Skip to content

Commit

Permalink
test: add e2e test for auth normally
Browse files Browse the repository at this point in the history 
Signed-off-by: Ink33 <[email protected]>
  • Loading branch information
@Ink-33
Ink-33 committed May 18, 2024
1 parent 5ae8ca4 commit 5188c7c
Show file tree
Hide file tree
Showing 2 changed files with 383 additions and 0 deletions.
142 changes: 142 additions & 0 deletions test/e2e/conformance/tests/go-wasm-jwt-auth-allow.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,142 @@
# Copyright (c) 2024 Alibaba Group Holding Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
name: wasmplugin-jwt-auth
namespace: higress-conformance-infra
spec:
ingressClassName: higress
rules:
- host: "foo.com"
http:
paths:
- pathType: Prefix
path: "/foo"
backend:
service:
name: infra-backend-v1
port:
number: 8080
---
apiVersion: extensions.higress.io/v1alpha1
kind: WasmPlugin
metadata:
name: jwt-auth
namespace: higress-system
spec:
defaultConfig:
consumers:
- name: consumer1
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "EC",
"kid": "p256",
"crv": "P-256",
"x": "Ds10dk0bxj_F86YhEM6xnYKv9NDNNDxmh4_V-fCLzRg",
"y": "JRP1OkQE80i_gU8pLCsyhuuL3H5QHDFETFEfErgacpE"
},
{
"kty": "RSA",
"kid": "rsa",
"n": "-SnN2XT6GcfO_dSAp8txrfglFtwMe86sY_GgedT-tMJ0sROmejSY3fEuit0OO-q1XleN4w9h5nzBeBHj4armSPKzboWyQTreaH9lV-IoyMO9bXroRvkD0IOIJuaCWqigRzGFZ2lWYI5V_L0tW9N6yp0S95vk0IuIYNIqWAK8cWGGgr7QWG5h23pYLmw9QBnZW_UkT5RNtrUpYmDAcA9psVwNgegef5Z4LS_CCMpMAWNNEWsarWQCe_C8ryujpubZuDDMUeWe_1rlItEiXigfaZUgmRKEQise_sOZUvPmZR6eP7Vf5DlnXgz9zLtPvh-TvOzi_f11QVUoIg9XZClyMw",
"e": "AQAB"
}
]
}
- name: consumer_hedaer
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "EC",
"kid": "p256",
"crv": "P-256",
"x": "Ds10dk0bxj_F86YhEM6xnYKv9NDNNDxmh4_V-fCLzRg",
"y": "JRP1OkQE80i_gU8pLCsyhuuL3H5QHDFETFEfErgacpE"
},
{
"kty": "RSA",
"kid": "rsa",
"n": "-SnN2XT6GcfO_dSAp8txrfglFtwMe86sY_GgedT-tMJ0sROmejSY3fEuit0OO-q1XleN4w9h5nzBeBHj4armSPKzboWyQTreaH9lV-IoyMO9bXroRvkD0IOIJuaCWqigRzGFZ2lWYI5V_L0tW9N6yp0S95vk0IuIYNIqWAK8cWGGgr7QWG5h23pYLmw9QBnZW_UkT5RNtrUpYmDAcA9psVwNgegef5Z4LS_CCMpMAWNNEWsarWQCe_C8ryujpubZuDDMUeWe_1rlItEiXigfaZUgmRKEQise_sOZUvPmZR6eP7Vf5DlnXgz9zLtPvh-TvOzi_f11QVUoIg9XZClyMw",
"e": "AQAB"
}
]
}
from_headers:
- name: jwt
value_prefix: "Bearer "
- name: consumer_params
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "EC",
"kid": "p256",
"crv": "P-256",
"x": "Ds10dk0bxj_F86YhEM6xnYKv9NDNNDxmh4_V-fCLzRg",
"y": "JRP1OkQE80i_gU8pLCsyhuuL3H5QHDFETFEfErgacpE"
},
{
"kty": "RSA",
"kid": "rsa",
"n": "-SnN2XT6GcfO_dSAp8txrfglFtwMe86sY_GgedT-tMJ0sROmejSY3fEuit0OO-q1XleN4w9h5nzBeBHj4armSPKzboWyQTreaH9lV-IoyMO9bXroRvkD0IOIJuaCWqigRzGFZ2lWYI5V_L0tW9N6yp0S95vk0IuIYNIqWAK8cWGGgr7QWG5h23pYLmw9QBnZW_UkT5RNtrUpYmDAcA9psVwNgegef5Z4LS_CCMpMAWNNEWsarWQCe_C8ryujpubZuDDMUeWe_1rlItEiXigfaZUgmRKEQise_sOZUvPmZR6eP7Vf5DlnXgz9zLtPvh-TvOzi_f11QVUoIg9XZClyMw",
"e": "AQAB"
}
]
}
from_params:
- jwt_token
- name: consumer_cookies
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "EC",
"kid": "p256",
"crv": "P-256",
"x": "Ds10dk0bxj_F86YhEM6xnYKv9NDNNDxmh4_V-fCLzRg",
"y": "JRP1OkQE80i_gU8pLCsyhuuL3H5QHDFETFEfErgacpE"
},
{
"kty": "RSA",
"kid": "rsa",
"n": "-SnN2XT6GcfO_dSAp8txrfglFtwMe86sY_GgedT-tMJ0sROmejSY3fEuit0OO-q1XleN4w9h5nzBeBHj4armSPKzboWyQTreaH9lV-IoyMO9bXroRvkD0IOIJuaCWqigRzGFZ2lWYI5V_L0tW9N6yp0S95vk0IuIYNIqWAK8cWGGgr7QWG5h23pYLmw9QBnZW_UkT5RNtrUpYmDAcA9psVwNgegef5Z4LS_CCMpMAWNNEWsarWQCe_C8ryujpubZuDDMUeWe_1rlItEiXigfaZUgmRKEQise_sOZUvPmZR6eP7Vf5DlnXgz9zLtPvh-TvOzi_f11QVUoIg9XZClyMw",
"e": "AQAB"
}
]
}
from_cookies:
- jwt_token
global_auth: false
defaultConfigDisable: false
matchRules:
- config:
allow:
- consumer1
- consumer_hedaer
- consumer_params
- consumer_cookies
configDisable: false
ingress:
- higress-conformance-infra/wasmplugin-jwt-auth
url: file:///opt/plugins/wasm-go/extensions/jwt-auth/plugin.wasm
241 changes: 241 additions & 0 deletions test/e2e/conformance/tests/go-wasm-jwt-auth.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,241 @@
// Copyright (c) 2024 Alibaba Group Holding Ltd.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package tests

import (
"testing"

"github.com/alibaba/higress/test/e2e/conformance/utils/http"
"github.com/alibaba/higress/test/e2e/conformance/utils/suite"
)

const (
ES256Allow string = "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiZm9vIiwiYmFyIl0sImV4cCI6MjAxOTY4NjQwMCwiaXNzIjoiaGlncmVzcy10ZXN0IiwibmJmIjoxNzA0MDY3MjAwLCJzdWIiOiJoaWdyZXNzLXRlc3QifQ.17EI6w57ed6OTehKcVxCCGGMNPUVTHvDmMZTh8TrMPkz6sromkqWO94kT7atQ6YEnDrfNVvtaoNnqp7h05S3jg"
ES256Expired string = "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiZm9vIiwiYmFyIl0sImV4cCI6MTcwNDA2NzIwMCwiaXNzIjoiaGlncmVzcy10ZXN0IiwibmJmIjoxNzA0MDY3MjAwLCJzdWIiOiJoaWdyZXNzLXRlc3QifQ.rGRgauThdjWWiysXzr8XkF9vweXjykSqRsvGv5YyZsIHYSXsD6v1A5MydCZUTuKp51ZOUNzTZjs_UTMSVZyVLQ"
RS256Allow string = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiZm9vIiwiYmFyIl0sImV4cCI6MjAxOTY4NjQwMCwiaXNzIjoiaGlncmVzcy10ZXN0IiwibmJmIjoxNzA0MDY3MjAwLCJzdWIiOiJoaWdyZXNzLXRlc3QifQ.x3EpAXqywW3nw_cjM7jVV7Ic7hVlOsrUCdSQbfICMCoejMIAjQyR6svftrYuAZhSXI7fv8Gphti_-xMLQUXH7F01ZpI52dHjwtrkNfMzHArnIfgLVLpkUEQlUOgGyzsvyOK-CA7d3zEYwRIlu2NBN4twG5BGofwqwBCQaEmiZhfpRZK14dqHb0hf9Z0Ez8Jrt96KNUTZBXt5XY4RlLmTrUPAKo9DCcOnzb1SQqddWn74WM39jh3IE3cYrErPR1ARYPWcsNiyl058BTkHKol-qe8zfMO4bYgy9VafYKsX-e6WsSnwMcJN_M-rOBImMISh69aj4nx3-znCQyvTAskgBw"
RS256Expried string = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiZm9vIiwiYmFyIl0sImV4cCI6MTcwNDA2NzIwMCwiaXNzIjoiaGlncmVzcy10ZXN0IiwibmJmIjoxNzA0MDY3MjAwLCJzdWIiOiJoaWdyZXNzLXRlc3QifQ.Y_zNhjb14XQXpZRJLG3rHzzkSAww_5rkM1b5BRIiGdJyNqoeUvIBcIekxqDUIWMCOU6dFmW0eG3xg1l5hOkebqJintAu0MlQG6BJ8eCMlUh4YVukPr419e9u1_8e7E1KpkbpbRIaaTb5OtOHLQk-qfTcYn-zTiiuyJ1MfpWuZaCkZyKfaKGtC4NOajw_FpOJ3VwC3Ts38IJBUVrr_OVzk386EKUdh11rmfEpupwFYUrxSekHiHGSSrQ372p30Wvg4JwC4sE0fmOB-bfXzDRLSxJsTXaxT-4MaHeBdJ394YG9uUhNO4ILX_9RafiM4bGkglZ4APzOA4-QxL8ZrVV9rA"
)

var WasmPluginsJWTAuth = suite.ConformanceTest{
ShortName: "WasmPluginsJWTAuth",
Description: "The Ingress in the higress-conformance-infra namespace test the jwt-auth WASM plugin.",
Manifests: []string{"test/go-wasm-jwt-auth-allow.yaml"},
Features: []suite.SupportedFeature{suite.WASMGoConformanceFeature},
Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
testcases := []http.Assertion{
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"Authorization": "Bearer " + ES256Allow},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"Authorization": "Bearer " + RS256Allow},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?access_token=" + ES256Allow,
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?access_token=" + RS256Allow,
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"jwt": "Bearer " + ES256Allow},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"jwt": "Bearer " + RS256Allow},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?jwt_token=" + ES256Allow,
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?jwt_token=" + RS256Allow,
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
Headers: map[string]string{"Cookie": "jwt_token=" + ES256Allow},
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
Headers: map[string]string{"Cookie": "jwt_token=" + RS256Allow},
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
}
t.Run("WasmPlugins jwt-auth", func(t *testing.T) {
for _, testcase := range testcases {
http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, suite.GatewayAddress, testcase)
}
})
},
}

0 comments on commit 5188c7c

Please sign in to comment.