t/admin/api.t - apisix - Git at Google

 #
 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
 use t::APISIX 'no_plan';

 no_long_string();
 no_root_location();
 no_shuffle();

 add_block_preprocessor(sub {
     my ($block) = @_;

     if (!$block->request) {
         $block->set_value("request", "GET /apisix/admin/routes");
     }

     if (!$block->no_error_log && !$block->error_log) {
         $block->set_value("no_error_log", "[error]\n[alert]");
     }
 });

 run_tests;

 __DATA__

 === TEST 1: Server header for admin API
 --- response_headers_like
 Server: APISIX/(.*)


 === TEST 2: Server header for admin API without token
 --- yaml_config
 deployment:
     admin:
         admin_key:
             - key: a
               name: a
               role: admin
 apisix:
   node_listen: 1984
   enable_server_tokens: false
 --- error_code: 401
 --- response_headers
 Server: APISIX


 === TEST 3: Version header for admin API (without apikey)
 --- yaml_config
 deployment:
     admin:
         admin_key:
             - key: a
               name: a
               role: admin
 apisix:
   admin_api_version: default
 --- error_code: 401
 --- response_headers
 ! X-API-VERSION


 === TEST 4: Version header for admin API (v2)
 --- yaml_config
 deployment:
   role: traditional
   role_traditional:
     config_provider: etcd
   admin:
     admin_key: ~
     admin_api_version: v2
 --- more_headers
 X-API-KEY: edd1c9f034335f136f87ad84b625c8f1
 --- response_headers
 X-API-VERSION: v2


 === TEST 5: Version header for admin API (v3)
 --- yaml_config
 deployment:
   role: traditional
   role_traditional:
     config_provider: etcd
   admin:
     admin_key: ~
     admin_api_version: v3
 --- more_headers
 X-API-KEY: edd1c9f034335f136f87ad84b625c8f1
 --- response_headers
 X-API-VERSION: v3


 === TEST 6: CORS header for admin API
 --- response_headers
 Access-Control-Allow-Origin: *


 === TEST 7: CORS header disabled for admin API
 --- yaml_config
 deployment:
     admin:
         admin_key: ~
         enable_admin_cors: false
 --- response_headers
 Access-Control-Allow-Origin:


 === TEST 8: Compatibility for admin API (v2)
 --- yaml_config
 deployment:
   role: traditional
   role_traditional:
     config_provider: etcd
   admin:
     admin_key: ~
     admin_api_version: default
 --- more_headers
 X-API-KEY: edd1c9f034335f136f87ad84b625c8f1
 --- response_headers
 X-API-VERSION: v2
 --- response_body_like: "/apisix/routes"


 === TEST 9: Head method support for admin API
 --- config
     location /t {
         content_by_lua_block {
             local t = require("lib.test_admin").test
             local code, body = t('/apisix/admin',
                 ngx.HTTP_HEAD)
             ngx.status = code
             ngx.say(body)
         }
     }
 --- request
 GET /t
 --- response_body
 passed


 === TEST 10: Access with api key, and admin_key_required=true
 --- yaml_config
 deployment:
   admin:
     admin_key_required: true
     admin_key:
     - name: admin
       role: admin
       key: rDAkLJbqvoBzBOoxuYAUDbbWaSilvIca
 --- more_headers
 X-API-KEY: rDAkLJbqvoBzBOoxuYAUDbbWaSilvIca
 --- request
 GET /apisix/admin/routes
 --- error_code: 200


 === TEST 11: Access with wrong api key, and admin_key_required=true
 --- yaml_config
 deployment:
   admin:
     admin_key_required: true
 --- more_headers
 X-API-KEY: wrong-key
 --- request
 GET /apisix/admin/routes
 --- error_code: 401


 === TEST 12: Access without api key, and admin_key_required=true
 --- yaml_config
 deployment:
   admin:
     admin_key_required: true
 --- request
 GET /apisix/admin/routes
 --- error_code: 401


 === TEST 13: Access with api key, but admin_key_required=false
 --- yaml_config
 deployment:
   admin:
     admin_key_required: false
     admin_key:
     - name: admin
       role: admin
       key: rDAkLJbqvoBzBOoxuYAUDbbWaSilvIca
 --- more_headers
 X-API-KEY: rDAkLJbqvoBzBOoxuYAUDbbWaSilvIca
 --- request
 GET /apisix/admin/routes
 --- error_code: 200
 --- error_log
 Admin key is bypassed!


 === TEST 14: Access with wrong api key, but admin_key_required=false
 --- yaml_config
 deployment:
   admin:
     admin_key_required: false
 --- more_headers
 X-API-KEY: wrong-key
 --- request
 GET /apisix/admin/routes
 --- error_code: 200
 --- error_log
 Admin key is bypassed!


 === TEST 15: Access without api key, but admin_key_required=false
 --- yaml_config
 deployment:
   admin:
     admin_key_required: false
 --- request
 GET /apisix/admin/routes
 --- error_code: 200
 --- error_log
 Admin key is bypassed!
	#
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#
	use t::APISIX 'no_plan';

	no_long_string();
	no_root_location();
	no_shuffle();

	add_block_preprocessor(sub {
	my ($block) = @_;

	if (!$block->request) {
	$block->set_value("request", "GET /apisix/admin/routes");
	}

	if (!$block->no_error_log && !$block->error_log) {
	$block->set_value("no_error_log", "[error]\n[alert]");
	}
	});

	run_tests;

	__DATA__

	=== TEST 1: Server header for admin API
	--- response_headers_like
	Server: APISIX/(.*)



	=== TEST 2: Server header for admin API without token
	--- yaml_config
	deployment:
	admin:
	admin_key:
	- key: a
	name: a
	role: admin
	apisix:
	node_listen: 1984
	enable_server_tokens: false
	--- error_code: 401
	--- response_headers
	Server: APISIX



	=== TEST 3: Version header for admin API (without apikey)
	--- yaml_config
	deployment:
	admin:
	admin_key:
	- key: a
	name: a
	role: admin
	apisix:
	admin_api_version: default
	--- error_code: 401
	--- response_headers
	! X-API-VERSION



	=== TEST 4: Version header for admin API (v2)
	--- yaml_config
	deployment:
	role: traditional
	role_traditional:
	config_provider: etcd
	admin:
	admin_key: ~
	admin_api_version: v2
	--- more_headers
	X-API-KEY: edd1c9f034335f136f87ad84b625c8f1
	--- response_headers
	X-API-VERSION: v2



	=== TEST 5: Version header for admin API (v3)
	--- yaml_config
	deployment:
	role: traditional
	role_traditional:
	config_provider: etcd
	admin:
	admin_key: ~
	admin_api_version: v3
	--- more_headers
	X-API-KEY: edd1c9f034335f136f87ad84b625c8f1
	--- response_headers
	X-API-VERSION: v3



	=== TEST 6: CORS header for admin API
	--- response_headers
	Access-Control-Allow-Origin: *



	=== TEST 7: CORS header disabled for admin API
	--- yaml_config
	deployment:
	admin:
	admin_key: ~
	enable_admin_cors: false
	--- response_headers
	Access-Control-Allow-Origin:



	=== TEST 8: Compatibility for admin API (v2)
	--- yaml_config
	deployment:
	role: traditional
	role_traditional:
	config_provider: etcd
	admin:
	admin_key: ~
	admin_api_version: default
	--- more_headers
	X-API-KEY: edd1c9f034335f136f87ad84b625c8f1
	--- response_headers
	X-API-VERSION: v2
	--- response_body_like: "/apisix/routes"



	=== TEST 9: Head method support for admin API
	--- config
	location /t {
	content_by_lua_block {
	local t = require("lib.test_admin").test
	local code, body = t('/apisix/admin',
	ngx.HTTP_HEAD)
	ngx.status = code
	ngx.say(body)
	}
	}
	--- request
	GET /t
	--- response_body
	passed



	=== TEST 10: Access with api key, and admin_key_required=true
	--- yaml_config
	deployment:
	admin:
	admin_key_required: true
	admin_key:
	- name: admin
	role: admin
	key: rDAkLJbqvoBzBOoxuYAUDbbWaSilvIca
	--- more_headers
	X-API-KEY: rDAkLJbqvoBzBOoxuYAUDbbWaSilvIca
	--- request
	GET /apisix/admin/routes
	--- error_code: 200



	=== TEST 11: Access with wrong api key, and admin_key_required=true
	--- yaml_config
	deployment:
	admin:
	admin_key_required: true
	--- more_headers
	X-API-KEY: wrong-key
	--- request
	GET /apisix/admin/routes
	--- error_code: 401



	=== TEST 12: Access without api key, and admin_key_required=true
	--- yaml_config
	deployment:
	admin:
	admin_key_required: true
	--- request
	GET /apisix/admin/routes
	--- error_code: 401



	=== TEST 13: Access with api key, but admin_key_required=false
	--- yaml_config
	deployment:
	admin:
	admin_key_required: false
	admin_key:
	- name: admin
	role: admin
	key: rDAkLJbqvoBzBOoxuYAUDbbWaSilvIca
	--- more_headers
	X-API-KEY: rDAkLJbqvoBzBOoxuYAUDbbWaSilvIca
	--- request
	GET /apisix/admin/routes
	--- error_code: 200
	--- error_log
	Admin key is bypassed!



	=== TEST 14: Access with wrong api key, but admin_key_required=false
	--- yaml_config
	deployment:
	admin:
	admin_key_required: false
	--- more_headers
	X-API-KEY: wrong-key
	--- request
	GET /apisix/admin/routes
	--- error_code: 200
	--- error_log
	Admin key is bypassed!



	=== TEST 15: Access without api key, but admin_key_required=false
	--- yaml_config
	deployment:
	admin:
	admin_key_required: false
	--- request
	GET /apisix/admin/routes
	--- error_code: 200
	--- error_log
	Admin key is bypassed!