Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add integ test for Authorization Policy Gateway Policy Attachment #47513

Merged
merged 6 commits into from
Oct 24, 2023
Merged

Add integ test for Authorization Policy Gateway Policy Attachment #47513

merged 6 commits into from
Oct 24, 2023

Conversation

whitneygriffith
Copy link
Contributor

@whitneygriffith whitneygriffith commented Oct 23, 2023
edited by istio-policy-bot
Loading

Please provide a description of this PR:

Resolves #47263

@istio-testing
Copy link
Collaborator

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@istio-testing istio-testing added the do-not-merge/work-in-progress Block merging of a PR because it isn't ready yet. label Oct 23, 2023
@istio-policy-bot istio-policy-bot added area/test and release release-notes-none Indicates a PR that does not require release notes. labels Oct 23, 2023
@istio-testing istio-testing added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Oct 23, 2023
@whitneygriffith whitneygriffith force-pushed the authPolicy-gateway-tests branch from 0127442 to 5cc862c Compare October 23, 2023 00:57
@whitneygriffith whitneygriffith marked this pull request as ready for review October 23, 2023 01:12
@whitneygriffith whitneygriffith requested a review from a team as a code owner October 23, 2023 01:12
@istio-testing istio-testing removed the do-not-merge/work-in-progress Block merging of a PR because it isn't ready yet. label Oct 23, 2023
@whitneygriffith
Copy link
Contributor Author

/retest-required

@whitneygriffith whitneygriffith force-pushed the authPolicy-gateway-tests branch 2 times, most recently from 4d87def to 523a5b0 Compare October 23, 2023 14:40
@whitneygriffith
Copy link
Contributor Author

/retest-required

@whitneygriffith
Add integ test for Authorization Policy Gateway Policy Attachment
f19d88e 
Signed-off-by: Whitney Griffith <whgriffi@microsoft.com>
@whitneygriffith whitneygriffith force-pushed the authPolicy-gateway-tests branch from 523a5b0 to f19d88e Compare October 23, 2023 17:03
@whitneygriffith
Update testdata
95e2723 
Signed-off-by: Whitney Griffith <whgriffi@microsoft.com>
@whitneygriffith
Updated expected http responses
102a94a 
Signed-off-by: Whitney Griffith <whgriffi@microsoft.com>
@whitneygriffith
Update feature labels for test
b51097f 
Signed-off-by: Whitney Griffith <whgriffi@microsoft.com>
@whitneygriffith whitneygriffith requested a review from a team as a code owner October 24, 2023 16:56
costinm
costinm reviewed Oct 24, 2023
View reviewed changes
Copy link
Contributor

@costinm costinm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Do we plan to support listener attachment too ?

One small issue - if someone looks at the tests as an example, they may get the wrong impression. I would add a small comment to the gateway yaml - jwts are not best practice on port 80 ( some RFCs don't allow them).

jaellio
jaellio reviewed Oct 24, 2023
View reviewed changes
tests/integration/security/policy_attachment_only/jwt_gateway_test.go
},
},
{
name: "deny without token",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need a test case for denying with an incorrect token?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think its good to have as it confirms the AuthPolicy is enforcing only requests with valid token. Happy to remove if others think its not necessary.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was curious if we wanted a test case with an incorrect token in addition to the test case with no token.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh I misunderstood!

tests/integration/security/policy_attachment_only/testdata/authz/gateway-authz.yaml.tmpl Outdated Show resolved Hide resolved
tests/integration/security/policy_attachment_only/testdata/authz/gateway-api.yaml.tmpl Outdated Show resolved Hide resolved
@whitneygriffith
address comments
31e7189 
Signed-off-by: Whitney Griffith <whgriffi@microsoft.com>
@whitneygriffith
address comments
e8cdc86 
Signed-off-by: Whitney Griffith <whgriffi@microsoft.com>
@whitneygriffith
Copy link
Contributor Author

Looks good. Do we plan to support listener attachment too ?

do you mind expanding on what listener attachment is?

One small issue - if someone looks at the tests as an example, they may get the wrong impression. I would add a small comment to the gateway yaml - jwts are not best practice on port 80 ( some RFCs don't allow them).

updated!

@MorrisLaw
Copy link
Contributor

Looks good. Do we plan to support listener attachment too ?

One small issue - if someone looks at the tests as an example, they may get the wrong impression. I would add a small comment to the gateway yaml - jwts are not best practice on port 80 ( some RFCs don't allow them).

Hey @costinm, wdym by listener attachment? Is it this or something else?

MorrisLaw
MorrisLaw approved these changes Oct 24, 2023
View reviewed changes
Copy link
Contributor

@MorrisLaw MorrisLaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@istio-testing istio-testing merged commit 32a1233 into istio:master Oct 24, 2023
@whitneygriffith whitneygriffith deleted the authPolicy-gateway-tests branch October 26, 2023 20:25
@keithmattix keithmattix added the cherrypick/release-1.20 Set this label on a PR to auto-merge it to the release-1.20 branch label Oct 30, 2023
@istio-testing istio-testing mentioned this pull request Oct 30, 2023
Merged
@istio-testing
Copy link
Collaborator

In response to a cherrypick label: new pull request created: #47647

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaellio jaellio jaellio left review comments

@costinm costinm costinm left review comments

@MorrisLaw MorrisLaw MorrisLaw approved these changes

@howardjohn howardjohn howardjohn approved these changes

Assignees
No one assigned
Labels
area/test and release cherrypick/release-1.20 Set this label on a PR to auto-merge it to the release-1.20 branch release-notes-none Indicates a PR that does not require release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add Integration Test for Authorization Policy with Target Ref
8 participants
@whitneygriffith @istio-testing @MorrisLaw @costinm @howardjohn @jaellio @keithmattix @istio-policy-bot