + """Returns Hostname for external admin access, or None if not exposed""" + return self._admin_hostname + + def expose(self, exposer: "Exposer", name: str): + """Creates external access for admin APIs via the exposer""" + self._admin_hostname = exposer.expose_backend(name, self) + @property def url(self): """Returns internal URL for this backend""" @@ -47,6 +76,9 @@ def commit(self): def delete(self): """Clean-up the backend""" with self.cluster.context: + if self._admin_service: + self._admin_service.delete() + self._admin_service = None if self.service: self.service.delete() self.service = None diff --git a/testsuite/gateway/__init__.py b/testsuite/gateway/__init__.py index 27eea48da..e3d17805c 100644 --- a/testsuite/gateway/__init__.py +++ b/testsuite/gateway/__init__.py @@ -14,7 +14,6 @@ if TYPE_CHECKING: from testsuite.kubernetes.client import KubernetesClient - from testsuite.backend import Backend class Referencable(ABC): @@ -147,16 +146,25 @@ class Gateway(LifecycleObject, Referencable): Abstraction layer for a Gateway sitting between end-user and Kuadrant Simplified: Equals to Gateway Kubernetes object """ +class Exposable(ABC): + """Object that can be exposed by an Exposer (has a cluster and a service name)""" @property @abstractmethod def cluster(self) -> "KubernetesClient": - """Returns KubernetesClient for this gateway""" + """Returns KubernetesClient""" @property @abstractmethod def service_name(self) -> str: - """Service name for this gateway""" + """Service name to route traffic to""" + + +class Gateway(LifecycleObject, Referencable, Exposable): + """ + Abstraction layer for a Gateway sitting between end-user and Kuadrant + Simplified: Equals to Gateway Kubernetes object + """ @abstractmethod def external_ip(self) -> str: @@ -276,12 +284,16 @@ def __init__(self, cluster): self.verify = None @abstractmethod - def expose_hostname(self, name, gateway: Gateway) -> Hostname: + def expose_hostname(self, name, exposable: Exposable) -> Hostname: """ Exposes hostname, so it is accessible from outside Actual hostname is generated from "name" and is returned in a form of a Hostname object """ + def expose_backend(self, name, backend) -> Hostname: + """Exposes a backend for direct external access (admin APIs)""" + return self.expose_hostname(name, backend) + @property @abstractmethod def base_domain(self) -> str: diff --git a/testsuite/gateway/exposers.py b/testsuite/gateway/exposers.py index 9f33688c2..a6c50cfca 100644 --- a/testsuite/gateway/exposers.py +++ b/testsuite/gateway/exposers.py @@ -1,8 +1,10 @@ """General exposers, not tied to Envoy or Gateway API""" +from testsuite.config import settings from testsuite.gateway import Exposer, Gateway, Hostname from testsuite.httpx import KuadrantClient, ForceSNIClient from testsuite.kubernetes.openshift.route import OpenshiftRoute +from testsuite.kubernetes.service import Service, ServicePort class OpenShiftExposer(Exposer): @@ -16,14 +18,14 @@ def __init__(self, cluster) -> None: def base_domain(self) -> str: return self.cluster.apps_url - def expose_hostname(self, name, gateway: Gateway) -> Hostname: + def expose_hostname(self, name, exposable) -> Hostname: tls = False termination = "edge" if self.passthrough: tls = True termination = "passthrough" route = OpenshiftRoute.create_instance( - gateway.cluster, name, gateway.service_name, "api", tls=tls, termination=termination + exposable.cluster, name, exposable.service_name, "api", tls=tls, termination=termination ) route.verify = self.verify self.routes.append(route) @@ -68,10 +70,29 @@ def hostname(self): class LoadBalancerServiceExposer(Exposer): """Exposer using Load Balancer service for Gateway""" - def expose_hostname(self, name, gateway: Gateway) -> Hostname: + def expose_hostname(self, name, exposable) -> Hostname: hostname = f"{name}.{self.base_domain}" return StaticLocalHostname( - hostname, gateway.external_ip, lambda: gateway.get_tls_cert(hostname), force_https=self.passthrough + hostname, exposable.external_ip, lambda: exposable.get_tls_cert(hostname), force_https=self.passthrough + ) + + def expose_backend(self, name, backend) -> Hostname: + """Creates a LoadBalancer service for direct external access to the backend""" + admin_svc_name = f"{backend.service_name}-admin" + admin_service = Service.create_instance( + backend.cluster, + admin_svc_name, + selector=backend.match_labels, + ports=[ServicePort(name="admin", port=8080, targetPort="api")], + labels={"app": backend.label}, + service_type="LoadBalancer", + ) + admin_service.commit() + admin_service.wait_for_ready(slow_loadbalancers=settings["control_plane"]["slow_loadbalancers"]) + backend._admin_service = admin_service # pylint: disable=protected-access + return StaticLocalHostname( + admin_svc_name, + lambda: f"{admin_service.refresh().external_ip}:8080", ) @property diff --git a/testsuite/gateway/gateway_api/hostname.py b/testsuite/gateway/gateway_api/hostname.py index 2b74da9f9..ccf00feab 100644 --- a/testsuite/gateway/gateway_api/hostname.py +++ b/testsuite/gateway/gateway_api/hostname.py @@ -53,12 +53,16 @@ def base_domain(self) -> str: ) from exc return f'{generate_tail(5)}.{secret.model["metadata"]["annotations"]["base_domain"]}' - def expose_hostname(self, name, gateway: Gateway) -> Hostname: + def expose_hostname(self, name, exposable) -> Hostname: return StaticHostname( f"{name}.{self.base_domain}", - gateway.get_tls_cert if self.verify is None else lambda: self.verify, # type: ignore + exposable.get_tls_cert if self.verify is None else lambda: self.verify, # type: ignore ) + def expose_backend(self, name, backend) -> Hostname: + """Exposes a backend without TLS""" + return StaticHostname(f"{name}.{self.base_domain}") + def commit(self): pass diff --git a/testsuite/tests/multicluster/conftest.py b/testsuite/tests/multicluster/conftest.py index 14964e078..b347fe9a8 100644 --- a/testsuite/tests/multicluster/conftest.py +++ b/testsuite/tests/multicluster/conftest.py @@ -82,7 +82,7 @@ def backends(request, cluster, cluster2, blame, label): data={"echo_expectation.json": echo_json}, ) config.commit() - mockserver = MockserverBackend(cluster_client, name, label, service_type="ClusterIP", config=config) + mockserver = MockserverBackend(cluster_client, name, label, config=config) request.addfinalizer(mockserver.delete) mockserver.commit() mockserver.wait_for_ready() diff --git a/testsuite/tests/singlecluster/authorino/authorization/opa/test_inline_rego.py b/testsuite/tests/singlecluster/authorino/authorization/opa/test_inline_rego.py index 33cb2f90f..86013fd64 100644 --- a/testsuite/tests/singlecluster/authorino/authorization/opa/test_inline_rego.py +++ b/testsuite/tests/singlecluster/authorino/authorization/opa/test_inline_rego.py @@ -4,7 +4,7 @@ from testsuite.utils import rego_allow_header -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") @@ -16,7 +16,8 @@ def header(): @pytest.fixture(scope="module") def authorization(authorization, header): """Adds OPA policy that accepts all requests that contain `header`""" - authorization.authorization.add_opa_policy("opa", rego_allow_header(*header)) + authorization.identity.clear_all() + authorization.authorization.add_opa_policy("opa", "allow = false") return authorization @@ -29,5 +30,6 @@ def test_authorized_by_opa(client, auth, header): def test_rejected_by_opa(client, auth): """Tests a request that does not have the correct header for OPA policy""" - response = client.get("/get", auth=auth) - assert response.status_code == 403 + for i in range(100): + response = client.get("/get") + assert response.status_code == 403 diff --git a/testsuite/tests/singlecluster/authorino/conftest.py b/testsuite/tests/singlecluster/authorino/conftest.py index 38c3726ae..12d304581 100644 --- a/testsuite/tests/singlecluster/authorino/conftest.py +++ b/testsuite/tests/singlecluster/authorino/conftest.py @@ -35,10 +35,10 @@ def authorino(kuadrant, cluster, blame, request, testconfig, label): @pytest.fixture(scope="module") -def authorization(authorization, oidc_provider, route, authorization_name, cluster, label) -> AuthConfig: +def authorization(authorization, oidc_provider, gateway, authorization_name, cluster, label) -> AuthConfig: """In case of Authorino, AuthConfig used for authorization""" if authorization is None: - authorization = AuthConfig.create_instance(cluster, authorization_name, route, labels={"testRun": label}) + authorization = AuthConfig.create_instance(cluster, authorization_name, gateway, labels={"testRun": label}) authorization.identity.add_oidc("default", oidc_provider.well_known["issuer"]) return authorization diff --git a/testsuite/tests/singlecluster/conftest.py b/testsuite/tests/singlecluster/conftest.py index 773d65902..ac5a59717 100644 --- a/testsuite/tests/singlecluster/conftest.py +++ b/testsuite/tests/singlecluster/conftest.py @@ -7,11 +7,9 @@ from openshift_client import selector from testsuite.backend.mockserver import MockserverBackend, MockserverBackendConfig -from testsuite.config import settings from testsuite.gateway import GatewayRoute, Gateway, Hostname, GatewayListener from testsuite.gateway.envoy import Envoy from testsuite.gateway.envoy.route import EnvoyVirtualRoute -from testsuite.gateway.exposers import OpenShiftExposer from testsuite.gateway.gateway_api.gateway import KuadrantGateway from testsuite.gateway.gateway_api.route import HTTPRoute from testsuite.httpx import KuadrantClient @@ -20,8 +18,6 @@ from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy from testsuite.kubernetes.api_key import APIKey from testsuite.kubernetes.client import KubernetesClient -from testsuite.kubernetes.openshift.route import OpenshiftRoute -from testsuite.kubernetes.service import Service, ServicePort from testsuite.mockserver import Mockserver @@ -49,7 +45,7 @@ def authorization(request, kuadrant, route, gateway, blame, cluster, label): # target_ref = request.getfixturevalue(getattr(request, "param", "route")) if kuadrant: - return AuthPolicy.create_instance(cluster, blame("authz"), target_ref, labels={"testRun": label}) + return AuthPolicy.create_instance(cluster, blame("authz"), gateway, labels={"testRun": label}) return None @@ -105,14 +101,13 @@ def mockserver_config(cluster, blame, label): @pytest.fixture(scope="session") -def backend(request, cluster, blame, label, mockserver_config): +def backend(request, cluster, blame, label, mockserver_config, exposer): """Deploys MockServer backend""" - mockserver = MockserverBackend( - cluster, blame("mockserver"), label, service_type="ClusterIP", config=mockserver_config - ) + mockserver = MockserverBackend(cluster, blame("mockserver"), label, config=mockserver_config) request.addfinalizer(mockserver.delete) mockserver.commit() mockserver.wait_for_ready() + mockserver.expose(exposer, blame("backend")) return mockserver @@ -137,6 +132,12 @@ def gateway(request, kuadrant, cluster, blame, label, testconfig, wildcard_domai return gw +@pytest.fixture(scope="session") +def backend_hostname(backend) -> Hostname: + """Exposed hostname pointing directly at the backend, bypassing the gateway""" + return backend.admin_hostname + + @pytest.fixture(scope="module") def domain_name(blame) -> str: """Domain name""" @@ -172,14 +173,20 @@ def client(route, hostname): # pylint: disable=unused-argument client.close() -def pytest_runtest_teardown(item): +@pytest.hookimpl(hookwrapper=True) +def pytest_runtest_makereport(item, call): # pylint: disable=unused-argument """Verifies that denied requests did not leak to the upstream backend""" + outcome = yield + report = outcome.get_result() + + if call.when != "call" or not report.passed: + return if "data_plane" not in [m.name for m in item.iter_markers()]: return client = item.funcargs.get("client") backend = item.funcargs.get("backend") - if client is None or backend is None or not hasattr(backend, "api_url"): + if client is None or backend is None or backend.admin_hostname is None: return denied_ids = set(client.denied_request_ids) @@ -187,8 +194,10 @@ def pytest_runtest_teardown(item): if not denied_ids: return - ms = Mockserver(KuadrantClient(base_url=backend.api_url)) + backend_client = backend.admin_hostname.client() + ms = Mockserver(backend_client) all_requests = ms.retrieve_all_requests() + backend_client.close() tracking_header = KuadrantClient.TRACKING_HEADER.lower() leaked = [] @@ -198,7 +207,8 @@ def pytest_runtest_teardown(item): leaked.append(values[0]) if leaked: - pytest.fail( + report.outcome = "failed" + report.longrepr = ( f"{len(leaked)} denied request(s) leaked to the upstream backend. " f"The gateway returned a denial status (401/403/429) but the request still reached MockServer." ) diff --git a/testsuite/tests/singlecluster/gateway/dnspolicy/health_check/test_additional_headers.py b/testsuite/tests/singlecluster/gateway/dnspolicy/health_check/test_additional_headers.py index 6af38439d..76c4899f2 100644 --- a/testsuite/tests/singlecluster/gateway/dnspolicy/health_check/test_additional_headers.py +++ b/testsuite/tests/singlecluster/gateway/dnspolicy/health_check/test_additional_headers.py @@ -2,7 +2,6 @@ import pytest -from testsuite.httpx import KuadrantClient from testsuite.mockserver import Mockserver from testsuite.gateway import GatewayListener from testsuite.gateway.gateway_api.gateway import KuadrantGateway @@ -40,12 +39,13 @@ def gateway(request, cluster, blame, base_domain, module_label, subdomain): @pytest.fixture(scope="module") -def backend(request, cluster, blame, label): +def backend(request, cluster, blame, label, exposer): """Use mockserver as backend for health check requests to verify additional headers""" mockserver = MockserverBackend(cluster, blame("mocksrv"), label) request.addfinalizer(mockserver.delete) mockserver.commit() mockserver.wait_for_ready() + mockserver.expose(exposer, blame("mocksrv-admin")) return mockserver @@ -61,8 +61,8 @@ def headers_secret(request, cluster, blame): @pytest.fixture(scope="module") def mockserver_client(backend): - """Returns Mockserver client from load-balanced service IP""" - return Mockserver(KuadrantClient(base_url=f"http://{backend.service.refresh().external_ip}:8080")) + """Returns Mockserver client from externally exposed backend""" + return Mockserver(backend.admin_hostname.client()) @pytest.fixture(scope="module") From e7e7a8cf9cd0732c383c329bfc32922369e74711 Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Wed, 6 May 2026 15:14:49 +0200 Subject: [PATCH 05/18] fix: route port. Signed-off-by: Alexander Cristurean --- testsuite/mockserver.py | 6 +++--- testsuite/tests/singlecluster/conftest.py | 21 ++++++++++++--------- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/testsuite/mockserver.py b/testsuite/mockserver.py index acc0a0ea8..d56db8fe1 100644 --- a/testsuite/mockserver.py +++ b/testsuite/mockserver.py @@ -76,9 +76,9 @@ def retrieve_requests(self, expectation_id): json={"path": "/" + expectation_id}, ).json() - def retrieve_all_requests(self): - """Retrieve all requests received by MockServer""" + def retrieve_requests_by_header(self, header_name, header_value): + """Retrieve requests matching a specific header value""" return self.client.mockserver.retrieve.put( params={"type": "REQUESTS", "format": "JSON"}, - json={}, + json={"headers": {header_name: [header_value]}}, ).json() diff --git a/testsuite/tests/singlecluster/conftest.py b/testsuite/tests/singlecluster/conftest.py index ac5a59717..1b0bed7e1 100644 --- a/testsuite/tests/singlecluster/conftest.py +++ b/testsuite/tests/singlecluster/conftest.py @@ -1,8 +1,10 @@ """Configure all the components through Kuadrant, all methods are placeholders for now since we do not work with Kuadrant""" +import logging from importlib import resources +import httpx import pytest from openshift_client import selector @@ -181,8 +183,6 @@ def pytest_runtest_makereport(item, call): # pylint: disable=unused-argument if call.when != "call" or not report.passed: return - if "data_plane" not in [m.name for m in item.iter_markers()]: - return client = item.funcargs.get("client") backend = item.funcargs.get("backend") @@ -196,15 +196,18 @@ def pytest_runtest_makereport(item, call): # pylint: disable=unused-argument backend_client = backend.admin_hostname.client() ms = Mockserver(backend_client) - all_requests = ms.retrieve_all_requests() - backend_client.close() - tracking_header = KuadrantClient.TRACKING_HEADER.lower() + tracking_header = KuadrantClient.TRACKING_HEADER leaked = [] - for req in all_requests: - for name, values in req.get("headers", {}).items(): - if name.lower() == tracking_header and values and values[0] in denied_ids: - leaked.append(values[0]) + try: + for denied_id in denied_ids: + if ms.retrieve_requests_by_header(tracking_header, denied_id): + leaked.append(denied_id) + except (httpx.RequestError, httpx.HTTPStatusError): + logging.warning("Failed to check for upstream leaks via MockServer", exc_info=True) + return + finally: + backend_client.close() if leaked: report.outcome = "failed" From 23a5fd0807e6a5fa1b09f37b016cbfde37257dc5 Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Wed, 6 May 2026 16:16:02 +0200 Subject: [PATCH 06/18] fix: scope mismatch. Signed-off-by: Alexander Cristurean --- testsuite/tests/singlecluster/conftest.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/testsuite/tests/singlecluster/conftest.py b/testsuite/tests/singlecluster/conftest.py index 1b0bed7e1..47c727b4c 100644 --- a/testsuite/tests/singlecluster/conftest.py +++ b/testsuite/tests/singlecluster/conftest.py @@ -103,13 +103,17 @@ def mockserver_config(cluster, blame, label): @pytest.fixture(scope="session") -def backend(request, cluster, blame, label, mockserver_config, exposer): +def backend(request, cluster, blame, label, mockserver_config, testconfig): """Deploys MockServer backend""" mockserver = MockserverBackend(cluster, blame("mockserver"), label, config=mockserver_config) request.addfinalizer(mockserver.delete) mockserver.commit() mockserver.wait_for_ready() - mockserver.expose(exposer, blame("backend")) + + backend_exposer = testconfig["default_exposer"](cluster) + request.addfinalizer(backend_exposer.delete) + backend_exposer.commit() + mockserver.expose(backend_exposer, blame("backend")) return mockserver From acd7ca34dc9645da6ea21367cfb5e2c920e05b55 Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Thu, 7 May 2026 13:21:34 +0200 Subject: [PATCH 07/18] fix: polishing abstractions. Signed-off-by: Alexander Cristurean --- testsuite/gateway/__init__.py | 15 ++++++++++--- testsuite/gateway/exposers.py | 27 +++++------------------ testsuite/gateway/gateway_api/hostname.py | 6 +---- 3 files changed, 19 insertions(+), 29 deletions(-) diff --git a/testsuite/gateway/__init__.py b/testsuite/gateway/__init__.py index e3d17805c..e6d1452e9 100644 --- a/testsuite/gateway/__init__.py +++ b/testsuite/gateway/__init__.py @@ -159,6 +159,14 @@ def cluster(self) -> "KubernetesClient": def service_name(self) -> str: """Service name to route traffic to""" + def external_ip(self) -> str: + """Returns external IP and port for external access""" + raise NotImplementedError(f"{type(self).__name__} does not support external_ip") + + def get_tls_cert(self, hostname: str) -> Optional[Certificate]: # pylint: disable=unused-argument + """Returns TLS cert or None""" + return None + class Gateway(LifecycleObject, Referencable, Exposable): """ @@ -290,9 +298,10 @@ def expose_hostname(self, name, exposable: Exposable) -> Hostname: Actual hostname is generated from "name" and is returned in a form of a Hostname object """ - def expose_backend(self, name, backend) -> Hostname: - """Exposes a backend for direct external access (admin APIs)""" - return self.expose_hostname(name, backend) + @property + def backend_service_type(self) -> Optional[Literal["ClusterIP", "LoadBalancer", "NodePort", "ExternalName"]]: + """Service type to create when exposing a backend directly. None means no extra service needed.""" + return None @property @abstractmethod diff --git a/testsuite/gateway/exposers.py b/testsuite/gateway/exposers.py index a6c50cfca..da607cc39 100644 --- a/testsuite/gateway/exposers.py +++ b/testsuite/gateway/exposers.py @@ -1,10 +1,10 @@ """General exposers, not tied to Envoy or Gateway API""" -from testsuite.config import settings -from testsuite.gateway import Exposer, Gateway, Hostname +from typing import Literal + +from testsuite.gateway import Exposer, Hostname from testsuite.httpx import KuadrantClient, ForceSNIClient from testsuite.kubernetes.openshift.route import OpenshiftRoute -from testsuite.kubernetes.service import Service, ServicePort class OpenShiftExposer(Exposer): @@ -76,24 +76,9 @@ def expose_hostname(self, name, exposable) -> Hostname: hostname, exposable.external_ip, lambda: exposable.get_tls_cert(hostname), force_https=self.passthrough ) - def expose_backend(self, name, backend) -> Hostname: - """Creates a LoadBalancer service for direct external access to the backend""" - admin_svc_name = f"{backend.service_name}-admin" - admin_service = Service.create_instance( - backend.cluster, - admin_svc_name, - selector=backend.match_labels, - ports=[ServicePort(name="admin", port=8080, targetPort="api")], - labels={"app": backend.label}, - service_type="LoadBalancer", - ) - admin_service.commit() - admin_service.wait_for_ready(slow_loadbalancers=settings["control_plane"]["slow_loadbalancers"]) - backend._admin_service = admin_service # pylint: disable=protected-access - return StaticLocalHostname( - admin_svc_name, - lambda: f"{admin_service.refresh().external_ip}:8080", - ) + @property + def backend_service_type(self) -> Literal["LoadBalancer"]: + return "LoadBalancer" @property def base_domain(self) -> str: diff --git a/testsuite/gateway/gateway_api/hostname.py b/testsuite/gateway/gateway_api/hostname.py index ccf00feab..3f5a5b784 100644 --- a/testsuite/gateway/gateway_api/hostname.py +++ b/testsuite/gateway/gateway_api/hostname.py @@ -8,7 +8,7 @@ from testsuite.certificates import Certificate from testsuite.config import settings from testsuite.httpx import KuadrantClient -from testsuite.gateway import Gateway, Hostname, Exposer +from testsuite.gateway import Hostname, Exposer from testsuite.utils import generate_tail @@ -59,10 +59,6 @@ def expose_hostname(self, name, exposable) -> Hostname: exposable.get_tls_cert if self.verify is None else lambda: self.verify, # type: ignore ) - def expose_backend(self, name, backend) -> Hostname: - """Exposes a backend without TLS""" - return StaticHostname(f"{name}.{self.base_domain}") - def commit(self): pass From 4cd19bef853c377eb162f0303f175b87a2a1e3ed Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Tue, 19 May 2026 15:00:27 +0200 Subject: [PATCH 08/18] fix: remove duplicate marker. Signed-off-by: Alexander Cristurean --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 9ba8e579d..4188e2f18 100644 --- a/Makefile +++ b/Makefile @@ -71,7 +71,7 @@ disruptive: poetry-no-dev ## Run disruptive tests egress-gateway: poetry-no-dev ## Run egress gateway tests $(PYTEST) -n4 -m 'egress_gateway' --dist loadfile --enforce $(flags) testsuite/tests/singlecluster/egress/ -data-plane data_plane: poetry-no-dev ## Run data plane leak detection tests +data-plane: poetry-no-dev ## Run data plane leak detection tests $(PYTEST) -n4 -m 'data_plane' --dist loadfile $(flags) testsuite/tests/singlecluster kuadrantctl: poetry-no-dev ## Run Kuadrantctl tests From 833059d5fc4506120224b5d7794e777648b935a2 Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Wed, 20 May 2026 11:22:01 +0200 Subject: [PATCH 09/18] feat: removed data-plane marker. Signed-off-by: Alexander Cristurean --- Makefile | 2 -- pyproject.toml | 1 - testsuite/gateway/__init__.py | 5 ----- testsuite/gateway/gateway_api/gateway.py | 2 +- .../authorization/opa/external_registry/test_cache.py | 2 +- .../opa/external_registry/test_external_registry.py | 2 +- .../authorization/opa/test_authorization_services.py | 2 +- .../authorino/authorization/opa/test_inline_rego.py | 8 +++----- .../authorino/authorization/spicedb/test_spicedb.py | 2 +- .../singlecluster/authorino/collisions/test_collisions.py | 2 +- .../section_conditions/test_authorization_condition.py | 2 +- .../section_conditions/test_identity_condition.py | 2 +- .../authorino/conditions/test_top_level_condition.py | 2 +- .../singlecluster/authorino/dinosaur/test_dinosaur.py | 2 +- .../identity/anonymous/test_anonymous_identity.py | 2 +- .../authorino/identity/api_key/test_auth_credentials.py | 2 +- .../authorino/identity/api_key/test_match_expression.py | 2 +- .../authorino/identity/api_key/test_match_label.py | 2 +- .../authorino/identity/api_key/test_reconciliation.py | 2 +- .../authorino/identity/auth/test_auth_identity.py | 2 +- .../identity/auth/test_multiple_auth_identities.py | 2 +- .../extended_properties/test_token_normalization.py | 2 +- .../authorino/identity/keycloak/test_auth_credentials.py | 2 +- .../authorino/identity/keycloak/test_jwt_ttl.py | 2 +- .../authorino/identity/keycloak/test_keycloak_roles.py | 2 +- .../authorino/identity/plain/test_jwt_plain_identity.py | 2 +- .../authorino/identity/plain/test_jwt_user_story.py | 2 +- .../subject_access_review/test_non_resource_attributes.py | 2 +- .../subject_access_review/test_resource_attributes.py | 2 +- .../authorino/identity/token_review/test_audiences.py | 2 +- .../authorino/identity/token_review/test_host.py | 2 +- .../x509/gateway_validation/test_multi_ca_trust.py | 7 ++++++- .../authorino/identity/x509/test_cel_expression.py | 2 +- .../authorino/identity/x509/test_client_cert_header.py | 2 +- .../authorino/identity/x509/test_xfcc_forwarding.py | 2 +- .../tests/singlecluster/authorino/metadata/test_http.py | 2 +- .../authorino/metadata/test_token_introspect.py | 2 +- .../tests/singlecluster/authorino/metadata/test_uma.py | 2 +- .../singlecluster/authorino/metadata/test_user_info.py | 2 +- .../operator/clusterwide/test_all_namespace_api_key.py | 2 +- .../authorino/operator/clusterwide/test_clusterwide.py | 2 +- .../authorino/operator/raw_http/test_raw_http.py | 2 +- .../x509/gateway_validation/test_x509_attributes.py | 2 +- .../x509/gateway_validation/test_x509_identity.py | 2 +- .../x509/gateway_validation/test_x509_trust_chain.py | 2 +- .../singlecluster/authorino/wristband/test_wristband.py | 2 +- testsuite/tests/singlecluster/conftest.py | 2 +- .../merge/auth_policy/same_target/test_ab_strategy.py | 2 +- .../merge/auth_policy/same_target/test_ba_stategy.py | 2 +- .../defaults/merge/auth_policy/test_default_merge.py | 2 +- .../defaults/merge/auth_policy/test_default_replace.py | 2 +- .../merge/rate_limit/same_target/test_ab_strategy.py | 2 +- .../merge/rate_limit/same_target/test_ba_startegy.py | 2 +- .../defaults/merge/rate_limit/test_default_merge.py | 2 +- .../defaults/merge/rate_limit/test_default_replace.py | 2 +- .../singlecluster/defaults/test_basic_authorization.py | 2 +- .../tests/singlecluster/defaults/test_basic_rate_limit.py | 2 +- .../singlecluster/defaults/test_section_targeting.py | 2 +- .../credentials_injection/test_credential_injection.py | 2 +- .../test_credential_injection_by_destination.py | 2 +- testsuite/tests/singlecluster/egress/test_egress.py | 2 +- .../extensions/plan_policy/test_plan_policy.py | 2 +- .../test_authpolicy_section_targeting_gateway.py | 2 +- .../test_authpolicy_section_targeting_http_route.py | 2 +- .../singlecluster/gateway/mtls/test_mtls_behaviour.py | 2 +- .../change_targetref/test_update_authpolicy_target_ref.py | 2 +- .../test_update_ratelimitpolicy_target_ref.py | 2 +- .../gateway/scaling/test_auto_scale_gateway.py | 2 +- .../gateway/scaling/test_manual_scale_gateway.py | 2 +- .../gateway/test_authpolicy_attached_gateway.py | 2 +- .../identical_hostnames/auth/test_auth_on_gw_and_route.py | 2 +- .../identical_hostnames/auth/test_auth_on_routes.py | 2 +- .../identical_hostnames/rlp/test_rlp_on_gw_and_route.py | 2 +- .../identical_hostnames/rlp/test_rlp_on_routes.py | 2 +- .../singlecluster/limitador/collisions/test_collisions.py | 2 +- .../limitador/method/test_route_subset_method.py | 2 +- .../limitador/metrics/trlp_metrics/test_trlp_metrics.py | 2 +- .../metrics/trlp_metrics/test_trlp_metrics_stream.py | 2 +- .../singlecluster/limitador/section/test_listener.py | 2 +- .../limitador/section/test_multiple_rules.py | 2 +- .../limitador/section/test_multiple_same_listener.py | 2 +- .../limitador/section/test_multiple_same_rule.py | 2 +- .../singlecluster/limitador/section/test_route_rule.py | 2 +- .../singlecluster/limitador/storage/db/test_redis.py | 2 +- .../limitador/storage/db/test_redis_cached.py | 2 +- .../singlecluster/limitador/storage/disk/test_disk.py | 2 +- .../tests/singlecluster/limitador/test_basic_limit.py | 2 +- .../singlecluster/limitador/test_multiple_iterations.py | 2 +- .../limitador/tokens_rate_limit/basic/test_trlp.py | 2 +- .../tokens_rate_limit/basic/test_trlp_streaming.py | 2 +- .../multiple_iterations/test_multiple_trlp_iterations.py | 2 +- .../test_multiple_trlp_stream_iterations.py | 2 +- .../merge/auth_policy/same_target/test_ab_strategy.py | 2 +- .../merge/auth_policy/same_target/test_ba_strategy.py | 2 +- .../overrides/merge/auth_policy/test_override_merge.py | 2 +- .../overrides/merge/auth_policy/test_override_replace.py | 2 +- .../merge/rate_limit/same_target/test_ab_strategy.py | 2 +- .../merge/rate_limit/same_target/test_ba_startegy.py | 2 +- .../overrides/merge/rate_limit/test_override_merge.py | 2 +- .../overrides/merge/rate_limit/test_override_replace.py | 2 +- .../tests/singlecluster/overrides/test_basic_auth.py | 2 +- .../singlecluster/overrides/test_basic_rate_limit.py | 2 +- .../singlecluster/overrides/test_multiple_rate_limit.py | 2 +- .../singlecluster/overrides/test_section_targeting.py | 2 +- .../tests/singlecluster/test_rate_limit_anonymous.py | 2 +- testsuite/tests/singlecluster/test_rate_limit_authz.py | 2 +- .../tracing/data_plane_tracing/test_kuadrant_tracing.py | 8 +++++++- .../test_kuadrant_tracing_rate_limit_only.py | 2 +- .../ui/console_plugin/policies/test_auth_policy.py | 2 +- .../ui/console_plugin/policies/test_rate_limit_policy.py | 2 +- 110 files changed, 120 insertions(+), 119 deletions(-) diff --git a/Makefile b/Makefile index 4188e2f18..40397ad5d 100644 --- a/Makefile +++ b/Makefile @@ -71,8 +71,6 @@ disruptive: poetry-no-dev ## Run disruptive tests egress-gateway: poetry-no-dev ## Run egress gateway tests $(PYTEST) -n4 -m 'egress_gateway' --dist loadfile --enforce $(flags) testsuite/tests/singlecluster/egress/ -data-plane: poetry-no-dev ## Run data plane leak detection tests - $(PYTEST) -n4 -m 'data_plane' --dist loadfile $(flags) testsuite/tests/singlecluster kuadrantctl: poetry-no-dev ## Run Kuadrantctl tests $(PYTEST) -n4 --dist loadfile --enforce $(flags) testsuite/tests/kuadrantctl/ diff --git a/pyproject.toml b/pyproject.toml index bdc6ca638..cf71956b1 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -65,7 +65,6 @@ markers = [ "egress_gateway: Test is using egress gateway", "min_ocp_version: Minimum OpenShift version required for test (e.g., @pytest.mark.min_ocp_version((4, 20)))", "gateway_api_version: Gateway API version requirement (e.g., @pytest.mark.gateway_api_version((1, 5, 0)) or @pytest.mark.gateway_api_version((1, 5, 0), operator.eq))", - "data_plane: Test verifies data plane behavior and checks for upstream request leaks", ] filterwarnings = [ "ignore: WARNING the new order is not taken into account:UserWarning", diff --git a/testsuite/gateway/__init__.py b/testsuite/gateway/__init__.py index e6d1452e9..049add202 100644 --- a/testsuite/gateway/__init__.py +++ b/testsuite/gateway/__init__.py @@ -141,11 +141,6 @@ class GRPCRouteMatch: headers: Optional[List[HeadersMatch]] = None -class Gateway(LifecycleObject, Referencable): - """ - Abstraction layer for a Gateway sitting between end-user and Kuadrant - Simplified: Equals to Gateway Kubernetes object - """ class Exposable(ABC): """Object that can be exposed by an Exposer (has a cluster and a service name)""" diff --git a/testsuite/gateway/gateway_api/gateway.py b/testsuite/gateway/gateway_api/gateway.py index d32630764..2e4006674 100644 --- a/testsuite/gateway/gateway_api/gateway.py +++ b/testsuite/gateway/gateway_api/gateway.py @@ -16,7 +16,7 @@ from testsuite.utils.constants import GATEWAY_READY_TIMEOUT, SLOW_LOADBALANCER_WAIT -class KuadrantGateway(KubernetesObject, Gateway): +class KuadrantGateway(KubernetesObject, Gateway): # pylint: disable=too-many-ancestors """Gateway object for Kuadrant""" # Name of the GatewayClass that is to be used for all the instances diff --git a/testsuite/tests/singlecluster/authorino/authorization/opa/external_registry/test_cache.py b/testsuite/tests/singlecluster/authorino/authorization/opa/external_registry/test_cache.py index eaa8483a2..cc69a93bc 100644 --- a/testsuite/tests/singlecluster/authorino/authorization/opa/external_registry/test_cache.py +++ b/testsuite/tests/singlecluster/authorino/authorization/opa/external_registry/test_cache.py @@ -9,7 +9,7 @@ from testsuite.utils import rego_allow_header -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] KEY = "test-key" diff --git a/testsuite/tests/singlecluster/authorino/authorization/opa/external_registry/test_external_registry.py b/testsuite/tests/singlecluster/authorino/authorization/opa/external_registry/test_external_registry.py index 39e40af6a..9a57dc0ac 100644 --- a/testsuite/tests/singlecluster/authorino/authorization/opa/external_registry/test_external_registry.py +++ b/testsuite/tests/singlecluster/authorino/authorization/opa/external_registry/test_external_registry.py @@ -2,7 +2,7 @@ import pytest -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] def test_allowed_by_opa(client, auth, header): diff --git a/testsuite/tests/singlecluster/authorino/authorization/opa/test_authorization_services.py b/testsuite/tests/singlecluster/authorino/authorization/opa/test_authorization_services.py index f55247562..d658a0f05 100644 --- a/testsuite/tests/singlecluster/authorino/authorization/opa/test_authorization_services.py +++ b/testsuite/tests/singlecluster/authorino/authorization/opa/test_authorization_services.py @@ -16,7 +16,7 @@ from testsuite.httpx.auth import HttpxOidcClientAuth from testsuite.kuadrant.policy.authorization import JsonResponse, ValueFrom, Pattern -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/authorization/opa/test_inline_rego.py b/testsuite/tests/singlecluster/authorino/authorization/opa/test_inline_rego.py index 86013fd64..3c8b1afdf 100644 --- a/testsuite/tests/singlecluster/authorino/authorization/opa/test_inline_rego.py +++ b/testsuite/tests/singlecluster/authorino/authorization/opa/test_inline_rego.py @@ -16,8 +16,7 @@ def header(): @pytest.fixture(scope="module") def authorization(authorization, header): """Adds OPA policy that accepts all requests that contain `header`""" - authorization.identity.clear_all() - authorization.authorization.add_opa_policy("opa", "allow = false") + authorization.authorization.add_opa_policy("opa", rego_allow_header(*header)) return authorization @@ -30,6 +29,5 @@ def test_authorized_by_opa(client, auth, header): def test_rejected_by_opa(client, auth): """Tests a request that does not have the correct header for OPA policy""" - for i in range(100): - response = client.get("/get") - assert response.status_code == 403 + response = client.get("/get", auth=auth) + assert response.status_code == 403 diff --git a/testsuite/tests/singlecluster/authorino/authorization/spicedb/test_spicedb.py b/testsuite/tests/singlecluster/authorino/authorization/spicedb/test_spicedb.py index f0466ddf3..a45a1e959 100644 --- a/testsuite/tests/singlecluster/authorino/authorization/spicedb/test_spicedb.py +++ b/testsuite/tests/singlecluster/authorino/authorization/spicedb/test_spicedb.py @@ -14,7 +14,7 @@ from testsuite.kubernetes.secret import Secret from testsuite.spicedb.spicedb import SpiceDB, SchemaConfig, RelationshipConfig -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/collisions/test_collisions.py b/testsuite/tests/singlecluster/authorino/collisions/test_collisions.py index 96d192724..65125df41 100644 --- a/testsuite/tests/singlecluster/authorino/collisions/test_collisions.py +++ b/testsuite/tests/singlecluster/authorino/collisions/test_collisions.py @@ -6,7 +6,7 @@ from testsuite.kuadrant.policy import has_condition from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/conditions/section_conditions/test_authorization_condition.py b/testsuite/tests/singlecluster/authorino/conditions/section_conditions/test_authorization_condition.py index 0aba41e88..6150012e4 100644 --- a/testsuite/tests/singlecluster/authorino/conditions/section_conditions/test_authorization_condition.py +++ b/testsuite/tests/singlecluster/authorino/conditions/section_conditions/test_authorization_condition.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.authorization import Pattern -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/conditions/section_conditions/test_identity_condition.py b/testsuite/tests/singlecluster/authorino/conditions/section_conditions/test_identity_condition.py index 598075978..6b9cac5cb 100644 --- a/testsuite/tests/singlecluster/authorino/conditions/section_conditions/test_identity_condition.py +++ b/testsuite/tests/singlecluster/authorino/conditions/section_conditions/test_identity_condition.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.policy.authorization import Pattern from testsuite.httpx.auth import HeaderApiKeyAuth -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/conditions/test_top_level_condition.py b/testsuite/tests/singlecluster/authorino/conditions/test_top_level_condition.py index c1677ae3c..a5ca77eca 100644 --- a/testsuite/tests/singlecluster/authorino/conditions/test_top_level_condition.py +++ b/testsuite/tests/singlecluster/authorino/conditions/test_top_level_condition.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import CelPredicate -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/dinosaur/test_dinosaur.py b/testsuite/tests/singlecluster/authorino/dinosaur/test_dinosaur.py index 5d8a5e9c4..31075f08c 100644 --- a/testsuite/tests/singlecluster/authorino/dinosaur/test_dinosaur.py +++ b/testsuite/tests/singlecluster/authorino/dinosaur/test_dinosaur.py @@ -4,7 +4,7 @@ import pytest -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] ERROR_MESSAGE = { "kind": "Error", diff --git a/testsuite/tests/singlecluster/authorino/identity/anonymous/test_anonymous_identity.py b/testsuite/tests/singlecluster/authorino/identity/anonymous/test_anonymous_identity.py index 4b040fb03..882e9a627 100644 --- a/testsuite/tests/singlecluster/authorino/identity/anonymous/test_anonymous_identity.py +++ b/testsuite/tests/singlecluster/authorino/identity/anonymous/test_anonymous_identity.py @@ -2,7 +2,7 @@ import pytest -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/api_key/test_auth_credentials.py b/testsuite/tests/singlecluster/authorino/identity/api_key/test_auth_credentials.py index 9352884ca..8b0181491 100644 --- a/testsuite/tests/singlecluster/authorino/identity/api_key/test_auth_credentials.py +++ b/testsuite/tests/singlecluster/authorino/identity/api_key/test_auth_credentials.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.authorization import Credentials -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module", params=["authorizationHeader", "customHeader", "queryString", "cookie"]) diff --git a/testsuite/tests/singlecluster/authorino/identity/api_key/test_match_expression.py b/testsuite/tests/singlecluster/authorino/identity/api_key/test_match_expression.py index b2b802068..1a70eaec8 100644 --- a/testsuite/tests/singlecluster/authorino/identity/api_key/test_match_expression.py +++ b/testsuite/tests/singlecluster/authorino/identity/api_key/test_match_expression.py @@ -8,7 +8,7 @@ from testsuite.kubernetes import Selector, MatchExpression -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/api_key/test_match_label.py b/testsuite/tests/singlecluster/authorino/identity/api_key/test_match_label.py index f2b2afa81..748c08285 100644 --- a/testsuite/tests/singlecluster/authorino/identity/api_key/test_match_label.py +++ b/testsuite/tests/singlecluster/authorino/identity/api_key/test_match_label.py @@ -2,7 +2,7 @@ import pytest -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/api_key/test_reconciliation.py b/testsuite/tests/singlecluster/authorino/identity/api_key/test_reconciliation.py index 923cae452..5f2ade500 100644 --- a/testsuite/tests/singlecluster/authorino/identity/api_key/test_reconciliation.py +++ b/testsuite/tests/singlecluster/authorino/identity/api_key/test_reconciliation.py @@ -5,7 +5,7 @@ from testsuite.httpx.auth import HeaderApiKeyAuth from testsuite.kubernetes import Selector -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="function") diff --git a/testsuite/tests/singlecluster/authorino/identity/auth/test_auth_identity.py b/testsuite/tests/singlecluster/authorino/identity/auth/test_auth_identity.py index 689a2de33..2bac2a1bb 100644 --- a/testsuite/tests/singlecluster/authorino/identity/auth/test_auth_identity.py +++ b/testsuite/tests/singlecluster/authorino/identity/auth/test_auth_identity.py @@ -6,7 +6,7 @@ from testsuite.oidc import OIDCProvider from testsuite.oidc.keycloak import Keycloak -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/auth/test_multiple_auth_identities.py b/testsuite/tests/singlecluster/authorino/identity/auth/test_multiple_auth_identities.py index b07bd299a..cab22184e 100644 --- a/testsuite/tests/singlecluster/authorino/identity/auth/test_multiple_auth_identities.py +++ b/testsuite/tests/singlecluster/authorino/identity/auth/test_multiple_auth_identities.py @@ -6,7 +6,7 @@ from testsuite.httpx.auth import HttpxOidcClientAuth -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/extended_properties/test_token_normalization.py b/testsuite/tests/singlecluster/authorino/identity/extended_properties/test_token_normalization.py index d5677f434..ec2e9d0df 100644 --- a/testsuite/tests/singlecluster/authorino/identity/extended_properties/test_token_normalization.py +++ b/testsuite/tests/singlecluster/authorino/identity/extended_properties/test_token_normalization.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.authorization import Pattern, Value, ValueFrom from testsuite.httpx.auth import HeaderApiKeyAuth, HttpxOidcClientAuth -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/keycloak/test_auth_credentials.py b/testsuite/tests/singlecluster/authorino/identity/keycloak/test_auth_credentials.py index 4302db0c4..89e28051a 100644 --- a/testsuite/tests/singlecluster/authorino/identity/keycloak/test_auth_credentials.py +++ b/testsuite/tests/singlecluster/authorino/identity/keycloak/test_auth_credentials.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.authorization import Credentials -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module", params=["authorizationHeader", "customHeader", "queryString", "cookie"]) diff --git a/testsuite/tests/singlecluster/authorino/identity/keycloak/test_jwt_ttl.py b/testsuite/tests/singlecluster/authorino/identity/keycloak/test_jwt_ttl.py index 01a57cbad..f94941b90 100644 --- a/testsuite/tests/singlecluster/authorino/identity/keycloak/test_jwt_ttl.py +++ b/testsuite/tests/singlecluster/authorino/identity/keycloak/test_jwt_ttl.py @@ -7,7 +7,7 @@ import pytest -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] def test_jwt_ttl(client, auth, keycloak, create_jwt_auth, jwt_ttl): diff --git a/testsuite/tests/singlecluster/authorino/identity/keycloak/test_keycloak_roles.py b/testsuite/tests/singlecluster/authorino/identity/keycloak/test_keycloak_roles.py index e18f712d6..db558b4f3 100644 --- a/testsuite/tests/singlecluster/authorino/identity/keycloak/test_keycloak_roles.py +++ b/testsuite/tests/singlecluster/authorino/identity/keycloak/test_keycloak_roles.py @@ -3,7 +3,7 @@ import pytest from testsuite.httpx.auth import HttpxOidcClientAuth -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="function") diff --git a/testsuite/tests/singlecluster/authorino/identity/plain/test_jwt_plain_identity.py b/testsuite/tests/singlecluster/authorino/identity/plain/test_jwt_plain_identity.py index d45e37042..d7f8ee710 100644 --- a/testsuite/tests/singlecluster/authorino/identity/plain/test_jwt_plain_identity.py +++ b/testsuite/tests/singlecluster/authorino/identity/plain/test_jwt_plain_identity.py @@ -8,7 +8,7 @@ from testsuite.utils import extract_response from testsuite.gateway.envoy.jwt_plain_identity import JwtEnvoy -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/plain/test_jwt_user_story.py b/testsuite/tests/singlecluster/authorino/identity/plain/test_jwt_user_story.py index 5e5dd91f9..4f92a7704 100644 --- a/testsuite/tests/singlecluster/authorino/identity/plain/test_jwt_user_story.py +++ b/testsuite/tests/singlecluster/authorino/identity/plain/test_jwt_user_story.py @@ -13,7 +13,7 @@ logger = logging.getLogger(__name__) -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/subject_access_review/test_non_resource_attributes.py b/testsuite/tests/singlecluster/authorino/identity/subject_access_review/test_non_resource_attributes.py index 6482ceb40..8cb9a2e13 100644 --- a/testsuite/tests/singlecluster/authorino/identity/subject_access_review/test_non_resource_attributes.py +++ b/testsuite/tests/singlecluster/authorino/identity/subject_access_review/test_non_resource_attributes.py @@ -6,7 +6,7 @@ from testsuite.kuadrant.policy.authorization import ValueFrom from testsuite.kubernetes.cluster_role import ClusterRole, Rule -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/subject_access_review/test_resource_attributes.py b/testsuite/tests/singlecluster/authorino/identity/subject_access_review/test_resource_attributes.py index 6e7d2da21..6dfd53b77 100644 --- a/testsuite/tests/singlecluster/authorino/identity/subject_access_review/test_resource_attributes.py +++ b/testsuite/tests/singlecluster/authorino/identity/subject_access_review/test_resource_attributes.py @@ -6,7 +6,7 @@ from testsuite.kuadrant.policy.authorization import ValueFrom, Value, ResourceAttributes from testsuite.kubernetes.cluster_role import ClusterRole, Rule -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/token_review/test_audiences.py b/testsuite/tests/singlecluster/authorino/identity/token_review/test_audiences.py index a67995bc5..2cc2ef1d5 100644 --- a/testsuite/tests/singlecluster/authorino/identity/token_review/test_audiences.py +++ b/testsuite/tests/singlecluster/authorino/identity/token_review/test_audiences.py @@ -2,7 +2,7 @@ import pytest -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] TEST_AUDIENCES = ["test-aud1", "test-aud2", "test-aud3"] diff --git a/testsuite/tests/singlecluster/authorino/identity/token_review/test_host.py b/testsuite/tests/singlecluster/authorino/identity/token_review/test_host.py index 9ce695575..bdd776eb1 100644 --- a/testsuite/tests/singlecluster/authorino/identity/token_review/test_host.py +++ b/testsuite/tests/singlecluster/authorino/identity/token_review/test_host.py @@ -2,7 +2,7 @@ import pytest -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/x509/gateway_validation/test_multi_ca_trust.py b/testsuite/tests/singlecluster/authorino/identity/x509/gateway_validation/test_multi_ca_trust.py index cacc09b77..4857a9ebe 100644 --- a/testsuite/tests/singlecluster/authorino/identity/x509/gateway_validation/test_multi_ca_trust.py +++ b/testsuite/tests/singlecluster/authorino/identity/x509/gateway_validation/test_multi_ca_trust.py @@ -15,7 +15,12 @@ from testsuite.kuadrant.policy.authorization import X509Source from ..conftest import XFCC_HEADER_NAME -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.gateway_api_version((1, 5, 0)), pytest.mark.data_plane] +pytestmark = [ + pytest.mark.authorino, + pytest.mark.kuadrant_only, + pytest.mark.gateway_api_version((1, 5, 0)), + , +] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/identity/x509/test_cel_expression.py b/testsuite/tests/singlecluster/authorino/identity/x509/test_cel_expression.py index 5635e9cd2..cfcacbf69 100644 --- a/testsuite/tests/singlecluster/authorino/identity/x509/test_cel_expression.py +++ b/testsuite/tests/singlecluster/authorino/identity/x509/test_cel_expression.py @@ -10,7 +10,7 @@ from testsuite.kubernetes import Selector from testsuite.kuadrant.policy.authorization import X509Source -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] CERT_HEADER_NAME = "pem-encoded-client-cert" diff --git a/testsuite/tests/singlecluster/authorino/identity/x509/test_client_cert_header.py b/testsuite/tests/singlecluster/authorino/identity/x509/test_client_cert_header.py index 222a3e648..889245dec 100644 --- a/testsuite/tests/singlecluster/authorino/identity/x509/test_client_cert_header.py +++ b/testsuite/tests/singlecluster/authorino/identity/x509/test_client_cert_header.py @@ -11,7 +11,7 @@ from testsuite.kubernetes import Selector from testsuite.kuadrant.policy.authorization import X509Source -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] CLIENT_CERT_HEADER_NAME = "Client-Cert" diff --git a/testsuite/tests/singlecluster/authorino/identity/x509/test_xfcc_forwarding.py b/testsuite/tests/singlecluster/authorino/identity/x509/test_xfcc_forwarding.py index 4a1061fb0..7380baea6 100644 --- a/testsuite/tests/singlecluster/authorino/identity/x509/test_xfcc_forwarding.py +++ b/testsuite/tests/singlecluster/authorino/identity/x509/test_xfcc_forwarding.py @@ -12,7 +12,7 @@ from testsuite.gateway.gateway_api.gateway import KuadrantGateway from .conftest import XFCC_HEADER_NAME -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/metadata/test_http.py b/testsuite/tests/singlecluster/authorino/metadata/test_http.py index 1d6c14650..728004890 100644 --- a/testsuite/tests/singlecluster/authorino/metadata/test_http.py +++ b/testsuite/tests/singlecluster/authorino/metadata/test_http.py @@ -12,7 +12,7 @@ from testsuite.utils import ContentType -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] ALLOWED_COUNTRY = {"countryCode": "SK"} diff --git a/testsuite/tests/singlecluster/authorino/metadata/test_token_introspect.py b/testsuite/tests/singlecluster/authorino/metadata/test_token_introspect.py index 963076a9b..50bbed371 100644 --- a/testsuite/tests/singlecluster/authorino/metadata/test_token_introspect.py +++ b/testsuite/tests/singlecluster/authorino/metadata/test_token_introspect.py @@ -8,7 +8,7 @@ from testsuite.httpx.auth import HttpxOidcClientAuth -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/metadata/test_uma.py b/testsuite/tests/singlecluster/authorino/metadata/test_uma.py index 136663c38..51c907770 100644 --- a/testsuite/tests/singlecluster/authorino/metadata/test_uma.py +++ b/testsuite/tests/singlecluster/authorino/metadata/test_uma.py @@ -12,7 +12,7 @@ from testsuite.httpx.auth import HttpxOidcClientAuth -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] VALIDATE_RESOURCE_OWNER = """ metadata := object.get(input.auth.metadata, "resource-data", [])[0] diff --git a/testsuite/tests/singlecluster/authorino/metadata/test_user_info.py b/testsuite/tests/singlecluster/authorino/metadata/test_user_info.py index ea7bee0c5..de523a99f 100644 --- a/testsuite/tests/singlecluster/authorino/metadata/test_user_info.py +++ b/testsuite/tests/singlecluster/authorino/metadata/test_user_info.py @@ -8,7 +8,7 @@ from testsuite.httpx.auth import HttpxOidcClientAuth from testsuite.kuadrant.policy.authorization import Pattern -pytestmark = [pytest.mark.authorino, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/operator/clusterwide/test_all_namespace_api_key.py b/testsuite/tests/singlecluster/authorino/operator/clusterwide/test_all_namespace_api_key.py index 85d339828..07ba36d4e 100644 --- a/testsuite/tests/singlecluster/authorino/operator/clusterwide/test_all_namespace_api_key.py +++ b/testsuite/tests/singlecluster/authorino/operator/clusterwide/test_all_namespace_api_key.py @@ -7,7 +7,7 @@ from testsuite.httpx.auth import HeaderApiKeyAuth -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/authorino/operator/clusterwide/test_clusterwide.py b/testsuite/tests/singlecluster/authorino/operator/clusterwide/test_clusterwide.py index 349f652d0..aa85cc741 100644 --- a/testsuite/tests/singlecluster/authorino/operator/clusterwide/test_clusterwide.py +++ b/testsuite/tests/singlecluster/authorino/operator/clusterwide/test_clusterwide.py @@ -2,7 +2,7 @@ import pytest -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] @pytest.mark.parametrize( diff --git a/testsuite/tests/singlecluster/authorino/operator/raw_http/test_raw_http.py b/testsuite/tests/singlecluster/authorino/operator/raw_http/test_raw_http.py index 040db08a1..9e3e7366d 100644 --- a/testsuite/tests/singlecluster/authorino/operator/raw_http/test_raw_http.py +++ b/testsuite/tests/singlecluster/authorino/operator/raw_http/test_raw_http.py @@ -4,7 +4,7 @@ import pytest -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] def test_authorized_via_http(client, auth): diff --git a/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_attributes.py b/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_attributes.py index f02c09612..4373ff567 100644 --- a/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_attributes.py +++ b/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_attributes.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.authorization import Pattern -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_identity.py b/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_identity.py index c8ce13c88..93984f713 100644 --- a/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_identity.py +++ b/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_identity.py @@ -5,7 +5,7 @@ from testsuite.httpx import Result -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] def test_x509_success(envoy_authority, valid_cert, hostname): diff --git a/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_trust_chain.py b/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_trust_chain.py index 97aced74b..6b63f6622 100644 --- a/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_trust_chain.py +++ b/testsuite/tests/singlecluster/authorino/operator/x509/gateway_validation/test_x509_trust_chain.py @@ -2,7 +2,7 @@ import pytest -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/authorino/wristband/test_wristband.py b/testsuite/tests/singlecluster/authorino/wristband/test_wristband.py index 2dd9a9818..0dce32873 100644 --- a/testsuite/tests/singlecluster/authorino/wristband/test_wristband.py +++ b/testsuite/tests/singlecluster/authorino/wristband/test_wristband.py @@ -3,7 +3,7 @@ import pytest import jwt -pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.standalone_only] def test_wristband_token_claims(oidc_provider, auth, wristband_token, wristband_endpoint, certificates): diff --git a/testsuite/tests/singlecluster/conftest.py b/testsuite/tests/singlecluster/conftest.py index 47c727b4c..1386f3a76 100644 --- a/testsuite/tests/singlecluster/conftest.py +++ b/testsuite/tests/singlecluster/conftest.py @@ -47,7 +47,7 @@ def authorization(request, kuadrant, route, gateway, blame, cluster, label): # target_ref = request.getfixturevalue(getattr(request, "param", "route")) if kuadrant: - return AuthPolicy.create_instance(cluster, blame("authz"), gateway, labels={"testRun": label}) + return AuthPolicy.create_instance(cluster, blame("authz"), target_ref, labels={"testRun": label}) return None diff --git a/testsuite/tests/singlecluster/defaults/merge/auth_policy/same_target/test_ab_strategy.py b/testsuite/tests/singlecluster/defaults/merge/auth_policy/same_target/test_ab_strategy.py index 8db500171..26370dccd 100644 --- a/testsuite/tests/singlecluster/defaults/merge/auth_policy/same_target/test_ab_strategy.py +++ b/testsuite/tests/singlecluster/defaults/merge/auth_policy/same_target/test_ab_strategy.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import has_condition -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/defaults/merge/auth_policy/same_target/test_ba_stategy.py b/testsuite/tests/singlecluster/defaults/merge/auth_policy/same_target/test_ba_stategy.py index e87bf0430..e5ca26d9c 100644 --- a/testsuite/tests/singlecluster/defaults/merge/auth_policy/same_target/test_ba_stategy.py +++ b/testsuite/tests/singlecluster/defaults/merge/auth_policy/same_target/test_ba_stategy.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import has_condition -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/defaults/merge/auth_policy/test_default_merge.py b/testsuite/tests/singlecluster/defaults/merge/auth_policy/test_default_merge.py index 62459f00a..d0b09da14 100644 --- a/testsuite/tests/singlecluster/defaults/merge/auth_policy/test_default_merge.py +++ b/testsuite/tests/singlecluster/defaults/merge/auth_policy/test_default_merge.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import has_condition -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/defaults/merge/auth_policy/test_default_replace.py b/testsuite/tests/singlecluster/defaults/merge/auth_policy/test_default_replace.py index ab24116aa..4dde1eec5 100644 --- a/testsuite/tests/singlecluster/defaults/merge/auth_policy/test_default_replace.py +++ b/testsuite/tests/singlecluster/defaults/merge/auth_policy/test_default_replace.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import has_condition -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/defaults/merge/rate_limit/same_target/test_ab_strategy.py b/testsuite/tests/singlecluster/defaults/merge/rate_limit/same_target/test_ab_strategy.py index 2a6de86b2..9ad27a06d 100644 --- a/testsuite/tests/singlecluster/defaults/merge/rate_limit/same_target/test_ab_strategy.py +++ b/testsuite/tests/singlecluster/defaults/merge/rate_limit/same_target/test_ab_strategy.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.policy import has_condition from testsuite.tests.singlecluster.defaults.merge.rate_limit.conftest import MERGE_LIMIT, MERGE_LIMIT2 -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/defaults/merge/rate_limit/same_target/test_ba_startegy.py b/testsuite/tests/singlecluster/defaults/merge/rate_limit/same_target/test_ba_startegy.py index 84b1a8611..0628ba696 100644 --- a/testsuite/tests/singlecluster/defaults/merge/rate_limit/same_target/test_ba_startegy.py +++ b/testsuite/tests/singlecluster/defaults/merge/rate_limit/same_target/test_ba_startegy.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.policy import has_condition from testsuite.tests.singlecluster.defaults.merge.rate_limit.conftest import MERGE_LIMIT2, LIMIT -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/defaults/merge/rate_limit/test_default_merge.py b/testsuite/tests/singlecluster/defaults/merge/rate_limit/test_default_merge.py index 413500a60..797680a56 100644 --- a/testsuite/tests/singlecluster/defaults/merge/rate_limit/test_default_merge.py +++ b/testsuite/tests/singlecluster/defaults/merge/rate_limit/test_default_merge.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.policy import CelPredicate, has_condition from testsuite.tests.singlecluster.defaults.merge.rate_limit.conftest import LIMIT, MERGE_LIMIT, MERGE_LIMIT2 -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/defaults/merge/rate_limit/test_default_replace.py b/testsuite/tests/singlecluster/defaults/merge/rate_limit/test_default_replace.py index f4942a1da..a1c5a5db9 100644 --- a/testsuite/tests/singlecluster/defaults/merge/rate_limit/test_default_replace.py +++ b/testsuite/tests/singlecluster/defaults/merge/rate_limit/test_default_replace.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.policy import CelPredicate, has_condition from testsuite.tests.singlecluster.defaults.merge.rate_limit.conftest import MERGE_LIMIT2, LIMIT -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/defaults/test_basic_authorization.py b/testsuite/tests/singlecluster/defaults/test_basic_authorization.py index 6f16273a9..641d8c1c1 100644 --- a/testsuite/tests/singlecluster/defaults/test_basic_authorization.py +++ b/testsuite/tests/singlecluster/defaults/test_basic_authorization.py @@ -4,7 +4,7 @@ from testsuite.httpx.auth import HttpxOidcClientAuth -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/defaults/test_basic_rate_limit.py b/testsuite/tests/singlecluster/defaults/test_basic_rate_limit.py index f97537c8a..d07cc102d 100644 --- a/testsuite/tests/singlecluster/defaults/test_basic_rate_limit.py +++ b/testsuite/tests/singlecluster/defaults/test_basic_rate_limit.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] LIMIT = Limit(3, "5s") diff --git a/testsuite/tests/singlecluster/defaults/test_section_targeting.py b/testsuite/tests/singlecluster/defaults/test_section_targeting.py index 6dc57c57e..180027065 100644 --- a/testsuite/tests/singlecluster/defaults/test_section_targeting.py +++ b/testsuite/tests/singlecluster/defaults/test_section_targeting.py @@ -6,7 +6,7 @@ from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] LIMIT = Limit(5, "10s") diff --git a/testsuite/tests/singlecluster/egress/credentials_injection/test_credential_injection.py b/testsuite/tests/singlecluster/egress/credentials_injection/test_credential_injection.py index 3fb4cee10..5cb16d41f 100644 --- a/testsuite/tests/singlecluster/egress/credentials_injection/test_credential_injection.py +++ b/testsuite/tests/singlecluster/egress/credentials_injection/test_credential_injection.py @@ -17,7 +17,7 @@ from ..conftest import EGRESS_HOSTNAME -pytestmark = [pytest.mark.kuadrant_only, pytest.mark.egress_gateway, pytest.mark.data_plane] +pytestmark = [pytest.mark.kuadrant_only, pytest.mark.egress_gateway] VAULT_API_KEY = "pretty-random-api-key-to-use-for-egress-credential-injection-test-41894726" K8S_TOKEN_AUDIENCE = "https://kubernetes.default.svc.cluster.local" diff --git a/testsuite/tests/singlecluster/egress/credentials_injection/test_credential_injection_by_destination.py b/testsuite/tests/singlecluster/egress/credentials_injection/test_credential_injection_by_destination.py index 0c5b4f001..03cea08e3 100644 --- a/testsuite/tests/singlecluster/egress/credentials_injection/test_credential_injection_by_destination.py +++ b/testsuite/tests/singlecluster/egress/credentials_injection/test_credential_injection_by_destination.py @@ -18,7 +18,7 @@ from ..conftest import EGRESS_HOSTNAME -pytestmark = [pytest.mark.kuadrant_only, pytest.mark.egress_gateway, pytest.mark.data_plane] +pytestmark = [pytest.mark.kuadrant_only, pytest.mark.egress_gateway] SERVICE1_API_KEY = "pretty-random-api-key-to-use-for-egress-test-41894726" SERVICE2_API_KEY = "sk-fake-service2-key-for-egress-test-9876543210" diff --git a/testsuite/tests/singlecluster/egress/test_egress.py b/testsuite/tests/singlecluster/egress/test_egress.py index 77ccdc6cd..cd131599f 100644 --- a/testsuite/tests/singlecluster/egress/test_egress.py +++ b/testsuite/tests/singlecluster/egress/test_egress.py @@ -16,7 +16,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit from .conftest import EGRESS_HOSTNAME -pytestmark = [pytest.mark.kuadrant_only, pytest.mark.egress_gateway, pytest.mark.data_plane] +pytestmark = [pytest.mark.kuadrant_only, pytest.mark.egress_gateway] LIMIT = Limit(3, "5s") diff --git a/testsuite/tests/singlecluster/extensions/plan_policy/test_plan_policy.py b/testsuite/tests/singlecluster/extensions/plan_policy/test_plan_policy.py index aa89053d0..720f458f2 100644 --- a/testsuite/tests/singlecluster/extensions/plan_policy/test_plan_policy.py +++ b/testsuite/tests/singlecluster/extensions/plan_policy/test_plan_policy.py @@ -5,7 +5,7 @@ from testsuite.httpx.auth import HttpxOidcClientAuth from testsuite.kuadrant.extensions.plan_policy import PlanPolicy, Plan -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.extensions, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.extensions] PLANS = { "gold": Plan( diff --git a/testsuite/tests/singlecluster/gateway/authpolicy/test_authpolicy_section_targeting_gateway.py b/testsuite/tests/singlecluster/gateway/authpolicy/test_authpolicy_section_targeting_gateway.py index c959a6e34..8ce8f95e6 100644 --- a/testsuite/tests/singlecluster/gateway/authpolicy/test_authpolicy_section_targeting_gateway.py +++ b/testsuite/tests/singlecluster/gateway/authpolicy/test_authpolicy_section_targeting_gateway.py @@ -12,7 +12,7 @@ from testsuite.gateway.gateway_api.route import HTTPRoute from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] MANAGED_LISTENER_NAME = "managed-listener" UNMANAGED_LISTENER_NAME = "unmanaged-listener" diff --git a/testsuite/tests/singlecluster/gateway/authpolicy/test_authpolicy_section_targeting_http_route.py b/testsuite/tests/singlecluster/gateway/authpolicy/test_authpolicy_section_targeting_http_route.py index 9b6c7d000..0a2d2c979 100644 --- a/testsuite/tests/singlecluster/gateway/authpolicy/test_authpolicy_section_targeting_http_route.py +++ b/testsuite/tests/singlecluster/gateway/authpolicy/test_authpolicy_section_targeting_http_route.py @@ -6,7 +6,7 @@ import pytest from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/gateway/mtls/test_mtls_behaviour.py b/testsuite/tests/singlecluster/gateway/mtls/test_mtls_behaviour.py index 9389e86bd..8395995b3 100644 --- a/testsuite/tests/singlecluster/gateway/mtls/test_mtls_behaviour.py +++ b/testsuite/tests/singlecluster/gateway/mtls/test_mtls_behaviour.py @@ -4,7 +4,7 @@ import pytest -pytestmark = [pytest.mark.disruptive, pytest.mark.data_plane] +pytestmark = [pytest.mark.disruptive] component_cases = [ pytest.param(["limitador"], id="limitador-only"), diff --git a/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_authpolicy_target_ref.py b/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_authpolicy_target_ref.py index 2e7c86039..2f3197f05 100644 --- a/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_authpolicy_target_ref.py +++ b/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_authpolicy_target_ref.py @@ -6,7 +6,7 @@ from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.dnspolicy, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.dnspolicy] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_ratelimitpolicy_target_ref.py b/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_ratelimitpolicy_target_ref.py index 2c0b3342a..7b269a834 100644 --- a/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_ratelimitpolicy_target_ref.py +++ b/testsuite/tests/singlecluster/gateway/reconciliation/change_targetref/test_update_ratelimitpolicy_target_ref.py @@ -6,7 +6,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy -pytestmark = [pytest.mark.dnspolicy, pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.dnspolicy, pytest.mark.limitador] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/gateway/scaling/test_auto_scale_gateway.py b/testsuite/tests/singlecluster/gateway/scaling/test_auto_scale_gateway.py index 7f9a76d70..5ed7f9c68 100644 --- a/testsuite/tests/singlecluster/gateway/scaling/test_auto_scale_gateway.py +++ b/testsuite/tests/singlecluster/gateway/scaling/test_auto_scale_gateway.py @@ -10,7 +10,7 @@ from testsuite.kubernetes.horizontal_pod_autoscaler import HorizontalPodAutoscaler from testsuite.tests.singlecluster.gateway.scaling.conftest import LIMIT -pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only] METRIC_NAME = "mocked_metric" diff --git a/testsuite/tests/singlecluster/gateway/scaling/test_manual_scale_gateway.py b/testsuite/tests/singlecluster/gateway/scaling/test_manual_scale_gateway.py index a6e5df046..40d0e33b3 100644 --- a/testsuite/tests/singlecluster/gateway/scaling/test_manual_scale_gateway.py +++ b/testsuite/tests/singlecluster/gateway/scaling/test_manual_scale_gateway.py @@ -7,7 +7,7 @@ from testsuite.tests.singlecluster.gateway.scaling.conftest import LIMIT -pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.mark.flaky(reruns=0) diff --git a/testsuite/tests/singlecluster/gateway/test_authpolicy_attached_gateway.py b/testsuite/tests/singlecluster/gateway/test_authpolicy_attached_gateway.py index fe9cf0b02..b00cf388a 100644 --- a/testsuite/tests/singlecluster/gateway/test_authpolicy_attached_gateway.py +++ b/testsuite/tests/singlecluster/gateway/test_authpolicy_attached_gateway.py @@ -2,7 +2,7 @@ import pytest -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/identical_hostnames/auth/test_auth_on_gw_and_route.py b/testsuite/tests/singlecluster/identical_hostnames/auth/test_auth_on_gw_and_route.py index c63db78d8..b69730ba4 100644 --- a/testsuite/tests/singlecluster/identical_hostnames/auth/test_auth_on_gw_and_route.py +++ b/testsuite/tests/singlecluster/identical_hostnames/auth/test_auth_on_gw_and_route.py @@ -10,7 +10,7 @@ from testsuite.kuadrant.policy import has_condition from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/identical_hostnames/auth/test_auth_on_routes.py b/testsuite/tests/singlecluster/identical_hostnames/auth/test_auth_on_routes.py index 0da8a33e6..a0ecc8b4e 100644 --- a/testsuite/tests/singlecluster/identical_hostnames/auth/test_auth_on_routes.py +++ b/testsuite/tests/singlecluster/identical_hostnames/auth/test_auth_on_routes.py @@ -9,7 +9,7 @@ from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy -pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/identical_hostnames/rlp/test_rlp_on_gw_and_route.py b/testsuite/tests/singlecluster/identical_hostnames/rlp/test_rlp_on_gw_and_route.py index 7e41bc4cf..0b8e806bc 100644 --- a/testsuite/tests/singlecluster/identical_hostnames/rlp/test_rlp_on_gw_and_route.py +++ b/testsuite/tests/singlecluster/identical_hostnames/rlp/test_rlp_on_gw_and_route.py @@ -11,7 +11,7 @@ from testsuite.kuadrant.policy import has_condition from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit -pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador] LIMIT = Limit(2, "10s") diff --git a/testsuite/tests/singlecluster/identical_hostnames/rlp/test_rlp_on_routes.py b/testsuite/tests/singlecluster/identical_hostnames/rlp/test_rlp_on_routes.py index 5d7445241..e959b0aa7 100644 --- a/testsuite/tests/singlecluster/identical_hostnames/rlp/test_rlp_on_routes.py +++ b/testsuite/tests/singlecluster/identical_hostnames/rlp/test_rlp_on_routes.py @@ -10,7 +10,7 @@ from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit -pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador] LIMIT = Limit(2, "10s") diff --git a/testsuite/tests/singlecluster/limitador/collisions/test_collisions.py b/testsuite/tests/singlecluster/limitador/collisions/test_collisions.py index 92dd6ff41..17b87070a 100644 --- a/testsuite/tests/singlecluster/limitador/collisions/test_collisions.py +++ b/testsuite/tests/singlecluster/limitador/collisions/test_collisions.py @@ -8,7 +8,7 @@ FIRST_LIMIT = Limit(3, "5s") SECOND_LIMIT = Limit(6, "5s") -pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/method/test_route_subset_method.py b/testsuite/tests/singlecluster/limitador/method/test_route_subset_method.py index 189ad433f..a47aa5676 100644 --- a/testsuite/tests/singlecluster/limitador/method/test_route_subset_method.py +++ b/testsuite/tests/singlecluster/limitador/method/test_route_subset_method.py @@ -6,7 +6,7 @@ from testsuite.kuadrant.policy import CelPredicate from testsuite.kuadrant.policy.rate_limit import Limit -pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/metrics/trlp_metrics/test_trlp_metrics.py b/testsuite/tests/singlecluster/limitador/metrics/trlp_metrics/test_trlp_metrics.py index a2777964a..7bd425b2e 100644 --- a/testsuite/tests/singlecluster/limitador/metrics/trlp_metrics/test_trlp_metrics.py +++ b/testsuite/tests/singlecluster/limitador/metrics/trlp_metrics/test_trlp_metrics.py @@ -9,7 +9,7 @@ from .conftest import MODEL_NAME, USERS -pytestmark = [pytest.mark.observability, pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.observability, pytest.mark.limitador] basic_request = { diff --git a/testsuite/tests/singlecluster/limitador/metrics/trlp_metrics/test_trlp_metrics_stream.py b/testsuite/tests/singlecluster/limitador/metrics/trlp_metrics/test_trlp_metrics_stream.py index 12fb644cf..72878a699 100644 --- a/testsuite/tests/singlecluster/limitador/metrics/trlp_metrics/test_trlp_metrics_stream.py +++ b/testsuite/tests/singlecluster/limitador/metrics/trlp_metrics/test_trlp_metrics_stream.py @@ -8,7 +8,7 @@ from .conftest import MODEL_NAME, USERS -pytestmark = [pytest.mark.observability, pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.observability, pytest.mark.limitador] streaming_request = { "model": MODEL_NAME, diff --git a/testsuite/tests/singlecluster/limitador/section/test_listener.py b/testsuite/tests/singlecluster/limitador/section/test_listener.py index c3e9c331b..606faf711 100644 --- a/testsuite/tests/singlecluster/limitador/section/test_listener.py +++ b/testsuite/tests/singlecluster/limitador/section/test_listener.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy -pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/section/test_multiple_rules.py b/testsuite/tests/singlecluster/limitador/section/test_multiple_rules.py index a4abf7095..1e0898351 100644 --- a/testsuite/tests/singlecluster/limitador/section/test_multiple_rules.py +++ b/testsuite/tests/singlecluster/limitador/section/test_multiple_rules.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy -pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/section/test_multiple_same_listener.py b/testsuite/tests/singlecluster/limitador/section/test_multiple_same_listener.py index 26b5358d2..d866cace7 100644 --- a/testsuite/tests/singlecluster/limitador/section/test_multiple_same_listener.py +++ b/testsuite/tests/singlecluster/limitador/section/test_multiple_same_listener.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy -pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/section/test_multiple_same_rule.py b/testsuite/tests/singlecluster/limitador/section/test_multiple_same_rule.py index ab8832994..c52f62a12 100644 --- a/testsuite/tests/singlecluster/limitador/section/test_multiple_same_rule.py +++ b/testsuite/tests/singlecluster/limitador/section/test_multiple_same_rule.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy -pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/section/test_route_rule.py b/testsuite/tests/singlecluster/limitador/section/test_route_rule.py index 978d0616e..d94f7283a 100644 --- a/testsuite/tests/singlecluster/limitador/section/test_route_rule.py +++ b/testsuite/tests/singlecluster/limitador/section/test_route_rule.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy -pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/storage/db/test_redis.py b/testsuite/tests/singlecluster/limitador/storage/db/test_redis.py index b3f96afaf..0a10772b0 100644 --- a/testsuite/tests/singlecluster/limitador/storage/db/test_redis.py +++ b/testsuite/tests/singlecluster/limitador/storage/db/test_redis.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.limitador import Redis from ..conftest import LIMIT -pytestmark = [pytest.mark.limitador, pytest.mark.disruptive, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador, pytest.mark.disruptive] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/storage/db/test_redis_cached.py b/testsuite/tests/singlecluster/limitador/storage/db/test_redis_cached.py index cc1b53552..8d7804914 100644 --- a/testsuite/tests/singlecluster/limitador/storage/db/test_redis_cached.py +++ b/testsuite/tests/singlecluster/limitador/storage/db/test_redis_cached.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.limitador import RedisCached from ..conftest import LIMIT -pytestmark = [pytest.mark.limitador, pytest.mark.disruptive, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador, pytest.mark.disruptive] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/storage/disk/test_disk.py b/testsuite/tests/singlecluster/limitador/storage/disk/test_disk.py index 5e60c7d89..82022415c 100644 --- a/testsuite/tests/singlecluster/limitador/storage/disk/test_disk.py +++ b/testsuite/tests/singlecluster/limitador/storage/disk/test_disk.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.limitador import Disk from ..conftest import LIMIT -pytestmark = [pytest.mark.limitador, pytest.mark.disruptive, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador, pytest.mark.disruptive] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/test_basic_limit.py b/testsuite/tests/singlecluster/limitador/test_basic_limit.py index 864188c10..f18f8ce34 100644 --- a/testsuite/tests/singlecluster/limitador/test_basic_limit.py +++ b/testsuite/tests/singlecluster/limitador/test_basic_limit.py @@ -6,7 +6,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit -pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador] @pytest.fixture( diff --git a/testsuite/tests/singlecluster/limitador/test_multiple_iterations.py b/testsuite/tests/singlecluster/limitador/test_multiple_iterations.py index 164ef6bfe..6d893c23b 100644 --- a/testsuite/tests/singlecluster/limitador/test_multiple_iterations.py +++ b/testsuite/tests/singlecluster/limitador/test_multiple_iterations.py @@ -8,7 +8,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit -pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/limitador/tokens_rate_limit/basic/test_trlp.py b/testsuite/tests/singlecluster/limitador/tokens_rate_limit/basic/test_trlp.py index ae603dbd4..eefb0a54a 100644 --- a/testsuite/tests/singlecluster/limitador/tokens_rate_limit/basic/test_trlp.py +++ b/testsuite/tests/singlecluster/limitador/tokens_rate_limit/basic/test_trlp.py @@ -11,7 +11,7 @@ from .conftest import FREE_USER_LIMIT, PAID_USER_LIMIT -pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only] basic_request = { "model": "meta-llama/Llama-3.1-8B-Instruct", diff --git a/testsuite/tests/singlecluster/limitador/tokens_rate_limit/basic/test_trlp_streaming.py b/testsuite/tests/singlecluster/limitador/tokens_rate_limit/basic/test_trlp_streaming.py index 90acb0a6c..51e48ced1 100644 --- a/testsuite/tests/singlecluster/limitador/tokens_rate_limit/basic/test_trlp_streaming.py +++ b/testsuite/tests/singlecluster/limitador/tokens_rate_limit/basic/test_trlp_streaming.py @@ -9,7 +9,7 @@ from .conftest import FREE_USER_LIMIT -pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only] streaming_request = { "model": "meta-llama/Llama-3.1-8B-Instruct", diff --git a/testsuite/tests/singlecluster/limitador/tokens_rate_limit/multiple_iterations/test_multiple_trlp_iterations.py b/testsuite/tests/singlecluster/limitador/tokens_rate_limit/multiple_iterations/test_multiple_trlp_iterations.py index 6b3a1ba13..d5639642c 100644 --- a/testsuite/tests/singlecluster/limitador/tokens_rate_limit/multiple_iterations/test_multiple_trlp_iterations.py +++ b/testsuite/tests/singlecluster/limitador/tokens_rate_limit/multiple_iterations/test_multiple_trlp_iterations.py @@ -7,7 +7,7 @@ from .conftest import LIMIT -pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador] basic_request = { diff --git a/testsuite/tests/singlecluster/limitador/tokens_rate_limit/multiple_iterations/test_multiple_trlp_stream_iterations.py b/testsuite/tests/singlecluster/limitador/tokens_rate_limit/multiple_iterations/test_multiple_trlp_stream_iterations.py index 3d3c1c931..655ae581f 100644 --- a/testsuite/tests/singlecluster/limitador/tokens_rate_limit/multiple_iterations/test_multiple_trlp_stream_iterations.py +++ b/testsuite/tests/singlecluster/limitador/tokens_rate_limit/multiple_iterations/test_multiple_trlp_stream_iterations.py @@ -10,7 +10,7 @@ from .conftest import LIMIT -pytestmark = [pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador] streaming_request = { diff --git a/testsuite/tests/singlecluster/overrides/merge/auth_policy/same_target/test_ab_strategy.py b/testsuite/tests/singlecluster/overrides/merge/auth_policy/same_target/test_ab_strategy.py index 7876ab19a..3831c4341 100644 --- a/testsuite/tests/singlecluster/overrides/merge/auth_policy/same_target/test_ab_strategy.py +++ b/testsuite/tests/singlecluster/overrides/merge/auth_policy/same_target/test_ab_strategy.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import has_condition -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/overrides/merge/auth_policy/same_target/test_ba_strategy.py b/testsuite/tests/singlecluster/overrides/merge/auth_policy/same_target/test_ba_strategy.py index 0105ce55a..3426c0607 100644 --- a/testsuite/tests/singlecluster/overrides/merge/auth_policy/same_target/test_ba_strategy.py +++ b/testsuite/tests/singlecluster/overrides/merge/auth_policy/same_target/test_ba_strategy.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import has_condition -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/overrides/merge/auth_policy/test_override_merge.py b/testsuite/tests/singlecluster/overrides/merge/auth_policy/test_override_merge.py index 7d7b85539..6aa1bfd6e 100644 --- a/testsuite/tests/singlecluster/overrides/merge/auth_policy/test_override_merge.py +++ b/testsuite/tests/singlecluster/overrides/merge/auth_policy/test_override_merge.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import has_condition -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/overrides/merge/auth_policy/test_override_replace.py b/testsuite/tests/singlecluster/overrides/merge/auth_policy/test_override_replace.py index 2763f58b2..5f46b4f30 100644 --- a/testsuite/tests/singlecluster/overrides/merge/auth_policy/test_override_replace.py +++ b/testsuite/tests/singlecluster/overrides/merge/auth_policy/test_override_replace.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy import has_condition -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/overrides/merge/rate_limit/same_target/test_ab_strategy.py b/testsuite/tests/singlecluster/overrides/merge/rate_limit/same_target/test_ab_strategy.py index 2c8ece62e..d19b264a5 100644 --- a/testsuite/tests/singlecluster/overrides/merge/rate_limit/same_target/test_ab_strategy.py +++ b/testsuite/tests/singlecluster/overrides/merge/rate_limit/same_target/test_ab_strategy.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.policy import has_condition from testsuite.tests.singlecluster.overrides.merge.rate_limit.conftest import OVERRIDE_LIMIT, OVERRIDE_LIMIT2 -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/overrides/merge/rate_limit/same_target/test_ba_startegy.py b/testsuite/tests/singlecluster/overrides/merge/rate_limit/same_target/test_ba_startegy.py index c6d4b727c..297a4791e 100644 --- a/testsuite/tests/singlecluster/overrides/merge/rate_limit/same_target/test_ba_startegy.py +++ b/testsuite/tests/singlecluster/overrides/merge/rate_limit/same_target/test_ba_startegy.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.policy import has_condition from testsuite.tests.singlecluster.overrides.merge.rate_limit.conftest import OVERRIDE_LIMIT, OVERRIDE_LIMIT2 -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] @pytest.fixture(scope="module", autouse=True) diff --git a/testsuite/tests/singlecluster/overrides/merge/rate_limit/test_override_merge.py b/testsuite/tests/singlecluster/overrides/merge/rate_limit/test_override_merge.py index 6f574712b..7fe584fcd 100644 --- a/testsuite/tests/singlecluster/overrides/merge/rate_limit/test_override_merge.py +++ b/testsuite/tests/singlecluster/overrides/merge/rate_limit/test_override_merge.py @@ -6,7 +6,7 @@ from testsuite.tests.singlecluster.defaults.test_basic_rate_limit import LIMIT from testsuite.tests.singlecluster.overrides.merge.rate_limit.conftest import OVERRIDE_LIMIT2, OVERRIDE_LIMIT -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/overrides/merge/rate_limit/test_override_replace.py b/testsuite/tests/singlecluster/overrides/merge/rate_limit/test_override_replace.py index 37436e9b4..adba76160 100644 --- a/testsuite/tests/singlecluster/overrides/merge/rate_limit/test_override_replace.py +++ b/testsuite/tests/singlecluster/overrides/merge/rate_limit/test_override_replace.py @@ -5,7 +5,7 @@ from testsuite.kuadrant.policy import CelPredicate, has_condition from testsuite.tests.singlecluster.overrides.merge.rate_limit.conftest import LIMIT, OVERRIDE_LIMIT2, OVERRIDE_LIMIT -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/overrides/test_basic_auth.py b/testsuite/tests/singlecluster/overrides/test_basic_auth.py index b64680344..b24164d65 100644 --- a/testsuite/tests/singlecluster/overrides/test_basic_auth.py +++ b/testsuite/tests/singlecluster/overrides/test_basic_auth.py @@ -4,7 +4,7 @@ from testsuite.httpx.auth import HttpxOidcClientAuth -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/overrides/test_basic_rate_limit.py b/testsuite/tests/singlecluster/overrides/test_basic_rate_limit.py index a8134fb15..aa5b54def 100644 --- a/testsuite/tests/singlecluster/overrides/test_basic_rate_limit.py +++ b/testsuite/tests/singlecluster/overrides/test_basic_rate_limit.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] OVERRIDE_LIMIT = Limit(3, "5s") ROUTE_LIMIT = Limit(2, "5s") diff --git a/testsuite/tests/singlecluster/overrides/test_multiple_rate_limit.py b/testsuite/tests/singlecluster/overrides/test_multiple_rate_limit.py index 5a807a320..bcd288e6c 100644 --- a/testsuite/tests/singlecluster/overrides/test_multiple_rate_limit.py +++ b/testsuite/tests/singlecluster/overrides/test_multiple_rate_limit.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] LIMIT = Limit(10, "10s") OVERRIDE_LIMIT = Limit(5, "10s") diff --git a/testsuite/tests/singlecluster/overrides/test_section_targeting.py b/testsuite/tests/singlecluster/overrides/test_section_targeting.py index 40144b078..5cb22bbb2 100644 --- a/testsuite/tests/singlecluster/overrides/test_section_targeting.py +++ b/testsuite/tests/singlecluster/overrides/test_section_targeting.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit -pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.defaults_overrides, pytest.mark.limitador] LIMIT = Limit(8, "5s") OVERRIDE_LIMIT = Limit(3, "5s") diff --git a/testsuite/tests/singlecluster/test_rate_limit_anonymous.py b/testsuite/tests/singlecluster/test_rate_limit_anonymous.py index 9db41d97a..2beff94f1 100644 --- a/testsuite/tests/singlecluster/test_rate_limit_anonymous.py +++ b/testsuite/tests/singlecluster/test_rate_limit_anonymous.py @@ -7,7 +7,7 @@ from testsuite.kuadrant.policy.authorization import JsonResponse, ValueFrom from testsuite.kuadrant.policy.rate_limit import Limit -pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/test_rate_limit_authz.py b/testsuite/tests/singlecluster/test_rate_limit_authz.py index adc96ad8f..43d453d66 100644 --- a/testsuite/tests/singlecluster/test_rate_limit_authz.py +++ b/testsuite/tests/singlecluster/test_rate_limit_authz.py @@ -7,7 +7,7 @@ from testsuite.kuadrant.policy.authorization import ValueFrom, JsonResponse from testsuite.kuadrant.policy.rate_limit import Limit -pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing.py b/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing.py index 0a24fe045..d759ea04f 100644 --- a/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing.py +++ b/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing.py @@ -8,7 +8,13 @@ import os import pytest -pytestmark = [pytest.mark.observability, pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.data_plane] +pytestmark = [ + pytest.mark.observability, + pytest.mark.limitador, + pytest.mark.authorino, + pytest.mark.kuadrant_only, + , +] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing_rate_limit_only.py b/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing_rate_limit_only.py index 257a1c19a..980c22d5c 100644 --- a/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing_rate_limit_only.py +++ b/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing_rate_limit_only.py @@ -8,7 +8,7 @@ from testsuite.kuadrant.policy.rate_limit import Limit, RateLimitPolicy -pytestmark = [pytest.mark.observability, pytest.mark.limitador, pytest.mark.data_plane] +pytestmark = [pytest.mark.observability, pytest.mark.limitador] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/ui/console_plugin/policies/test_auth_policy.py b/testsuite/tests/singlecluster/ui/console_plugin/policies/test_auth_policy.py index bbc16437a..0c3b93629 100644 --- a/testsuite/tests/singlecluster/ui/console_plugin/policies/test_auth_policy.py +++ b/testsuite/tests/singlecluster/ui/console_plugin/policies/test_auth_policy.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.authorization.auth_policy import AuthPolicy from testsuite.page_objects.policies.auth_policy import AuthListPage, AuthNewPageYaml -pytestmark = [pytest.mark.ui, pytest.mark.data_plane] +pytestmark = [pytest.mark.ui] def test_auth_policy_ui(request, navigator, cluster, blame, gateway, client): diff --git a/testsuite/tests/singlecluster/ui/console_plugin/policies/test_rate_limit_policy.py b/testsuite/tests/singlecluster/ui/console_plugin/policies/test_rate_limit_policy.py index 974f1da48..53eae14d1 100644 --- a/testsuite/tests/singlecluster/ui/console_plugin/policies/test_rate_limit_policy.py +++ b/testsuite/tests/singlecluster/ui/console_plugin/policies/test_rate_limit_policy.py @@ -4,7 +4,7 @@ from testsuite.kuadrant.policy.rate_limit import RateLimitPolicy, Limit from testsuite.page_objects.policies.rate_limit_policy import RateLimitNewPageYaml, RateLimitListPage -pytestmark = [pytest.mark.ui, pytest.mark.data_plane] +pytestmark = [pytest.mark.ui] @pytest.mark.flaky(reruns=0) From 9693bba99dc662189e70edbb42176cc305498191 Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Wed, 20 May 2026 11:24:23 +0200 Subject: [PATCH 10/18] fix: leftovers. Signed-off-by: Alexander Cristurean --- .../identity/x509/gateway_validation/test_multi_ca_trust.py | 1 - .../tracing/data_plane_tracing/test_kuadrant_tracing.py | 1 - 2 files changed, 2 deletions(-) diff --git a/testsuite/tests/singlecluster/authorino/identity/x509/gateway_validation/test_multi_ca_trust.py b/testsuite/tests/singlecluster/authorino/identity/x509/gateway_validation/test_multi_ca_trust.py index 4857a9ebe..1eadb2c42 100644 --- a/testsuite/tests/singlecluster/authorino/identity/x509/gateway_validation/test_multi_ca_trust.py +++ b/testsuite/tests/singlecluster/authorino/identity/x509/gateway_validation/test_multi_ca_trust.py @@ -19,7 +19,6 @@ pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.gateway_api_version((1, 5, 0)), - , ] diff --git a/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing.py b/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing.py index d759ea04f..40788e4d3 100644 --- a/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing.py +++ b/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing.py @@ -13,7 +13,6 @@ pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only, - , ] From 66d4110d271030d01872f6ca7e05a81d30f55153 Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Wed, 20 May 2026 11:27:54 +0200 Subject: [PATCH 11/18] fix: commit acceptance. Signed-off-by: Alexander Cristurean --- testsuite/gateway/__init__.py | 1 + 1 file changed, 1 insertion(+) diff --git a/testsuite/gateway/__init__.py b/testsuite/gateway/__init__.py index 049add202..7653d61dc 100644 --- a/testsuite/gateway/__init__.py +++ b/testsuite/gateway/__init__.py @@ -13,6 +13,7 @@ from testsuite.utils import asdict if TYPE_CHECKING: + from testsuite.backend import Backend from testsuite.kubernetes.client import KubernetesClient From 6b8a1364898c12c61b293011673315bfc006d6c7 Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Wed, 20 May 2026 13:57:39 +0200 Subject: [PATCH 12/18] fix: code cleaning. Signed-off-by: Alexander Cristurean --- testsuite/tests/singlecluster/conftest.py | 18 ++++-------------- .../health_check/test_additional_headers.py | 2 +- 2 files changed, 5 insertions(+), 15 deletions(-) diff --git a/testsuite/tests/singlecluster/conftest.py b/testsuite/tests/singlecluster/conftest.py index 1386f3a76..a83ff4da1 100644 --- a/testsuite/tests/singlecluster/conftest.py +++ b/testsuite/tests/singlecluster/conftest.py @@ -103,17 +103,13 @@ def mockserver_config(cluster, blame, label): @pytest.fixture(scope="session") -def backend(request, cluster, blame, label, mockserver_config, testconfig): +def backend(request, cluster, blame, label, mockserver_config, exposer): """Deploys MockServer backend""" mockserver = MockserverBackend(cluster, blame("mockserver"), label, config=mockserver_config) request.addfinalizer(mockserver.delete) mockserver.commit() mockserver.wait_for_ready() - - backend_exposer = testconfig["default_exposer"](cluster) - request.addfinalizer(backend_exposer.delete) - backend_exposer.commit() - mockserver.expose(backend_exposer, blame("backend")) + mockserver.expose(exposer, blame("backend")) return mockserver @@ -138,12 +134,6 @@ def gateway(request, kuadrant, cluster, blame, label, testconfig, wildcard_domai return gw -@pytest.fixture(scope="session") -def backend_hostname(backend) -> Hostname: - """Exposed hostname pointing directly at the backend, bypassing the gateway""" - return backend.admin_hostname - - @pytest.fixture(scope="module") def domain_name(blame) -> str: """Domain name""" @@ -190,7 +180,7 @@ def pytest_runtest_makereport(item, call): # pylint: disable=unused-argument client = item.funcargs.get("client") backend = item.funcargs.get("backend") - if client is None or backend is None or backend.admin_hostname is None: + if client is None or backend is None or backend.external_hostname is None: return denied_ids = set(client.denied_request_ids) @@ -198,7 +188,7 @@ def pytest_runtest_makereport(item, call): # pylint: disable=unused-argument if not denied_ids: return - backend_client = backend.admin_hostname.client() + backend_client = backend.external_hostname.client() ms = Mockserver(backend_client) tracking_header = KuadrantClient.TRACKING_HEADER diff --git a/testsuite/tests/singlecluster/gateway/dnspolicy/health_check/test_additional_headers.py b/testsuite/tests/singlecluster/gateway/dnspolicy/health_check/test_additional_headers.py index 76c4899f2..947f59ff6 100644 --- a/testsuite/tests/singlecluster/gateway/dnspolicy/health_check/test_additional_headers.py +++ b/testsuite/tests/singlecluster/gateway/dnspolicy/health_check/test_additional_headers.py @@ -62,7 +62,7 @@ def headers_secret(request, cluster, blame): @pytest.fixture(scope="module") def mockserver_client(backend): """Returns Mockserver client from externally exposed backend""" - return Mockserver(backend.admin_hostname.client()) + return Mockserver(backend.external_hostname.client()) @pytest.fixture(scope="module") From c313a2e8046574dade7b0f0b89bcce839e8c9589 Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Wed, 20 May 2026 15:16:41 +0200 Subject: [PATCH 13/18] fix: cosmetic changes. Signed-off-by: Alexander Cristurean --- testsuite/backend/__init__.py | 1 + .../x509/gateway_validation/test_multi_ca_trust.py | 6 +----- .../tracing/data_plane_tracing/test_kuadrant_tracing.py | 7 +------ 3 files changed, 3 insertions(+), 11 deletions(-) diff --git a/testsuite/backend/__init__.py b/testsuite/backend/__init__.py index cce06f225..e4bc8d638 100644 --- a/testsuite/backend/__init__.py +++ b/testsuite/backend/__init__.py @@ -18,6 +18,7 @@ class Backend(LifecycleObject, Referencable, Exposable): def __init__(self, cluster: KubernetesClient, name: str, label: str): self._cluster = cluster + self.name = name self.label = label diff --git a/testsuite/tests/singlecluster/authorino/identity/x509/gateway_validation/test_multi_ca_trust.py b/testsuite/tests/singlecluster/authorino/identity/x509/gateway_validation/test_multi_ca_trust.py index 1eadb2c42..817deda09 100644 --- a/testsuite/tests/singlecluster/authorino/identity/x509/gateway_validation/test_multi_ca_trust.py +++ b/testsuite/tests/singlecluster/authorino/identity/x509/gateway_validation/test_multi_ca_trust.py @@ -15,11 +15,7 @@ from testsuite.kuadrant.policy.authorization import X509Source from ..conftest import XFCC_HEADER_NAME -pytestmark = [ - pytest.mark.authorino, - pytest.mark.kuadrant_only, - pytest.mark.gateway_api_version((1, 5, 0)), -] +pytestmark = [pytest.mark.authorino, pytest.mark.kuadrant_only, pytest.mark.gateway_api_version((1, 5, 0))] @pytest.fixture(scope="module") diff --git a/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing.py b/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing.py index 40788e4d3..9ff86b214 100644 --- a/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing.py +++ b/testsuite/tests/singlecluster/tracing/data_plane_tracing/test_kuadrant_tracing.py @@ -8,12 +8,7 @@ import os import pytest -pytestmark = [ - pytest.mark.observability, - pytest.mark.limitador, - pytest.mark.authorino, - pytest.mark.kuadrant_only, -] +pytestmark = [pytest.mark.observability, pytest.mark.limitador, pytest.mark.authorino, pytest.mark.kuadrant_only] @pytest.fixture(scope="module") From fe9d4236d591a0115b10cf438484e8bca517a0ff Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Wed, 20 May 2026 15:17:54 +0200 Subject: [PATCH 14/18] fix: cosmetic changes. Signed-off-by: Alexander Cristurean --- Makefile | 1 - testsuite/gateway/gateway_api/gateway.py | 2 +- testsuite/gateway/gateway_api/hostname.py | 2 +- testsuite/tests/singlecluster/conftest.py | 11 +++++++---- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 40397ad5d..9b6dd98a7 100644 --- a/Makefile +++ b/Makefile @@ -71,7 +71,6 @@ disruptive: poetry-no-dev ## Run disruptive tests egress-gateway: poetry-no-dev ## Run egress gateway tests $(PYTEST) -n4 -m 'egress_gateway' --dist loadfile --enforce $(flags) testsuite/tests/singlecluster/egress/ - kuadrantctl: poetry-no-dev ## Run Kuadrantctl tests $(PYTEST) -n4 --dist loadfile --enforce $(flags) testsuite/tests/kuadrantctl/ diff --git a/testsuite/gateway/gateway_api/gateway.py b/testsuite/gateway/gateway_api/gateway.py index 2e4006674..d32630764 100644 --- a/testsuite/gateway/gateway_api/gateway.py +++ b/testsuite/gateway/gateway_api/gateway.py @@ -16,7 +16,7 @@ from testsuite.utils.constants import GATEWAY_READY_TIMEOUT, SLOW_LOADBALANCER_WAIT -class KuadrantGateway(KubernetesObject, Gateway): # pylint: disable=too-many-ancestors +class KuadrantGateway(KubernetesObject, Gateway): """Gateway object for Kuadrant""" # Name of the GatewayClass that is to be used for all the instances diff --git a/testsuite/gateway/gateway_api/hostname.py b/testsuite/gateway/gateway_api/hostname.py index 3f5a5b784..b4670305b 100644 --- a/testsuite/gateway/gateway_api/hostname.py +++ b/testsuite/gateway/gateway_api/hostname.py @@ -56,7 +56,7 @@ def base_domain(self) -> str: def expose_hostname(self, name, exposable) -> Hostname: return StaticHostname( f"{name}.{self.base_domain}", - exposable.get_tls_cert if self.verify is None else lambda: self.verify, # type: ignore + exposable.get_tls_cert if self.verify is None else lambda _hostname: self.verify, # type: ignore ) def commit(self): diff --git a/testsuite/tests/singlecluster/conftest.py b/testsuite/tests/singlecluster/conftest.py index a83ff4da1..679c4fb72 100644 --- a/testsuite/tests/singlecluster/conftest.py +++ b/testsuite/tests/singlecluster/conftest.py @@ -175,17 +175,20 @@ def pytest_runtest_makereport(item, call): # pylint: disable=unused-argument outcome = yield report = outcome.get_result() - if call.when != "call" or not report.passed: + if call.when != "call": return client = item.funcargs.get("client") - backend = item.funcargs.get("backend") - if client is None or backend is None or backend.external_hostname is None: + if not isinstance(client, KuadrantClient): return denied_ids = set(client.denied_request_ids) client.denied_request_ids.clear() - if not denied_ids: + + backend = item.funcargs.get("backend") + if not report.passed or backend is None or not hasattr(backend, "external_hostname"): + return + if backend.external_hostname is None or not denied_ids: return backend_client = backend.external_hostname.client() From aab374cc5ed170336a253892193d15afd642771f Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Wed, 20 May 2026 23:01:37 +0200 Subject: [PATCH 15/18] fix: cosmetic changes. Signed-off-by: Alexander Cristurean --- testsuite/tests/singlecluster/conftest.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/testsuite/tests/singlecluster/conftest.py b/testsuite/tests/singlecluster/conftest.py index 679c4fb72..8e9a331c6 100644 --- a/testsuite/tests/singlecluster/conftest.py +++ b/testsuite/tests/singlecluster/conftest.py @@ -103,13 +103,22 @@ def mockserver_config(cluster, blame, label): @pytest.fixture(scope="session") -def backend(request, cluster, blame, label, mockserver_config, exposer): +def backend_exposer(request, testconfig, cluster): + """Dedicated session-scoped exposer for the backend, avoids ScopeMismatch with module-scoped exposer overrides""" + exp = testconfig["default_exposer"](cluster) + request.addfinalizer(exp.delete) + exp.commit() + return exp + + +@pytest.fixture(scope="session") +def backend(request, cluster, blame, label, mockserver_config, backend_exposer): """Deploys MockServer backend""" mockserver = MockserverBackend(cluster, blame("mockserver"), label, config=mockserver_config) request.addfinalizer(mockserver.delete) mockserver.commit() mockserver.wait_for_ready() - mockserver.expose(exposer, blame("backend")) + mockserver.expose(backend_exposer, blame("backend")) return mockserver From 60f714419be962a2fe0c629ef9b53d4b7f970e2c Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Wed, 20 May 2026 23:22:13 +0200 Subject: [PATCH 16/18] fix: more cosmetics. Signed-off-by: Alexander Cristurean --- testsuite/gateway/gateway_api/hostname.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testsuite/gateway/gateway_api/hostname.py b/testsuite/gateway/gateway_api/hostname.py index b4670305b..a660895ea 100644 --- a/testsuite/gateway/gateway_api/hostname.py +++ b/testsuite/gateway/gateway_api/hostname.py @@ -8,7 +8,7 @@ from testsuite.certificates import Certificate from testsuite.config import settings from testsuite.httpx import KuadrantClient -from testsuite.gateway import Hostname, Exposer +from testsuite.gateway import Exposable, Hostname, Exposer from testsuite.utils import generate_tail @@ -53,7 +53,7 @@ def base_domain(self) -> str: ) from exc return f'{generate_tail(5)}.{secret.model["metadata"]["annotations"]["base_domain"]}' - def expose_hostname(self, name, exposable) -> Hostname: + def expose_hostname(self, name, exposable: Exposable) -> Hostname: return StaticHostname( f"{name}.{self.base_domain}", exposable.get_tls_cert if self.verify is None else lambda _hostname: self.verify, # type: ignore From 859732c4c6d1821cc3e0bb49bcdd07cd0deab518 Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Thu, 21 May 2026 11:07:16 +0200 Subject: [PATCH 17/18] fix: added port_name method to exposable. Signed-off-by: Alexander Cristurean --- testsuite/gateway/__init__.py | 5 +++++ testsuite/gateway/exposers.py | 2 +- testsuite/tests/singlecluster/conftest.py | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/testsuite/gateway/__init__.py b/testsuite/gateway/__init__.py index 7653d61dc..c03d9a8cd 100644 --- a/testsuite/gateway/__init__.py +++ b/testsuite/gateway/__init__.py @@ -159,6 +159,11 @@ def external_ip(self) -> str: """Returns external IP and port for external access""" raise NotImplementedError(f"{type(self).__name__} does not support external_ip") + @property + def port_name(self) -> str: + """Service port name used when creating external routes""" + return "api" + def get_tls_cert(self, hostname: str) -> Optional[Certificate]: # pylint: disable=unused-argument """Returns TLS cert or None""" return None diff --git a/testsuite/gateway/exposers.py b/testsuite/gateway/exposers.py index da607cc39..7fffe17b9 100644 --- a/testsuite/gateway/exposers.py +++ b/testsuite/gateway/exposers.py @@ -25,7 +25,7 @@ def expose_hostname(self, name, exposable) -> Hostname: tls = True termination = "passthrough" route = OpenshiftRoute.create_instance( - exposable.cluster, name, exposable.service_name, "api", tls=tls, termination=termination + exposable.cluster, name, exposable.service_name, exposable.port_name, tls=tls, termination=termination ) route.verify = self.verify self.routes.append(route) diff --git a/testsuite/tests/singlecluster/conftest.py b/testsuite/tests/singlecluster/conftest.py index 8e9a331c6..f5f3678a1 100644 --- a/testsuite/tests/singlecluster/conftest.py +++ b/testsuite/tests/singlecluster/conftest.py @@ -195,7 +195,7 @@ def pytest_runtest_makereport(item, call): # pylint: disable=unused-argument client.denied_request_ids.clear() backend = item.funcargs.get("backend") - if not report.passed or backend is None or not hasattr(backend, "external_hostname"): + if not report.passed or backend is None or not isinstance(backend, MockserverBackend): return if backend.external_hostname is None or not denied_ids: return From f911e32ab23f93c069b355bf49d0f782ae284666 Mon Sep 17 00:00:00 2001 From: Alexander Cristurean Date: Mon, 25 May 2026 16:50:40 +0200 Subject: [PATCH 18/18] feat: verify-denials flag and addressed reviews. Signed-off-by: Alexander Cristurean --- Makefile | 5 +++++ testsuite/tests/conftest.py | 3 +++ testsuite/tests/singlecluster/authorino/conftest.py | 4 ++-- testsuite/tests/singlecluster/conftest.py | 4 ++++ 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 9b6dd98a7..070074ecd 100644 --- a/Makefile +++ b/Makefile @@ -2,6 +2,7 @@ TB ?= short LOGLEVEL ?= INFO +VERIFY_DENIALS ?= true # Set to false to skip verification of expected denials (e.g., 403 responses) in tests marked with `verify_denials` (e.g., `authorino` tests). This can be useful when debugging test failures that may be related to unexpected denials, but should generally be left enabled to ensure proper test validation. ifdef WORKSPACE # Yes, this is for jenkins resultsdir = $(WORKSPACE) @@ -16,6 +17,10 @@ ifdef junit PYTEST += --junitxml=$(resultsdir)/junit-$(@F).xml -o junit_suite_name=$(@F) endif +ifdef VERIFY_DENIALS # Only add the flag if VERIFY_DENIALS is set to a non-empty value (default is "true") +PYTEST += --verify-denials=$(VERIFY_DENIALS) +endif + # Collector PYTEST Override collect: PYTEST = poetry run python -m pytest --tb=$(TB) --junitxml=$(resultsdir)/junit-00-$(@F).xml -o junit_suite_name=info-collector diff --git a/testsuite/tests/conftest.py b/testsuite/tests/conftest.py index 903533c41..349dbf584 100644 --- a/testsuite/tests/conftest.py +++ b/testsuite/tests/conftest.py @@ -31,6 +31,9 @@ def pytest_addoption(parser): "--enforce", action="store_true", default=False, help="Fails tests instead of skip, if capabilities are missing" ) parser.addoption("--standalone", action="store_true", default=False, help="Runs testsuite in standalone mode") + parser.addoption( + "--verify-denials", default="false", help="Verifies that denied requests did not leak to the upstream backend" + ) def pytest_runtest_setup(item): diff --git a/testsuite/tests/singlecluster/authorino/conftest.py b/testsuite/tests/singlecluster/authorino/conftest.py index 12d304581..38c3726ae 100644 --- a/testsuite/tests/singlecluster/authorino/conftest.py +++ b/testsuite/tests/singlecluster/authorino/conftest.py @@ -35,10 +35,10 @@ def authorino(kuadrant, cluster, blame, request, testconfig, label): @pytest.fixture(scope="module") -def authorization(authorization, oidc_provider, gateway, authorization_name, cluster, label) -> AuthConfig: +def authorization(authorization, oidc_provider, route, authorization_name, cluster, label) -> AuthConfig: """In case of Authorino, AuthConfig used for authorization""" if authorization is None: - authorization = AuthConfig.create_instance(cluster, authorization_name, gateway, labels={"testRun": label}) + authorization = AuthConfig.create_instance(cluster, authorization_name, route, labels={"testRun": label}) authorization.identity.add_oidc("default", oidc_provider.well_known["issuer"]) return authorization diff --git a/testsuite/tests/singlecluster/conftest.py b/testsuite/tests/singlecluster/conftest.py index f5f3678a1..8729000ae 100644 --- a/testsuite/tests/singlecluster/conftest.py +++ b/testsuite/tests/singlecluster/conftest.py @@ -105,6 +105,7 @@ def mockserver_config(cluster, blame, label): @pytest.fixture(scope="session") def backend_exposer(request, testconfig, cluster): """Dedicated session-scoped exposer for the backend, avoids ScopeMismatch with module-scoped exposer overrides""" + testconfig.validators.validate(only="default_exposer") exp = testconfig["default_exposer"](cluster) request.addfinalizer(exp.delete) exp.commit() @@ -194,6 +195,9 @@ def pytest_runtest_makereport(item, call): # pylint: disable=unused-argument denied_ids = set(client.denied_request_ids) client.denied_request_ids.clear() + if item.config.getoption("--verify-denials") != "true": + return + backend = item.funcargs.get("backend") if not report.passed or backend is None or not isinstance(backend, MockserverBackend): return