Google Git
Sign in
apache / apisix-ingress-controller / 113defc7329febff963f06bb675f51d2c8379784 / . / test / e2e / suite-plugins / suite-plugins-authentication / wolfrbac.go
blob: 2ecab924fb37b821e9e47f6512344d543f0fee4e [file] [log] [blame]
// Licensed to the Apache Software Foundation (ASF) under one or more
// contributor license agreements. See the NOTICE file distributed with
// this work for additional information regarding copyright ownership.
// The ASF licenses this file to You under the Apache License, Version 2.0
// (the "License"); you may not use this file except in compliance with
// the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package plugins
import (
"encoding/base64"
"encoding/json"
"fmt"
"net/http"
"os/exec"
"time"
ginkgo "github.com/onsi/ginkgo/v2"
"github.com/stretchr/testify/assert"
"github.com/apache/apisix-ingress-controller/test/e2e/scaffold"
)
var _ = ginkgo.Describe("suite-plugins-authentication: ApisixConsumer with wolfRBAC", func() {
suites := func(scaffoldFunc func() *scaffold.Scaffold) {
s := scaffoldFunc()
ginkgo.Context("wolfRBAC-server", func() {
getWolfRBACServerURL := func() (string, error) {
cmd := exec.Command("sh", "testdata/wolf-rbac/cmd.sh", "ip")
ip, err := cmd.Output()
if err != nil {
return "", err
}
if len(ip) == 0 {
return "", fmt.Errorf("wolf-server start failed")
}
return fmt.Sprintf("http://%s:12180", string(ip)), nil
}
ginkgo.It("ApisixRoute with wolfRBAC consumer", func() {
wolfSvr, err := getWolfRBACServerURL()
assert.Nil(ginkgo.GinkgoT(), err, "checking wolf-server")
ac := fmt.Sprintf(`
apiVersion: apisix.apache.org/v2
kind: ApisixConsumer
metadata:
name: wolf-user
spec:
authParameter:
wolfRBAC:
value:
server: "%s"
appid: "test-app"
header_prefix: "X-"
`, wolfSvr)
assert.Nil(ginkgo.GinkgoT(), s.CreateVersionedApisixResource(ac), "creating wolfRBAC ApisixConsumer")
// Wait until the ApisixConsumer create event was delivered.
time.Sleep(6 * time.Second)
grs, err := s.ListApisixConsumers()
assert.Nil(ginkgo.GinkgoT(), err, "listing consumer")
assert.Len(ginkgo.GinkgoT(), grs, 1)
assert.Len(ginkgo.GinkgoT(), grs[0].Plugins, 1)
wolfRBAC, _ := grs[0].Plugins["wolf-rbac"].(map[string]interface{})
assert.Equal(ginkgo.GinkgoT(), wolfRBAC, map[string]interface{}{
"server": wolfSvr,
"appid": "test-app",
"header_prefix": "X-",
})
adminSvc, adminPort := s.ApisixAdminServiceAndPort()
ar1 := fmt.Sprintf(`
apiVersion: apisix.apache.org/v2
kind: ApisixRoute
metadata:
name: default
spec:
http:
- name: public-api
match:
paths:
- /apisix/plugin/wolf-rbac/login
backends:
- serviceName: %s
servicePort: %d
plugins:
- name: public-api
enable: true
`, adminSvc, adminPort)
assert.Nil(ginkgo.GinkgoT(), s.CreateVersionedApisixResource(ar1), "creating ApisixRoute")
assert.Nil(ginkgo.GinkgoT(), s.EnsureNumApisixRoutesCreated(1), "Checking number of routes")
assert.Nil(ginkgo.GinkgoT(), s.EnsureNumApisixUpstreamsCreated(1), "Checking number of upstreams")
backendSvc, backendPorts := s.DefaultHTTPBackend()
ar2 := fmt.Sprintf(`
apiVersion: apisix.apache.org/v2
kind: ApisixRoute
metadata:
name: httpbin-route
spec:
http:
- name: rule1
match:
hosts:
- httpbin.org
paths:
- /*
backends:
- serviceName: %s
servicePort: %d
authentication:
enable: true
type: wolfRBAC
`, backendSvc, backendPorts[0])
assert.Nil(ginkgo.GinkgoT(), s.CreateVersionedApisixResource(ar2), "creating ApisixRoute")
assert.Nil(ginkgo.GinkgoT(), s.EnsureNumApisixRoutesCreated(2), "Checking number of routes")
assert.Nil(ginkgo.GinkgoT(), s.EnsureNumApisixUpstreamsCreated(2), "Checking number of upstreams")
payload := []byte(`
{
"appid": "test-app",
"username": "test",
"password": "test-123456",
"authType": 1
}
`)
body := s.NewAPISIXClient().POST("/apisix/plugin/wolf-rbac/login").
WithHeader("Content-Type", "application/json").
WithBytes(payload).
Expect().
Status(http.StatusOK).
Body().
Contains("rbac_token").
Raw()
data := struct {
Token string `json:"rbac_token"`
}{}
_ = json.Unmarshal([]byte(body), &data)
_ = s.NewAPISIXClient().GET("").
WithHeader("Host", "httpbin.org").
WithHeader("Authorization", data.Token).
Expect().
Status(http.StatusOK)
msg401 := s.NewAPISIXClient().GET("").
WithHeader("Host", "httpbin.org").
Expect().
Status(http.StatusUnauthorized).
Body().
Raw()
assert.Contains(ginkgo.GinkgoT(), msg401, "Missing rbac token in request")
})
ginkgo.It("ApisixRoute with wolfRBAC consumer using secret", func() {
wolfSvr, err := getWolfRBACServerURL()
assert.Nil(ginkgo.GinkgoT(), err, "checking wolf-server")
secret := fmt.Sprintf(`
apiVersion: v1
kind: Secret
metadata:
name: rbac
data:
server: %s
appid: dGVzdC1hcHA=
header_prefix: WC0=
`, base64.StdEncoding.EncodeToString([]byte(wolfSvr)))
assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(secret), "creating wolfRBAC secret for ApisixConsumer")
ac := `
apiVersion: apisix.apache.org/v2
kind: ApisixConsumer
metadata:
name: wolf-user
spec:
authParameter:
wolfRBAC:
secretRef:
name: rbac
`
assert.Nil(ginkgo.GinkgoT(), s.CreateVersionedApisixResource(ac), "creating wolfRBAC ApisixConsumer")
// Wait until the ApisixConsumer create event was delivered.
time.Sleep(6 * time.Second)
grs, err := s.ListApisixConsumers()
assert.Nil(ginkgo.GinkgoT(), err, "listing consumer")
assert.Len(ginkgo.GinkgoT(), grs, 1)
assert.Len(ginkgo.GinkgoT(), grs[0].Plugins, 1)
wolfRBAC, _ := grs[0].Plugins["wolf-rbac"].(map[string]interface{})
assert.Equal(ginkgo.GinkgoT(), wolfRBAC, map[string]interface{}{
"server": wolfSvr,
"appid": "test-app",
"header_prefix": "X-",
})
adminSvc, adminPort := s.ApisixAdminServiceAndPort()
ar1 := fmt.Sprintf(`
apiVersion: apisix.apache.org/v2
kind: ApisixRoute
metadata:
name: default
spec:
http:
- name: public-api
match:
paths:
- /apisix/plugin/wolf-rbac/login
backends:
- serviceName: %s
servicePort: %d
plugins:
- name: public-api
enable: true
`, adminSvc, adminPort)
assert.Nil(ginkgo.GinkgoT(), s.CreateVersionedApisixResource(ar1), "creating ApisixRoute")
assert.Nil(ginkgo.GinkgoT(), s.EnsureNumApisixRoutesCreated(1), "Checking number of routes")
assert.Nil(ginkgo.GinkgoT(), s.EnsureNumApisixUpstreamsCreated(1), "Checking number of upstreams")
backendSvc, backendPorts := s.DefaultHTTPBackend()
ar2 := fmt.Sprintf(`
apiVersion: apisix.apache.org/v2
kind: ApisixRoute
metadata:
name: httpbin-route
spec:
http:
- name: rule1
match:
hosts:
- httpbin.org
paths:
- /*
backends:
- serviceName: %s
servicePort: %d
authentication:
enable: true
type: wolfRBAC
`, backendSvc, backendPorts[0])
assert.Nil(ginkgo.GinkgoT(), s.CreateVersionedApisixResource(ar2), "creating ApisixRoute")
assert.Nil(ginkgo.GinkgoT(), s.EnsureNumApisixRoutesCreated(2), "Checking number of routes")
assert.Nil(ginkgo.GinkgoT(), s.EnsureNumApisixUpstreamsCreated(2), "Checking number of upstreams")
payload := []byte(`
{
"appid": "test-app",
"username": "test",
"password": "test-123456",
"authType": 1
}
`)
body := s.NewAPISIXClient().POST("/apisix/plugin/wolf-rbac/login").
WithHeader("Content-Type", "application/json").
WithBytes(payload).
Expect().
Status(http.StatusOK).
Body().
Contains("rbac_token").
Raw()
data := struct {
Token string `json:"rbac_token"`
}{}
_ = json.Unmarshal([]byte(body), &data)
_ = s.NewAPISIXClient().GET("").
WithHeader("Host", "httpbin.org").
WithHeader("Authorization", data.Token).
Expect().
Status(http.StatusOK)
msg401 := s.NewAPISIXClient().GET("").
WithHeader("Host", "httpbin.org").
Expect().
Status(http.StatusUnauthorized).
Body().
Raw()
assert.Contains(ginkgo.GinkgoT(), msg401, "Missing rbac token in request")
})
})
}
ginkgo.Describe("suite-plugins-authentication: scaffold v2", func() {
suites(scaffold.NewDefaultV2Scaffold)
})
})