diff --git a/tests/integration/apply_test.go b/tests/integration/apply_test.go index 9d30da8f9..4cd148a8e 100644 --- a/tests/integration/apply_test.go +++ b/tests/integration/apply_test.go @@ -686,3 +686,178 @@ func Test_Apply_KonnectWorkspace(t *testing.T) { }) } } + +// test scope: +// - enterprise >=3.14.0 +func Test_Apply_Plugin_Conditional(t *testing.T) { + runWhen(t, "enterprise", ">=3.14.0") + setup(t) + ctx := context.Background() + + client, err := getTestClient() + require.NoError(t, err) + + kongFile := "testdata/sync/003-create-a-plugin/kong-conditional.yaml" + require.NoError(t, sync(ctx, kongFile)) + + // resync with no error + require.NoError(t, sync(ctx, kongFile)) + + expectedStatePostSync := utils.KongRawState{ + Plugins: []*kong.Plugin{ + { + ID: kong.String("efead952-0a1d-43ec-9794-0ac6abdc7f55"), + Name: kong.String("key-auth"), + Config: kong.Configuration{ + "anonymous": nil, + "hide_credentials": bool(true), + "identity_realms": []any{map[string]any{"id": nil, "region": nil, "scope": string("cp")}}, + "key_in_body": bool(false), + "key_in_header": bool(true), + "key_in_query": bool(true), + "key_names": []any{string("apikey")}, + "realm": nil, + "run_on_preflight": bool(true), + }, + Enabled: kong.Bool(true), + Protocols: []*string{ + kong.String("grpc"), + kong.String("grpcs"), + kong.String("http"), + kong.String("https"), + kong.String("ws"), + kong.String("wss"), + }, + Condition: kong.String("route.name != \"health\""), + }, + }, + } + + testKongState(t, client, false, false, expectedStatePostSync, nil) + + // apply command to change condition + updatedFile := "testdata/apply/012-plugin-conditional/updated.yaml" + require.NoError(t, apply(ctx, updatedFile)) + + expectedStatePostApply := utils.KongRawState{ + Plugins: []*kong.Plugin{ + { + ID: kong.String("efead952-0a1d-43ec-9794-0ac6abdc7f55"), + Name: kong.String("key-auth"), + Config: kong.Configuration{ + "anonymous": nil, + "hide_credentials": bool(true), + "identity_realms": []any{map[string]any{"id": nil, "region": nil, "scope": string("cp")}}, + "key_in_body": bool(false), + "key_in_header": bool(true), + "key_in_query": bool(true), + "key_names": []any{string("apikey")}, + "realm": nil, + "run_on_preflight": bool(true), + }, + Enabled: kong.Bool(true), + Protocols: []*string{ + kong.String("grpc"), + kong.String("grpcs"), + kong.String("http"), + kong.String("https"), + kong.String("ws"), + kong.String("wss"), + }, + Condition: kong.String("service.name != \"healthcheck-service\""), + }, + }, + } + + testKongState(t, client, false, false, expectedStatePostApply, nil) +} + +// test scope: +// - konnect +func Test_Apply_Plugin_Conditional_Konnect(t *testing.T) { + runDualTestWithSkipDefaults(t, "Test_Apply_Plugin_Conditional_Konnect", testApplyPluginConditionalKonnectImpl) +} + +func testApplyPluginConditionalKonnectImpl(t *testing.T) { + setDefaultKonnectControlPlane(t) + runWhenKonnect(t) + setup(t) + ctx := context.Background() + + client, err := getTestClient() + require.NoError(t, err) + + kongFile := "testdata/sync/003-create-a-plugin/kong-conditional.yaml" + require.NoError(t, sync(ctx, kongFile)) + + // resync with no error + require.NoError(t, sync(ctx, kongFile)) + + expectedStatePostSync := utils.KongRawState{ + Plugins: []*kong.Plugin{ + { + ID: kong.String("efead952-0a1d-43ec-9794-0ac6abdc7f55"), + Name: kong.String("key-auth"), + Config: kong.Configuration{ + "anonymous": nil, + "hide_credentials": bool(true), + "identity_realms": []any{map[string]any{"id": nil, "region": nil, "scope": string("cp")}}, + "key_in_body": bool(false), + "key_in_header": bool(true), + "key_in_query": bool(true), + "key_names": []any{string("apikey")}, + "realm": nil, + "run_on_preflight": bool(true), + }, + Enabled: kong.Bool(true), + Protocols: []*string{ + kong.String("grpc"), + kong.String("grpcs"), + kong.String("http"), + kong.String("https"), + kong.String("ws"), + kong.String("wss"), + }, + Condition: kong.String("route.name != \"health\""), + }, + }, + } + + testKongState(t, client, true, false, expectedStatePostSync, nil) + + // apply command to change condition + updatedFile := "testdata/apply/012-plugin-conditional/updated.yaml" + require.NoError(t, apply(ctx, updatedFile)) + + expectedStatePostApply := utils.KongRawState{ + Plugins: []*kong.Plugin{ + { + ID: kong.String("efead952-0a1d-43ec-9794-0ac6abdc7f55"), + Name: kong.String("key-auth"), + Config: kong.Configuration{ + "anonymous": nil, + "hide_credentials": bool(true), + "identity_realms": []any{map[string]any{"id": nil, "region": nil, "scope": string("cp")}}, + "key_in_body": bool(false), + "key_in_header": bool(true), + "key_in_query": bool(true), + "key_names": []any{string("apikey")}, + "realm": nil, + "run_on_preflight": bool(true), + }, + Enabled: kong.Bool(true), + Protocols: []*string{ + kong.String("grpc"), + kong.String("grpcs"), + kong.String("http"), + kong.String("https"), + kong.String("ws"), + kong.String("wss"), + }, + Condition: kong.String("service.name != \"healthcheck-service\""), + }, + }, + } + + testKongState(t, client, true, false, expectedStatePostApply, nil) +} diff --git a/tests/integration/dump_test.go b/tests/integration/dump_test.go index 32411cf76..c0e589978 100644 --- a/tests/integration/dump_test.go +++ b/tests/integration/dump_test.go @@ -1352,3 +1352,37 @@ func Test_Dump_KonnectWorkspace_AllWorkspaces(t *testing.T) { assert.Contains(t, string(defaultOutput), "_workspace: default", "default.yaml should contain _workspace: default") } + +func Test_Dump_Plugin_Conditional(t *testing.T) { + runWhen(t, "enterprise", ">=3.14.0") + setup(t) + + ctx := context.Background() + kongFile := "testdata/sync/003-create-a-plugin/kong-conditional.yaml" + require.NoError(t, sync(ctx, kongFile)) + + output, err := dump("-o", "-", "--with-id") + require.NoError(t, err) + + expectedFile := "testdata/dump/012-plugin-conditional/expected.yaml" + expected, err := readFile(expectedFile) + require.NoError(t, err) + assert.Equal(t, expected, output) +} + +func Test_Dump_Plugin_Conditional_Konnect(t *testing.T) { + runWhenKonnect(t) + setup(t) + + ctx := context.Background() + kongFile := "testdata/sync/003-create-a-plugin/kong-conditional.yaml" + require.NoError(t, sync(ctx, kongFile)) + + output, err := dump("-o", "-", "--with-id") + require.NoError(t, err) + + expectedFile := "testdata/dump/012-plugin-conditional/expected-konnect.yaml" + expected, err := readFile(expectedFile) + require.NoError(t, err) + assert.Equal(t, expected, output) +} diff --git a/tests/integration/sync_test.go b/tests/integration/sync_test.go index d6cb7fc76..7add73d48 100644 --- a/tests/integration/sync_test.go +++ b/tests/integration/sync_test.go @@ -11882,3 +11882,106 @@ func testSyncPluginsNestedForeignKeysExternalEntitiesKonnectImpl(t *testing.T) { }) } } + +// test scope: +// - enterprise >=3.14.0 +func Test_Sync_Plugin_Conditional(t *testing.T) { + runWhen(t, "enterprise", ">=3.14.0") + setup(t) + ctx := context.Background() + + client, err := getTestClient() + require.NoError(t, err) + + kongFile := "testdata/sync/003-create-a-plugin/kong-conditional.yaml" + require.NoError(t, sync(ctx, kongFile)) + + // resync with no error + require.NoError(t, sync(ctx, kongFile)) + + expectedStatePostSync := utils.KongRawState{ + Plugins: []*kong.Plugin{ + { + ID: kong.String("efead952-0a1d-43ec-9794-0ac6abdc7f55"), + Name: kong.String("key-auth"), + Config: kong.Configuration{ + "anonymous": nil, + "hide_credentials": bool(true), + "identity_realms": []any{map[string]any{"id": nil, "region": nil, "scope": string("cp")}}, + "key_in_body": bool(false), + "key_in_header": bool(true), + "key_in_query": bool(true), + "key_names": []any{string("apikey")}, + "realm": nil, + "run_on_preflight": bool(true), + }, + Enabled: kong.Bool(true), + Protocols: []*string{ + kong.String("grpc"), + kong.String("grpcs"), + kong.String("http"), + kong.String("https"), + kong.String("ws"), + kong.String("wss"), + }, + Condition: kong.String("route.name != \"health\""), + }, + }, + } + + testKongState(t, client, false, false, expectedStatePostSync, nil) +} + +// test scope: +// - konnect +func Test_Sync_Plugin_Conditional_Konnect(t *testing.T) { + runDualTestWithSkipDefaults(t, "Test_Sync_Plugin_Conditional_Konnect", testSyncPluginConditionalKonnectImpl) +} + +func testSyncPluginConditionalKonnectImpl(t *testing.T) { + setDefaultKonnectControlPlane(t) + runWhenKonnect(t) + setup(t) + ctx := context.Background() + + client, err := getTestClient() + require.NoError(t, err) + + kongFile := "testdata/sync/003-create-a-plugin/kong-conditional.yaml" + require.NoError(t, sync(ctx, kongFile)) + + // resync with no error + require.NoError(t, sync(ctx, kongFile)) + + expectedStatePostSync := utils.KongRawState{ + Plugins: []*kong.Plugin{ + { + ID: kong.String("efead952-0a1d-43ec-9794-0ac6abdc7f55"), + Name: kong.String("key-auth"), + Config: kong.Configuration{ + "anonymous": nil, + "hide_credentials": bool(true), + "identity_realms": []any{map[string]any{"id": nil, "region": nil, "scope": string("cp")}}, + "key_in_body": bool(false), + "key_in_header": bool(true), + "key_in_query": bool(true), + "key_names": []any{string("apikey")}, + "realm": nil, + "run_on_preflight": bool(true), + }, + Enabled: kong.Bool(true), + Protocols: []*string{ + kong.String("grpc"), + kong.String("grpcs"), + kong.String("http"), + kong.String("https"), + kong.String("ws"), + kong.String("wss"), + }, + Condition: kong.String("route.name != \"health\""), + }, + }, + } + + testKongState(t, client, true, false, expectedStatePostSync, nil) +} diff --git a/tests/integration/testdata/apply/012-plugin-conditional/updated.yaml b/tests/integration/testdata/apply/012-plugin-conditional/updated.yaml new file mode 100644 index 000000000..369e7767c --- /dev/null +++ b/tests/integration/testdata/apply/012-plugin-conditional/updated.yaml @@ -0,0 +1,9 @@ +_format_version: "3.0" +plugins: +- id: efead952-0a1d-43ec-9794-0ac6abdc7f55 + name: key-auth + condition: service.name != "healthcheck-service" + config: + hide_credentials: true + key_names: [apikey] + enabled: true \ No newline at end of file diff --git a/tests/integration/testdata/dump/012-plugin-conditional/expected-konnect.yaml b/tests/integration/testdata/dump/012-plugin-conditional/expected-konnect.yaml new file mode 100644 index 000000000..95d43ad8c --- /dev/null +++ b/tests/integration/testdata/dump/012-plugin-conditional/expected-konnect.yaml @@ -0,0 +1,29 @@ +_format_version: "3.0" +_konnect: + control_plane_name: default +plugins: +- condition: route.name != "health" + config: + anonymous: null + hide_credentials: true + identity_realms: + - id: null + region: null + scope: cp + key_in_body: false + key_in_header: true + key_in_query: true + key_names: + - apikey + realm: null + run_on_preflight: true + enabled: true + id: efead952-0a1d-43ec-9794-0ac6abdc7f55 + name: key-auth + protocols: + - grpc + - grpcs + - http + - https + - ws + - wss diff --git a/tests/integration/testdata/dump/012-plugin-conditional/expected.yaml b/tests/integration/testdata/dump/012-plugin-conditional/expected.yaml new file mode 100644 index 000000000..3f7916b75 --- /dev/null +++ b/tests/integration/testdata/dump/012-plugin-conditional/expected.yaml @@ -0,0 +1,27 @@ +_format_version: "3.0" +plugins: +- condition: route.name != "health" + config: + anonymous: null + hide_credentials: true + identity_realms: + - id: null + region: null + scope: cp + key_in_body: false + key_in_header: true + key_in_query: true + key_names: + - apikey + realm: null + run_on_preflight: true + enabled: true + id: efead952-0a1d-43ec-9794-0ac6abdc7f55 + name: key-auth + protocols: + - grpc + - grpcs + - http + - https + - ws + - wss diff --git a/tests/integration/testdata/sync/003-create-a-plugin/kong-conditional.yaml b/tests/integration/testdata/sync/003-create-a-plugin/kong-conditional.yaml new file mode 100644 index 000000000..db3a7ad60 --- /dev/null +++ b/tests/integration/testdata/sync/003-create-a-plugin/kong-conditional.yaml @@ -0,0 +1,9 @@ +_format_version: "3.0" +plugins: +- id: efead952-0a1d-43ec-9794-0ac6abdc7f55 + name: key-auth + condition: route.name != "health" + config: + hide_credentials: true + key_names: [apikey] + enabled: true \ No newline at end of file