|
1 | 1 | use lib 't'; |
2 | 2 | use Test::APIcast 'no_plan'; |
3 | 3 |
|
| 4 | +use Cwd qw(abs_path); |
| 5 | + |
| 6 | +$ENV{TEST_NGINX_LUA_PATH} = "$Test::APIcast::spec/?.lua;$ENV{TEST_NGINX_LUA_PATH}"; |
| 7 | + |
| 8 | +our $rsa = `cat t/fixtures/rsa.pem`; |
| 9 | + |
4 | 10 | # Can't run twice because of the report batches |
5 | 11 | repeat_each(1); |
6 | 12 |
|
@@ -477,3 +483,113 @@ rewrite_by_lua_block { |
477 | 483 | [ 429, 403, 403 ] |
478 | 484 | --- no_error_log |
479 | 485 | [error] |
| 486 | +
|
| 487 | +=== TEST 6: caches successful authorizations with app_id only |
| 488 | +This test checks that the policy a) caches successful authorizations and b) reports correctly. |
| 489 | +For a) we define a backend that makes sure that it's called only once. |
| 490 | +For b) we force the batch reporting and check that transactions.xml receive it in the expected format. |
| 491 | +--- http_config |
| 492 | +include $TEST_NGINX_UPSTREAM_CONFIG; |
| 493 | +lua_shared_dict cached_auths 1m; |
| 494 | +lua_shared_dict batched_reports 1m; |
| 495 | +lua_shared_dict batched_reports_locks 1m; |
| 496 | +lua_package_path "$TEST_NGINX_LUA_PATH"; |
| 497 | +
|
| 498 | +init_by_lua_block { |
| 499 | + require('apicast.configuration_loader').mock({ |
| 500 | + oidc = { |
| 501 | + { |
| 502 | + issuer = "https://example.com/auth/realms/apicast", |
| 503 | + config = { id_token_signing_alg_values_supported = { "RS256" } }, |
| 504 | + keys = { somekid = { pem = require('fixtures.rsa').pub } }, |
| 505 | + } |
| 506 | + }, |
| 507 | + services = { |
| 508 | + { |
| 509 | + id = 42, |
| 510 | + backend_version = 'oauth', |
| 511 | + backend_authentication_type = 'service_token', |
| 512 | + backend_authentication_value = 'token-value', |
| 513 | + proxy = { |
| 514 | + authentication_method = 'oidc', |
| 515 | + oidc_issuer_endpoint = 'https://example.com/auth/realms/apicast', |
| 516 | + backend = { endpoint = "http://127.0.0.1:$TEST_NGINX_SERVER_PORT" }, |
| 517 | + api_backend = "http://127.0.0.1:$TEST_NGINX_SERVER_PORT/api-backend/", |
| 518 | + proxy_rules = { |
| 519 | + { pattern = '/', http_method = 'GET', metric_system_name = 'hits', delta = 1 } |
| 520 | + }, |
| 521 | + policy_chain = { |
| 522 | + { name = 'apicast.policy.3scale_batcher', configuration = {} }, |
| 523 | + { name = 'apicast.policy.apicast' } |
| 524 | + } |
| 525 | + } |
| 526 | + } |
| 527 | + } |
| 528 | + }) |
| 529 | +} |
| 530 | +--- config |
| 531 | + include $TEST_NGINX_APICAST_CONFIG; |
| 532 | +
|
| 533 | + location /transactions/oauth_authorize.xml { |
| 534 | + content_by_lua_block { |
| 535 | + local test_counter = ngx.shared.test_counter or 0 |
| 536 | + if test_counter == 0 then |
| 537 | + ngx.shared.test_counter = test_counter + 1 |
| 538 | + ngx.exit(200) |
| 539 | + else |
| 540 | + ngx.log(ngx.ERR, 'auth should be cached but called backend anyway') |
| 541 | + ngx.exit(502) |
| 542 | + end |
| 543 | + } |
| 544 | + } |
| 545 | + location /transactions.xml { |
| 546 | + content_by_lua_block { |
| 547 | + ngx.say('report OK') |
| 548 | + } |
| 549 | + } |
| 550 | +
|
| 551 | + location /force_report_to_backend { |
| 552 | + content_by_lua_block { |
| 553 | + local ReportsBatcher = require ('apicast.policy.3scale_batcher.reports_batcher') |
| 554 | + local reporter = require ('apicast.policy.3scale_batcher.reporter') |
| 555 | + local http_ng_resty = require('resty.http_ng.backend.resty') |
| 556 | + local backend_client = require('apicast.backend_client') |
| 557 | +
|
| 558 | + local service_id = 42 |
| 559 | +
|
| 560 | + local reports_batcher = ReportsBatcher.new( |
| 561 | + ngx.shared.batched_reports, 'batched_reports_locks') |
| 562 | +
|
| 563 | + local reports = reports_batcher:get_all(service_id) |
| 564 | +
|
| 565 | + local backend = backend_client:new( |
| 566 | + { |
| 567 | + id = service_id, |
| 568 | + backend_authentication_type = 'service_token', |
| 569 | + backend_authentication_value = 'token-value', |
| 570 | + backend = { endpoint = "http://127.0.0.1:$TEST_NGINX_SERVER_PORT" } |
| 571 | + }, http_ng_resty) |
| 572 | +
|
| 573 | + reporter.report(reports, service_id, backend, reports_batcher) |
| 574 | + ngx.say('force report OK') |
| 575 | + } |
| 576 | + } |
| 577 | + location /api-backend { |
| 578 | + echo 'yay, api backend'; |
| 579 | + } |
| 580 | +--- request eval |
| 581 | +[ "GET /test", "GET /test", "GET /force_report_to_backend", "GET /transactions.xml"] |
| 582 | +--- error_code eval |
| 583 | +[ 200, 200 , 200, 200 ] |
| 584 | +--- response_body eval |
| 585 | +["yay, api backend\x{0a}","yay, api backend\x{0a}","force report OK\x{0a}", "report OK\x{0a}"] |
| 586 | +--- more_headers eval |
| 587 | +use Crypt::JWT qw(encode_jwt); |
| 588 | +my $jwt = encode_jwt(payload => { |
| 589 | + aud => 'appid', |
| 590 | + sub => 'someone', |
| 591 | + iss => 'https://example.com/auth/realms/apicast', |
| 592 | + exp => time + 3600 }, key => \$::rsa, alg => 'RS256', extra_headers => { kid => 'somekid' }); |
| 593 | +["Authorization: Bearer $jwt", "Authorization: Bearer $jwt", "" , ""] |
| 594 | +--- no_error_log |
| 595 | +[error] |
0 commit comments