istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/policy_attachment_only/main_test.go

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/policy_attachment_only/main_test.go (about)

     1  //go:build integ
     2  // +build integ
     3  
     4  //  Copyright Istio Authors
     5  //
     6  //  Licensed under the Apache License, Version 2.0 (the "License");
     7  //  you may not use this file except in compliance with the License.
     8  //  You may obtain a copy of the License at
     9  //
    10  //      http://www.apache.org/licenses/LICENSE-2.0
    11  //
    12  //  Unless required by applicable law or agreed to in writing, software
    13  //  distributed under the License is distributed on an "AS IS" BASIS,
    14  //  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15  //  See the License for the specific language governing permissions and
    16  //  limitations under the License.
    17  
    18  package policyattachmentonly
    19  
    20  import (
    21  	"testing"
    22  
    23  	"istio.io/istio/pkg/test/framework"
    24  	"istio.io/istio/pkg/test/framework/components/authz"
    25  	"istio.io/istio/pkg/test/framework/components/echo/common/deployment"
    26  	"istio.io/istio/pkg/test/framework/components/istio"
    27  	"istio.io/istio/pkg/test/framework/components/jwt"
    28  	"istio.io/istio/pkg/test/framework/components/namespace"
    29  	"istio.io/istio/pkg/test/framework/label"
    30  	"istio.io/istio/pkg/test/framework/resource"
    31  )
    32  
    33  var (
    34  	// Namespaces
    35  	echo1NS  namespace.Instance
    36  	serverNS namespace.Instance
    37  
    38  	// Servers
    39  	apps             deployment.SingleNamespaceView
    40  	authzServer      authz.Server
    41  	localAuthzServer authz.Server
    42  	jwtServer        jwt.Server
    43  
    44  	i istio.Instance
    45  )
    46  
    47  func TestMain(m *testing.M) {
    48  	framework.
    49  		NewSuite(m).
    50  		Label(label.CustomSetup).
    51  		Setup(istio.Setup(&i, func(c resource.Context, cfg *istio.Config) {
    52  			if !c.Settings().EnableDualStack {
    53  				cfg.ControlPlaneValues = `
    54  values:
    55    pilot: 
    56      env: 
    57        PILOT_JWT_ENABLE_REMOTE_JWKS: true
    58        ENABLE_SELECTOR_BASED_K8S_GATEWAY_POLICY: false
    59  meshConfig:
    60    defaultConfig:
    61      gatewayTopology:
    62        numTrustedProxies: 1 # Needed for X-Forwarded-For (See https://istio.io/latest/docs/ops/configuration/traffic-management/network-topologies/)
    63  `
    64  			} else {
    65  				cfg.ControlPlaneValues = `
    66  values:
    67    pilot: 
    68      env: 
    69        PILOT_JWT_ENABLE_REMOTE_JWKS: true
    70        ISTIO_DUAL_STACK: true
    71        ENABLE_SELECTOR_BASED_K8S_GATEWAY_POLICY: false
    72  meshConfig:
    73    defaultConfig:
    74      proxyMetadata:
    75        ISTIO_DUAL_STACK: "true"
    76      gatewayTopology:
    77        numTrustedProxies: 1 # Needed for X-Forwarded-For (See https://istio.io/latest/docs/ops/configuration/traffic-management/network-topologies/)
    78  `
    79  			}
    80  		})).
    81  		// Create namespaces first. This way, echo can correctly configure egress to all namespaces.
    82  		SetupParallel(
    83  			namespace.Setup(&echo1NS, namespace.Config{Prefix: "echo1", Inject: true}),
    84  			namespace.Setup(&serverNS, namespace.Config{Prefix: "servers", Inject: true}),
    85  		).
    86  		SetupParallel(
    87  			jwt.Setup(&jwtServer, namespace.Future(&serverNS)),
    88  			authz.Setup(&authzServer, namespace.Future(&serverNS)),
    89  			authz.SetupLocal(&localAuthzServer, namespace.Future(&echo1NS)),
    90  			deployment.SetupSingleNamespace(&apps, deployment.Config{
    91  				IncludeExtAuthz: true,
    92  				Namespaces: []namespace.Getter{
    93  					namespace.Future(&echo1NS),
    94  				},
    95  			})).
    96  		Run()
    97  }