2020-11-19 13:25:53 +00:00
|
|
|
"""outpost tests"""
|
2021-12-18 14:29:20 +00:00
|
|
|
from unittest.mock import MagicMock, patch
|
|
|
|
|
|
2020-11-19 13:25:53 +00:00
|
|
|
from django.test import TestCase
|
2021-12-18 14:29:20 +00:00
|
|
|
from kubernetes.client import AppsV1Api
|
|
|
|
|
from kubernetes.client.exceptions import OpenApiException
|
2020-11-19 13:25:53 +00:00
|
|
|
|
2021-11-22 21:56:02 +00:00
|
|
|
from authentik.core.tests.utils import create_test_flow
|
2020-12-05 21:08:42 +00:00
|
|
|
from authentik.lib.config import CONFIG
|
|
|
|
|
from authentik.outposts.controllers.k8s.deployment import DeploymentReconciler
|
2021-10-03 17:25:18 +00:00
|
|
|
from authentik.outposts.controllers.k8s.triggers import NeedsUpdate
|
2020-12-05 21:08:42 +00:00
|
|
|
from authentik.outposts.models import KubernetesServiceConnection, Outpost, OutpostType
|
2023-03-15 11:12:08 +00:00
|
|
|
from authentik.outposts.tasks import outpost_connection_discovery
|
2021-10-03 20:54:07 +00:00
|
|
|
from authentik.providers.proxy.controllers.kubernetes import ProxyKubernetesController
|
2020-12-05 21:08:42 +00:00
|
|
|
from authentik.providers.proxy.models import ProxyProvider
|
2020-11-19 13:25:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class OutpostKubernetesTests(TestCase):
|
|
|
|
|
"""Test Kubernetes Controllers"""
|
|
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
|
super().setUp()
|
|
|
|
|
# Ensure that local connection have been created
|
2023-03-15 11:12:08 +00:00
|
|
|
outpost_connection_discovery() # pylint: disable=no-value-for-parameter
|
2020-11-19 13:25:53 +00:00
|
|
|
self.provider: ProxyProvider = ProxyProvider.objects.create(
|
|
|
|
|
name="test",
|
|
|
|
|
internal_host="http://localhost",
|
|
|
|
|
external_host="http://localhost",
|
2021-11-22 21:56:02 +00:00
|
|
|
authorization_flow=create_test_flow(),
|
2020-11-19 13:25:53 +00:00
|
|
|
)
|
|
|
|
|
self.service_connection = KubernetesServiceConnection.objects.first()
|
|
|
|
|
self.outpost: Outpost = Outpost.objects.create(
|
|
|
|
|
name="test",
|
|
|
|
|
type=OutpostType.PROXY,
|
|
|
|
|
service_connection=self.service_connection,
|
|
|
|
|
)
|
|
|
|
|
self.outpost.providers.add(self.provider)
|
2023-07-22 00:29:28 +00:00
|
|
|
self.outpost.config.kubernetes_json_patches = {
|
|
|
|
|
"deployment": [
|
|
|
|
|
{
|
|
|
|
|
"op": "add",
|
|
|
|
|
"path": "/spec/template/spec/containers/0/resources",
|
|
|
|
|
"value": {
|
|
|
|
|
"requests": {"cpu": "2000m", "memory": "2000Mi"},
|
|
|
|
|
"limits": {"cpu": "4000m", "memory": "8000Mi"},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
self.outpost.providers.add(self.provider)
|
2020-11-19 13:25:53 +00:00
|
|
|
self.outpost.save()
|
|
|
|
|
|
|
|
|
|
def test_deployment_reconciler(self):
|
|
|
|
|
"""test that deployment requires update"""
|
2021-10-03 20:54:07 +00:00
|
|
|
controller = ProxyKubernetesController(self.outpost, self.service_connection)
|
2020-11-19 13:25:53 +00:00
|
|
|
deployment_reconciler = DeploymentReconciler(controller)
|
|
|
|
|
|
|
|
|
|
self.assertIsNotNone(deployment_reconciler.retrieve())
|
|
|
|
|
|
|
|
|
|
config = self.outpost.config
|
|
|
|
|
config.kubernetes_replicas = 3
|
2023-07-22 00:29:28 +00:00
|
|
|
config.kubernetes_json_patches = {
|
|
|
|
|
"deployment": [
|
|
|
|
|
{
|
|
|
|
|
"op": "add",
|
|
|
|
|
"path": "/spec/template/spec/containers/0/resources",
|
|
|
|
|
"value": {
|
|
|
|
|
"requests": {"cpu": "1000m", "memory": "2000Mi"},
|
|
|
|
|
"limits": {"cpu": "2000m", "memory": "4000Mi"},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
2020-11-19 13:25:53 +00:00
|
|
|
self.outpost.config = config
|
|
|
|
|
|
|
|
|
|
with self.assertRaises(NeedsUpdate):
|
|
|
|
|
deployment_reconciler.reconcile(
|
|
|
|
|
deployment_reconciler.retrieve(),
|
|
|
|
|
deployment_reconciler.get_reference_object(),
|
|
|
|
|
)
|
|
|
|
|
|
2021-10-14 17:57:56 +00:00
|
|
|
with CONFIG.patch("outposts.container_image_base", "test"):
|
2020-11-19 13:25:53 +00:00
|
|
|
with self.assertRaises(NeedsUpdate):
|
|
|
|
|
deployment_reconciler.reconcile(
|
|
|
|
|
deployment_reconciler.retrieve(),
|
|
|
|
|
deployment_reconciler.get_reference_object(),
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
deployment_reconciler.delete(deployment_reconciler.get_reference_object())
|
2021-12-18 14:29:20 +00:00
|
|
|
|
|
|
|
|
def test_controller_rename(self):
|
|
|
|
|
"""test that objects get deleted and re-created with new names"""
|
|
|
|
|
controller = ProxyKubernetesController(self.outpost, self.service_connection)
|
|
|
|
|
|
|
|
|
|
self.assertIsNone(controller.up())
|
|
|
|
|
self.outpost.name = "foo"
|
|
|
|
|
self.assertIsNone(controller.up())
|
|
|
|
|
apps = AppsV1Api(controller.client)
|
|
|
|
|
with self.assertRaises(OpenApiException):
|
|
|
|
|
apps.read_namespaced_deployment("test", self.outpost.config.kubernetes_namespace)
|
|
|
|
|
controller.down()
|
|
|
|
|
|
|
|
|
|
def test_controller_full_update(self):
|
|
|
|
|
"""Test an update that triggers all objects"""
|
|
|
|
|
controller = ProxyKubernetesController(self.outpost, self.service_connection)
|
|
|
|
|
|
|
|
|
|
self.assertIsNone(controller.up())
|
|
|
|
|
with patch(
|
|
|
|
|
"authentik.outposts.controllers.k8s.base.get_version", MagicMock(return_value="1234")
|
|
|
|
|
):
|
|
|
|
|
self.assertIsNone(controller.up())
|
|
|
|
|
deployment_reconciler = DeploymentReconciler(controller)
|
|
|
|
|
deployment = deployment_reconciler.retrieve()
|
|
|
|
|
self.assertEqual(deployment.metadata.labels["app.kubernetes.io/version"], "1234")
|
|
|
|
|
controller.down()
|
