Atomic overrides testing

[martinhesko]

Summary

The kuadrant operator now allows overrides to be set for AuthPolicy and RateLimitPolicy. Test that the overrides block is mutually exclusive with implicit defaults, can only be defined for gateway attached policies, and overrides HTTPRoute attached policies.

Documentation

Implementing PRs: Kuadrant/kuadrant-operator#523, Kuadrant/kuadrant-operator#525
RFC: https://github.com/Kuadrant/architecture/blob/main/rfcs/0009-defaults-and-overrides.md

Test cases
Assuming regular configuration in tests/conftest.py (httpbin backend, 1 route attached to gateway)
Repeat each for AuthPolicy and RateLimitPolicy

• Test base case

  • Set Gateway attached policy by an explicit overrides block
  • Verify that the HTTPRoute attached to the gateway reflects this policy with status Object affected by {Auth|RateLimit}Policy x
  • Curl the route to verify that the override was applied correctly

• Test mutual exclusivity of overrides block with implicit defaults

  • set Gateway attached policy configured both with regular config and config inside an overrides block
  • Check that policy is rejected due to Overrides and implicit defaults are mutually exclusive

• Test mutual exclusivity of overrides block with explicit defaults

  • set Gateway attached policy configured both with config inside a defaults block and config inside an overrides block
  • Check that policy is rejected due to Overrides and explicit defaults are mutually exclusive

• Test overrides can't be set at HTTPRoute level

  • set HTTPRoute attached policy configured with an overrides block
  • Check that policy is rejected due to Overrides are only allowed for policies targeting a Gateway resource

• Test policy discoverability

  • Attach a policy with a configured overrides block to your gateway
  • Create a new HTTPRoute attached to your gateway
  • Check HTTPRoute status, it should specify Object affected by {Auth|RateLimit}Policy x
  • Curl the route to verify the policy attached to gateway got applied to your HTTPRoute

• Test overriding existing HTTPRoute level policy

  • Attach a policy containing implicit defaults to HTTPRoute
  • Attach a policy containing the overrides block to the parent gateway
  • curl endpoint to verify the HTPPRoute policy had been overridden

• Test overriding new HTTPRoute level policy

  • Attach a policy containing the overrides block to the parent gateway
  • Attach a policy containing implicit defaults to HTTPRoute
  • curl endpoint to verify the HTPPRoute policy had been overridden

• Test adding overrides to existing gateway policy

  • Attach a policy containing implicit defaults to HTTPRoute
  • Attach a policy containing implicit defaults to Gateway
  • Modify the Gateway attached policy and put the rules inside overrides block
  • curl endpoint to verify the HTPPRoute policy had been overridden

• Test removing overrides from gateway policy

  • Attach a policy containing implicit defaults to HTTPRoute
  • Attach a policy containing the overrides block to the parent gateway
  • curl endpoint to verify the HTPPRoute policy had been overridden
  • Modify the Gateway attached policy and remove the overrides block
  • curl endpoint to verify only HTTPRoute policy applies