New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add always-fail auth handler #24609
Add always-fail auth handler #24609
Conversation
This adds an always fail auth handler that will always deny auth requests. This is useful for tesing policies and to use in end-to-end testing to ensure the auth mechanism in the datapath is functional. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>
/test |
Fail in jenkins test seems to be a non-related flake
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, nice work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
change itself looks good - even though i kind of question having these "test" auth types (null
& always-fail
) in the public API (CRD). kind of a smell for not testing on the right level - e.g. trying to cover datapath with e2e tests.
@mhofstetter i would agree (however i think null could be removed as we can test a working case with mtls-spiffe) but we cannot leave them out of the CRD as the 2e tests use plain cilium to run this. This is why i was hesitant myself to implement this |
Fail in jenkins seems not related:
|
Part of #24600
This adds an always fail auth handler that will always deny auth requests.
This is useful for testing policies and to use in end-to-end testing to
ensure the auth mechanism in the datapath is functional.