Merge pull request #30 from jsmolar/api_key_auth

Add authentication with API keys tests

testsuite/openshift/objects/api_key.py

@@ -0,0 +1,39 @@
+"""API Key Secret CR object"""
+
+from openshift import APIObject
+
+from testsuite.openshift.client import OpenShiftClient
+
+
+class APIKey(APIObject):
+    """Represents API Key Secret CR for Authorino"""
+
+    @classmethod
+    def create_instance(cls, openshift: OpenShiftClient, name, label, api_key_string):
+        """Creates base instance"""
+        model = {
+            "apiVersion": "v1",
+            "kind": "Secret",
+            "metadata": {
+                "name": name,
+                "namespace": openshift.project,
+                "labels": {
+                    "authorino.kuadrant.io/managed-by": "authorino",
+                    "group": label
+                }
+            },
+            "stringData": {
+                "api_key": api_key_string
+            },
+            "type": "Opaque"
+        }
+
+        return cls(model, context=openshift.context)
+
+    def commit(self):
+        """
+        Creates object on the server and returns created entity.
+        It will be the same class but attributes might differ, due to server adding/rejecting some of them.
+        """
+        self.create(["--save-config=true"])
+        return self.refresh()

testsuite/openshift/objects/auth_config.py

@@ -47,3 +47,19 @@ def add_oidc_identity(self, name, endpoint):
                 "endpoint": endpoint
             }
         })
+
+    def add_api_key_identity(self, name, label):
+        """Adds API Key identity"""
+        identities = self.model.spec.setdefault("identity", [])
+        identities.append({
+            "name": name,
+            "apiKey": {
+                "labelSelectors": {
+                    "group": label
+                }
+            },
+            "credentials": {
+                "in": "authorization_header",
+                "keySelector": "APIKEY"
+            }
+        })

testsuite/tests/kuadrant/authorino/conftest.py

@@ -38,7 +38,7 @@ def authorization(authorization, authorino, envoy, blame, openshift, label) -> A
 
 @pytest.fixture(scope="module")
 def client(authorization, envoy):
-    """Returns httpx client to be used for requests, it also commit AuthConfig"""
+    """Returns httpx client to be used for requests, it also commits AuthConfig"""
     authorization.commit()
     client = envoy.client
     yield client

testsuite/tests/kuadrant/authorino/identity/api_key/test_api_key_identity.py

@@ -0,0 +1,41 @@
+"""Tests authentication with API keys"""
+
+import pytest
+
+from testsuite.openshift.objects.api_key import APIKey
+
+
+@pytest.fixture(scope="module")
+def api_key_secret(openshift, blame):
+    """Creates API Key Secret"""
+    api_key = "test_api_key"
+    secret = APIKey.create_instance(openshift, blame("api-key"), "api_label", api_key)
+    secret.commit()
+    yield secret, api_key
+    secret.delete()
+
+
+@pytest.fixture(scope="module")
+def authorization(authorization):
+    """Creates AuthConfig with API Key identity"""
+    authorization.add_api_key_identity("api_key", "api_label")
+    return authorization
+
+
+def test_correct_auth(client, api_key_secret):
+    """Tests request with correct API key"""
+    _, key = api_key_secret
+    response = client.get("/get", headers={"Authorization": f"APIKEY {key}"})
+    assert response.status_code == 200
+
+
+def test_no_auth(client):
+    """Tests request with missing authorization header"""
+    response = client.get("/get")
+    assert response.status_code == 401
+
+
+def test_wrong_auth(client):
+    """Tests request with wrong API key"""
+    response = client.get("/get", headers={"Authorization": "APIKEY invalid-key"})
+    assert response.status_code == 401