add canary header and update syslog yaml for AP tests (#3116)

Author: vepatel

tests/data/ap-waf/syslog-1.yaml renamed to tests/data/ap-waf/syslog2.yaml

@@ -1,19 +1,19 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: syslog-1
+  name: syslog2
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: syslog-1
+      app: syslog2
   template:
     metadata:
       labels:
-        app: syslog-1
+        app: syslog2
     spec:
       containers:
-        - name: syslog
+        - name: syslog2
           image: balabit/syslog-ng:3.38.1
           ports:
             - containerPort: 514
@@ -30,11 +30,11 @@ spec:
 apiVersion: v1
 kind: Service
 metadata:
-  name: syslog-svc-1
+  name: syslog2-svc
 spec:
   ports:
     - port: 514
       targetPort: 514
       protocol: TCP
   selector:
-    app: syslog-1
+    app: syslog2

tests/suite/test_app_protect_integration.py

@@ -340,9 +340,6 @@ def test_ap_multi_sec_logs(
         syslog_dst = f"syslog-svc.{test_namespace}"
         syslog2_dst = f"syslog2-svc.{test_namespace}"
 
-        syslog_pod = get_pod_name_that_contains(kube_apis.v1, test_namespace, "syslog-")
-        syslog2_pod = get_pod_name_that_contains(kube_apis.v1, test_namespace, "syslog2")
-
         with open(src_ing_yaml) as f:
             doc = yaml.safe_load(f)
 
@@ -369,6 +366,8 @@ def test_ap_multi_sec_logs(
         print("----------------------- Send request ----------------------")
         response = requests.get(appprotect_setup.req_url + "/<script>", headers={"host": ingress_host}, verify=False)
         print(response.text)
+        syslog_pod = get_pod_name_that_contains(kube_apis.v1, test_namespace, "syslog-")
+        syslog2_pod = get_pod_name_that_contains(kube_apis.v1, test_namespace, "syslog2")
         log_contents = ""
         log2_contents = ""
         retry = 0

tests/suite/test_app_protect_waf_policies.py

@@ -22,6 +22,7 @@
     create_items_from_yaml,
     delete_items_from_yaml,
     get_file_contents,
+    get_pod_name_that_contains,
     get_service_endpoint,
     wait_before_test,
 )
@@ -303,16 +304,14 @@ def test_ap_waf_policy_multi_logs(
         Test waf policy logs
         """
         src_syslog_yaml = f"{TEST_DATA}/ap-waf/syslog.yaml"
-        src_syslog_yaml_additional = f"{TEST_DATA}/ap-waf/syslog-1.yaml"
+        src_syslog_yaml_additional = f"{TEST_DATA}/ap-waf/syslog2.yaml"
         log_loc = f"/var/log/messages"
         src_log_yaml_escape = f"{TEST_DATA}/ap-waf/logconf-esc.yaml"
         log_esc_name = create_ap_logconf_from_yaml(kube_apis.custom_objects, src_log_yaml_escape, test_namespace)
         create_items_from_yaml(kube_apis, src_syslog_yaml, test_namespace)
         create_items_from_yaml(kube_apis, src_syslog_yaml_additional, test_namespace)
         syslog_dst1 = f"syslog-svc.{test_namespace}"
-        syslog_dst2 = f"syslog-svc-1.{test_namespace}"
-        syslog_pod = kube_apis.v1.list_namespaced_pod(test_namespace, label_selector="app=syslog").items
-        syslog_esc_pod = kube_apis.v1.list_namespaced_pod(test_namespace, label_selector="app=syslog-1").items
+        syslog_dst2 = f"syslog2-svc.{test_namespace}"
         print(f"Create waf policy")
         create_ap_multilog_waf_policy_from_yaml(
             kube_apis.custom_objects,
@@ -344,22 +343,22 @@ def test_ap_waf_policy_multi_logs(
             headers={"host": virtual_server_setup.vs_host},
         )
         print(response.text)
+        syslog_pod = get_pod_name_that_contains(kube_apis.v1, test_namespace, "syslog")
+        syslog_esc_pod = get_pod_name_that_contains(kube_apis.v1, test_namespace, "syslog2")
         log_contents = ""
         retry = 0
-        while "ASM:attack_type" not in log_contents and retry <= 30:
-            log_contents = get_file_contents(kube_apis.v1, log_loc, syslog_pod[0].metadata.name, test_namespace)
+        while "ASM:attack_type" not in log_contents and retry <= 60:
+            log_contents = get_file_contents(kube_apis.v1, log_loc, syslog_pod, test_namespace)
             retry += 1
             wait_before_test(1)
-            print(log_contents)
             print(f"Security log not updated, retrying... #{retry}")
 
         log_esc_contents = ""
         retry = 0
-        while "attack_type" not in log_esc_contents and retry <= 30:
-            log_esc_contents = get_file_contents(kube_apis.v1, log_loc, syslog_esc_pod[0].metadata.name, test_namespace)
+        while "attack_type" not in log_esc_contents and retry <= 60:
+            log_esc_contents = get_file_contents(kube_apis.v1, log_loc, syslog_esc_pod, test_namespace)
             retry += 1
             wait_before_test(1)
-            print(log_esc_contents)
             print(f"Security log not updated, retrying... #{retry}")
 
         delete_policy(kube_apis.custom_objects, "waf-policy", test_namespace)

tests/suite/test_virtual_server_focused_canary.py

@@ -60,12 +60,16 @@ def test_several_requests(self, kube_apis, crd_ingress_controller, virtual_serve
         counter_v1, counter_v2 = 0, 0
         for _ in range(100):
             ensure_response_from_backend(
-                virtual_server_setup.backend_1_url, virtual_server_setup.vs_host, check404=True
-            )
-            resp = requests.get(
-                virtual_server_setup.backend_1_url,
-                headers={"host": virtual_server_setup.vs_host, "x-version": "canary"},
+                virtual_server_setup.backend_1_url, virtual_server_setup.vs_host, {"x-version": "canary"}, check404=True
             )
+            status_code = 502
+            while status_code == 502:
+                resp = requests.get(
+                    virtual_server_setup.backend_1_url,
+                    headers={"host": virtual_server_setup.vs_host, "x-version": "canary"},
+                )
+                status_code = resp.status_code
+
             if upstreams[0] in resp.text in resp.text:
                 counter_v1 = counter_v1 + 1
             elif upstreams[1] in resp.text in resp.text: