diff --git a/tests/interop/test_validate_hub_site_components.py b/tests/interop/test_validate_hub_site_components.py index 58f0a367..70b57fc9 100644 --- a/tests/interop/test_validate_hub_site_components.py +++ b/tests/interop/test_validate_hub_site_components.py @@ -1,5 +1,7 @@ import logging import os +import re +import subprocess import pytest from ocp_resources.route import Route @@ -44,7 +46,10 @@ def test_check_pod_status(openshift_dyn_client): logger.info("Checking pod status") projects = [ "openshift-operators", - "openshift-gitops", + "openshift-gitops-operator", + "openshift-cluster-observability-operator", + "openshift-opentelemetry-operator", + "openshift-tempo-operator", "travel-agency", "travel-control", "travel-portal", @@ -70,23 +75,23 @@ def test_validate_argocd_reachable_hub_site(openshift_dyn_client): logger.info("PASS: Argocd is reachable") -@pytest.mark.validate_istio_ingressgateway_route -def test_validate_istio_ingressgateway_route(openshift_dyn_client): - namespace = "istio-system" - logger.info("Check for the existence of the istio_ingressgateway route") - try: - for route in Route.get( - dyn_client=openshift_dyn_client, - namespace=namespace, - name="istio-ingressgateway", - ): - logger.info(route.instance.spec.host) - except NotFoundError: - err_msg = "istio-ingressgateway url/route is missing in istio-system namespace" - logger.error(f"FAIL: {err_msg}") - assert False, err_msg +# @pytest.mark.validate_istio_ingressgateway_route +# def test_validate_istio_ingressgateway_route(openshift_dyn_client): +# namespace = "istio-system" +# logger.info("Check for the existence of the istio_ingressgateway route") +# try: +# for route in Route.get( +# dyn_client=openshift_dyn_client, +# namespace=namespace, +# name="istio-ingressgateway", +# ): +# logger.info(route.instance.spec.host) +# except NotFoundError: +# err_msg = "istio-ingressgateway url/route is missing in istio-system namespace" +# logger.error(f"FAIL: {err_msg}") +# assert False, err_msg - logger.info("PASS: Found istio-ingressgateway route") +# logger.info("PASS: Found istio-ingressgateway route") @pytest.mark.validate_kiali_route @@ -108,6 +113,30 @@ def test_validate_kiali_route(openshift_dyn_client): logger.info("PASS: Found kiali route") +@pytest.mark.validate_mtls +def test_validate_mtls(openshift_dyn_client): + peerauth = subprocess.run( + [ + "oc", + "get", + "peerauthentication", + "-o", + "jsonpath='{.items[*].spec.mtls.mode}'", + "-n", + "istio-system", + ], + capture_output=True, + ) + peerauth = peerauth.stdout.decode("utf-8") + logger.info(f"peerauthentication: {peerauth}") + if re.search("^'STRICT'$", peerauth): + logger.info("PASS: Peerauthentication is STRICT.") + else: + err_msg = "Peerauthentication is not STRICT" + logger.error(f"FAIL: {err_msg}") + assert False, err_msg + + @pytest.mark.validate_argocd_applications_health_hub_site def test_validate_argocd_applications_health_hub_site(openshift_dyn_client): logger.info("Get all applications deployed by argocd on hub site")