From d1bdb12161454acd13ac7c82df3d81261f5e3c65 Mon Sep 17 00:00:00 2001 From: Andrej Krejcir Date: Wed, 30 Oct 2024 16:49:05 +0100 Subject: [PATCH] tests: Modify TLS policy tests to check validator Check TLS policy of template validator pod. Signed-off-by: Andrej Krejcir --- tests/crypto_policy_test.go | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/crypto_policy_test.go b/tests/crypto_policy_test.go index f1f3a3eae..c92499863 100644 --- a/tests/crypto_policy_test.go +++ b/tests/crypto_policy_test.go @@ -7,9 +7,11 @@ import ( "fmt" "net" "net/http" + "time" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + template_validator "kubevirt.io/ssp-operator/internal/operands/template-validator" ocpv1 "github.com/openshift/api/config/v1" "github.com/openshift/library-go/pkg/crypto" @@ -109,9 +111,15 @@ var _ = Describe("Crypto Policy", func() { Context("setting Crypto Policy", func() { DescribeTable("Adhere to defined TLSConfig", func(tlsConfigTestPermutation tlsConfigTestPermutation) { pod := operatorPod() + validatorPod := templateValidatorPod() + applyTLSConfig(tlsConfigTestPermutation.openshiftTLSPolicy) Expect(testMetricsEndpoint(pod, tlsConfigTestPermutation)).To(Succeed()) Expect(testWebhookEndpoint(pod, tlsConfigTestPermutation)).To(Succeed()) + + Eventually(func() error { + return testValidatorEndpoint(validatorPod, tlsConfigTestPermutation) + }, env.ShortTimeout(), time.Second).Should(Succeed()) }, Entry("[test_id:9360] old", oldPermutation), Entry("[test_id:9276] intermediate", intermediatePermutation), @@ -130,6 +138,17 @@ func operatorPod() core.Pod { return pods.Items[0] } +func templateValidatorPod() core.Pod { + pods := &core.PodList{} + err := apiClient.List(context.TODO(), pods, client.MatchingLabels{ + common.AppKubernetesNameLabel: "template-validator", + common.AppKubernetesComponentLabel: string(common.AppComponentTemplating), + }) + Expect(err).ToNot(HaveOccurred()) + Expect(pods.Items).ToNot(BeEmpty()) + return pods.Items[0] +} + type tlsConfigTestPermutation struct { openshiftTLSPolicy *ocpv1.TLSSecurityProfile allowedConfigs []clientTLSOptions @@ -250,6 +269,10 @@ func testWebhookEndpoint(pod core.Pod, tlsConfig tlsConfigTestPermutation) error return tlsConfig.testEndpointAccessabilityWithTLS(pod, strategy.GetSSPWebhookServiceName(), "", 9443) } +func testValidatorEndpoint(pod core.Pod, tlsConfig tlsConfigTestPermutation) error { + return tlsConfig.testEndpointAccessabilityWithTLS(pod, template_validator.ServiceName, "", 8443) +} + func applyTLSConfig(tlsSecurityProfile *ocpv1.TLSSecurityProfile) { watch, err := StartWatch(sspListerWatcher) Expect(err).ToNot(HaveOccurred())