From 01f5d48b672e1c5e2e9dfe63ed7f4e2b572094ce Mon Sep 17 00:00:00 2001 From: Mark LaBonte Date: Thu, 2 Jul 2026 22:45:32 -0400 Subject: [PATCH 1/3] Add mtls test, remove test for istio_ingressgateway route, fix project name --- .../test_validate_hub_site_components.py | 65 ++++++++++++++----- 1 file changed, 47 insertions(+), 18 deletions(-) diff --git a/tests/interop/test_validate_hub_site_components.py b/tests/interop/test_validate_hub_site_components.py index 58f0a367..a7ab8f52 100644 --- a/tests/interop/test_validate_hub_site_components.py +++ b/tests/interop/test_validate_hub_site_components.py @@ -1,10 +1,12 @@ import logging import os +import re +import subprocess import pytest from ocp_resources.route import Route -from ocp_resources.storage_class import StorageClass from openshift.dynamic.exceptions import NotFoundError +from ocp_resources.storage_class import StorageClass from validatedpatterns_tests.interop import application, components from . import __loggername__ @@ -44,7 +46,10 @@ def test_check_pod_status(openshift_dyn_client): logger.info("Checking pod status") projects = [ "openshift-operators", - "openshift-gitops", + "openshift-gitops-operator", + "openshift-cluster-observability-operator", + "openshift-opentelemetry-operator", + "openshift-tempo-operator", "travel-agency", "travel-control", "travel-portal", @@ -70,23 +75,23 @@ def test_validate_argocd_reachable_hub_site(openshift_dyn_client): logger.info("PASS: Argocd is reachable") -@pytest.mark.validate_istio_ingressgateway_route -def test_validate_istio_ingressgateway_route(openshift_dyn_client): - namespace = "istio-system" - logger.info("Check for the existence of the istio_ingressgateway route") - try: - for route in Route.get( - dyn_client=openshift_dyn_client, - namespace=namespace, - name="istio-ingressgateway", - ): - logger.info(route.instance.spec.host) - except NotFoundError: - err_msg = "istio-ingressgateway url/route is missing in istio-system namespace" - logger.error(f"FAIL: {err_msg}") - assert False, err_msg +# @pytest.mark.validate_istio_ingressgateway_route +# def test_validate_istio_ingressgateway_route(openshift_dyn_client): +# namespace = "istio-system" +# logger.info("Check for the existence of the istio_ingressgateway route") +# try: +# for route in Route.get( +# dyn_client=openshift_dyn_client, +# namespace=namespace, +# name="istio-ingressgateway", +# ): +# logger.info(route.instance.spec.host) +# except NotFoundError: +# err_msg = "istio-ingressgateway url/route is missing in istio-system namespace" +# logger.error(f"FAIL: {err_msg}") +# assert False, err_msg - logger.info("PASS: Found istio-ingressgateway route") +# logger.info("PASS: Found istio-ingressgateway route") @pytest.mark.validate_kiali_route @@ -108,6 +113,30 @@ def test_validate_kiali_route(openshift_dyn_client): logger.info("PASS: Found kiali route") +@pytest.mark.validate_mtls +def test_validate_mtls(openshift_dyn_client): + peerauth = subprocess.run( + [ + "oc", + "get", + "peerauthentication", + "-o", + "jsonpath='{.items[*].spec.mtls.mode}'", + "-n", + "istio-system", + ], + capture_output=True, + ) + peerauth = peerauth.stdout.decode("utf-8") + logger.info(f"peerauthentication: {peerauth}") + if re.search('STRICT', peerauth): + logger.info("PASS: Peerauthentication is STRICT.") + else: + err_msg = "Peerauthentication is not STRICT" + logger.error(f"FAIL: {err_msg}") + assert False, err_msg + + @pytest.mark.validate_argocd_applications_health_hub_site def test_validate_argocd_applications_health_hub_site(openshift_dyn_client): logger.info("Get all applications deployed by argocd on hub site") From b757560e8a04453f1ebae3a9faa8ae532c607d04 Mon Sep 17 00:00:00 2001 From: Mark LaBonte Date: Thu, 2 Jul 2026 22:57:19 -0400 Subject: [PATCH 2/3] Add anchors --- tests/interop/test_validate_hub_site_components.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/interop/test_validate_hub_site_components.py b/tests/interop/test_validate_hub_site_components.py index a7ab8f52..a3626b9a 100644 --- a/tests/interop/test_validate_hub_site_components.py +++ b/tests/interop/test_validate_hub_site_components.py @@ -129,7 +129,7 @@ def test_validate_mtls(openshift_dyn_client): ) peerauth = peerauth.stdout.decode("utf-8") logger.info(f"peerauthentication: {peerauth}") - if re.search('STRICT', peerauth): + if re.search("^'STRICT'$", peerauth): logger.info("PASS: Peerauthentication is STRICT.") else: err_msg = "Peerauthentication is not STRICT" From 24a13a0e3052938472d925bbccb8f2bb7b790ba9 Mon Sep 17 00:00:00 2001 From: Mark LaBonte Date: Thu, 2 Jul 2026 23:03:04 -0400 Subject: [PATCH 3/3] Fix isort error --- tests/interop/test_validate_hub_site_components.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/interop/test_validate_hub_site_components.py b/tests/interop/test_validate_hub_site_components.py index a3626b9a..70b57fc9 100644 --- a/tests/interop/test_validate_hub_site_components.py +++ b/tests/interop/test_validate_hub_site_components.py @@ -5,8 +5,8 @@ import pytest from ocp_resources.route import Route -from openshift.dynamic.exceptions import NotFoundError from ocp_resources.storage_class import StorageClass +from openshift.dynamic.exceptions import NotFoundError from validatedpatterns_tests.interop import application, components from . import __loggername__