Skip to content

Commit

Permalink
tests: Modify TLS policy tests to check validator
Browse files Browse the repository at this point in the history
Check TLS policy of template validator pod.

Signed-off-by: Andrej Krejcir <akrejcir@redhat.com>
  • Loading branch information
akrejcir committed Nov 19, 2024
1 parent 8a8e225 commit a369026
Showing 1 changed file with 25 additions and 0 deletions.
25 changes: 25 additions & 0 deletions tests/crypto_policy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,11 @@ import (
"fmt"
"net"
"net/http"
"time"

. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
template_validator "kubevirt.io/ssp-operator/internal/operands/template-validator"

ocpv1 "github.com/openshift/api/config/v1"
"github.com/openshift/library-go/pkg/crypto"
Expand Down Expand Up @@ -109,9 +111,17 @@ var _ = Describe("Crypto Policy", func() {
Context("setting Crypto Policy", func() {
DescribeTable("Adhere to defined TLSConfig", func(tlsConfigTestPermutation tlsConfigTestPermutation) {
pod := operatorPod()
validatorPod := templateValidatorPod()

applyTLSConfig(tlsConfigTestPermutation.openshiftTLSPolicy)
Expect(testMetricsEndpoint(pod, tlsConfigTestPermutation)).To(Succeed())
Expect(testWebhookEndpoint(pod, tlsConfigTestPermutation)).To(Succeed())

// Using larger timeout, because it usually takes more than a minute
// for the ConfigMap to be propagated to the pod.
Eventually(func() error {
return testValidatorEndpoint(validatorPod, tlsConfigTestPermutation)
}, env.Timeout(), time.Second).Should(Succeed())
},
Entry("[test_id:9360] old", oldPermutation),
Entry("[test_id:9276] intermediate", intermediatePermutation),
Expand All @@ -130,6 +140,17 @@ func operatorPod() core.Pod {
return pods.Items[0]
}

func templateValidatorPod() core.Pod {
pods := &core.PodList{}
err := apiClient.List(context.TODO(), pods, client.MatchingLabels{
common.AppKubernetesNameLabel: "template-validator",
common.AppKubernetesComponentLabel: string(common.AppComponentTemplating),
})
Expect(err).ToNot(HaveOccurred())
Expect(pods.Items).ToNot(BeEmpty())
return pods.Items[0]
}

type tlsConfigTestPermutation struct {
openshiftTLSPolicy *ocpv1.TLSSecurityProfile
allowedConfigs []clientTLSOptions
Expand Down Expand Up @@ -250,6 +271,10 @@ func testWebhookEndpoint(pod core.Pod, tlsConfig tlsConfigTestPermutation) error
return tlsConfig.testEndpointAccessabilityWithTLS(pod, strategy.GetSSPWebhookServiceName(), "", 9443)
}

func testValidatorEndpoint(pod core.Pod, tlsConfig tlsConfigTestPermutation) error {
return tlsConfig.testEndpointAccessabilityWithTLS(pod, template_validator.ServiceName, "", 8443)
}

func applyTLSConfig(tlsSecurityProfile *ocpv1.TLSSecurityProfile) {
watch, err := StartWatch(sspListerWatcher)
Expect(err).ToNot(HaveOccurred())
Expand Down

0 comments on commit a369026

Please sign in to comment.