github.com/nginxinc/kubernetes-ingress@v1.12.5/tests/suite/test_rl_policies_vsr.py (about) 1 import pytest, requests, time 2 from kubernetes.client.rest import ApiException 3 from suite.resources_utils import wait_before_test, replace_configmap_from_yaml 4 from suite.custom_resources_utils import ( 5 read_custom_resource, 6 delete_virtual_server, 7 create_virtual_server_from_yaml, 8 patch_virtual_server_from_yaml, 9 patch_v_s_route_from_yaml, 10 create_policy_from_yaml, 11 delete_policy, 12 read_policy, 13 ) 14 from settings import TEST_DATA, DEPLOYMENTS 15 16 std_vs_src = f"{TEST_DATA}/virtual-server-route/standard/virtual-server.yaml" 17 rl_pol_pri_src = f"{TEST_DATA}/rate-limit/policies/rate-limit-primary.yaml" 18 rl_vsr_pri_src = f"{TEST_DATA}/rate-limit/route-subroute/virtual-server-route-pri-subroute.yaml" 19 rl_pol_sec_src = f"{TEST_DATA}/rate-limit/policies/rate-limit-secondary.yaml" 20 rl_vsr_sec_src = f"{TEST_DATA}/rate-limit/route-subroute/virtual-server-route-sec-subroute.yaml" 21 rl_pol_invalid_src = f"{TEST_DATA}/rate-limit/policies/rate-limit-invalid.yaml" 22 rl_vsr_invalid_src = ( 23 f"{TEST_DATA}/rate-limit/route-subroute/virtual-server-route-invalid-subroute.yaml" 24 ) 25 rl_vsr_override_src = ( 26 f"{TEST_DATA}/rate-limit/route-subroute/virtual-server-route-override-subroute.yaml" 27 ) 28 rl_vsr_override_vs_spec_src = ( 29 f"{TEST_DATA}/rate-limit/route-subroute/virtual-server-vsr-spec-override.yaml" 30 ) 31 rl_vsr_override_vs_route_src = ( 32 f"{TEST_DATA}/rate-limit/route-subroute/virtual-server-vsr-route-override.yaml" 33 ) 34 35 36 @pytest.mark.policies 37 @pytest.mark.parametrize( 38 "crd_ingress_controller, v_s_route_setup", 39 [ 40 ( 41 { 42 "type": "complete", 43 "extra_args": [ 44 f"-enable-custom-resources", 45 f"-enable-preview-policies", 46 f"-enable-leader-election=false", 47 ], 48 }, 49 {"example": "virtual-server-route"}, 50 ) 51 ], 52 indirect=True, 53 ) 54 class TestRateLimitingPoliciesVsr: 55 def restore_default_vsr(self, kube_apis, v_s_route_setup) -> None: 56 """ 57 Function to revert vsr deployments to valid state 58 """ 59 patch_src_m = f"{TEST_DATA}/virtual-server-route/route-multiple.yaml" 60 patch_v_s_route_from_yaml( 61 kube_apis.custom_objects, 62 v_s_route_setup.route_m.name, 63 patch_src_m, 64 v_s_route_setup.route_m.namespace, 65 ) 66 wait_before_test() 67 68 @pytest.mark.smoke 69 @pytest.mark.parametrize("src", [rl_vsr_pri_src]) 70 def test_rl_policy_1rs_vsr( 71 self, 72 kube_apis, 73 crd_ingress_controller, 74 v_s_route_app_setup, 75 v_s_route_setup, 76 test_namespace, 77 src, 78 ): 79 """ 80 Test if rate-limiting policy is working with ~1 rps in vsr:subroute 81 """ 82 83 req_url = f"http://{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}" 84 print(f"Create rl policy") 85 pol_name = create_policy_from_yaml( 86 kube_apis.custom_objects, rl_pol_pri_src, v_s_route_setup.route_m.namespace 87 ) 88 print(f"Patch vsr with policy: {src}") 89 patch_v_s_route_from_yaml( 90 kube_apis.custom_objects, 91 v_s_route_setup.route_m.name, 92 src, 93 v_s_route_setup.route_m.namespace, 94 ) 95 96 wait_before_test() 97 policy_info = read_custom_resource( 98 kube_apis.custom_objects, v_s_route_setup.route_m.namespace, "policies", pol_name 99 ) 100 occur = [] 101 t_end = time.perf_counter() + 1 102 resp = requests.get( 103 f"{req_url}{v_s_route_setup.route_m.paths[0]}", 104 headers={"host": v_s_route_setup.vs_host}, 105 ) 106 print(resp.status_code) 107 assert resp.status_code == 200 108 while time.perf_counter() < t_end: 109 resp = requests.get( 110 f"{req_url}{v_s_route_setup.route_m.paths[0]}", 111 headers={"host": v_s_route_setup.vs_host}, 112 ) 113 occur.append(resp.status_code) 114 delete_policy(kube_apis.custom_objects, pol_name, v_s_route_setup.route_m.namespace) 115 self.restore_default_vsr(kube_apis, v_s_route_setup) 116 assert ( 117 policy_info["status"] 118 and policy_info["status"]["reason"] == "AddedOrUpdated" 119 and policy_info["status"]["state"] == "Valid" 120 ) 121 assert occur.count(200) <= 1 122 123 @pytest.mark.parametrize("src", [rl_vsr_sec_src]) 124 def test_rl_policy_10rs_vsr( 125 self, 126 kube_apis, 127 crd_ingress_controller, 128 v_s_route_app_setup, 129 v_s_route_setup, 130 test_namespace, 131 src, 132 ): 133 """ 134 Test if rate-limiting policy is working with ~10 rps in vsr:subroute 135 """ 136 rate_sec = 10 137 req_url = f"http://{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}" 138 print(f"Create rl policy") 139 pol_name = create_policy_from_yaml( 140 kube_apis.custom_objects, rl_pol_sec_src, v_s_route_setup.route_m.namespace 141 ) 142 print(f"Patch vsr with policy: {src}") 143 patch_v_s_route_from_yaml( 144 kube_apis.custom_objects, 145 v_s_route_setup.route_m.name, 146 src, 147 v_s_route_setup.route_m.namespace, 148 ) 149 150 wait_before_test() 151 policy_info = read_custom_resource( 152 kube_apis.custom_objects, v_s_route_setup.route_m.namespace, "policies", pol_name 153 ) 154 occur = [] 155 t_end = time.perf_counter() + 1 156 resp = requests.get( 157 f"{req_url}{v_s_route_setup.route_m.paths[0]}", 158 headers={"host": v_s_route_setup.vs_host}, 159 ) 160 print(resp.status_code) 161 assert resp.status_code == 200 162 while time.perf_counter() < t_end: 163 resp = requests.get( 164 f"{req_url}{v_s_route_setup.route_m.paths[0]}", 165 headers={"host": v_s_route_setup.vs_host}, 166 ) 167 occur.append(resp.status_code) 168 delete_policy(kube_apis.custom_objects, pol_name, v_s_route_setup.route_m.namespace) 169 self.restore_default_vsr(kube_apis, v_s_route_setup) 170 assert ( 171 policy_info["status"] 172 and policy_info["status"]["reason"] == "AddedOrUpdated" 173 and policy_info["status"]["state"] == "Valid" 174 ) 175 assert rate_sec >= occur.count(200) >= (rate_sec - 2) 176 177 @pytest.mark.parametrize("src", [rl_vsr_override_src]) 178 def test_rl_policy_override_vsr( 179 self, 180 kube_apis, 181 crd_ingress_controller, 182 v_s_route_app_setup, 183 v_s_route_setup, 184 test_namespace, 185 src, 186 ): 187 """ 188 Test if rate-limiting policy with lower rps is used when multiple policies are listed in vsr:subroute 189 And test if the order of policies in vsr:subroute has no effect 190 """ 191 192 req_url = f"http://{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}" 193 print(f"Create rl policy: 1rps") 194 pol_name_pri = create_policy_from_yaml( 195 kube_apis.custom_objects, rl_pol_pri_src, v_s_route_setup.route_m.namespace 196 ) 197 print(f"Create rl policy: 10rps") 198 pol_name_sec = create_policy_from_yaml( 199 kube_apis.custom_objects, rl_pol_sec_src, v_s_route_setup.route_m.namespace 200 ) 201 print(f"Patch vsr with policy: {src}") 202 patch_v_s_route_from_yaml( 203 kube_apis.custom_objects, 204 v_s_route_setup.route_m.name, 205 src, 206 v_s_route_setup.route_m.namespace, 207 ) 208 wait_before_test() 209 occur = [] 210 t_end = time.perf_counter() + 1 211 resp = requests.get( 212 f"{req_url}{v_s_route_setup.route_m.paths[0]}", 213 headers={"host": v_s_route_setup.vs_host}, 214 ) 215 print(resp.status_code) 216 assert resp.status_code == 200 217 while time.perf_counter() < t_end: 218 resp = requests.get( 219 f"{req_url}{v_s_route_setup.route_m.paths[0]}", 220 headers={"host": v_s_route_setup.vs_host}, 221 ) 222 occur.append(resp.status_code) 223 delete_policy(kube_apis.custom_objects, pol_name_pri, v_s_route_setup.route_m.namespace) 224 delete_policy(kube_apis.custom_objects, pol_name_sec, v_s_route_setup.route_m.namespace) 225 self.restore_default_vsr(kube_apis, v_s_route_setup) 226 assert occur.count(200) <= 1 227 228 @pytest.mark.parametrize("src", [rl_vsr_pri_src]) 229 def test_rl_policy_deleted_vsr( 230 self, 231 kube_apis, 232 crd_ingress_controller, 233 v_s_route_app_setup, 234 v_s_route_setup, 235 test_namespace, 236 src, 237 ): 238 """ 239 Test if deleting a policy results in 500 240 """ 241 req_url = f"http://{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}" 242 print(f"Create rl policy") 243 pol_name = create_policy_from_yaml( 244 kube_apis.custom_objects, rl_pol_pri_src, v_s_route_setup.route_m.namespace 245 ) 246 print(f"Patch vsr with policy: {src}") 247 patch_v_s_route_from_yaml( 248 kube_apis.custom_objects, 249 v_s_route_setup.route_m.name, 250 src, 251 v_s_route_setup.route_m.namespace, 252 ) 253 wait_before_test() 254 resp = requests.get( 255 f"{req_url}{v_s_route_setup.route_m.paths[0]}", 256 headers={"host": v_s_route_setup.vs_host}, 257 ) 258 assert resp.status_code == 200 259 print(resp.status_code) 260 delete_policy(kube_apis.custom_objects, pol_name, v_s_route_setup.route_m.namespace) 261 resp = requests.get( 262 f"{req_url}{v_s_route_setup.route_m.paths[0]}", 263 headers={"host": v_s_route_setup.vs_host}, 264 ) 265 self.restore_default_vsr(kube_apis, v_s_route_setup) 266 assert resp.status_code == 500 267 268 @pytest.mark.parametrize("src", [rl_vsr_invalid_src]) 269 def test_rl_policy_invalid_vsr( 270 self, 271 kube_apis, 272 crd_ingress_controller, 273 v_s_route_app_setup, 274 v_s_route_setup, 275 test_namespace, 276 src, 277 ): 278 """ 279 Test if using an invalid policy in vsr:subroute results in 500 280 """ 281 req_url = f"http://{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}" 282 print(f"Create rl policy") 283 invalid_pol_name = create_policy_from_yaml( 284 kube_apis.custom_objects, rl_pol_invalid_src, v_s_route_setup.route_m.namespace 285 ) 286 print(f"Patch vsr with policy: {src}") 287 patch_v_s_route_from_yaml( 288 kube_apis.custom_objects, 289 v_s_route_setup.route_m.name, 290 src, 291 v_s_route_setup.route_m.namespace, 292 ) 293 294 wait_before_test() 295 policy_info = read_custom_resource( 296 kube_apis.custom_objects, 297 v_s_route_setup.route_m.namespace, 298 "policies", 299 invalid_pol_name, 300 ) 301 resp = requests.get( 302 f"{req_url}{v_s_route_setup.route_m.paths[0]}", 303 headers={"host": v_s_route_setup.vs_host}, 304 ) 305 print(resp.status_code) 306 delete_policy(kube_apis.custom_objects, invalid_pol_name, v_s_route_setup.route_m.namespace) 307 self.restore_default_vsr(kube_apis, v_s_route_setup) 308 assert ( 309 policy_info["status"] 310 and policy_info["status"]["reason"] == "Rejected" 311 and policy_info["status"]["state"] == "Invalid" 312 ) 313 assert resp.status_code == 500 314 315 @pytest.mark.parametrize("src", [rl_vsr_override_vs_spec_src, rl_vsr_override_vs_route_src]) 316 def test_override_vs_vsr( 317 self, 318 kube_apis, 319 crd_ingress_controller, 320 v_s_route_app_setup, 321 test_namespace, 322 v_s_route_setup, 323 src, 324 ): 325 """ 326 Test if vsr subroute policy overrides vs spec policy 327 And vsr subroute policy overrides vs route policy 328 """ 329 rate_sec = 10 330 req_url = f"http://{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}" 331 332 # policy for virtualserver 333 print(f"Create rl policy: 1rps") 334 pol_name_vs = create_policy_from_yaml( 335 kube_apis.custom_objects, rl_pol_pri_src, v_s_route_setup.route_m.namespace 336 ) 337 # policy for virtualserverroute 338 print(f"Create rl policy: 10rps") 339 pol_name_vsr = create_policy_from_yaml( 340 kube_apis.custom_objects, rl_pol_sec_src, v_s_route_setup.route_m.namespace 341 ) 342 343 # patch vsr with 10rps policy 344 patch_v_s_route_from_yaml( 345 kube_apis.custom_objects, 346 v_s_route_setup.route_m.name, 347 rl_vsr_sec_src, 348 v_s_route_setup.route_m.namespace, 349 ) 350 # patch vs with 1rps policy 351 patch_virtual_server_from_yaml( 352 kube_apis.custom_objects, v_s_route_setup.vs_name, src, v_s_route_setup.namespace 353 ) 354 wait_before_test() 355 occur = [] 356 t_end = time.perf_counter() + 1 357 resp = requests.get( 358 f"{req_url}{v_s_route_setup.route_m.paths[0]}", 359 headers={"host": v_s_route_setup.vs_host}, 360 ) 361 print(resp.status_code) 362 assert resp.status_code == 200 363 while time.perf_counter() < t_end: 364 resp = requests.get( 365 f"{req_url}{v_s_route_setup.route_m.paths[0]}", 366 headers={"host": v_s_route_setup.vs_host}, 367 ) 368 occur.append(resp.status_code) 369 370 delete_policy(kube_apis.custom_objects, pol_name_vs, v_s_route_setup.route_m.namespace) 371 delete_policy(kube_apis.custom_objects, pol_name_vsr, v_s_route_setup.route_m.namespace) 372 self.restore_default_vsr(kube_apis, v_s_route_setup) 373 patch_virtual_server_from_yaml( 374 kube_apis.custom_objects, v_s_route_setup.vs_name, std_vs_src, v_s_route_setup.namespace 375 ) 376 assert rate_sec >= occur.count(200) >= (rate_sec - 2)