diff --git a/.github/data/matrix-smoke-nap.json b/.github/data/matrix-smoke-nap.json index f4b2b34064..b0726135d9 100644 --- a/.github/data/matrix-smoke-nap.json +++ b/.github/data/matrix-smoke-nap.json @@ -55,6 +55,14 @@ "nap_modules": "dos", "marker": "dos_learning", "platforms": "linux/amd64" + }, + { + "label": "AGENT 1/1", + "image": "debian-plus-nap", + "type": "plus", + "nap_modules": "waf", + "marker": "agent", + "platforms": "linux/amd64" } ], "k8s": [] diff --git a/pyproject.toml b/pyproject.toml index 35c2f54aba..0b3de53574 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -23,6 +23,7 @@ pythonpath = [ addopts = "--tb=native -ra --disable-warnings -x -l --profile -v --strict-markers" log_cli = true markers =[ + "agent", "annotations", "appprotect", "appprotect_integration", diff --git a/tests/suite/utils/test_agent_app_protect.py b/tests/suite/utils/test_agent_app_protect.py new file mode 100644 index 0000000000..ab881b90c2 --- /dev/null +++ b/tests/suite/utils/test_agent_app_protect.py @@ -0,0 +1,50 @@ +import pytest +from kubernetes.stream import stream +from suite.utils.resources_utils import get_first_pod_name, wait_before_test + + +@pytest.mark.skip_for_nginx_oss +@pytest.mark.agent +@pytest.mark.parametrize( + "crd_ingress_controller_with_ap", + [ + { + "extra_args": [ + "-enable-app-protect", + "-agent=true", + "-agent-instance-group=test-ic", + ] + } + ], + indirect=["crd_ingress_controller_with_ap"], +) +class TestAppProtectAgent: + def test_ap_agent(self, kube_apis, ingress_controller_prerequisites, crd_ingress_controller_with_ap): + pod_name = get_first_pod_name(kube_apis.v1, "nginx-ingress") + log = kube_apis.v1.read_namespaced_pod_log(pod_name, ingress_controller_prerequisites.namespace) + + command = ["/usr/bin/nginx-agent", "-v"] + retries = 0 + while retries <= 3: + wait_before_test() + try: + resp = stream( + kube_apis.v1.connect_get_namespaced_pod_exec, + pod_name, + ingress_controller_prerequisites.namespace, + command=command, + stderr=True, + stdin=False, + stdout=True, + tty=False, + ) + break + except Exception as e: + print(f"Error: {e}") + retries += 1 + if retries == 3: + raise e + result_conf = str(resp) + + assert f"Failed to get nginx-agent version: fork/exec /usr/bin/nginx-agent" not in log + assert "nginx-agent version " in result_conf