| # |
| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| use t::APISIX 'no_plan'; |
| |
| repeat_each(1); |
| no_long_string(); |
| no_root_location(); |
| no_shuffle(); |
| |
| add_block_preprocessor(sub { |
| my ($block) = @_; |
| |
| my $inside_lua_block = $block->inside_lua_block // ""; |
| chomp($inside_lua_block); |
| my $http_config = $block->http_config // <<_EOC_; |
| |
| server { |
| listen 8765; |
| |
| location /httptrigger { |
| content_by_lua_block { |
| ngx.req.read_body() |
| local msg = "aws lambda invoked" |
| ngx.header['Content-Length'] = #msg + 1 |
| ngx.header['Connection'] = "Keep-Alive" |
| ngx.say(msg) |
| } |
| } |
| |
| location /generic { |
| content_by_lua_block { |
| $inside_lua_block |
| } |
| } |
| } |
| _EOC_ |
| |
| $block->set_value("http_config", $http_config); |
| |
| if (!$block->request) { |
| $block->set_value("request", "GET /t"); |
| } |
| if (!$block->no_error_log && !$block->error_log) { |
| $block->set_value("no_error_log", "[error]\n[alert]"); |
| } |
| }); |
| |
| run_tests; |
| |
| __DATA__ |
| |
| === TEST 1: checking iam schema |
| --- config |
| location /t { |
| content_by_lua_block { |
| local plugin = require("apisix.plugins.aws-lambda") |
| local ok, err = plugin.check_schema({ |
| function_uri = "https://api.amazonaws.com", |
| authorization = { |
| iam = { |
| accesskey = "key1", |
| secretkey = "key2" |
| } |
| } |
| }) |
| if not ok then |
| ngx.say(err) |
| else |
| ngx.say("done") |
| end |
| } |
| } |
| --- response_body |
| done |
| |
| |
| |
| === TEST 2: missing fields in iam schema |
| --- config |
| location /t { |
| content_by_lua_block { |
| local plugin = require("apisix.plugins.aws-lambda") |
| local ok, err = plugin.check_schema({ |
| function_uri = "https://api.amazonaws.com", |
| authorization = { |
| iam = { |
| secretkey = "key2" |
| } |
| } |
| }) |
| if not ok then |
| ngx.say(err) |
| else |
| ngx.say("done") |
| end |
| } |
| } |
| --- response_body |
| property "authorization" validation failed: property "iam" validation failed: property "accesskey" is required |
| |
| |
| |
| === TEST 3: create route with aws plugin enabled |
| --- config |
| location /t { |
| content_by_lua_block { |
| local t = require("lib.test_admin").test |
| |
| local code, body = t('/apisix/admin/routes/1', |
| ngx.HTTP_PUT, |
| [[{ |
| "plugins": { |
| "aws-lambda": { |
| "function_uri": "http://localhost:8765/httptrigger", |
| "authorization": { |
| "apikey" : "testkey" |
| } |
| } |
| }, |
| "uri": "/aws" |
| }]], |
| [[{ |
| "node": { |
| "value": { |
| "plugins": { |
| "aws-lambda": { |
| "keepalive": true, |
| "timeout": 3000, |
| "ssl_verify": true, |
| "keepalive_timeout": 60000, |
| "keepalive_pool": 5, |
| "function_uri": "http://localhost:8765/httptrigger", |
| "authorization": { |
| "apikey": "testkey" |
| } |
| } |
| }, |
| "uri": "/aws" |
| }, |
| "key": "/apisix/routes/1" |
| }, |
| "action": "set" |
| }]] |
| ) |
| |
| if code >= 300 then |
| ngx.status = code |
| ngx.say("fail") |
| return |
| end |
| |
| ngx.say(body) |
| } |
| } |
| --- response_body |
| passed |
| |
| |
| |
| === TEST 4: test plugin endpoint |
| --- config |
| location /t { |
| content_by_lua_block { |
| local t = require("lib.test_admin").test |
| local core = require("apisix.core") |
| |
| local code, _, body, headers = t("/aws", "GET") |
| if code >= 300 then |
| ngx.status = code |
| ngx.say(body) |
| return |
| end |
| |
| -- headers proxied 2 times -- one by plugin, another by this test case |
| core.response.set_header(headers) |
| ngx.print(body) |
| } |
| } |
| --- response_body |
| aws lambda invoked |
| --- response_headers |
| Content-Length: 19 |
| |
| |
| |
| === TEST 5: check authz header - apikey |
| --- config |
| location /t { |
| content_by_lua_block { |
| local t = require("lib.test_admin").test |
| -- passing an apikey |
| local code, body = t('/apisix/admin/routes/1', |
| ngx.HTTP_PUT, |
| [[{ |
| "plugins": { |
| "aws-lambda": { |
| "function_uri": "http://localhost:8765/generic", |
| "authorization": { |
| "apikey": "test_key" |
| } |
| } |
| }, |
| "uri": "/aws" |
| }]] |
| ) |
| if code >= 300 then |
| ngx.status = code |
| ngx.say("fail") |
| return |
| end |
| |
| ngx.say(body) |
| |
| local code, _, body = t("/aws", "GET") |
| if code >= 300 then |
| ngx.status = code |
| ngx.say(body) |
| return |
| end |
| ngx.print(body) |
| } |
| } |
| --- inside_lua_block |
| local headers = ngx.req.get_headers() or {} |
| ngx.say("Authz-Header - " .. headers["x-api-key"] or "") |
| |
| --- response_body |
| passed |
| Authz-Header - test_key |
| |
| |
| |
| === TEST 6: check authz header - IAM v4 signing |
| --- config |
| location /t { |
| content_by_lua_block { |
| local t = require("lib.test_admin").test |
| |
| -- passing the iam access and secret keys |
| local code, body = t('/apisix/admin/routes/1', |
| ngx.HTTP_PUT, |
| [[{ |
| "plugins": { |
| "aws-lambda": { |
| "function_uri": "http://localhost:8765/generic", |
| "authorization": { |
| "iam": { |
| "accesskey": "KEY1", |
| "secretkey": "KeySecret" |
| } |
| } |
| } |
| }, |
| "uri": "/aws" |
| }]] |
| ) |
| if code >= 300 then |
| ngx.status = code |
| ngx.say("fail") |
| return |
| end |
| |
| ngx.say(body) |
| |
| local code, _, body, headers = t("/aws", "GET") |
| if code >= 300 then |
| ngx.status = code |
| ngx.say(body) |
| return |
| end |
| |
| ngx.print(body) |
| } |
| } |
| --- inside_lua_block |
| local headers = ngx.req.get_headers() or {} |
| ngx.say("Authz-Header - " .. headers["Authorization"] or "") |
| ngx.say("AMZ-Date - " .. headers["X-Amz-Date"] or "") |
| ngx.print("invoked") |
| |
| --- response_body eval |
| qr/passed |
| Authz-Header - AWS4-HMAC-SHA256 [ -~]* |
| AMZ-Date - [\d]+T[\d]+Z |
| invoked/ |