diff --git a/.github/workflows/agent-integration-test.yml b/.github/workflows/agent-integration-test.yml index c78a80f1ea..8ba28c4bf1 100644 --- a/.github/workflows/agent-integration-test.yml +++ b/.github/workflows/agent-integration-test.yml @@ -95,9 +95,9 @@ jobs: - name: Run test cases shell: sh run: | - cd apk-repo/test/apim-apk-agent-test/cucumber-tests - sh ./scripts/setup-hosts.sh - ./gradlew runTests + cd apk-repo/test/cucumber-tests + sh ./scripts/agent-setup-hosts.sh + ./gradlew runCpToDpTests - name: Helm release undeploy if: always() shell: sh @@ -134,5 +134,5 @@ jobs: if: always() uses: malinthaprasan/action-surefire-report@v1 with: - report_paths: 'apk-repo/test/apim-apk-agent-test/cucumber-tests/build/test-output/junitreports/*.xml' + report_paths: 'apk-repo/test/cucumber-tests/build/test-output/junitreports/*.xml' fail_on_test_failures: true diff --git a/test/cucumber-tests/build.gradle b/test/cucumber-tests/build.gradle index 1e348b543e..dba839001b 100644 --- a/test/cucumber-tests/build.gradle +++ b/test/cucumber-tests/build.gradle @@ -23,6 +23,11 @@ repositories { mavenCentral() } +def AgentCpToDpTestFeatures = 'src/test/resources/tests/agent-cptodp' +def AgentDpToCpTestFeatures = 'src/test/resources/tests/agent-dptocp' +def APKConfigTestFeatures = 'src/test/resources/tests/config' +def APKTestFeatures = 'src/test/resources/tests/api' + dependencies { testImplementation 'io.cucumber:cucumber-picocontainer:7.2.3' testImplementation 'io.cucumber:cucumber-core:7.2.3' @@ -35,6 +40,7 @@ dependencies { testImplementation 'io.cucumber:cucumber-testng:7.13.0' testImplementation 'commons-io:commons-io:2.13.0' testImplementation 'com.nimbusds:nimbus-jose-jwt:9.31' + testImplementation 'com.googlecode.json-simple:json-simple:1.1.1' } test { @@ -52,5 +58,32 @@ task runTests(type: JavaExec, dependsOn: 'classes') { project.sourceSets.test.compileClasspath, project.sourceSets.main.runtimeClasspath, project.sourceSets.test.runtimeClasspath) + systemProperty 'cucumber.features', "$APKConfigTestFeatures,$APKTestFeatures" + systemProperty 'http.client.setup', 'apk' args = ["-d", "./build/test-output", "./src/test/resources/testng.xml"] } + + +task runCpToDpTests(type: JavaExec, dependsOn: 'classes') { + main = 'org.testng.TestNG' + classpath = files("./src/test/resources", + project.sourceSets.main.compileClasspath, + project.sourceSets.test.compileClasspath, + project.sourceSets.main.runtimeClasspath, + project.sourceSets.test.runtimeClasspath) + systemProperty 'cucumber.features', AgentCpToDpTestFeatures + systemProperty 'http.client.setup', 'apim-apk' + args = ["-d", "./build/test-output", "./src/test/resources/testng.xml"] +} + +task runDpToCpTests(type: JavaExec, dependsOn: 'classes') { + main = 'org.testng.TestNG' + classpath = files("./src/test/resources", + project.sourceSets.main.compileClasspath, + project.sourceSets.test.compileClasspath, + project.sourceSets.main.runtimeClasspath, + project.sourceSets.test.runtimeClasspath) + systemProperty 'cucumber.features', AgentDpToCpTestFeatures + systemProperty 'http.client.setup', 'apim-apk' + args = ["-d", "./build/test-output", "./src/test/resources/testng.xml"] +} \ No newline at end of file diff --git a/test/cucumber-tests/scripts/agent-setup-hosts.sh b/test/cucumber-tests/scripts/agent-setup-hosts.sh new file mode 100644 index 0000000000..adffeb61d3 --- /dev/null +++ b/test/cucumber-tests/scripts/agent-setup-hosts.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +kubectl apply -f ./CRs/artifacts.yaml +kubectl wait deployment/apim-wso2am-cp-deployment-1 -n apk --for=condition=available --timeout=600s +kubectl wait --timeout=5m -n apk deployment/apk-wso2-apk-adapter-deployment --for=condition=Available +kubectl wait --timeout=15m -n apk deployment/apk-wso2-apk-gateway-runtime-deployment --for=condition=Available +kubectl wait --timeout=5m -n apk deployment/apim-apk-agent --for=condition=Available +IP=$(kubectl get svc apk-wso2-apk-gateway-service -n apk --output jsonpath='{.status.loadBalancer.ingress[0].ip}') +ING_IP=$(kubectl get ing -n apk apim-wso2am-cp-ingress --output=jsonpath='{.status.loadBalancer.ingress[0].ip}') +CC_IP=$(kubectl get svc apk-wso2-apk-common-controller-web-server-service -n apk --output jsonpath='{.status.loadBalancer.ingress[0].ip}') +sudo echo "$IP localhost" | sudo tee -a /etc/hosts +sudo echo "$IP idp.am.wso2.com" | sudo tee -a /etc/hosts +sudo echo "$CC_IP apk-wso2-apk-common-controller-service.apk.svc" | sudo tee -a /etc/hosts +sudo echo "$ING_IP am.wso2.com" | sudo tee -a /etc/hosts +sudo echo "$IP api.am.wso2.com" | sudo tee -a /etc/hosts +sudo echo "$IP default.gw.wso2.com" | sudo tee -a /etc/hosts +sudo echo "$IP default.sandbox.gw.wso2.com" | sudo tee -a /etc/hosts +sudo echo "$IP sandbox.default.gw.wso2.com" | sudo tee -a /etc/hosts +sudo echo "255.255.255.255 broadcasthost" | sudo tee -a /etc/hosts +sudo echo "::1 localhost" | sudo tee -a /etc/hosts diff --git a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/APIDeploymentSteps.java b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/APIDeploymentSteps.java index 4c2a10719b..1e72b2b2f1 100644 --- a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/APIDeploymentSteps.java +++ b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/APIDeploymentSteps.java @@ -20,10 +20,14 @@ import com.google.common.io.Resources; import io.cucumber.java.en.Then; import io.cucumber.java.en.When; +import io.cucumber.java.en.Given; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.NameValuePair; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.apache.http.client.utils.URIBuilder; +import org.apache.http.entity.ContentType; import org.apache.http.entity.mime.HttpMultipartMode; import org.apache.http.entity.mime.MultipartEntityBuilder; import org.apache.http.entity.mime.content.FileBody; @@ -32,7 +36,10 @@ import org.wso2.apk.integration.utils.Constants; import org.wso2.apk.integration.utils.Utils; import org.wso2.apk.integration.utils.clients.SimpleHTTPClient; - +import java.nio.file.Files; +import java.nio.charset.StandardCharsets; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; import java.io.File; import java.io.IOException; import java.net.URI; @@ -49,8 +56,15 @@ public class APIDeploymentSteps { private final SharedContext sharedContext; private File apkConfFile; + private File payloadFile; private File definitionFile; + private File certificateFile; + + private String OASURL; + + private static final Log logger = LogFactory.getLog(APIDeploymentSteps.class); + public APIDeploymentSteps(SharedContext sharedContext) { this.sharedContext = sharedContext; @@ -159,4 +173,549 @@ public void undeployAPIByIdAndOrganization(String apiID,String organization) thr sharedContext.setResponse(response); sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); } + + @When("I use the Payload file {string}") + public void iHaveTheAPIPayloadFile(String payloadFileName) throws IOException { + + URL url = Resources.getResource(payloadFileName); + payloadFile = new File(url.getPath()); + } + + @When("I use the OAS URL {string}") + public void iHaveTheOASURL(String pOASURL) throws IOException { + OASURL = pOASURL; + } + + @When("make the import API Creation request using OAS {string}") + public void make_import_api_creation_request(String definitionType) throws Exception { + MultipartEntityBuilder builder = null; + if(definitionType.equals("URL")){ + logger.info("OAS URL: " + OASURL); + builder = MultipartEntityBuilder.create() + .setMode(HttpMultipartMode.BROWSER_COMPATIBLE) + .addTextBody("url", OASURL, ContentType.TEXT_PLAIN) + .addPart("additionalProperties", new FileBody(payloadFile)); + + logger.info("Payload File: "+ new FileBody(payloadFile)); + } + if(definitionType.equals("File")){ + logger.info("OAS File: " + definitionFile.getName()); + builder = MultipartEntityBuilder.create() + .setMode(HttpMultipartMode.BROWSER_COMPATIBLE) + .addPart("file", new FileBody(definitionFile)) + .addPart("additionalProperties", new FileBody(payloadFile)); + + logger.info("Payload File: "+ new FileBody(payloadFile)); + } + + + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getPublisherAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + HttpEntity multipartEntity = builder.build(); + + HttpResponse response = sharedContext.getHttpClient().doPostWithMultipart(Utils.getImportAPIURL(), + multipartEntity, headers); + + sharedContext.setResponse(response); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + sharedContext.setApiUUID(Utils.extractID(sharedContext.getResponseBody())); + Thread.sleep(3000); + } + + @When("make the API Revision Deployment request") + public void make_a_api_revision_deployment_request() throws Exception { + String apiUUID = sharedContext.getApiUUID(); + logger.info("API UUID: " + sharedContext.getApiUUID()); + String payload = "{\"description\":\"Initial Revision\"}"; + + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getPublisherAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + HttpResponse response = sharedContext.getHttpClient().doPost(Utils.getAPIRevisionURL(apiUUID), + headers, payload, Constants.CONTENT_TYPES.APPLICATION_JSON); + + sharedContext.setRevisionUUID(Utils.extractID(SimpleHTTPClient.responseEntityBodyToString(response))); + + Thread.sleep(3000); + + String payload2 = "[{\"name\": \"Default\", \"vhost\": \"default.gw.wso2.com\", \"displayOnDevportal\": true}]"; + + HttpResponse response2 = sharedContext.getHttpClient().doPost(Utils.getAPIRevisionDeploymentURL(apiUUID, sharedContext.getRevisionUUID()), + headers, payload2, Constants.CONTENT_TYPES.APPLICATION_JSON); + + logger.info("Response: "+ response2); + + sharedContext.setResponse(response2); + Thread.sleep(3000); + } + + @When("make the Change Lifecycle request") + public void make_a_change_lifecycle_request() throws Exception { + String apiUUID = sharedContext.getApiUUID(); + String payload = ""; + + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getPublisherAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + HttpResponse response = sharedContext.getHttpClient().doPost(Utils.getAPIChangeLifecycleURL(apiUUID), + headers, payload, Constants.CONTENT_TYPES.APPLICATION_JSON); + sharedContext.setResponse(response); + Thread.sleep(3000); + } + + @When("make the Application Creation request with the name {string}") + public void make_application_creation_request(String applicationName) throws Exception { + logger.info("Creating an application"); + String payload = "{\"name\":\"" + applicationName + "\",\"throttlingPolicy\":\"10PerMin\",\"description\":\"test app\",\"tokenType\":\"JWT\",\"groups\":null,\"attributes\":{}}"; + + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getDevportalAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + HttpResponse response = sharedContext.getHttpClient().doPost(Utils.getApplicationCreateURL(), + headers, payload, Constants.CONTENT_TYPES.APPLICATION_JSON); + + sharedContext.setResponse(response); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + logger.info("Response: " + sharedContext.getResponseBody()); + sharedContext.setApplicationUUID(Utils.extractApplicationID(sharedContext.getResponseBody())); + Thread.sleep(3000); + } + + + @When("I have a KeyManager") + public void i_have_a_key_manager() throws Exception { + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getDevportalAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + HttpResponse response = sharedContext.getHttpClient().doGet(Utils.getKeyManagerURL(), + headers); + + sharedContext.setResponse(response); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + sharedContext.setKeyManagerUUID(Utils.extractKeyManagerID(sharedContext.getResponseBody())); + Thread.sleep(3000); + } + + @When("make the Generate Keys request") + public void make_generate_keys_request() throws Exception { + String applicationUUID = sharedContext.getApplicationUUID(); + String keyManagerUUID = sharedContext.getKeyManagerUUID(); + logger.info("Key Manager UUID: " + keyManagerUUID); + logger.info("Application UUID: " + applicationUUID); + String payloadForProdKeys = "{\"keyType\":\"PRODUCTION\",\"grantTypesToBeSupported\":[\"password\",\"client_credentials\"]," + + "\"callbackUrl\":\"\",\"additionalProperties\":{\"application_access_token_expiry_time\":\"N/A\"," + + "\"user_access_token_expiry_time\":\"N/A\",\"refresh_token_expiry_time\":\"N/A\"," + + "\"id_token_expiry_time\":\"N/A\",\"pkceMandatory\":\"false\",\"pkceSupportPlain\":\"false\"," + + "\"bypassClientCredentials\":\"false\"},\"keyManager\":\"" + keyManagerUUID +"\"," + + "\"validityTime\":3600,\"scopes\":[\"default\"]}"; + + + String payloadForSandboxKeys = "{\"keyType\":\"SANDBOX\",\"grantTypesToBeSupported\":[\"password\",\"client_credentials\"]," + + "\"callbackUrl\":\"\",\"additionalProperties\":{\"application_access_token_expiry_time\":\"N/A\"," + + "\"user_access_token_expiry_time\":\"N/A\",\"refresh_token_expiry_time\":\"N/A\"," + + "\"id_token_expiry_time\":\"N/A\",\"pkceMandatory\":\"false\",\"pkceSupportPlain\":\"false\"," + + "\"bypassClientCredentials\":\"false\"},\"keyManager\":\"" + keyManagerUUID +"\"," + + "\"validityTime\":3600,\"scopes\":[\"default\"]}"; + + + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getDevportalAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + HttpResponse response = sharedContext.getHttpClient().doPost(Utils.getGenerateKeysURL(applicationUUID), + headers, payloadForProdKeys, Constants.CONTENT_TYPES.APPLICATION_JSON); + + sharedContext.setResponse(response); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + sharedContext.setConsumerSecret(Utils.extractKeys(sharedContext.getResponseBody(), "consumerSecret"), "production"); + sharedContext.setConsumerKey(Utils.extractKeys(sharedContext.getResponseBody(), "consumerKey"), "production"); + sharedContext.setKeyMappingID(Utils.extractKeys(sharedContext.getResponseBody(), "keyMappingId"), "production"); + Thread.sleep(3000); + + HttpResponse response2 = sharedContext.getHttpClient().doPost(Utils.getGenerateKeysURL(applicationUUID), + headers, payloadForSandboxKeys, Constants.CONTENT_TYPES.APPLICATION_JSON); + + sharedContext.setResponse(response2); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + sharedContext.setConsumerSecret(Utils.extractKeys(sharedContext.getResponseBody(), "consumerSecret"), "sandbox"); + sharedContext.setConsumerKey(Utils.extractKeys(sharedContext.getResponseBody(), "consumerKey"), "sandbox"); + sharedContext.setKeyMappingID(Utils.extractKeys(sharedContext.getResponseBody(), "keyMappingId"), "sandbox"); + Thread.sleep(3000); + } + + @When("make the Subscription request") + public void make_subscription_request() throws Exception { + String applicationUUID = sharedContext.getApplicationUUID(); + String apiUUID = sharedContext.getApiUUID(); + logger.info("API UUID: " + apiUUID); + logger.info("Application UUID: " + applicationUUID); + String payload = "{\"apiId\":\"" + apiUUID + "\",\"applicationId\":\"" + applicationUUID + "\",\"throttlingPolicy\":\"Unlimited\"}"; + + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getDevportalAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + HttpResponse response = sharedContext.getHttpClient().doPost(Utils.getSubscriptionURL(), + headers, payload, Constants.CONTENT_TYPES.APPLICATION_JSON); + + sharedContext.setResponse(response); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + sharedContext.setSubscriptionID(Utils.extractKeys(sharedContext.getResponseBody(), "subscriptionId")); + logger.info("Extracted subscription ID: " + sharedContext.getSubscriptionID()); + Thread.sleep(3000); + } + + @When("I get {string} oauth keys for application") + public void get_oauth_keys_for_application(String type) throws Exception { + String applicationUUID = sharedContext.getApplicationUUID(); + String keyType = (type.equals("production")) ? "production" : "sandbox"; + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getDevportalAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + HttpResponse response = sharedContext.getHttpClient().doGet(Utils.getOauthKeysURL(applicationUUID), + headers); + + sharedContext.setResponse(response); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + sharedContext.setOauthKeyUUID(Utils.extractOAuthMappingID(sharedContext.getResponseBody(), sharedContext.getKeyMappingID(keyType))); + Thread.sleep(3000); + } + + @When("make the Access Token Generation request for {string}") + public void make_access_token_generation_request(String type) throws Exception { + String applicationUUID = sharedContext.getApplicationUUID(); + String oauthKeyUUID = sharedContext.getOauthKeyUUID(); + String keyType = (type.equals("production")) ? "production" : "sandbox"; + logger.info("Generating keys for: " + keyType); + String consumerKey = sharedContext.getConsumerKey(keyType); + String consumerSecret = sharedContext.getConsumerSecret(keyType); + + logger.info("Application UUID: " + applicationUUID); + logger.info("Oauth Key UUID: " + oauthKeyUUID); + + String payload = "{\"consumerSecret\":\"" + consumerSecret + "\",\"validityPeriod\":3600,\"revokeToken\":null," + + "\"scopes\":[\"write:pets\",\"read:pets\",\"query:hero\"],\"additionalProperties\":{\"id_token_expiry_time\":3600," + + "\"application_access_token_expiry_time\":3600,\"user_access_token_expiry_time\":3600,\"bypassClientCredentials\":false," + + "\"pkceMandatory\":false,\"pkceSupportPlain\":false,\"refresh_token_expiry_time\":86400}}"; + + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getDevportalAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + HttpResponse response = sharedContext.getHttpClient().doPost(Utils.getAccessTokenGenerationURL(applicationUUID, oauthKeyUUID), + headers, payload, Constants.CONTENT_TYPES.APPLICATION_JSON); + + sharedContext.setResponse(response); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + sharedContext.setApiAccessToken(Utils.extractKeys(sharedContext.getResponseBody(), "accessToken")); + sharedContext.addStoreValue("accessToken",sharedContext.getApiAccessToken()); + logger.info("Access Token: " + sharedContext.getApiAccessToken()); + Thread.sleep(3000); + } + + @When("I make Access Token Generation request without scopes") + public void make_access_token_generation_request_without_scopes() throws Exception { + String applicationUUID = sharedContext.getApplicationUUID(); + String oauthKeyUUID = sharedContext.getOauthKeyUUID(); + String keyType = "production"; //Use the same ternary logic above if both sandbox and production routes need to be tested + String consumerKey = sharedContext.getConsumerKey(keyType); + String consumerSecret = sharedContext.getConsumerSecret(keyType); + + logger.info("Application UUID: " + applicationUUID); + logger.info("Oauth Key UUID: " + oauthKeyUUID); + + String payload = "{\"consumerSecret\":\"" + consumerSecret + "\",\"validityPeriod\":3600,\"revokeToken\":null," + + "\"scopes\":[],\"additionalProperties\":{\"id_token_expiry_time\":3600," + + "\"application_access_token_expiry_time\":3600,\"user_access_token_expiry_time\":3600,\"bypassClientCredentials\":false," + + "\"pkceMandatory\":false,\"pkceSupportPlain\":false,\"refresh_token_expiry_time\":86400}}"; + + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getDevportalAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + HttpResponse response = sharedContext.getHttpClient().doPost(Utils.getAccessTokenGenerationURL(applicationUUID, oauthKeyUUID), + headers, payload, Constants.CONTENT_TYPES.APPLICATION_JSON); + + sharedContext.setResponse(response); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + sharedContext.setApiAccessToken(Utils.extractKeys(sharedContext.getResponseBody(), "accessToken")); + sharedContext.addStoreValue("accessToken",sharedContext.getApiAccessToken()); + logger.info("Access Token without scopes: " + sharedContext.getApiAccessToken()); + Thread.sleep(3000); + } + + @When("make the API Deployment request") + public void make_a_api_deployment_request() throws Exception { + + // Create a MultipartEntityBuilder to build the request entity + MultipartEntityBuilder builder = MultipartEntityBuilder.create() + .setMode(HttpMultipartMode.BROWSER_COMPATIBLE) + .addPart("url", new FileBody(definitionFile)) + .addPart("apkConfiguration", new FileBody(payloadFile)); + + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getPublisherAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + HttpEntity multipartEntity = builder.build(); + + HttpResponse response = sharedContext.getHttpClient().doPostWithMultipart(Utils.getAPIMAPIDeployerURL(), + multipartEntity, headers); + + sharedContext.setResponse(response); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + Thread.sleep(3000); + } + + @Given("a valid graphql definition file") + public void iHaveValidGraphQLDefinition() throws Exception { + + // Create a MultipartEntityBuilder to build the request entity + MultipartEntityBuilder builder = MultipartEntityBuilder.create() + .setMode(HttpMultipartMode.BROWSER_COMPATIBLE) + .addPart("file", new FileBody(definitionFile)); + + logger.info("Definition File: "+ new FileBody(definitionFile)); + + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getPublisherAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_HOST); + + HttpEntity multipartEntity = builder.build(); + + // Convert the multipart form entity to a string representation + ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); + multipartEntity.writeTo(outputStream); + String multipartForm = new String(outputStream.toByteArray(), StandardCharsets.UTF_8); + + // Log the multipart form + logger.debug("Multipart Form Data:\n{}"+ multipartForm); + logger.debug("Validator URL: " + Utils.getGQLSchemaValidatorURL()); + logger.debug("Publisher Token: " + sharedContext.getPublisherAccessToken()); + + HttpResponse response = sharedContext.getHttpClient().doPostWithMultipart(Utils.getGQLSchemaValidatorURL(), + multipartEntity, headers); + + sharedContext.setResponse(response); + logger.info("Full Res:" + response); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + logger.info("GQL validation res: "+ sharedContext.getResponseBody()); + sharedContext.setAPIDefinitionValidStatus(Utils.extractValidStatus(sharedContext.getResponseBody())); + Thread.sleep(3000); + } + + @Then("I make the import GraphQLAPI Creation request") + public void make_import_gqlapi_creation_request() throws Exception { + + // Create a MultipartEntityBuilder to build the request entity + MultipartEntityBuilder builder = MultipartEntityBuilder.create() + .setMode(HttpMultipartMode.BROWSER_COMPATIBLE) + .addPart("additionalProperties", new FileBody(payloadFile)) + .addPart("file", new FileBody(definitionFile)); + + + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getPublisherAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + HttpEntity multipartEntity = builder.build(); + + HttpResponse response = sharedContext.getHttpClient().doPostWithMultipart(Utils.getGQLImportAPIURL(), + multipartEntity, headers); + + sharedContext.setResponse(response); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + sharedContext.setApiUUID(Utils.extractID(sharedContext.getResponseBody())); + Thread.sleep(3000); + } + + @Then("I update the API settings") + public void make_update_gql_request() throws Exception { + String fileContent = new String(Files.readAllBytes(payloadFile.toPath()), StandardCharsets.UTF_8); + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getPublisherAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + HttpResponse response = sharedContext.getHttpClient().doPut(Utils.getAPIUnDeployerURL(sharedContext.getApiUUID()), headers, fileContent ,Constants.CONTENT_TYPES.APPLICATION_JSON); + + sharedContext.setResponse(response); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + sharedContext.setApiUUID(Utils.extractID(sharedContext.getResponseBody())); + Thread.sleep(3000); + } + + @Then("I delete the application {string} from devportal") + public void make_application_deletion_request(String applicationName) throws Exception { + logger.info("Fetching the applications"); + + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getDevportalAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + List queryParams = new ArrayList<>(); + queryParams.add(new BasicNameValuePair("query", applicationName)); + + URI uri = new URIBuilder(Utils.getApplicationCreateURL()).addParameters(queryParams).build(); + HttpResponse appSearchResponse = sharedContext.getHttpClient().doGet(uri.toString(), headers); + + sharedContext.setResponse(appSearchResponse); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + sharedContext.setApplicationUUID(Utils.extractApplicationUUID(sharedContext.getResponseBody())); + HttpResponse deleteResponse = sharedContext.getHttpClient().doDelete(Utils.getApplicationCreateURL() + "/" + sharedContext.getApplicationUUID(), headers); + + sharedContext.setResponse(deleteResponse); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + Thread.sleep(3000); + } + + @Then("I find the apiUUID of the API created with the name {string}") + public void find_api_uuid_using_name(String apiName) throws Exception { + logger.info("Fetching the APIs"); + + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getPublisherAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + HttpResponse appSearchResponse = sharedContext.getHttpClient().doGet(Utils.getAPISearchEndpoint(apiName), headers); + + sharedContext.setResponse(appSearchResponse); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + sharedContext.setApiUUID(Utils.extractAPIUUID(sharedContext.getResponseBody())); + Thread.sleep(3000); + } + + @When("I undeploy the selected API") + public void i_undeploy_the_api() throws Exception { + logger.info("API UUID to be deleted: " + sharedContext.getApiUUID()); + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getPublisherAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + HttpResponse response = sharedContext.getHttpClient().doDelete(Utils.getAPIUnDeployerURL(sharedContext.getApiUUID()), headers); + + sharedContext.setResponse(response); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + Thread.sleep(3000); + } + + @When("I create the new version {string} of the same API with default version set to {string}") + public void create_new_version_of_the_api(String newVersion, String isDefaultVersion) throws Exception { + String apiUUID = sharedContext.getApiUUID(); + + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getPublisherAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + // Create query parameters + List queryParams = new ArrayList<>(); + queryParams.add(new BasicNameValuePair("newVersion", newVersion)); + queryParams.add(new BasicNameValuePair("defaultVersion", isDefaultVersion)); + queryParams.add(new BasicNameValuePair("apiId", apiUUID)); + + URI uri = new URIBuilder(Utils.getAPINewVersionCreationURL()).addParameters(queryParams).build(); + + HttpResponse response = sharedContext.getHttpClient().doPost(uri.toString(), headers,"",Constants.CONTENT_TYPES.APPLICATION_JSON); + + sharedContext.setResponse(response); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + sharedContext.setApiUUID(Utils.extractID(sharedContext.getResponseBody())); + Thread.sleep(3000); + } + + @Then("I set new API throttling policy allowing {string} requests per every {string} minute") + public void add_new_custom_throttling_policy(String requestCount, String unitTime) throws Exception { + String payload = "{\"policyName\":\"TestRatelimit\",\"description\":\"Test descroption\",\"conditionalGroups\":[],\"defaultLimit\":{\"requestCount\":{\"timeUnit\":\"min\",\"unitTime\":"+ unitTime + ",\"requestCount\":" + requestCount + "},\"type\":\"REQUESTCOUNTLIMIT\",\"bandwidth\":null}}"; + + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getAdminAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + HttpResponse httpResponse = sharedContext.getHttpClient().doPost(Utils.getAPIThrottlingConfigEndpoint(), headers, payload, Constants.CONTENT_TYPES.APPLICATION_JSON); + + sharedContext.setResponse(httpResponse); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + sharedContext.setPolicyID(Utils.extractKeys(sharedContext.getResponseBody(), "policyId")); + Thread.sleep(3000); + } + + @Then("I send the subcription blocking request") + public void send_subscription_blocking() throws Exception { + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getPublisherAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + HttpResponse httpResponse = sharedContext.getHttpClient().doPost(Utils.getSubscriptionBlockingURL(sharedContext.getSubscriptionID()), headers, "", Constants.CONTENT_TYPES.APPLICATION_JSON); + sharedContext.setResponse(httpResponse); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + Thread.sleep(3000); + } + + @Then("I make an internal key generation request") + public void generate_internal_key() throws Exception { + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getPublisherAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + HttpResponse httpResponse = sharedContext.getHttpClient().doPost(Utils.getInternalKeyGenerationEndpoint(sharedContext.getApiUUID()), headers, "", Constants.CONTENT_TYPES.APPLICATION_JSON); + + sharedContext.setResponse(httpResponse); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + sharedContext.setAPIInternalKey(Utils.extractKeys(sharedContext.getResponseBody(), "apikey")); + sharedContext.addStoreValue("internalKey",Utils.extractKeys(sharedContext.getResponseBody(), "apikey")); + logger.info("Internal Key: " + sharedContext.getAPIInternalKey()); + Thread.sleep(3000); + } + + @Then("I have a client certificate {string}") + public void get_valid_client_cert_for_mtls(String clientCertificatePath) throws Exception { + URL url = Resources.getResource("artifacts/certificates/" + clientCertificatePath); + + certificateFile = new File(url.getPath()); + String clientCertificate = Resources.toString(url, StandardCharsets.UTF_8); + sharedContext.addStoreValue("clientCertificate", clientCertificate); + + } + + @When("I update the API with mtls certificate data with the alias {string}") + public void update_api_with_mtls_cert_data(String alias) throws Exception { + + MultipartEntityBuilder builder = MultipartEntityBuilder.create() + .setMode(HttpMultipartMode.BROWSER_COMPATIBLE) + .addBinaryBody("certificate", certificateFile, ContentType.create("application/x-x509-ca-cert"), "tls.crt") + .addTextBody("alias", alias, ContentType.TEXT_PLAIN) + .addTextBody("tier", "", ContentType.TEXT_PLAIN); + + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getPublisherAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + HttpEntity multipartEntity = builder.build(); + + HttpResponse response = sharedContext.getHttpClient().doPostWithMultipart(Utils.getClientCertUpdateEndpoint(sharedContext.getApiUUID()), + multipartEntity, headers); + + sharedContext.setResponse(response); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + Thread.sleep(3000); + } + + @Then("I delete the created API throttling policy") + public void delete_throtlling_policy() throws Exception { + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Bearer " + sharedContext.getAdminAccessToken()); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_API_HOST); + + logger.info("PolicyID to be deleted: " + sharedContext.getPolicyID()); + String URI = Utils.getAPIThrottlingConfigEndpoint() + "/" + sharedContext.getPolicyID(); + HttpResponse httpResponse = sharedContext.getHttpClient().doDelete(URI, headers); + sharedContext.setResponse(httpResponse); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); + Thread.sleep(3000); + } + + } diff --git a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/APKGenerationSteps.java b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/APKGenerationSteps.java index 21f2b09a07..3fc538cb37 100644 --- a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/APKGenerationSteps.java +++ b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/APKGenerationSteps.java @@ -27,17 +27,23 @@ import org.apache.http.entity.mime.content.FileBody; import org.testng.Assert; import org.wso2.apk.integration.utils.Utils; +import org.wso2.apk.integration.utils.clients.SimpleHTTPClient; import java.io.File; import java.net.URL; import java.nio.charset.StandardCharsets; +import org.apache.commons.io.IOUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + /** * This class contains the step definitions for APK generation. */ public class APKGenerationSteps { private final SharedContext sharedContext; + private static final Log logger = LogFactory.getLog(BaseSteps.class); private File definitionFile; public APKGenerationSteps(SharedContext sharedContext) { @@ -65,6 +71,7 @@ public void generate_the_apk_conf_file(String apiType) throws Exception { HttpResponse httpResponse = sharedContext.getHttpClient().doPostWithMultipart(Utils.getConfigGeneratorURL(), multipartEntity); sharedContext.setResponse(httpResponse); + sharedContext.setResponseBody(SimpleHTTPClient.responseEntityBodyToString(sharedContext.getResponse())); } @Then("the response body should be {string} in resources") @@ -72,7 +79,6 @@ public void the_response_body_should_be_in_resources(String expectedAPKConfFileP URL url = Resources.getResource(expectedAPKConfFilePath); String text = Resources.toString(url, StandardCharsets.UTF_8); - - Assert.assertEquals(sharedContext.getHttpClient().getResponsePayload(sharedContext.getResponse()), text); + Assert.assertEquals(sharedContext.getResponseBody(), text); } } diff --git a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/BaseSteps.java b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/BaseSteps.java index bdc423ec6f..de5b55014e 100644 --- a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/BaseSteps.java +++ b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/BaseSteps.java @@ -43,6 +43,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.http.Header; +import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.StatusLine; import org.apache.http.client.methods.CloseableHttpResponse; @@ -50,6 +51,9 @@ import org.wso2.apk.integration.utils.Constants; import org.wso2.apk.integration.utils.Utils; import org.wso2.apk.integration.utils.clients.SimpleHTTPClient; +import org.apache.http.entity.mime.HttpMultipartMode; +import org.apache.http.entity.mime.MultipartEntityBuilder; +import org.apache.http.entity.ContentType; import java.io.IOException; import java.io.InputStream; @@ -113,6 +117,7 @@ public void theResponseBodyShouldContain(DataTable dataTable) throws IOException public void theResponseStatusCodeShouldBe(int expectedStatusCode) throws IOException { int actualStatusCode = sharedContext.getResponse().getStatusLine().getStatusCode(); + ((CloseableHttpResponse)sharedContext.getResponse()).close(); Assert.assertEquals(actualStatusCode, expectedStatusCode); } @@ -333,6 +338,7 @@ public void iHaveValidSubscription() throws Exception { Constants.CONTENT_TYPES.APPLICATION_X_WWW_FORM_URLENCODED); sharedContext.setAccessToken(Utils.extractToken(httpResponse)); sharedContext.addStoreValue("accessToken", sharedContext.getAccessToken()); + logger.info("Access Token: " + sharedContext.getAccessToken()); } @Given("I have a valid subscription without api deploy permission") @@ -366,4 +372,90 @@ public void iHaveValidSubscriptionWithScope(DataTable dataTable) throws Exceptio sharedContext.setAccessToken(Utils.extractToken(httpResponse)); sharedContext.addStoreValue(Constants.ACCESS_TOKEN, sharedContext.getAccessToken()); } + + @Then("I remove the header {string}") + public void removeHeader(String key) { + sharedContext.removeHeader(key); + } + + @Given("I have a DCR application") + public void iHaveADCRApplication() throws Exception { + + Map headers = new HashMap<>(); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_IDP_HOST); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Basic YWRtaW46YWRtaW4="); + + HttpResponse httpResponse = httpClient.doPost(Utils.getDCREndpointURL(), headers, "{\n" + + " \"callbackUrl\":\"www.google.lk\",\n" + + " \"clientName\":\"rest_api_publisher\",\n" + + " \"owner\":\"admin\",\n" + + " \"grantType\":\"client_credentials password refresh_token\",\n" + + " \"saasApp\":true\n" + + " }", + Constants.CONTENT_TYPES.APPLICATION_JSON); + sharedContext.setBasicAuthToken(Utils.extractBasicToken(httpResponse)); + sharedContext.addStoreValue("publisherBasicAuthToken", sharedContext.getBasicAuthToken()); + } + + + @Given("I have a valid Publisher access token") + public void iHaveValidPublisherAccessToken() throws Exception { + + Map headers = new HashMap<>(); + String basicAuthHeader = "Basic " + sharedContext.getBasicAuthToken(); + logger.info("Basic Auth Header: " + basicAuthHeader); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_IDP_HOST); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, basicAuthHeader); + + HttpResponse httpResponse = httpClient.doPost(Utils.getAPIMTokenEndpointURL(), headers, "grant_type=password&username=admin&password=admin&scope=apim:api_view apim:api_create apim:api_publish apim:api_delete apim:api_manage apim:api_import_export apim:subscription_manage apim:client_certificates_add apim:client_certificates_update", + Constants.CONTENT_TYPES.APPLICATION_X_WWW_FORM_URLENCODED); + + sharedContext.setPublisherAccessToken(Utils.extractToken(httpResponse)); + sharedContext.addStoreValue("publisherAccessToken", sharedContext.getPublisherAccessToken()); + } + + @Given("I have a valid Devportal access token") + public void iHaveValidDevportalAccessToken() throws Exception { + logger.info("Basic Auth Header: " + sharedContext.getBasicAuthToken()); + + Map headers = new HashMap<>(); + String basicAuthHeader = "Basic " + sharedContext.getBasicAuthToken(); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_IDP_HOST); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, basicAuthHeader); + + HttpResponse httpResponse = httpClient.doPost(Utils.getAPIMTokenEndpointURL(), headers, "grant_type=password&username=admin&password=admin&scope=apim:app_manage apim:sub_manage apim:subscribe", + Constants.CONTENT_TYPES.APPLICATION_X_WWW_FORM_URLENCODED); + + sharedContext.setDevportalAccessToken(Utils.extractToken(httpResponse)); + sharedContext.addStoreValue("devportalAccessToken", sharedContext.getDevportalAccessToken()); + logger.info("Devportal Access Token: " + sharedContext.getDevportalAccessToken()); + } + + @Given("I have a valid Adminportal access token") + public void iHaveValidAdminportalAccessToken() throws Exception { + logger.info("Basic Auth Header: " + sharedContext.getBasicAuthToken()); + + Map headers = new HashMap<>(); + String basicAuthHeader = "Basic " + sharedContext.getBasicAuthToken(); + headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_APIM_IDP_HOST); + headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, basicAuthHeader); + + HttpResponse httpResponse = httpClient.doPost(Utils.getAPIMTokenEndpointURL(), headers, "grant_type=password&username=admin&password=admin&scope=apim:app_manage apim:admin_tier_view apim:admin_tier_manage", + Constants.CONTENT_TYPES.APPLICATION_X_WWW_FORM_URLENCODED); + sharedContext.setAdminAccessToken(Utils.extractToken(httpResponse)); + sharedContext.addStoreValue("adminportalAccessToken", sharedContext.getAdminAccessToken()); + logger.info("Admin Access Token: " + sharedContext.getAdminAccessToken()); + } + + @Then("the response should be given as valid") + public void theResponseShouldBeGivenAs() throws IOException { + Boolean status = sharedContext.getDefinitionValidStatus(); + Assert.assertEquals(true, status,"Actual definition validation status: "+ status); + } + + @Then("I set {string} as the new access token") + public void set_invalid_access_token(String newToken) throws Exception { + sharedContext.setApiAccessToken(newToken); + sharedContext.addStoreValue("accessToken",sharedContext.getApiAccessToken()); + } } diff --git a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/SharedContext.java b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/SharedContext.java index 782e061738..85dd45b441 100644 --- a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/SharedContext.java +++ b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/SharedContext.java @@ -34,6 +34,26 @@ public class SharedContext { private String accessToken; private HttpResponse response; private String responseBody; + private String publisherAccessToken; + private String devportalAccessToken; + private String adminportalAccessToken; + private String basicAuthToken; + private String apiUUID; + private String revisionUUID; + private String applicationUUID; + private String keyManagerUUID; + private String oauthKeyUUID; + private String consumerSecret; + private String consumerKey; + private String sandboxConsumerSecret; + private String sandboxConsumerKey; + private String prodKeyMappingID; + private String sandboxKeyMappingID; + private String apiAccessToken; + private Boolean definitionValidStatus; + private String subscriptionID; + private String internalKey; + private static String policyID; private HashMap valueStore = new HashMap<>(); private HashMap headers = new HashMap<>(); @@ -97,4 +117,185 @@ public void setResponseBody(String responseBody) { this.responseBody = responseBody; } + + public String getPublisherAccessToken() { + + return publisherAccessToken; + } + + public void setPublisherAccessToken(String accessToken) { + + this.publisherAccessToken = accessToken; + } + + public String getDevportalAccessToken() { + + return devportalAccessToken; + } + + public void setDevportalAccessToken(String accessToken) { + + this.devportalAccessToken = accessToken; + } + + public String getAdminAccessToken() { + + return adminportalAccessToken; + } + + public void setAdminAccessToken(String accessToken) { + + this.adminportalAccessToken = accessToken; + } + + public String getBasicAuthToken() { + + return basicAuthToken; + } + + public void setBasicAuthToken(String basicAuthToken) { + + this.basicAuthToken = basicAuthToken; + } + + public String getApiUUID() { + + return apiUUID; + } + + public void setApiUUID(String apiUUID) { + + this.apiUUID = apiUUID; + } + + public String getRevisionUUID() { + + return revisionUUID; + } + + public void setRevisionUUID(String revisionUUID) { + + this.revisionUUID = revisionUUID; + } + + public String getApplicationUUID() { + + return applicationUUID; + } + + public void setApplicationUUID(String applicationUUID) { + + this.applicationUUID = applicationUUID; + } + + public String getKeyManagerUUID() { + + return keyManagerUUID; + } + + public void setKeyManagerUUID(String keyManagerUUID) { + + this.keyManagerUUID = keyManagerUUID; + } + + public String getOauthKeyUUID() { + + return oauthKeyUUID; + } + + public void setOauthKeyUUID(String oauthKeyUUID) { + + this.oauthKeyUUID = oauthKeyUUID; + } + + public void setAPIInternalKey(String internalKey){ + this.internalKey = internalKey; + } + + public String getAPIInternalKey(){ + return internalKey; + } + + public String getConsumerSecret(String keyType) { + if ("production".equals(keyType)) + return consumerSecret; + else if ("sandbox".equals(keyType)) + return sandboxConsumerSecret; + return ""; + } + + public void setConsumerSecret(String consumerSecret, String keyType) { + if ("production".equals(keyType)) + this.consumerSecret = consumerSecret; + else if ("sandbox".equals(keyType)) + this.sandboxConsumerSecret = consumerSecret; + } + + public String getConsumerKey(String keyType) { + if ("production".equals(keyType)) + return consumerKey; + else if ("sandbox".equals(keyType)) + return sandboxConsumerKey; + return ""; + } + + public void setConsumerKey(String consumerKey, String keyType) { + if ("production".equals(keyType)) + this.consumerKey = consumerKey; + else if ("sandbox".equals(keyType)) + this.sandboxConsumerKey = consumerKey; + } + + public void setKeyMappingID(String keyMappingID, String keyType){ + if ("production".equals(keyType)) + this.prodKeyMappingID = keyMappingID; + else if ("sandbox".equals(keyType)) + this.sandboxKeyMappingID = keyMappingID; + } + + public String getKeyMappingID(String keyType){ + if ("production".equals(keyType)) + return prodKeyMappingID; + else if ("sandbox".equals(keyType)) + return sandboxKeyMappingID; + return ""; + } + + public String getApiAccessToken() { + + return apiAccessToken; + } + + public void setApiAccessToken(String apiAccessToken) { + + this.apiAccessToken = apiAccessToken; + } + + public void setAPIDefinitionValidStatus(Boolean definitionValidStatus){ + this.definitionValidStatus = definitionValidStatus; + } + + public Boolean getDefinitionValidStatus(){ + return definitionValidStatus; + } + + public String getSubscriptionID() { + + return subscriptionID; + } + + public void setSubscriptionID(String subID) { + + this.subscriptionID = subID; + } + + public String getPolicyID() { + + return policyID; + } + + public void setPolicyID(String policyId) { + + this.policyID = policyId; + } } diff --git a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/utils/Constants.java b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/utils/Constants.java index f02327fc96..5113264d0b 100644 --- a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/utils/Constants.java +++ b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/utils/Constants.java @@ -32,6 +32,17 @@ public class Constants { public static final String SUBSCRIPTION_BASIC_AUTH_TOKEN = "Basic NDVmMWM1YzgtYTkyZS0xMWVkLWFmYTEtMDI0MmFjMTIwMDAyOjRmYmQ2MmVjLWE5MmUtMTFlZC1hZmExLTAyNDJhYzEyMDAwMg=="; + public static final String DEFAULT_APIM_IDP_HOST = "am.wso2.com"; + public static final String DEFAULT_APIM_API_HOST = "am.wso2.com"; + public static final String DEFAULT_APIM_GW_PORT = ""; + public static final String DEFAULT_APIM_TOKEN_EP = "oauth2/token"; + public static final String DEFAULT_DCR_EP = "client-registration/v0.17/register"; + public static final String DEFAULT_APIM_API_CONFIGURATOR = "api/configurator/1.1.0/"; + public static final String DEFAULT_APIM_API_DEPLOYER = "api/am/publisher/v4/"; + public static final String DEFAULT_DEVPORTAL = "api/am/devportal/v3/"; + public static final String DEFAULT_ADMINPORTAL = "api/am/admin/v4/"; + public static final String DEFAULT_APIM_HOST = "apim.wso2.com"; + public class REQUEST_HEADERS { public static final String HOST = "Host"; @@ -43,5 +54,15 @@ public class CONTENT_TYPES { public static final String APPLICATION_JSON = "application/json"; public static final String APPLICATION_X_WWW_FORM_URLENCODED = "application/x-www-form-urlencoded"; + + public static final String MULTIPART_FORM_DATA = "multipart/form-data"; + + public static final String APPLICATION_OCTET_STREAM = "application/octet-stream"; + + public static final String APPLICATION_ZIP = "application/zip"; + + public static final String TEXT_PLAIN = "text/plain"; + + public static final String APPLICATION_CA_CERT = "application/x-x509-ca-cert"; } } diff --git a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/utils/Utils.java b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/utils/Utils.java index 2097b61d0f..c8a56a2c95 100644 --- a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/utils/Utils.java +++ b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/utils/Utils.java @@ -29,12 +29,18 @@ import java.io.InputStreamReader; import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; +import java.util.Base64; import java.util.HashMap; import java.util.Map; import java.util.Optional; import java.util.regex.Matcher; import java.util.regex.Pattern; +import org.json.simple.JSONArray; +import org.json.simple.JSONObject; +import org.json.simple.parser.JSONParser; +import org.json.simple.parser.ParseException; + public class Utils { public static String getConfigGeneratorURL() { @@ -111,4 +117,297 @@ public static String resolveVariables(String input, Map valueSto matcher.appendTail(resolvedString); return resolvedString.toString(); } + + public static String getAPIMConfigGeneratorURL() { + + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_APIM_API_CONFIGURATOR + "apis/generate-configuration"; + } + + public static String getDCREndpointURL() { + + return "https://" + Constants.DEFAULT_APIM_IDP_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_DCR_EP; + } + + public static String getAPIMTokenEndpointURL() { + + return "https://" + Constants.DEFAULT_APIM_IDP_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_APIM_TOKEN_EP; + } + + public static String getAPIMAPIDeployerURL() { + + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_APIM_API_DEPLOYER + "apis/deploy"; + } + + public static String getImportAPIURL() { + + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_APIM_API_DEPLOYER + "apis/import-openapi"; + } + + public static String getAPIRevisionURL(String apiUUID) { + + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_APIM_API_DEPLOYER + "apis/" + apiUUID + "/revisions"; + } + + public static String getAPIChangeLifecycleURL(String apiUUID) { + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_APIM_API_DEPLOYER + "apis/change-lifecycle?action=Publish&apiId=" + apiUUID; + } + + public static String getApplicationCreateURL() { + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_DEVPORTAL + "applications"; + } + + public static String getGenerateKeysURL(String applicationId) { + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_DEVPORTAL + "applications/" + applicationId + "/generate-keys"; + } + + public static String getOauthKeysURL(String applicationId) { + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_DEVPORTAL + "applications/" + applicationId + "/oauth-keys"; + } + + public static String getKeyManagerURL() { + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_DEVPORTAL+ "key-managers"; + } + + public static String getSubscriptionURL() { + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_DEVPORTAL + "subscriptions"; + } + + public static String getAccessTokenGenerationURL(String applicationId, String oauthKeyId) { + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_DEVPORTAL + "applications/" + applicationId + "/oauth-keys/" + oauthKeyId + "/generate-token"; + } + + public static String getAPIRevisionDeploymentURL(String apiUUID, String revisionId) { + + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_APIM_API_DEPLOYER + "apis/" + apiUUID + "/deploy-revision?revisionId=" + revisionId; + } + + public static String getAPIUnDeployerURL(String apiID) { + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_APIM_API_DEPLOYER + "apis/" + apiID; + } + + public static String getGQLSchemaValidatorURL() { + return "https://" + Constants.DEFAULT_APIM_API_HOST + "/" + + Constants.DEFAULT_APIM_API_DEPLOYER + "apis/validate-graphql-schema"; + } + + public static String getGQLImportAPIURL() { + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_APIM_API_DEPLOYER + "apis/import-graphql-schema"; + } + + public static String getAPISearchEndpoint(String queryValue) { + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_APIM_API_DEPLOYER + "search?query=content:" + queryValue; + } + + public static String getAPINewVersionCreationURL() { + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_APIM_API_DEPLOYER + "apis/copy-api"; + } + + public static String getAPIThrottlingConfigEndpoint() { + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_ADMINPORTAL+ "throttling/policies/advanced"; + } + + public static String getSubscriptionBlockingURL(String subscriptionID) { + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_APIM_API_DEPLOYER+ "subscriptions/block-subscription?subscriptionId=" + subscriptionID+ "&blockState=BLOCKED"; + } + + public static String getInternalKeyGenerationEndpoint(String APIUUID) { + return "https://" + Constants.DEFAULT_APIM_API_HOST + ":" + Constants.DEFAULT_APIM_GW_PORT + "/" + + Constants.DEFAULT_APIM_API_DEPLOYER+ "apis/" + APIUUID+ "/generate-key"; + } + + public static String getClientCertUpdateEndpoint(String APIUUID) { + return "https://" + Constants.DEFAULT_APIM_API_HOST + "/" + + Constants.DEFAULT_APIM_API_DEPLOYER+ "apis/" + APIUUID+ "/client-certificates"; + } + + public static String extractID(String payload) throws IOException { + + JSONParser parser = new JSONParser(); + try { + // Parse the JSON string + JSONObject jsonObject = (JSONObject) parser.parse(payload); + + // Get the value of the "id" attribute + String idValue = (String) jsonObject.get("id"); + return idValue; + } catch (ParseException e) { + throw new IOException("Error while parsing the JSON payload: " + e.getMessage()); + } + } + + public static String extractApplicationID(String payload) throws IOException { + + JSONParser parser = new JSONParser(); + try { + // Parse the JSON string + JSONObject jsonObject = (JSONObject) parser.parse(payload); + + // Get the value of the "applicationId" attribute + String idValue = (String) jsonObject.get("applicationId"); + return idValue; + } catch (ParseException e) { + throw new IOException("Error while parsing the JSON payload: " + e.getMessage()); + } + } + + public static String extractKeyManagerID(String payload) throws IOException { + + JSONParser parser = new JSONParser(); + try { + // Parse the JSON string + JSONObject jsonObject = (JSONObject) parser.parse(payload); + + // Get the value of the "id" attribute + JSONArray idValue = (JSONArray)jsonObject.get("list"); + JSONObject keyManager = (JSONObject) idValue.get(0); + String keyManagerId = (String) keyManager.get("id"); + return keyManagerId; + } catch (ParseException e) { + throw new IOException("Error while parsing the JSON payload: " + e.getMessage()); + } + } + + public static String extractOAuthMappingID(String payload, String keyMappingID) throws IOException { + JSONParser parser = new JSONParser(); + try { + JSONObject jsonObject = (JSONObject) parser.parse(payload); + JSONArray list = (JSONArray) jsonObject.get("list"); + + for (Object obj : list) { + JSONObject keyManager = (JSONObject) obj; + String currentKeyMappingId = (String) keyManager.get("keyMappingId"); + if (keyMappingID.equals(currentKeyMappingId)) { + return currentKeyMappingId; + } + } + return null; + + } catch (ParseException e) { + throw new IOException("Error while parsing the JSON payload: " + e.getMessage()); + } + } + + public static String extractKeys(String payload, String key) throws IOException { + + JSONParser parser = new JSONParser(); + try { + // Parse the JSON string + JSONObject jsonObject = (JSONObject) parser.parse(payload); + + // Get the value of the "applicationId" attribute + String idValue = (String) jsonObject.get(key); + return idValue; + } catch (ParseException e) { + throw new IOException("Error while parsing the JSON payload: " + e.getMessage()); + } + } + + public static String extractBasicToken(HttpResponse response) throws IOException { + + int responseCode = response.getStatusLine().getStatusCode(); + String clientId = null; + String clientSecret = null; + + HttpEntity entity = response.getEntity(); + Charset charset = ContentType.getOrDefault(entity).getCharset(); + if (charset == null) { + charset = StandardCharsets.UTF_8; + } + + BufferedReader reader = new BufferedReader(new InputStreamReader(entity.getContent(), charset)); + String inputLine; + StringBuilder stringBuilder = new StringBuilder(); + + while ((inputLine = reader.readLine()) != null) { + stringBuilder.append(inputLine); + } + + if (responseCode != HttpStatus.SC_OK) { + throw new IOException("Error while accessing the Token URL. " + + response.getStatusLine()); + } + + JsonParser parser = new JsonParser(); + JsonObject jsonResponse = (JsonObject) parser.parse(stringBuilder.toString()); + if (jsonResponse.has("clientId")) { + clientId = jsonResponse.get("clientId").getAsString(); + } + if (jsonResponse.has("clientSecret")) { + clientSecret = jsonResponse.get("clientSecret").getAsString(); + } + if (clientId != null && clientSecret != null) { + // base64 encode the clientId and clientSecret + return Base64.getEncoder().encodeToString((clientId + ":" + clientSecret).getBytes()); + + } + throw new IOException("Missing key [access_token] in the response from the OAuth server"); + } + + public static Boolean extractValidStatus(String payload) throws IOException { + JSONParser parser = new JSONParser(); + try { + // Parse the JSON string + JSONObject jsonObject = (JSONObject) parser.parse(payload); + + // Get the value of the "isValid" attribute + Boolean validStatus = (Boolean) jsonObject.get("isValid"); + return validStatus; + } catch (ParseException e) { + throw new IOException("Error while parsing the JSON payload: " + e.getMessage()); + } + } + + public static String extractApplicationUUID(String payload) throws IOException { + JSONParser parser = new JSONParser(); + try { + JSONObject jsonObject = (JSONObject) parser.parse(payload); + long count = (long) jsonObject.get("count"); + if (count == 1) { + JSONArray list = (JSONArray) jsonObject.get("list"); + JSONObject applicationObj = (JSONObject) list.get(0); + String applicationId = (String) applicationObj.get("applicationId"); + return applicationId; + } + } catch (ParseException e) { + throw new IOException("Error while parsing the JSON payload: " + e.getMessage()); + } + return null; // Return null if count is not 1 + } + + public static String extractAPIUUID(String payload) throws IOException { + JSONParser parser = new JSONParser(); + try { + JSONObject jsonObject = (JSONObject) parser.parse(payload); + long count = (long) jsonObject.get("count"); + if (count == 1) { + JSONArray list = (JSONArray) jsonObject.get("list"); + JSONObject apiObj = (JSONObject) list.get(0); + String apiId = (String) apiObj.get("id"); + return apiId; + } + } catch (ParseException e) { + throw new IOException("Error while parsing the JSON payload: " + e.getMessage()); + } + return null; // Return null if count is not 1 + } } diff --git a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/utils/clients/SimpleHTTPClient.java b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/utils/clients/SimpleHTTPClient.java index 7ed750a43c..d06cd07056 100644 --- a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/utils/clients/SimpleHTTPClient.java +++ b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/utils/clients/SimpleHTTPClient.java @@ -23,6 +23,7 @@ import org.apache.http.HttpEntity; import org.apache.http.HttpEntityEnclosingRequest; import org.apache.http.HttpHeaders; +import javax.net.ssl.TrustManager; import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; import org.apache.http.client.methods.CloseableHttpResponse; @@ -35,6 +36,7 @@ import org.apache.http.client.methods.HttpPut; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.conn.HttpClientConnectionManager; +import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.conn.ssl.TrustAllStrategy; import org.apache.http.entity.ContentProducer; @@ -44,6 +46,7 @@ import org.apache.http.entity.mime.MultipartEntityBuilder; import org.apache.http.entity.mime.content.FileBody; import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import org.apache.http.ssl.SSLContexts; @@ -60,32 +63,72 @@ import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.util.HashMap; +import java.security.cert.X509Certificate; import java.util.List; import java.util.Map; import java.util.zip.GZIPOutputStream; import javax.net.ssl.SSLContext; +import javax.net.ssl.X509TrustManager; public class SimpleHTTPClient { protected Log log = LogFactory.getLog(getClass()); private CloseableHttpClient client; private HttpUriRequest lastRequest; - private static final int EVENTUAL_SUCCESS_RESPONSE_TIMEOUT_IN_SECONDS = 10; + private static final int EVENTUAL_SUCCESS_RESPONSE_TIMEOUT_IN_SECONDS = 15; public SimpleHTTPClient() throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException { + String httpClientSetup = System.getProperty("http.client.setup", "apk"); + log.info(httpClientSetup); + + if ("apk".equals(httpClientSetup)) { + final SSLContext sslcontext = SSLContexts.custom() + .loadTrustMaterial(null, new TrustAllStrategy()) + .build(); + + final SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslcontext); + this.client = HttpClients.custom() + .setSSLSocketFactory(csf) + .evictExpiredConnections() + .setMaxConnPerRoute(100) + .setMaxConnTotal(1000) + .build(); + this.lastRequest = null; + } + else if ("apim-apk".equals(httpClientSetup)) { + // Create SSL context that trusts all certificates + SSLContext sslContext = createAcceptAllSSLContext(); - final SSLContext sslcontext = SSLContexts.custom() - .loadTrustMaterial(null, new TrustAllStrategy()) - .build(); + // Create a socket factory with custom SSL context and hostname verifier that accepts all hostnames + SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, + NoopHostnameVerifier.INSTANCE); - final SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslcontext); - this.client = HttpClients.custom() - .setSSLSocketFactory(csf) - .evictExpiredConnections() - .setMaxConnPerRoute(100) - .setMaxConnTotal(1000) - .build(); - this.lastRequest = null; + // Create HttpClient with custom SSL socket factory + this.client = HttpClientBuilder.create().setSSLSocketFactory(sslSocketFactory).build(); + this.lastRequest = null; + } + } + + private SSLContext createAcceptAllSSLContext() throws NoSuchAlgorithmException, KeyManagementException { + // Create a TrustManager that trusts all certificates + TrustManager[] trustAllCerts = new TrustManager[]{ + new X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + + public void checkClientTrusted(X509Certificate[] certs, String authType) { + } + + public void checkServerTrusted(X509Certificate[] certs, String authType) { + } + } + }; + + // Create SSL context with the TrustManager that trusts all certificates + SSLContext sslContext = SSLContext.getInstance("TLS"); + sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); + return sslContext; } /** @@ -141,7 +184,6 @@ public HttpResponse doPost(String url, final Map headers, final EntityTemplate ent = new EntityTemplate(new ContentProducer() { public void writeTo(OutputStream outputStream) throws IOException { - OutputStream out = outputStream; if (zip) { out = new GZIPOutputStream(outputStream); @@ -161,6 +203,7 @@ public void writeTo(OutputStream outputStream) throws IOException { } entityEncReq.setEntity(ent); this.lastRequest = request; + log.info("Request: " + request); return client.execute(request); } diff --git a/test/cucumber-tests/src/test/resources/artifacts/certificates/config-map-1.crt b/test/cucumber-tests/src/test/resources/artifacts/certificates/config-map-1.crt new file mode 100644 index 0000000000..9687e88707 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/certificates/config-map-1.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGTCCAgECFANIkLQBkd76qiTXzSXjBS2scPJsMA0GCSqGSIb3DQEBCwUAME0x +CzAJBgNVBAYTAkxLMRMwEQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDAR3c28y +MQwwCgYDVQQLDANhcGsxDDAKBgNVBAMMA2FwazAeFw0yMzEyMDYxMDEyNDhaFw0y +NTA0MTkxMDEyNDhaMEUxCzAJBgNVBAYTAkxLMRMwEQYDVQQIDApTb21lLVN0YXRl +MSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCdG90W/Tlk4u9awHPteD5zpVcThUKwMLvAKw9i +vVQBC0AG6GzPbakol5gKVm+kBUDFzzzF6eayEXKWbyaZDty66A2+7HLLcKBop5M/ +a57Q9XtU3lRYvotgutLWuHcI7mLCScZDrjA3rnb/KjjbhZ602ZS1pp5jtyUz6DwL +m7w4wQ/RProqCdBj8QqoAvnDDLSPeDfsx14J5VeNJVGJV2wax65jWRjRkj6wE7z2 +qzWAlP5vDeED6bogYYVDpC8DtgayQ+vKAQLi1uj+I9Yqb/nPUrdUh9IlxudlqiFQ +QxyvsXMJEzbWWmlbD0kXYkHmHzetJNPK9ayOS/fJcAcfAb01AgMBAAEwDQYJKoZI +hvcNAQELBQADggEBAFmUc7+cI8d0Dl4wTdq+gfyWdqjQb7AYVO9DvJi3XGxdc5Kp +1nCSsKzKUz9gvxXHeaYKrBNYf4SSU+Pkdf/BWePqi7UX/SIxNXby2da8zWg+W6Uh +xZfKlLYGMp3mCjueZpZTJ7SKOOGFA8IIgEzjJD9Ln1gl3ywMaCwlNrG9RpiD1McT +COKvyWNKnSRVr/RvCklLVrAMTJr50kce2czcdFl/xF4Hm66vp7cP/bYJKWAL8hBG +zUa9aQBKncOoAO+zQ/SGy7uJxTDUF8SverDsmjOc6AU6IhBGVUyX/JQbYyJfZinB +YlviYxVzIm6IaNJHx4sihw4U1/jMFWRXT470zcQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/certificates/config-map-2.crt b/test/cucumber-tests/src/test/resources/artifacts/certificates/config-map-2.crt new file mode 100644 index 0000000000..041c596e7c --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/certificates/config-map-2.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDkTCCAnmgAwIBAgIUJitjysknJ0nHeLH/mjT1JIpOz4YwDQYJKoZIhvcNAQEL +BQAwYDELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVlvdXJTdGF0ZTERMA8GA1UEBwwI +WW91ckNpdHkxGTAXBgNVBAoMEFlvdXJPcmdhbml6YXRpb24xDzANBgNVBAMMBllv +dXJDQTAeFw0yNDAxMDUwNDAwMjNaFw0yNTAxMDQwNDAwMjNaMGExCzAJBgNVBAYT +AlVTMRIwEAYDVQQIDAlZb3VyU3RhdGUxETAPBgNVBAcMCFlvdXJDaXR5MRkwFwYD +VQQKDBBZb3VyT3JnYW5pemF0aW9uMRAwDgYDVQQDDAdjbGllbnQxMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJhFZmCVnj6N+/+HHuMvb4vyWqWcorUf +pAWO7a3YVsHp3BX+lbGGzh67jbPcFK6K7RqejenFw7sQK8duZlqXmik/JvZMLxY3 +l/6e8LIAhN7PaX1zg58OU61baQ5VNBhUXkoYN77xqb87Yo7IFyyQ/tyWfRVFEzNj +V1+q2MpEinuscViieIQHEpB4i6fsRxomYkR+FwdfCB65MYCYveIB1z9NkmR6Pm6V +7zSPp+QYwc6WX4/61fbRje4BJh3j+FGYboJJg1o9O/MkD70RW6mdMV1l5bT9T98W +B+hJtN+5dEpSfAwXqlWWxzhDxNsEvdSwuoLz9e58gteR1LSLaJXMjQIDAQABo0Iw +QDAdBgNVHQ4EFgQULaoslUgyglywztd95CkL6sU5wa4wHwYDVR0jBBgwFoAUGUkK ++QXBjeGMy7XVnrXfrvVJUNswDQYJKoZIhvcNAQELBQADggEBABodQ1Y7zt7kvDI8 +jQUfLLkZZAPnVpjYpG7P1dLjOzUxqDNmyZAzoBMENXy/Zu81sRQt+Bs5NKsx1pu5 +z2TRk9ddxhszD1FKu9Hb6hqLcGHF7GnwPGVXJlHctkMp4QYvXc942VDk7c59/knC +PXAul7832cPTUMvFHdzRxBwJruK9xuvNLj2I24+Fji1ELPO7M/e8KZ1NrIS0Fdwn +DuDDw3kMkl0BlSrmvMBreSaIOU4mFhmepC97awZ/wZZ+4mpIdWIagZf01txue8o0 ++8kdGkFsmoCpnJjNjpoQFAYLEdif00iLcRpwwW/saUuxqZC0aDnQCIeo0GSNet8t +HOXCkvQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/certificates/config-map-3.crt b/test/cucumber-tests/src/test/resources/artifacts/certificates/config-map-3.crt new file mode 100644 index 0000000000..f94ba143db --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/certificates/config-map-3.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDkTCCAnmgAwIBAgIUJitjysknJ0nHeLH/mjT1JIpOz4cwDQYJKoZIhvcNAQEL +BQAwYDELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVlvdXJTdGF0ZTERMA8GA1UEBwwI +WW91ckNpdHkxGTAXBgNVBAoMEFlvdXJPcmdhbml6YXRpb24xDzANBgNVBAMMBllv +dXJDQTAeFw0yNDAxMDUwNDE0MTlaFw0yNTAxMDQwNDE0MTlaMGExCzAJBgNVBAYT +AlVTMRIwEAYDVQQIDAlZb3VyU3RhdGUxETAPBgNVBAcMCFlvdXJDaXR5MRkwFwYD +VQQKDBBZb3VyT3JnYW5pemF0aW9uMRAwDgYDVQQDDAdjbGllbnQyMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2JQ8LITwayvjrrHUmFT44lH3IF3fdPhr +pQgKx7Z295QD9Ocka2rOFu47tuIeNcLiBTSyRLOFDRwjW9WXfWk9ALtxbedJfDyy +us/kLxY+SdzHW7/5dFbupGOcs58A/sxMyGTJgiCBxsgsRFfhet7ekq/ypmj5B8L3 +5FlGg5NS0mbZlTM6aapLnkqU907RcsmzpFQBfWOHlDdWJocKEHECBXcxiTQk72C7 +s2tndES5ltX/Wc8U/kX/M9LDXhn1Ew+roeFf0HCpdg6BlnTknhYU9S1c4aYKB2Yx +LNx74CsKsnxPPcePTXPqZEtZ4EsjF4PSToVFyceMBKvD6C6WPQoRNwIDAQABo0Iw +QDAdBgNVHQ4EFgQUWE8btMihi5eZXLJOeiNfh7XHaI0wHwYDVR0jBBgwFoAUGUkK ++QXBjeGMy7XVnrXfrvVJUNswDQYJKoZIhvcNAQELBQADggEBAJmXn/gefez7mq1b +iKpPLPeHUncIgVaru03v8YCX14pHFAsVuLgZ1lANelSrq+PR/HBJbQj8iloV938o +YFppe/fb96D8a2u90dnGwWipMRSDo3wgcInL38xfcH5UEPBVJVLa3IUkfwDjjEqK +3O0GXVSpjyv3RW+E9wfPfGSysRX66cTo5Uh3z3hTAloDc8uhCYRPcxG7S9eKD6jW +Z3MlFlw4U8CdO90L0nB1KFhz1Et0Sl9u/LDsUYq6mE+XhTngPs8qwR/o43s1DUID +y5Oi4A4+id+xO0XnHIkkqCfPtFzxl3hwytcy8EqISynzzHWNJ8bFZIYX4tgX+PLq +u0/ITEw= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/certificates/invalid-cert.crt b/test/cucumber-tests/src/test/resources/artifacts/certificates/invalid-cert.crt new file mode 100644 index 0000000000..c526af6bd6 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/certificates/invalid-cert.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +invalidcertificate +-----END CERTIFICATE----- \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/certificates/tls.crt b/test/cucumber-tests/src/test/resources/artifacts/certificates/tls.crt new file mode 100644 index 0000000000..46fa79fc6c --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/certificates/tls.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDCTCCAfGgAwIBAgIUeINiBxKE48ZayvCanHDpjBBWWT0wDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI0MDIwMjA4NDMxOFoXDTI1MDIw +MTA4NDMxOFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA4Cb1Kgflk0cqGl1OonsCHD8VZI8Njc4KH0guf0Vy9lcf +s937MX3jfjfZckdao+ontDK5FdXNpalSHXVsv0HFOkUwpg2RHykULzBftG8YQrV/ +6NZgvVOPaX4IjGqkQaKdaY0nQGWH5g1RWYOxrBQEagpGjbWeBi2V4D0+4WkLVpjn +Ovqs3YIlHBPihC28OXi6N1K4cy1/lWOpQ+tVEVaQ05evybxMRT+0p4mOmc5LIRzF +ovjh9dJie47AlYOoI6WCKBSqESm9E1i49vWg5Ya3p0opDt/mLb90yhcPs4Et3Atw +aDH+7hHQ8UFkP1e5MA/r8ikWh0PQnB5liPWFbG14EwIDAQABo1MwUTAdBgNVHQ4E +FgQUkeTnxySX8Vylu3H3MttzP1SUj/EwHwYDVR0jBBgwFoAUkeTnxySX8Vylu3H3 +MttzP1SUj/EwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAksub +Vus945gRyQsZrEQlP4Wq8VgEJfy/f26gV7SutaPaYb9wsFIou8favoZkqBVo51Qd +yvh5aSplMr8G8hR/u0QpPtiKF6x1Mm7pe7DILuL17f46aWw4H8znFMMlYm3XmXwC +ATDIR7Cm+HMH3VhI3FfMrXNeg8QAm+Gkya0a0717xfGmlSsKPj/Rx07e5M+XU/Zq +NOnPsWq8BZ6gJdtvL8Xq6kk9WLdzsdE0JUv0/zuXkXzvs+/61shh2A2ot78d3XpT +RAlXLyYWrmyp4G3XQvW1thaAxHF8NKlm+9QBXIeYi8R5pcNwDLbxXo2N7vJx/r+w +DXoeIHImTMHHH5CWnw== +-----END CERTIFICATE----- diff --git a/test/cucumber-tests/src/test/resources/artifacts/definitions/cors-definition.json b/test/cucumber-tests/src/test/resources/artifacts/definitions/cors-definition.json new file mode 100644 index 0000000000..29a7ce15a3 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/definitions/cors-definition.json @@ -0,0 +1,41 @@ +{ + "openapi": "3.0.1", + "info": { + "title": "test-cors", + "description": "A simple HTTP Request & Response Service", + "version": "2.0.0" + }, + "servers": [ + { + "url": "https://httpbin.org" + } + ], + "tags": [ + { + "name": "HTTP Methods", + "description": "Testing different HTTP verbs" + }, + { + "name": "Auth", + "description": "Auth methods" + } + ], + "paths": { + "/anything": { + "get": { + "tags": [ + "Anything" + ], + "summary": "Returns anything passed in request data.", + "responses": { + "200": { + "description": "Anything passed in request", + "content": {} + } + } + } + } + }, + "components": {} +} + diff --git a/test/cucumber-tests/src/test/resources/artifacts/definitions/employee_with_rl_r.json b/test/cucumber-tests/src/test/resources/artifacts/definitions/employee_with_rl_r.json new file mode 100644 index 0000000000..13a1d56080 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/definitions/employee_with_rl_r.json @@ -0,0 +1,282 @@ +{ + "openapi": "3.0.1", + "info": { + "title": "SimpleRateLimitResourceLevelAPI", + "version": "3.14" + }, + "servers": [ + { + "url": "http://backend:80/anything", + "description": "Server URL" + } + ], + "security": [ + { + "default": [] + } + ], + "paths": { + "/employee": { + "get": { + "tags": [ + "employee-controller" + ], + "operationId": "getEmployees", + "parameters": [ + { + "name": "id", + "in": "query", + "required": true, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "default response", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Employee" + } + } + } + } + } + }, + "security": [ + { + "default": [] + } + ], + "x-throttling-tier": "TestRatelimit", + "x-auth-type": "Application & Application User", + "x-wso2-application-security": { + "security-types": [ + "oauth2" + ], + "optional": false + } + }, + "post": { + "tags": [ + "employee-controller" + ], + "operationId": "addEmployee", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Employee" + } + } + } + }, + "responses": { + "200": { + "description": "default response", + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/Employee" + } + } + } + } + }, + "security": [ + { + "default": [] + } + ], + "x-throttling-tier": "Unlimited", + "x-auth-type": "Application & Application User", + "x-wso2-application-security": { + "security-types": [ + "oauth2" + ], + "optional": false + } + } + }, + "/employee/{employeeId}": { + "put": { + "tags": [ + "employee-controller" + ], + "operationId": "editEmployee", + "parameters": [ + { + "name": "employeeId", + "in": "path", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "integer", + "format": "int32" + } + } + ], + "responses": { + "200": { + "description": "default response", + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/Employee" + } + } + } + } + }, + "security": [ + { + "default": [] + } + ], + "x-throttling-tier": "Unlimited", + "x-auth-type": "Application & Application User", + "x-wso2-application-security": { + "security-types": [ + "oauth2" + ], + "optional": false + } + }, + "delete": { + "tags": [ + "employee-controller" + ], + "operationId": "deleteEmployee", + "parameters": [ + { + "name": "employeeId", + "in": "path", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "integer", + "format": "int32" + } + } + ], + "responses": { + "200": { + "description": "default response", + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/Employee" + } + } + } + } + }, + "security": [ + { + "default": [] + } + ], + "x-throttling-tier": "Unlimited", + "x-auth-type": "Application & Application User", + "x-wso2-application-security": { + "security-types": [ + "oauth2" + ], + "optional": false + } + } + } + }, + "components": { + "schemas": { + "Employee": { + "type": "object", + "properties": { + "empId": { + "type": "string" + }, + "name": { + "type": "string" + }, + "designation": { + "type": "string" + }, + "salary": { + "type": "number", + "format": "double" + } + } + } + }, + "securitySchemes": { + "default": { + "type": "oauth2", + "flows": { + "implicit": { + "authorizationUrl": "https://test.com", + "scopes": {} + } + } + } + } + }, + "x-wso2-api-key-header": "ApiKey", + "x-wso2-auth-header": "Authorization", + "x-throttling-tier": "TestRatelimit", + "x-wso2-cors": { + "corsConfigurationEnabled": false, + "accessControlAllowOrigins": [ + "*" + ], + "accessControlAllowCredentials": false, + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "x-wso2-production-endpoints": { + "urls": [ + "http://backend:80/anything" + ], + "type": "http" + }, + "x-wso2-sandbox-endpoints": { + "urls": [ + "http://backend:80/anything" + ], + "type": "http" + }, + "x-wso2-basePath": "/simple-rl-r/3.14", + "x-wso2-transports": [ + "http", + "https" + ], + "x-wso2-application-security": { + "security-types": [ + "oauth2" + ], + "optional": false + }, + "x-wso2-response-cache": { + "enabled": false, + "cacheTimeoutInSeconds": 300 + } +} diff --git a/test/cucumber-tests/src/test/resources/artifacts/definitions/schema_graphql.graphql b/test/cucumber-tests/src/test/resources/artifacts/definitions/schema_graphql.graphql new file mode 100644 index 0000000000..d8273eab32 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/definitions/schema_graphql.graphql @@ -0,0 +1,199 @@ +schema { + query: Query + mutation: Mutation + subscription: Subscription +} + +# The query type, represents all of the entry points into our object graph +type Query { + hero(episode: Episode): Character + reviews(episode: Episode!): [Review] + search(text: String): [SearchResult] + character(id: ID!): Character + droid(id: ID!): Droid + human(id: ID!): Human + allHumans(first: Int): [Human] + allDroids(first: Int): [Droid] + allCharacters(first: Int): [Character] + starship(id: ID!): Starship +} + +# The mutation type, represents all updates we can make to our data +type Mutation { + createReview(episode: Episode, review: ReviewInput!): Review +} + +# The subscription type, represents all subscriptions we can make to our data +type Subscription { + reviewAdded(episode: Episode): Review +} + +# The episodes in the Star Wars trilogy +enum Episode { + # Star Wars Episode IV: A New Hope, released in 1977. + NEWHOPE + + # Star Wars Episode V: The Empire Strikes Back, released in 1980. + EMPIRE + + # Star Wars Episode VI: Return of the Jedi, released in 1983. + JEDI + + # Star Wars Episode III: Revenge of the Sith, released in 2005 + SITH +} + +# A character from the Star Wars universe +interface Character { + # The ID of the character + id: ID! + + # The name of the character + name: String! + + # The friends of the character, or an empty list if they have none + friends: [Character] + + # The friends of the character exposed as a connection with edges + friendsConnection(first: Int, after: ID): FriendsConnection! + + # The movies this character appears in + appearsIn: [Episode]! +} + +# Units of height +enum LengthUnit { + # The standard unit around the world + METER + + # Primarily used in the United States + FOOT +} + +# A humanoid creature from the Star Wars universe +type Human implements Character { + # The ID of the human + id: ID! + + # What this human calls themselves + name: String! + + # The home planet of the human, or null if unknown + homePlanet: String + + # Height in the preferred unit, default is meters + height(unit: LengthUnit = METER): Float + + # Mass in kilograms, or null if unknown + mass: Float + + # This human's friends, or an empty list if they have none + friends: [Character] + + # The friends of the human exposed as a connection with edges + friendsConnection(first: Int, after: ID): FriendsConnection! + + # The movies this human appears in + appearsIn: [Episode]! + + # A list of starships this person has piloted, or an empty list if none + starships: [Starship] +} + +# An autonomous mechanical character in the Star Wars universe +type Droid implements Character { + # The ID of the droid + id: ID! + + # What others call this droid + name: String! + + # This droid's friends, or an empty list if they have none + friends: [Character] + + # The friends of the droid exposed as a connection with edges + friendsConnection(first: Int, after: ID): FriendsConnection! + + # The movies this droid appears in + appearsIn: [Episode]! + + # This droid's primary function + primaryFunction: String +} + +# A connection object for a character's friends +type FriendsConnection { + # The total number of friends + totalCount: Int + + # The edges for each of the character's friends. + edges: [FriendsEdge] + + # A list of the friends, as a convenience when edges are not needed. + friends: [Character] + + # Information for paginating this connection + pageInfo: PageInfo! +} + +# An edge object for a character's friends +type FriendsEdge { + # A cursor used for pagination + cursor: ID! + + # The character represented by this friendship edge + node: Character +} + +# Information for paginating this connection +type PageInfo { + startCursor: ID + endCursor: ID + hasNextPage: Boolean! +} + +# Represents a review for a movie +type Review { + # The movie + episode: Episode + + # The number of stars this review gave, 1-5 + stars: Int! + + # Comment about the movie + commentary: String +} + +# The input object sent when someone is creating a new review +input ReviewInput { + # 0-5 stars + stars: Int! + + # Comment about the movie, optional + commentary: String + + # Favorite color, optional + favorite_color: ColorInput +} + +# The input object sent when passing in a color +input ColorInput { + red: Int! + green: Int! + blue: Int! +} + +type Starship { + # The ID of the starship + id: ID! + + # The name of the starship + name: String! + + # Length of the starship, along the longest axis + length(unit: LengthUnit = METER): Float + + coordinates: [[Float!]!] +} + +union SearchResult = Human | Droid | Starship diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/api1.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/api1.json new file mode 100644 index 0000000000..2ab7363da8 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/api1.json @@ -0,0 +1,19 @@ +{ + "name":"SwaggerPetstore", + "version":"1.0.0", + "context":"/petstore", + "gatewayType":"wso2/apk", + "endpointConfig":{ + "endpoint_type":"http", + "sandbox_endpoints":{ + "url":"http://backend:80/anything" + }, + "production_endpoints": { + "url":"http://backend:80/anything" + } + }, + "policies": [ + "Gold", + "Unlimited" + ] +} \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/api_default_version.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/api_default_version.json new file mode 100644 index 0000000000..6bb9d02d2b --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/api_default_version.json @@ -0,0 +1,20 @@ +{ + "name":"SwaggerPetstore", + "version":"1.0.0", + "context":"/petstore", + "isDefaultVersion": true, + "gatewayType":"wso2/apk", + "endpointConfig":{ + "endpoint_type":"http", + "sandbox_endpoints":{ + "url":"http://backend:80/anything" + }, + "production_endpoints": { + "url":"http://backend:80/anything" + } + }, + "policies": [ + "Gold", + "Unlimited" + ] + } \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/original.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/original.json new file mode 100644 index 0000000000..2fcabfca03 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/original.json @@ -0,0 +1,92 @@ +{ + "name": "ResourceLevelIntercepterAPI", + "context": "/rlintercepter", + "version": "1.0.0", + "provider": "admin", + "isDefaultVersion": false, + "type": "HTTP", + "audience": null, + "transport": ["http", "https"], + "tags": [], + "policies": ["Unlimited"], + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": ["oauth_basic_auth_api_key_mandatory", "oauth2"], + "additionalProperties": [ + { "name": "APIGroup", "value": "Gold", "display": false }, + { "name": "APITier", "value": "Unlimited", "display": false } + ], + "additionalPropertiesMap": { + "APIGroup": { "name": "APIGroup", "value": "Gold", "display": false }, + "APITier": { "name": "APITier", "value": "Unlimited", "display": false } + }, + "apiPolicies": { + "request": [], + "response": [], + "fault": [] + }, + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowOrigins": ["*"], + "accessControlAllowCredentials": false, + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { "url": "http://backend.apk.svc.cluster.local" }, + "production_endpoints": { "url": "http://backend.apk.svc.cluster.local" } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "/headers", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "/get", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" +} diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/request_and_response.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/request_and_response.json new file mode 100644 index 0000000000..251eb72f69 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/request_and_response.json @@ -0,0 +1,159 @@ +{ + "name": "ReqandResIntercepterServiceAPI", + "context": "/intercepter", + "version": "1.0.0", + "provider": "admin", + "isDefaultVersion": false, + "type": "HTTP", + "audience": null, + "transport": ["http", "https"], + "tags": [], + "policies": ["Unlimited"], + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": ["oauth_basic_auth_api_key_mandatory", "oauth2"], + "apiPolicies": { + "request": [ + { + "policyName": "ccCallInterceptorService", + "policyVersion": "v1", + "parameters": { + "interceptorServiceURL": "http://interceptor-service.apk.svc.cluster.local:8443", + "includes": "request_header,request_body" + } + } + ], + "response": [ + { + "policyName": "ccCallInterceptorService", + "policyVersion": "v1", + "parameters": { + "interceptorServiceURL": "http://interceptor-service.apk.svc.cluster.local:8443", + "includes": "response_header,response_body" + } + } + ], + "fault": [] + }, + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowOrigins": ["*"], + "accessControlAllowCredentials": false, + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { "url": "http://backend.apk.svc.cluster.local" }, + "production_endpoints": { "url": "http://backend.apk.svc.cluster.local" } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "/*", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/*", + "verb": "PUT", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/*", + "verb": "POST", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/*", + "verb": "DELETE", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/*", + "verb": "PATCH", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/get", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" + } + \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/request_interceptor.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/request_interceptor.json new file mode 100644 index 0000000000..23ef0b8843 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/request_interceptor.json @@ -0,0 +1,149 @@ +{ + "name": "IntercepterServiceAPI", + "context": "/intercepter", + "version": "1.0.0", + "provider": "admin", + "isDefaultVersion": false, + "type": "HTTP", + "audience": null, + "transport": ["http", "https"], + "tags": [], + "policies": ["Unlimited"], + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": ["oauth_basic_auth_api_key_mandatory", "oauth2"], + "apiPolicies": { + "request": [ + { + "policyName": "ccCallInterceptorService", + "policyVersion": "v1", + "parameters": { + "interceptorServiceURL": "http://interceptor-service.apk.svc.cluster.local:8443", + "includes": "request_header,request_body" + } + } + ], + "response": [], + "fault": [] + }, + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowOrigins": ["*"], + "accessControlAllowCredentials": false, + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { "url": "http://backend.apk.svc.cluster.local" }, + "production_endpoints": { "url": "http://backend.apk.svc.cluster.local" } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "/*", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/*", + "verb": "PUT", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/*", + "verb": "POST", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/*", + "verb": "DELETE", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/*", + "verb": "PATCH", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/get", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" +} diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/request_interceptor_param_variation.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/request_interceptor_param_variation.json new file mode 100644 index 0000000000..50f92df083 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/request_interceptor_param_variation.json @@ -0,0 +1,159 @@ +{ + "name": "ParamVarIntercepterServiceAPI", + "context": "/intercepter", + "version": "1.0.0", + "provider": "admin", + "isDefaultVersion": false, + "type": "HTTP", + "audience": null, + "transport": ["http", "https"], + "tags": [], + "policies": ["Unlimited"], + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": ["oauth_basic_auth_api_key_mandatory", "oauth2"], + "apiPolicies": { + "request": [ + { + "policyName": "ccCallInterceptorService", + "policyVersion": "v1", + "parameters": { + "interceptorServiceURL": "http://interceptor-service.apk.svc.cluster.local:8443", + "includes": "request_header,request_body,response_header,response_body" + } + } + ], + "response": [ + { + "policyName": "ccCallInterceptorService", + "policyVersion": "v1", + "parameters": { + "interceptorServiceURL": "http://interceptor-service.apk.svc.cluster.local:8443", + "includes": "response_header,response_body" + } + } + ], + "fault": [] + }, + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowOrigins": ["*"], + "accessControlAllowCredentials": false, + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { "url": "http://backend.apk.svc.cluster.local" }, + "production_endpoints": { "url": "http://backend.apk.svc.cluster.local" } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "/*", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/get", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/*", + "verb": "PUT", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/*", + "verb": "POST", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/*", + "verb": "DELETE", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/*", + "verb": "PATCH", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" + } + \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/resource_level_interceptor.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/resource_level_interceptor.json new file mode 100644 index 0000000000..da8190b514 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/resource_level_interceptor.json @@ -0,0 +1,111 @@ +{ + "name": "ResourceLevelIntercepterAPI", + "context": "/rlintercepter", + "version": "1.0.0", + "provider": "admin", + "isDefaultVersion": false, + "type": "HTTP", + "audience": null, + "transport": ["http", "https"], + "tags": [], + "policies": ["Unlimited"], + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": ["oauth_basic_auth_api_key_mandatory", "oauth2"], + "additionalProperties": [ + { "name": "APIGroup", "value": "Gold", "display": false }, + { "name": "APITier", "value": "Unlimited", "display": false } + ], + "additionalPropertiesMap": { + "APIGroup": { "name": "APIGroup", "value": "Gold", "display": false }, + "APITier": { "name": "APITier", "value": "Unlimited", "display": false } + }, + "apiPolicies": { + "request": [], + "response": [], + "fault": [] + }, + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowOrigins": ["*"], + "accessControlAllowCredentials": false, + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { "url": "http://backend.apk.svc.cluster.local" }, + "production_endpoints": { "url": "http://backend.apk.svc.cluster.local" } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "/headers", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [ + { + "policyName": "ccCallInterceptorService", + "policyVersion": "v1", + "parameters": { + "interceptorServiceURL": "http://interceptor-service.apk.svc.cluster.local:8443", + "includes": "request_header,request_body" + } + } + ], + "response": [ + { + "policyName": "ccCallInterceptorService", + "policyVersion": "v1", + "parameters": { + "interceptorServiceURL": "http://interceptor-service.apk.svc.cluster.local:8443", + "includes": "response_header,response_body" + } + } + ], + "fault": [] + } + }, + { + "id": "", + "target": "/get", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" + } + \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/response_interceptor.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/response_interceptor.json new file mode 100644 index 0000000000..780b66f4b5 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/api_policy/response_interceptor.json @@ -0,0 +1,188 @@ +{ + "name": "ResponseIntercepterServiceAPI", + "description": null, + "context": "/interceptor", + "version": "1.0.0", + "provider": "admin", + "type": "HTTP", + "audience": null, + "transport": [ + "http", + "https" + ], + "tags": [], + "policies": [ + "Unlimited" + ], + "apiThrottlingPolicy": null, + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": [ + "oauth_basic_auth_api_key_mandatory", + "oauth2" + ], + "apiPolicies": { + "request": [], + "response": [ + { + "policyName": "ccCallInterceptorService", + "policyVersion": "v1", + "parameters": { + "interceptorServiceURL": "http://interceptor-service.apk.svc.cluster.local:8443", + "includes": "response_header,response_body" + } + } + ], + "fault": [] + }, + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowOrigins": [ + "*" + ], + "accessControlAllowCredentials": false, + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { + "url": "http://backend.apk.svc.cluster.local" + }, + "production_endpoints": { + "url": "http://backend.apk.svc.cluster.local" + } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "/*", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "/*", + "verb": "PUT", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "/*", + "verb": "POST", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "/*", + "verb": "DELETE", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "/*", + "verb": "PATCH", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "/get", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" +} \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/api_with_basic_auth.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/api_with_basic_auth.json new file mode 100644 index 0000000000..b96664d784 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/api_with_basic_auth.json @@ -0,0 +1,56 @@ +{ + "name": "SwaggerPetstore", + "context": "/petstore", + "version": "1.0.0", + "provider": "admin", + "type": "HTTP", + "transport": [ + "http", + "https" + ], + "tags": [], + "policies": [ + "Unlimited" + ], + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": [ + "oauth_basic_auth_api_key_mandatory", + "oauth2" + ], + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { + "url": "http://backend:80/anything" + }, + "production_endpoints": { + "url": "http://backend:80/anything" + }, + "endpoint_security": { + "production": { + "enabled": true, + "type": "BASIC", + "username": "admin", + "password": "admin", + "grantType": "", + "tokenUrl": "", + "clientId": null, + "clientSecret": null, + "customParameters": {} + }, + "sandbox": { + "enabled": false, + "type": "NONE", + "username": "", + "password": null, + "grantType": "", + "tokenUrl": "", + "clientId": null, + "clientSecret": null, + "customParameters": {} + } + } + }, + "gatewayVendor": "wso2", + "gatewayType":"wso2/apk" +} \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/cors_api.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/cors_api.json new file mode 100644 index 0000000000..83ce720af3 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/cors_api.json @@ -0,0 +1,59 @@ + { + "name": "test-cors", + "context": "/test_cors", + "version": "2.0.0", + "type": "HTTP", + "gatewayType":"wso2/apk", + "transport": [ + "http", + "https" + ], + "policies": [ + "Unlimited", + "Gold" + ], + "corsConfiguration": { + "corsConfigurationEnabled": true, + "accessControlAllowOrigins": [ + "abc.com" + ], + "accessControlAllowCredentials": true, + "accessControlAllowHeaders": [ + "authorization", + "Content-Type" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { + "url": "https://httpbin.org" + }, + "production_endpoints": { + "url": "https://httpbin.org" + } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "/anything", + "verb": "GET", + "authType": "Application \u0026 Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + } + ] +} diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/gqlPayload.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/gqlPayload.json new file mode 100644 index 0000000000..fb0a8d7e3c --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/gqlPayload.json @@ -0,0 +1,194 @@ +{ + "name": "StarwarsAPI", + "version": "3.14", + "context": "/graphql", + "gatewayType":"wso2/apk", + "policies": ["Unlimited"], + "operations": [ + { + "id": "0", + "target": "hero", + "verb": "QUERY", + "authType": "Any", + "throttlingPolicy": null, + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": null + }, + { + "id": "1", + "target": "reviews", + "verb": "QUERY", + "authType": "Any", + "throttlingPolicy": null, + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": null + }, + { + "id": "2", + "target": "search", + "verb": "QUERY", + "authType": "Any", + "throttlingPolicy": null, + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": null + }, + { + "id": "3", + "target": "character", + "verb": "QUERY", + "authType": "Any", + "throttlingPolicy": null, + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": null + }, + { + "id": "4", + "target": "droid", + "verb": "QUERY", + "authType": "Any", + "throttlingPolicy": null, + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": null + }, + { + "id": "5", + "target": "human", + "verb": "QUERY", + "authType": "Any", + "throttlingPolicy": null, + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": null + }, + { + "id": "6", + "target": "allHumans", + "verb": "QUERY", + "authType": "Any", + "throttlingPolicy": null, + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": null + }, + { + "id": "7", + "target": "allDroids", + "verb": "QUERY", + "authType": "Any", + "throttlingPolicy": null, + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": null + }, + { + "id": "8", + "target": "allCharacters", + "verb": "QUERY", + "authType": "Any", + "throttlingPolicy": null, + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": null + }, + { + "id": "9", + "target": "starship", + "verb": "QUERY", + "authType": "Any", + "throttlingPolicy": null, + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": null + }, + { + "id": "10", + "target": "createReview", + "verb": "MUTATION", + "authType": "Any", + "throttlingPolicy": null, + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": null + }, + { + "id": "11", + "target": "reviewAdded", + "verb": "SUBSCRIPTION", + "authType": "Any", + "throttlingPolicy": null, + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": null + } + ], + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { "url": "http://graphql-faker-service:9002/graphql" }, + "production_endpoints": { "url": "http://graphql-faker-service:9002/graphql" } + } +} diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_api_level_rl.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_api_level_rl.json new file mode 100644 index 0000000000..2336b86953 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_api_level_rl.json @@ -0,0 +1,225 @@ +{ + "name": "StarwarsAPI", + "context": "/graphql", + "version": "3.14", + "type": "GRAPHQL", + "transport": ["http", "https"], + "tags": [], + "policies": ["Unlimited"], + "apiThrottlingPolicy": "TestRatelimit", + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": ["oauth_basic_auth_api_key_mandatory", "oauth2"], + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowOrigins": ["*"], + "accessControlAllowCredentials": false, + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { "url": "http://graphql-faker-service:9002/graphql" }, + "production_endpoints": { + "url": "http://graphql-faker-service:9002/graphql" + } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "allCharacters", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "allDroids", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "allHumans", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "character", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "createReview", + "verb": "MUTATION", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "droid", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "hero", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "human", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "reviewAdded", + "verb": "SUBSCRIPTION", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "reviews", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "search", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "starship", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" +} diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_cors.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_cors.json new file mode 100644 index 0000000000..8da95be276 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_cors.json @@ -0,0 +1,73 @@ +{ + "name": "StarWarsAPI", + "context": "/test_cors", + "version": "2.0.0", + "provider": "admin", + "type": "GRAPHQL", + "audience": null, + "gatewayType":"wso2/apk", + "transport": [ + "http", + "https" + ], + "tags": [], + "policies": [ + "Unlimited" + ], + "apiThrottlingPolicy": null, + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": [ + "oauth_basic_auth_api_key_mandatory", + "oauth2" + ], + "corsConfiguration": { + "corsConfigurationEnabled": true, + "accessControlAllowOrigins": [ + "abc.com" + ], + "accessControlAllowCredentials": true, + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { + "url": "http://backend:80/anything" + }, + "production_endpoints": { + "url": "http://backend:80/anything" + } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "anything", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + } + ] +} \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_default_version.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_default_version.json new file mode 100644 index 0000000000..116c5b2e0e --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_default_version.json @@ -0,0 +1,31 @@ +{ + "name": "StarwarsAPI", + "version": "3.14", + "context": "/graphql", + "gatewayType":"wso2/apk", + "policies": ["Unlimited"], + "isDefaultVersion": true, + "operations": [ + { + "id": "0", + "target": "hero", + "verb": "QUERY", + "authType": "Any", + "throttlingPolicy": null, + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": null + } + ], + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { "url": "http://graphql-faker-service:9002/graphql" }, + "production_endpoints": { "url": "http://graphql-faker-service:9002/graphql" } + } + } + \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_resource_level_rl.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_resource_level_rl.json new file mode 100644 index 0000000000..65ba137ee1 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_resource_level_rl.json @@ -0,0 +1,287 @@ +{ + "name": "StarwarsAPI", + "context": "/graphql", + "version": "3.14", + "provider": "admin", + "type": "GRAPHQL", + "audience": null, + "transport": [ + "http", + "https" + ], + "tags": [], + "policies": [ + "Unlimited" + ], + "apiThrottlingPolicy": null, + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": [ + "oauth_basic_auth_api_key_mandatory", + "oauth2" + ], + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowOrigins": [ + "*" + ], + "accessControlAllowCredentials": false, + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { + "url": "http://graphql-faker-service:9002/graphql" + }, + "production_endpoints": { + "url": "http://graphql-faker-service:9002/graphql" + } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "allCharacters", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "allDroids", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "allHumans", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "character", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "createReview", + "verb": "MUTATION", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "droid", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "hero", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "TestRatelimit", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "human", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "reviewAdded", + "verb": "SUBSCRIPTION", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "reviews", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "search", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "starship", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" +} \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_with_basic_auth.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_with_basic_auth.json new file mode 100644 index 0000000000..f177625c62 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_with_basic_auth.json @@ -0,0 +1,75 @@ +{ + "name": "StarWarsAPI", + "context": "/gql_basic_auth", + "version": "2.0.0", + "type": "GRAPHQL", + "transport": [ + "http", + "https" + ], + "tags": [], + "policies": [ + "Unlimited" + ], + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": [ + "oauth_basic_auth_api_key_mandatory", + "oauth2" + ], + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowOrigins": [ + "*" + ], + "accessControlAllowCredentials": false, + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { + "url": "http://backend:80/anything" + }, + "production_endpoints": { + "url": "http://backend:80/anything" + } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "hero", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" +} \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_with_basic_auth2.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_with_basic_auth2.json new file mode 100644 index 0000000000..a1d376bff5 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_with_basic_auth2.json @@ -0,0 +1,99 @@ +{ + "name": "StarWarsAPI", + "context": "/gql_basic_auth", + "version": "2.0.0", + "type": "GRAPHQL", + "transport": [ + "http", + "https" + ], + "tags": [], + "policies": [ + "Unlimited" + ], + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": [ + "oauth_basic_auth_api_key_mandatory", + "oauth2" + ], + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowOrigins": [ + "*" + ], + "accessControlAllowCredentials": false, + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "endpoint_security": { + "production": { + "enabled": true, + "type": "BASIC", + "username": "admin", + "password": "admin", + "grantType": "", + "tokenUrl": "", + "clientId": null, + "clientSecret": null, + "customParameters": {} + }, + "sandbox": { + "enabled": false, + "type": "NONE", + "username": "", + "password": null, + "grantType": "", + "tokenUrl": "", + "clientId": null, + "clientSecret": null, + "customParameters": {} + } + }, + "sandbox_endpoints": { + "url": "http://backend:80/anything" + }, + "production_endpoints": { + "url": "http://backend:80/anything" + } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "hero", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" +} \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_with_scopes.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_with_scopes.json new file mode 100644 index 0000000000..e8f889ede7 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/gql_with_scopes.json @@ -0,0 +1,310 @@ +{ + "name": "StarWarsAPI", + "context": "/graphql", + "version": "3.14", + "type": "GRAPHQL", + "transport": [ + "http", + "https" + ], + "tags": [], + "policies": [ + "Unlimited" + ], + "apiThrottlingPolicy": null, + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": [ + "oauth_basic_auth_api_key_mandatory", + "oauth2" + ], + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowOrigins": [ + "*" + ], + "accessControlAllowCredentials": false, + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { + "url": "http://graphql-faker-service:9002/graphql" + }, + "production_endpoints": { + "url": "http://graphql-faker-service:9002/graphql" + } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [ + { + "scope": { + "id": null, + "name": "query:hero", + "displayName": "query:hero", + "description": "Query your favorite starwars hero", + "bindings": [], + "usageCount": null + }, + "shared": false + }, + { + "scope": { + "id": null, + "name": "query:human", + "displayName": "query:human", + "description": "Query the human characters featured in startwars", + "bindings": [], + "usageCount": null + }, + "shared": false + } + ], + "operations": [ + { + "id": "", + "target": "allCharacters", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "allDroids", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "allHumans", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "character", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "createReview", + "verb": "MUTATION", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "droid", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "hero", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [ + "query:hero" + ], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "human", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "reviewAdded", + "verb": "SUBSCRIPTION", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "reviews", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "search", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "starship", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + } + ], + "gatewayVendor": "wso2", + "gatewayType":"wso2/apk" +} \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/graphql_with_mtls.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/graphql_with_mtls.json new file mode 100644 index 0000000000..a55da08f51 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/graphql_with_mtls.json @@ -0,0 +1,232 @@ +{ + "name": "GraphQLAPImTLS", + "context": "/graphql", + "version": "3.14", + "provider": "admin", + "type": "GRAPHQL", + "audience": null, + "transport": ["https"], + "tags": [], + "policies": ["Unlimited"], + "apiThrottlingPolicy": null, + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": [ + "oauth2", + "oauth_basic_auth_api_key_mandatory", + "mutualssl", + "mutualssl_mandatory" + ], + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowCredentials": false, + "accessControlAllowOrigins": ["*"], + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { "url": "http://graphql-faker-service:9002/graphql" }, + "production_endpoints": { + "url": "http://graphql-faker-service:9002/graphql" + } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "hero", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "reviews", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "search", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "character", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "droid", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "human", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "allHumans", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "allDroids", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "allCharacters", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "starship", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "createReview", + "verb": "MUTATION", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "reviewAdded", + "verb": "SUBSCRIPTION", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" +} diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/graphql_with_mtls_optional_oauth2_mandatory.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/graphql_with_mtls_optional_oauth2_mandatory.json new file mode 100644 index 0000000000..3978ad7315 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/graphql_with_mtls_optional_oauth2_mandatory.json @@ -0,0 +1,233 @@ +{ + "name": "GraphQLAPImTLS", + "context": "/graphql", + "version": "3.14", + "provider": "admin", + "type": "GRAPHQL", + "audience": null, + "transport": ["https"], + "tags": [], + "policies": ["Unlimited"], + "apiThrottlingPolicy": null, + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": [ + "oauth2", + "oauth_basic_auth_api_key_mandatory", + "mutualssl", + "mutualssl_optional" + ], + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowCredentials": false, + "accessControlAllowOrigins": ["*"], + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { "url": "http://graphql-faker-service:9002/graphql" }, + "production_endpoints": { + "url": "http://graphql-faker-service:9002/graphql" + } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "hero", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "reviews", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "search", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "character", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "droid", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "human", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "allHumans", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "allDroids", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "allCharacters", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "starship", + "verb": "QUERY", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "createReview", + "verb": "MUTATION", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "reviewAdded", + "verb": "SUBSCRIPTION", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" + } + \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/mtls_mandatory_oauth2_disabled.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/mtls_mandatory_oauth2_disabled.json new file mode 100644 index 0000000000..168f7f266b --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/mtls_mandatory_oauth2_disabled.json @@ -0,0 +1,112 @@ +{ + "name": "EmployeeServiceAPI", + "context": "/mtls", + "version": "3.14", + "provider": "admin", + "type": "HTTP", + "transport": ["https"], + "tags": [], + "policies": ["Unlimited"], + "apiThrottlingPolicy": null, + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": [ + "mutualssl", + "mutualssl_mandatory" + ], + "apiPolicies": { + "request": [], + "response": [], + "fault": [] + }, + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowCredentials": false, + "accessControlAllowOrigins": ["*"], + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { "url": "http://backend:80/anything" }, + "production_endpoints": { "url": "http://backend:80/anything" } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "/employee", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/employee/{employeeId}", + "verb": "PUT", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/employee", + "verb": "POST", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/employee{employeeId}", + "verb": "DELETE", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" +} diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/mtls_mandatory_oauth2_enabled.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/mtls_mandatory_oauth2_enabled.json new file mode 100644 index 0000000000..34ef106f5f --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/mtls_mandatory_oauth2_enabled.json @@ -0,0 +1,114 @@ +{ + "name": "EmployeeServiceAPI", + "context": "/mtls", + "version": "3.14", + "provider": "admin", + "type": "HTTP", + "transport": ["https"], + "tags": [], + "policies": ["Unlimited"], + "apiThrottlingPolicy": null, + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": [ + "oauth2", + "oauth_basic_auth_api_key_mandatory", + "mutualssl", + "mutualssl_mandatory" + ], + "apiPolicies": { + "request": [], + "response": [], + "fault": [] + }, + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowCredentials": false, + "accessControlAllowOrigins": ["*"], + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { "url": "http://backend:80/anything" }, + "production_endpoints": { "url": "http://backend:80/anything" } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "/employee", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/employee/{employeeId}", + "verb": "PUT", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/employee", + "verb": "POST", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/employee{employeeId}", + "verb": "DELETE", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" +} diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/mtls_mandatory_oauth2_optional.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/mtls_mandatory_oauth2_optional.json new file mode 100644 index 0000000000..8f019ab357 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/mtls_mandatory_oauth2_optional.json @@ -0,0 +1,115 @@ +{ + "name": "EmployeeServiceAPI", + "context": "/mtls", + "version": "3.14", + "provider": "admin", + "type": "HTTP", + "transport": ["https"], + "tags": [], + "policies": ["Unlimited"], + "apiThrottlingPolicy": null, + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": [ + "mutualssl", + "oauth2", + "oauth_basic_auth_api_key_optional", + "mutualssl_mandatory" + ], + "apiPolicies": { + "request": [], + "response": [], + "fault": [] + }, + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowCredentials": false, + "accessControlAllowOrigins": ["*"], + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { "url": "http://backend:80/anything" }, + "production_endpoints": { "url": "http://backend:80/anything" } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "/employee", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/employee/{employeeId}", + "verb": "PUT", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/employee", + "verb": "POST", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/employee{employeeId}", + "verb": "DELETE", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" + } + \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/mtls_optional_oauth2_mandatory.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/mtls_optional_oauth2_mandatory.json new file mode 100644 index 0000000000..9d4a0582e5 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/mtls_optional_oauth2_mandatory.json @@ -0,0 +1,114 @@ +{ + "name": "EmployeeServiceAPI", + "context": "/mtls", + "version": "3.14", + "provider": "admin", + "type": "HTTP", + "transport": ["https"], + "tags": [], + "policies": ["Unlimited"], + "apiThrottlingPolicy": null, + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": [ + "mutualssl", + "oauth2", + "mutualssl_optional", + "oauth_basic_auth_api_key_mandatory" + ], + "apiPolicies": { + "request": [], + "response": [], + "fault": [] + }, + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowCredentials": false, + "accessControlAllowOrigins": ["*"], + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { "url": "http://backend:80/anything" }, + "production_endpoints": { "url": "http://backend:80/anything" } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "/employee", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/employee/{employeeId}", + "verb": "PUT", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/employee", + "verb": "POST", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/employee{employeeId}", + "verb": "DELETE", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" +} diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/mtls_optional_oauth2_optional.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/mtls_optional_oauth2_optional.json new file mode 100644 index 0000000000..f3601ab626 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/mtls/mtls_optional_oauth2_optional.json @@ -0,0 +1,115 @@ +{ + "name": "EmployeeServiceAPI", + "context": "/mtls", + "version": "3.14", + "provider": "admin", + "type": "HTTP", + "transport": ["https"], + "tags": [], + "policies": ["Unlimited"], + "apiThrottlingPolicy": null, + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": [ + "mutualssl", + "oauth2", + "oauth_basic_auth_api_key_optional", + "mutualssl_optional" + ], + "apiPolicies": { + "request": [], + "response": [], + "fault": [] + }, + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowCredentials": false, + "accessControlAllowOrigins": ["*"], + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { "url": "http://backend:80/anything" }, + "production_endpoints": { "url": "http://backend:80/anything" } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "/employee", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/employee/{employeeId}", + "verb": "PUT", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/employee", + "verb": "POST", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + }, + { + "id": "", + "target": "/employee{employeeId}", + "verb": "DELETE", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { "request": [], "response": [], "fault": [] } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" + } + \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/ratelimit_api.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/ratelimit_api.json new file mode 100644 index 0000000000..0700cdd603 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/ratelimit_api.json @@ -0,0 +1,85 @@ +{ + "name": "SimpleRateLimitAPI", + "context": "/simple-rl", + "version": "3.14", + "type": "HTTP", + "transport": [ + "http", + "https" + ], + "policies": [ + "Gold", + "Unlimited" + ], + "apiThrottlingPolicy": "TestRatelimit", + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { + "url": "http://backend:80/anything" + }, + "production_endpoints": { + "url": "http://backend:80/anything" + } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "/employee", + "verb": "GET", + "authType": "Application \u0026 Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "/employee", + "verb": "POST", + "authType": "Application \u0026 Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "/employee/{employeeId}", + "verb": "PUT", + "authType": "Application \u0026 Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "/employee/{employeeId}", + "verb": "DELETE", + "authType": "Application \u0026 Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + } + ], + "gatewayType":"wso2/apk" +} diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/ratelimit_api2.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/ratelimit_api2.json new file mode 100644 index 0000000000..b8365fe4ec --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/ratelimit_api2.json @@ -0,0 +1,84 @@ +{ + "name": "SimpleRateLimitResourceLevelAPI", + "context": "/simple-rl-r", + "version": "3.14", + "type": "HTTP", + "transport": [ + "http", + "https" + ], + "policies": [ + "Unlimited", + "Gold" + ], + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { + "url": "http://backend:80/anything" + }, + "production_endpoints": { + "url": "http://backend:80/anything" + } + }, + "endpointImplementationType": "ENDPOINT", + "scopes": [], + "operations": [ + { + "id": "", + "target": "/employee", + "verb": "GET", + "authType": "Application \u0026 Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "/employee", + "verb": "POST", + "authType": "Application \u0026 Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "/employee/{employeeId}", + "verb": "PUT", + "authType": "Application \u0026 Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "/employee/{employeeId}", + "verb": "DELETE", + "authType": "Application \u0026 Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + } + ], + "gatewayType":"wso2/apk" +} diff --git a/test/cucumber-tests/src/test/resources/artifacts/payloads/resource_level_rl.json b/test/cucumber-tests/src/test/resources/artifacts/payloads/resource_level_rl.json new file mode 100644 index 0000000000..44f291e672 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/artifacts/payloads/resource_level_rl.json @@ -0,0 +1,151 @@ +{ + "name": "SimpleRateLimitResourceLevelAPI", + "context": "/simple-rl-r", + "version": "3.14", + "type": "HTTP", + "transport": [ + "http", + "https" + ], + "tags": [], + "policies": [ + "Unlimited" + ], + "apiThrottlingPolicy": null, + "authorizationHeader": "Authorization", + "apiKeyHeader": "ApiKey", + "securityScheme": [ + "oauth_basic_auth_api_key_mandatory", + "oauth2" + ], + "corsConfiguration": { + "corsConfigurationEnabled": false, + "accessControlAllowOrigins": [ + "*" + ], + "accessControlAllowCredentials": false, + "accessControlAllowHeaders": [ + "authorization", + "Access-Control-Allow-Origin", + "Content-Type", + "SOAPAction" + ], + "accessControlAllowMethods": [ + "GET", + "PUT", + "POST", + "DELETE", + "PATCH", + "OPTIONS" + ] + }, + "endpointConfig": { + "endpoint_type": "http", + "sandbox_endpoints": { + "url": "http://backend:80/anything" + }, + "production_endpoints": { + "url": "http://backend:80/anything" + } + }, + "endpointImplementationType": "ENDPOINT", + "operations": [ + { + "id": "", + "target": "/employee", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "TestRatelimit", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "/withoutrl", + "verb": "GET", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "/employee", + "verb": "POST", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "/employee/{employeeId}", + "verb": "PUT", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + }, + { + "id": "", + "target": "/employee/{employeeId}", + "verb": "DELETE", + "authType": "Application & Application User", + "throttlingPolicy": "Unlimited", + "scopes": [], + "usedProductIds": [], + "amznResourceName": null, + "amznResourceTimeout": null, + "amznResourceContentEncode": null, + "payloadSchema": null, + "uriMapping": null, + "operationPolicies": { + "request": [], + "response": [], + "fault": [] + } + } + ], + "gatewayVendor": "wso2", + "gatewayType": "wso2/apk" +} \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/testng.xml b/test/cucumber-tests/src/test/resources/testng.xml index a246b7238f..66d760e0b3 100644 --- a/test/cucumber-tests/src/test/resources/testng.xml +++ b/test/cucumber-tests/src/test/resources/testng.xml @@ -18,16 +18,8 @@ - - - - - - - - - - + + diff --git a/test/cucumber-tests/src/test/resources/tests/agent-cptodp/APILevelInterceptor.feature b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/APILevelInterceptor.feature new file mode 100644 index 0000000000..28f98f84cf --- /dev/null +++ b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/APILevelInterceptor.feature @@ -0,0 +1,200 @@ +Feature: API Policy Addition(Interceptor Service) + Background: + Given The system is ready + Scenario: Create a REST API and add policy for request flow over API Level + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/api_policy/request_interceptor.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "IntercepterServiceAPI" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/intercepter/1.0.0/get" with body "" + And I eventually receive 200 response code, not accepting + |429| + And the response body should contain "\"Interceptor-Header\": \"Interceptor-header-value\"" + + Scenario: Undeploying the created REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "IntercepterServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/interceptor/1.0.0/get" with body "" + And I eventually receive 404 response code, not accepting + |200| + + Scenario: Create a REST API and add policy for response flow over API Level + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/api_policy/response_interceptor.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "IntercepterServiceAPI" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/interceptor/1.0.0/get" with body "" + Then the response status code should be 200 + Then the response headers contains key "interceptor-response-header" and value "Interceptor-Response-header-value" + + Scenario: Undeploying the created REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "ResponseIntercepterServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/interceptor/1.0.0/get" with body "" + And I eventually receive 404 response code, not accepting + |200| + + Scenario: Create a REST API and add policy for request and response flow over API Level + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/api_policy/request_and_response.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "ReqandResIntercepterServiceAPI" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/intercepter/1.0.0/get" with body "" + Then the response status code should be 200 + And the response body should contain "\"Interceptor-Header\": \"Interceptor-header-value\"" + Then the response headers contains key "interceptor-response-header" and value "Interceptor-Response-header-value" + + Scenario: Undeploying the created REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "ReqandResIntercepterServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/interceptor/1.0.0/get" with body "" + And I eventually receive 404 response code, not accepting + |200| + + Scenario: Create a REST API and add interceptor with parameter variation + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/api_policy/request_interceptor_param_variation.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "ParamVarIntercepterServiceAPI" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/intercepter/1.0.0/get" with body "" + Then the response status code should be 200 + And the response body should contain "\"Interceptor-Header\": \"Interceptor-header-value\"" + + Scenario: Undeploying the created REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "ParamVarIntercepterServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/interceptor/1.0.0/get" with body "" + And I eventually receive 404 response code, not accepting + |200| \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/tests/agent-cptodp/APIVersion.feature b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/APIVersion.feature new file mode 100644 index 0000000000..d02944f058 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/APIVersion.feature @@ -0,0 +1,138 @@ +Feature: Creating new versions of the APIs + Background: + Given The system is ready + Scenario: Create a new version of a REST API and try to invoke both old and newer versions + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/api1.json" + And I use the OAS URL "https://petstore3.swagger.io/api/v3/openapi.json" + And make the import API Creation request using OAS "URL" + Then the response status code should be 201 + And the response body should contain "SwaggerPetstore" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/1.0.0/pet/4" with body "" + And I eventually receive 200 response code, not accepting + |429| + And I create the new version "2.0.0" of the same API with default version set to "false" + Then the response status code should be 201 + And the response body should contain "SwaggerPetstore" + And the response body should contain "2.0.0" + And make the API Revision Deployment request + Then the response status code should be 201 + And make the Change Lifecycle request + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/2.0.0/pet/4" with body "" + And I eventually receive 200 response code, not accepting + |429| + + Scenario: Undeploy the created REST APIs + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "1.0.0" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/1.0.0/pet/4" with body "" + And the response status code should be 404 + Then I find the apiUUID of the API created with the name "2.0.0" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/2.0.0/pet/4" with body "" + And the response status code should be 404 + + + Scenario: Create a new version of a GraphQL API and try to invoke both old and newer versions + And I have a DCR application + And I have a valid Publisher access token + When the definition file "artifacts/definitions/schema_graphql.graphql" + When I use the Payload file "artifacts/payloads/gql_with_scopes.json" + Then I make the import GraphQLAPI Creation request + Then the response status code should be 201 + And the response body should contain "StarWarsAPI" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "TestApp" + Then the response status code should be 201 + And the response body should contain "TestApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + Then the response status code should be 200 + And I eventually receive 200 response code, not accepting + | 404 | + | 401 | + And I create the new version "3.2" of the same API with default version set to "true" + Then the response status code should be 201 + And the response body should contain "StarWarsAPI" + And the response body should contain "3.2" + And make the API Revision Deployment request + Then the response status code should be 201 + And make the Change Lifecycle request + Then the response status code should be 200 + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.2" with body "{\"query\":\"{ hero { name } }\"}" + And I eventually receive 200 response code, not accepting + |429| + + Scenario: Undeploying the created GraphQL APIs + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "TestApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "3.14" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + And I eventually receive 404 response code, not accepting + |200| + Then I find the apiUUID of the API created with the name "3.2" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.2" with body "{\"query\":\"{ hero { name } }\"}" + And I eventually receive 404 response code, not accepting + |200| \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/tests/agent-cptodp/BackendSecurity.feature b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/BackendSecurity.feature new file mode 100644 index 0000000000..a334781a37 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/BackendSecurity.feature @@ -0,0 +1,104 @@ +Feature: Backend Security for APIs + Background: + Given The system is ready + Scenario: Enable basic auth for endpoint and verfy the authorization for REST API + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/api_with_basic_auth.json" + And I use the OAS URL "https://petstore3.swagger.io/api/v3/openapi.json" + And make the import API Creation request using OAS "URL" + Then the response status code should be 201 + And the response body should contain "SwaggerPetstore" + And make the API Revision Deployment request + Then the response status code should be 201 + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + Then I wait for 40 seconds + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/1.0.0/pet/5" with body "" + Then the response status code should be 200 + # And the response body should contain "\"Authorization\": \"Basic YWRtaW46YWRtaW4=\"" + + Scenario: Undeploying an already existing REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "SwaggerPetstore" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/basic-auth/3.14/employee/" with body "" + And I eventually receive 404 response code, not accepting + |200| + + Scenario: Enable basic auth for endpoint and verfy the authorization for a GraphQL API + And I have a DCR application + And I have a valid Publisher access token + When the definition file "artifacts/definitions/schema_graphql.graphql" + When I use the Payload file "artifacts/payloads/gql_with_basic_auth.json" + Then I make the import GraphQLAPI Creation request + Then the response status code should be 201 + And the response body should contain "StarWarsAPI" + Then I use the Payload file "artifacts/payloads/gql_with_basic_auth2.json" + And I update the API settings + Then the response status code should be 200 + And the response body should contain "StarWarsAPI" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "TestApp" + Then the response status code should be 201 + And the response body should contain "TestApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "POST" request to "https://default.gw.wso2.com:9095/gql_basic_auth/2.0.0/" with body "{\"query\":\"{ hero { id } }\"}" + Then the response status code should be 200 + # And the response body should contain "\"Authorization\": \"Basic YWRtaW46YWRtaW4=\"" + + Scenario: Undeploying an already existing GraphQL API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "TestApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "StarWarsAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "POST" request to "https://default.gw.wso2.com:9095/gql_basic_auth/2.0.0/" with body "{\"query\":\"{ hero { id } }\"}" + And I eventually receive 404 response code, not accepting + |200| \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/tests/agent-cptodp/BackendSupport.feature b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/BackendSupport.feature new file mode 100644 index 0000000000..d481aa2694 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/BackendSupport.feature @@ -0,0 +1,118 @@ +Feature: Backend Support for APIs + Background: + Given The system is ready + Scenario: Make endpoint alterations in the REST API deployment and verfy the functionality + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/api1.json" + And I use the OAS URL "https://petstore3.swagger.io/api/v3/openapi.json" + And make the import API Creation request using OAS "URL" + Then the response status code should be 201 + And the response body should contain "SwaggerPetstore" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/1.0.0/pet/5" with body "" + Then the response status code should be 200 + Then I remove the header "Authorization" + And I get "sandbox" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "sandbox" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://sandbox.default.gw.wso2.com:9095/petstore/1.0.0/pet/5" with body "" + Then the response status code should be 200 + + Scenario: Undeploying an already existing REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "SwaggerPetstore" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://sandbox.default.gw.wso2.com:9095/petstore/1.0.0/pet/5" with body "" + And I eventually receive 404 response code, not accepting + |200| + + Scenario: Make endpoint alterations in the GRaphQL API deployment and verfy the functionality + And I have a DCR application + And I have a valid Publisher access token + When the definition file "artifacts/definitions/schema_graphql.graphql" + When I use the Payload file "artifacts/payloads/gqlPayload.json" + Then I make the import GraphQLAPI Creation request + Then the response status code should be 201 + And the response body should contain "StarwarsAPI" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "TestApp" + Then the response status code should be 201 + And the response body should contain "TestApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + Then the response status code should be 200 + Then I remove the header "Authorization" + And I get "sandbox" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "sandbox" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "POST" request to "https://sandbox.default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + Then the response status code should be 200 + + Scenario: Undeploying an already existing GraphQL API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "TestApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "StarwarsAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "POST" request to "https://sandbox.default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + And I eventually receive 404 response code, not accepting + |200| \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/tests/agent-cptodp/CORS.feature b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/CORS.feature new file mode 100644 index 0000000000..7035855d37 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/CORS.feature @@ -0,0 +1,174 @@ +Feature: CORS Policy handling + Background: + Given The system is ready + Scenario: Testing CORS Policy for a REST API + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/cors_api.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "test-cors" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "OPTIONS" request to "https://default.gw.wso2.com:9095/test_cors/2.0.0/anything/" with body "" + And I eventually receive 204 response code, not accepting + | 429 | + And the response headers should not contain + | Access-Control-Allow-Origin | + | Access-Control-Allow-Credentials | + | Access-Control-Allow-Methods | + | Access-Control-Allow-Headers | + | Access-Control-Max-Age | + Then I set headers + | Origin | test.domain.com | + And I send "OPTIONS" request to "https://default.gw.wso2.com:9095/test_cors/2.0.0/anything/" with body "" + And I eventually receive 204 response code, not accepting + | 429 | + And the response headers should not contain + | Access-Control-Allow-Origin | + | Access-Control-Allow-Credentials | + | Access-Control-Allow-Methods | + | Access-Control-Allow-Headers | + | Access-Control-Max-Age | + Then I set headers + | Origin | abc.com | + And I send "OPTIONS" request to "https://default.gw.wso2.com:9095/test_cors/2.0.0/anything/" with body "" + And I eventually receive 204 response code, not accepting + | 429 | + And the response headers should contain + | Access-Control-Allow-Origin | abc.com | + | Access-Control-Allow-Credentials | true | + Then I set headers + | Origin | abc.com | + | Access-Control-Request-Method | GET | + And I send "OPTIONS" request to "https://default.gw.wso2.com:9095/test_cors/2.0.0/anything/" with body "" + And I eventually receive 200 response code, not accepting + | 429 | + And the response headers should contain + | Access-Control-Allow-Origin | abc.com | + | Access-Control-Allow-Credentials | true | + | Access-Control-Allow-Methods | GET, PUT, POST, DELETE | + | Access-Control-Allow-Headers | authorization, Content-Type | + + Scenario: Undeploying an already existing REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "cors" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/test_cors/2.0.0/anything/" with body "" + And I eventually receive 404 response code, not accepting + |200| + + Scenario: Testing CORS Policy for a GraphQL API + And I have a DCR application + And I have a valid Publisher access token + When the definition file "artifacts/definitions/schema_graphql.graphql" + When I use the Payload file "artifacts/payloads/gql_cors.json" + Then I make the import GraphQLAPI Creation request + Then the response status code should be 201 + And the response body should contain "StarWarsAPI" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "TestApp" + Then the response status code should be 201 + And the response body should contain "TestApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "OPTIONS" request to "https://default.gw.wso2.com:9095/test_cors/2.0.0/" with body "{\"query\":\"{ anything }\"}" + And I eventually receive 204 response code, not accepting + | 429 | + And the response headers should not contain + | Access-Control-Allow-Origin | + | Access-Control-Allow-Credentials | + | Access-Control-Allow-Methods | + | Access-Control-Allow-Headers | + | Access-Control-Max-Age | + Then I set headers + | Origin | test.domain.com | + And I send "OPTIONS" request to "https://default.gw.wso2.com:9095/test_cors/2.0.0/" with body "{\"query\":\"{ anything }\"}" + And I eventually receive 204 response code, not accepting + | 429 | + And the response headers should not contain + | Access-Control-Allow-Origin | + | Access-Control-Allow-Credentials | + | Access-Control-Allow-Methods | + | Access-Control-Allow-Headers | + | Access-Control-Max-Age | + Then I set headers + | Origin | abc.com | + And I send "OPTIONS" request to "https://default.gw.wso2.com:9095/test_cors/2.0.0/" with body "{\"query\":\"{ anything }\"}" + And I eventually receive 204 response code, not accepting + | 429 | + And the response headers should contain + | Access-Control-Allow-Origin | abc.com | + | Access-Control-Allow-Credentials | true | + Then I set headers + | Origin | abc.com | + | Access-Control-Request-Method | GET | + And I send "OPTIONS" request to "https://default.gw.wso2.com:9095/test_cors/2.0.0/" with body "{\"query\":\"{ anything }\"}" + And I eventually receive 200 response code, not accepting + | 429 | + And the response headers should contain + | Access-Control-Allow-Origin | abc.com | + | Access-Control-Allow-Credentials | true | + | Access-Control-Allow-Methods | GET, PUT, POST, DELETE | + | Access-Control-Allow-Headers | authorization, Access-Control-Allow-Origin | + + + + Scenario: Undeploying an already existing GraphQL API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "TestApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "StarWarsAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/test_cors/2.0.0/" with body "{\"query\":\"{ anything }\"}" + And I eventually receive 404 response code, not accepting + |200| \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/tests/agent-cptodp/DefaultVersion.feature b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/DefaultVersion.feature new file mode 100644 index 0000000000..c1c02514bb --- /dev/null +++ b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/DefaultVersion.feature @@ -0,0 +1,110 @@ +Feature: API Default Version + Background: + Given The system is ready + Scenario: Checking the default version property for the REST API + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/api_default_version.json" + And I use the OAS URL "https://petstore3.swagger.io/api/v3/openapi.json" + And make the import API Creation request using OAS "URL" + Then the response status code should be 201 + And the response body should contain "SwaggerPetstore" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/1.0.0/pet/4" with body "" + And I eventually receive 200 response code, not accepting + |429| + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/pet/4" with body "" + And I eventually receive 200 response code, not accepting + |429| + + Scenario: Undeploying an already existing REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "SwaggerPetstore" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/1.0.0/pet/4" with body "" + And I eventually receive 404 response code, not accepting + |200| + + Scenario: Checking the default version property for the GraphQL API + And I have a DCR application + And I have a valid Publisher access token + When the definition file "artifacts/definitions/schema_graphql.graphql" + When I use the Payload file "artifacts/payloads/gql_default_version.json" + Then I make the import GraphQLAPI Creation request + Then the response status code should be 201 + Then I wait for 40 seconds + And the response body should contain "StarwarsAPI" + And make the API Revision Deployment request + Then the response status code should be 201 + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "TestApp" + Then the response status code should be 201 + And the response body should contain "TestApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + Then the response status code should be 200 + And I eventually receive 200 response code, not accepting + | 404 | + | 401 | + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql" with body "{\"query\":\"{ hero { name } }\"}" + Then the response status code should be 200 + And I eventually receive 200 response code, not accepting + | 404 | + | 401 | + + Scenario: Undeploying an already existing GraphQL API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "TestApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "StarwarsAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + And I eventually receive 404 response code, not accepting + |200| \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/tests/agent-cptodp/Deployment.feature b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/Deployment.feature new file mode 100644 index 0000000000..4ea911359a --- /dev/null +++ b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/Deployment.feature @@ -0,0 +1,102 @@ +Feature: API Deployment + Background: + Given The system is ready + Scenario: Import an API, Create Application, Generate Keys, Subscribe to an API + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/api1.json" + And I use the OAS URL "https://petstore3.swagger.io/api/v3/openapi.json" + And make the import API Creation request using OAS "URL" + Then the response status code should be 201 + And the response body should contain "SwaggerPetstore" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/1.0.0/pet/4" with body "" + And I eventually receive 200 response code, not accepting + |429| + + Scenario: Undeploying an already existing REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "SwaggerPetstore" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/1.0.0/pet/4" with body "" + And I eventually receive 404 response code, not accepting + |200| + + Scenario: Deploying a GraphQL API + And I have a DCR application + And I have a valid Publisher access token + When the definition file "artifacts/definitions/schema_graphql.graphql" + When I use the Payload file "artifacts/payloads/gqlPayload.json" + Then I make the import GraphQLAPI Creation request + Then the response status code should be 201 + And the response body should contain "StarwarsAPI" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "TestApp" + Then the response status code should be 201 + And the response body should contain "TestApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + Then the response status code should be 200 + And I eventually receive 200 response code, not accepting + | 404 | + | 401 | + + Scenario: Undeploying an already existing GraphQL API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "TestApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "StarwarsAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + And I eventually receive 404 response code, not accepting + |200| \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/tests/agent-cptodp/InternalKey.feature b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/InternalKey.feature new file mode 100644 index 0000000000..303df50805 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/InternalKey.feature @@ -0,0 +1,67 @@ +Feature: Testing the internal-key generation and invocation + Background: + Given The system is ready + Scenario: Creating and invoking a REST API using Internal-Key + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/api1.json" + And I use the OAS URL "https://petstore3.swagger.io/api/v3/openapi.json" + And make the import API Creation request using OAS "URL" + Then the response status code should be 201 + And the response body should contain "SwaggerPetstore" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + Then I make an internal key generation request + Then the response status code should be 200 + And the response body should contain "apikey" + Then I set headers + | Internal-Key | ${internalKey} | + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/1.0.0/pet/4" with body "" + And I eventually receive 200 response code, not accepting + |429| + + Scenario: Undeploying an already existing REST API + And I have a DCR application + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "SwaggerPetstore" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/1.0.0/pet/4" with body "" + And I eventually receive 404 response code, not accepting + |200| + + Scenario: Testing Internal Key for GraphQL API + And I have a DCR application + And I have a valid Publisher access token + When the definition file "artifacts/definitions/schema_graphql.graphql" + When I use the Payload file "artifacts/payloads/gqlPayload.json" + Then I make the import GraphQLAPI Creation request + Then the response status code should be 201 + And the response body should contain "StarwarsAPI" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + Then I make an internal key generation request + Then the response status code should be 200 + And the response body should contain "apikey" + Then I set headers + | Internal-Key | ${internalKey} | + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + And I eventually receive 200 response code, not accepting + | 404 | + | 401 | + + Scenario: Undeploying an already existing GraphQL API + And I have a DCR application + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "StarwarsAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + And I eventually receive 404 response code, not accepting + |200| diff --git a/test/cucumber-tests/src/test/resources/tests/agent-cptodp/MTLSwithOAuth2Mandatory.feature b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/MTLSwithOAuth2Mandatory.feature new file mode 100644 index 0000000000..88724c180f --- /dev/null +++ b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/MTLSwithOAuth2Mandatory.feature @@ -0,0 +1,457 @@ +Feature: Test mTLS between client and gateway with client certificate sent in header + Background: + Given The system is ready + # mTLS mandatory OAuth2 mandatory + Scenario: Test mandatory mTLS and mandatory OAuth2 with a valid client certificate in header + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/mtls/mtls_mandatory_oauth2_enabled.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "EmployeeServiceAPI" + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + | 403 | + | 429 | + + Scenario: Undeploy the created REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + |200| + + + Scenario: Test mandatory mTLS and mandatory OAuth2 with a invalid client certificate in header + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/mtls/mtls_mandatory_oauth2_enabled.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "EmployeeServiceAPI" + And I have a client certificate "invalid-cert.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 500 + + Scenario: Undeploy the created REST API + And I have a DCR application + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + + Scenario: Test mandatory mTLS and mandatory OAuth2 without client certificate in header + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/mtls/mtls_mandatory_oauth2_enabled.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "EmployeeServiceAPI" + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + + Scenario: Undeploy the created REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + |200| + + + # mTLS optional OAuth2 mandatory + Scenario: Test optional mTLS and mandatory OAuth2 with a valid client certificate in header + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/mtls/mtls_mandatory_oauth2_enabled.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "EmployeeServiceAPI" + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + | 403 | + | 429 | + + Scenario: Undeploy the created REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + |200| + + Scenario: Test optional mTLS and mandatory OAuth2 without a token + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/mtls/mtls_optional_oauth2_mandatory.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "EmployeeServiceAPI" + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + Then I set headers + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + + Scenario: Undeploy the created REST API + And I have a DCR application + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + |200| + + + Scenario: Test optional mTLS and mandatory OAuth2 with an invalid token in header + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/mtls/mtls_optional_oauth2_mandatory.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "EmployeeServiceAPI" + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I set "invlaidToken" as the new access token + Then I set headers + | Authorization | Bearer ${accessToken} | + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + + Scenario: Undeploy the created REST API + And I have a DCR application + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + |200| + + # #TODO: ERROR Exists IN THE APK SIDE that NEED TO BE FIXED. Enable this test case after that + # Scenario: Test mandatory mTLS and disabled OAuth2 with a valid client certificate in header + # And I have a DCR application + # And I have a valid Publisher access token + # When I use the Payload file "artifacts/payloads/mtls/mtls_mandatory_oauth2_disabled.json" + # When the definition file "artifacts/definitions/cors-definition.json" + # And make the import API Creation request using OAS "File" + # Then the response status code should be 201 + # And the response body should contain "EmployeeServiceAPI" + # And I have a client certificate "config-map-1.crt" + # Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + # Then the response status code should be 201 + # And make the API Revision Deployment request + # Then the response status code should be 201 + # Then I wait for 40 seconds + # And make the Change Lifecycle request + # Then the response status code should be 200 + # Then I set headers + # | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + # And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + # And I eventually receive 200 response code, not accepting + # | 401 | + + # Scenario: Undeploy the created REST API + # And I have a DCR application + # And I have a valid Devportal access token + # Then I delete the application "SampleApp" from devportal + # Then the response status code should be 200 + # And I have a valid Publisher access token + # Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + # Then I undeploy the selected API + # Then the response status code should be 200 + # And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + # And I eventually receive 404 response code, not accepting + # |200| + + # Scenario: Test mandatory mTLS and disabled OAuth2 with an invalid client certificate in header + + Scenario: Test mandatory mTLS and disabled OAuth2 without a client certificate in header + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/mtls/mtls_mandatory_oauth2_disabled.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "EmployeeServiceAPI" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + + Scenario: Undeploy the created REST API + And I have a DCR application + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + |200| + + # Multiple certificates test cases + Scenario: Test an API with mTLS enabled and one associated certificate with multiple certificates existing in system + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/mtls/mtls_mandatory_oauth2_enabled.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "EmployeeServiceAPI" + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + And I have a client certificate "config-map-2.crt" + Then I set headers + | Authorization | Bearer ${accessToken} | + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + And I have a client certificate "config-map-3.crt" + Then I set headers + | Authorization | Bearer ${accessToken} | + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + + Scenario: Undeploy the created REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + |200| + + Scenario: Test an API with mTLS enabled and multiple certificates configured + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/mtls/mtls_mandatory_oauth2_enabled.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "EmployeeServiceAPI" + And I have a client certificate "config-map-2.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap2" + Then the response status code should be 201 + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + And I have a client certificate "config-map-2.crt" + Then I set headers + | Authorization | Bearer ${accessToken} | + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + And I have a client certificate "config-map-3.crt" + Then I set headers + | Authorization | Bearer ${accessToken} | + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + + Scenario: Undeploy the created REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + |200| diff --git a/test/cucumber-tests/src/test/resources/tests/agent-cptodp/MTLSwithOAuth2Optional.feature b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/MTLSwithOAuth2Optional.feature new file mode 100644 index 0000000000..e8f1eae83d --- /dev/null +++ b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/MTLSwithOAuth2Optional.feature @@ -0,0 +1,390 @@ +Feature: Test mTLS between client and gateway with client certificate sent in header with OAuth2 optional + Background: + Given The system is ready + #mTLS mandatory OAuth2 optional + Scenario: Test mandatory mTLS and optional OAuth2 with a valid client certificate in header + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/mtls/mtls_mandatory_oauth2_optional.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "EmployeeServiceAPI" + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + Then I remove the header "Authorization" + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + + Scenario: Undeploy the created REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + |200| + + Scenario: Test mandatory mTLS and optional OAuth2 with an invalid client certificate in header + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/mtls/mtls_mandatory_oauth2_optional.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "EmployeeServiceAPI" + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + And I have a client certificate "invalid-cert.crt" + Then I set headers + | Authorization | Bearer ${accessToken} | + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + Then I remove the header "Authorization" + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + Then I remove the header "X-WSO2-CLIENT-CERTIFICATE" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + + Scenario: Undeploy API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + | 200 | + + Scenario: Test mandatory mTLS and optional OAuth2 without a client certificate in header + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/mtls/mtls_mandatory_oauth2_optional.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "EmployeeServiceAPI" + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + + Scenario: Undeploy the created REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + |200| + + # mTLS optional OAuth2 optional + Scenario: Test optional mTLS and optional OAuth2 with a valid token and then a valid client certificate in header + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/mtls/mtls_optional_oauth2_optional.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "EmployeeServiceAPI" + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + Then I remove the header "Authorization" + Then I set headers + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I eventually receive 200 response code, not accepting + | 401 | + + Scenario: Undeploy the created REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + |200| + + Scenario: Test optional mTLS and optional OAuth2 with an invalid client certificate and invalid token in header + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/mtls/mtls_optional_oauth2_optional.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "EmployeeServiceAPI" + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + Then I set "invalidToken" as the new access token + And I have a client certificate "invalid-cert.crt" + Then I set headers + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + + Scenario: Undeploy the created REST API + And I have a DCR application + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + |200| + + Scenario: Test optional mTLS and optional OAuth2 with an invalid client certificate and valid token in header + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/mtls/mtls_optional_oauth2_optional.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "EmployeeServiceAPI" + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + And I have a client certificate "invalid-cert.crt" + Then I set headers + | Authorization | Bearer ${accessToken} | + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + Then I remove the header "Authorization" + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + + Scenario: Undeploy API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + | 200 | + + Scenario: Test optional mTLS and optional OAuth2 with an invalid token in header + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/mtls/mtls_optional_oauth2_optional.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "EmployeeServiceAPI" + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + Then I set "invalidToken" as the new access token + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + + Scenario: Undeploy API + And I have a DCR application + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + | 200 | + + Scenario: Test optional mTLS and optional OAuth2 with no client certificate or token in header + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/mtls/mtls_optional_oauth2_optional.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "EmployeeServiceAPI" + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + + Scenario: Undeploy API + And I have a DCR application + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "EmployeeServiceAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + | 200 | \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/tests/agent-cptodp/Ratelimit.feature b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/Ratelimit.feature new file mode 100644 index 0000000000..76dcf2075c --- /dev/null +++ b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/Ratelimit.feature @@ -0,0 +1,284 @@ +Feature: Testing Ratelimit feature + Background: + Given The system is ready + Scenario: Testing API level rate limiiting for REST API + And I have a DCR application + And I have a valid Adminportal access token + Then I set new API throttling policy allowing "2" requests per every "1" minute + Then the response status code should be 201 + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/ratelimit_api.json" + When the definition file "artifacts/definitions/employees_api.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "SimpleRateLimitAPI" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/simple-rl/3.14/employee/" with body "" + And I eventually receive 200 response code, not accepting + |429| + |401| + And I send "GET" request to "https://default.gw.wso2.com:9095/simple-rl/3.14/employee/" with body "" + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/simple-rl/3.14/employee/" with body "" + Then the response status code should be 429 + Then I wait for next minute strictly + And I send "GET" request to "https://default.gw.wso2.com:9095/simple-rl/3.14/employee/" with body "" + Then the response status code should be 200 + + + Scenario: Undeploy the created REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "SimpleRateLimitAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/simple-rl/3.14/employee/" with body "" + Then the response status code should be 404 + And I send "GET" request to "https://sandbox.default.gw.wso2.com:9095/simple-rl/3.14/employee/" with body "" + Then the response status code should be 404 + And I have a valid Adminportal access token + Then I delete the created API throttling policy + + Scenario: Testing Resource level rate limiiting for REST API + And I have a DCR application + And I have a valid Adminportal access token + Then I set new API throttling policy allowing "2" requests per every "1" minute + Then the response status code should be 201 + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/resource_level_rl.json" + When the definition file "artifacts/definitions/employee_with_rl_r.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "SimpleRateLimitResourceLevelAPI" + And the response body should contain "\"throttlingPolicy\":\"TestRatelimit\"" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "ResourceLevelApp" + Then the response status code should be 201 + And the response body should contain "ResourceLevelApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/simple-rl-r/3.14/employee/" with body "" + And I eventually receive 200 response code, not accepting + |429| + |401| + And I send "GET" request to "https://default.gw.wso2.com:9095/simple-rl-r/3.14/employee/" with body "" + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/simple-rl-r/3.14/employee/" with body "" + Then the response status code should be 429 + And I send "GET" request to "https://default.gw.wso2.com:9095/simple-rl-r/3.14/employee/" with body "" + Then the response status code should be 429 + And I send "GET" request to "https://default.gw.wso2.com:9095/simple-rl-r/3.14/withoutrl/" with body "" + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/simple-rl-r/3.14/withoutrl/" with body "" + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/simple-rl-r/3.14/withoutrl/" with body "" + Then the response status code should be 200 + Then I wait for next minute strictly + And I send "GET" request to "https://default.gw.wso2.com:9095/simple-rl-r/3.14/employee/" with body "" + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/simple-rl-r/3.14/employee/" with body "" + Then the response status code should be 200 + + + Scenario: Undeploy the created REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "ResourceLevelApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "SimpleRateLimitResourceLevelAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I have a valid Adminportal access token + Then I delete the created API throttling policy + + Scenario: Testing API level rate limiiting for GraphQL API + And I have a DCR application + And I have a valid Adminportal access token + Then I set new API throttling policy allowing "2" requests per every "1" minute + Then the response status code should be 201 + And I have a valid Publisher access token + When the definition file "artifacts/definitions/schema_graphql.graphql" + Then I use the Payload file "artifacts/payloads/gqlPayload.json" + Then I make the import GraphQLAPI Creation request + Then the response status code should be 201 + And the response body should contain "StarwarsAPI" + Then I use the Payload file "artifacts/payloads/gql_api_level_rl.json" + And I update the API settings + Then the response status code should be 200 + And the response body should contain "StarwarsAPI" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "TestApp" + Then the response status code should be 201 + And the response body should contain "TestApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + And I eventually receive 200 response code, not accepting + |429| + |401| + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + Then the response status code should be 200 + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + Then the response status code should be 429 + Then I wait for next minute strictly + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + Then the response status code should be 200 + + + Scenario: Undeploy the created GraphQL API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "TestApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "StarwarsAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + Then the response status code should be 404 + And I send "POST" request to "https://sandbox.default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + Then the response status code should be 404 + And I have a valid Adminportal access token + Then I delete the created API throttling policy + Then the response status code should be 200 + + # NOTE: In the current implementation, APK only supports API level ratelimitting hence this test case + # commented out. Uncomment this after the proper implementation. +# Scenario: Testing Resource level rate limiiting for REST API +# And I have a DCR application +# And I have a valid Adminportal access token +# Then I set new API throttling policy allowing "2" requests per every "1" minute +# Then the response status code should be 201 +# And I have a valid Publisher access token +# When the definition file "artifacts/definitions/schema_graphql.graphql" +# Then I use the Payload file "artifacts/payloads/gqlPayload.json" +# Then I make the import GraphQLAPI Creation request +# Then the response status code should be 201 +# And the response body should contain "StarwarsAPI" +# Then I use the Payload file "artifacts/payloads/gql_resource_level_rl.json" +# And I update the GQL API settings +# Then the response status code should be 200 +# And the response body should contain "StarwarsAPI" +# And make the API Revision Deployment request +# Then the response status code should be 201 +# And make the Change Lifecycle request +# Then the response status code should be 200 +# And I have a valid Devportal access token +# And make the Application Creation request with the name "TestApp" +# Then the response status code should be 201 +# And the response body should contain "TestApp" +# And I have a KeyManager +# And make the Generate Keys request +# Then the response status code should be 200 +# And the response body should contain "consumerKey" +# And the response body should contain "consumerSecret" +# And make the Subscription request +# Then the response status code should be 201 +# And the response body should contain "Unlimited" +# And I get "production" oauth keys for application +# Then the response status code should be 200 +# And make the Access Token Generation request for "production" +# Then the response status code should be 200 +# And the response body should contain "accessToken" +# Then I set headers +# | Authorization | Bearer ${accessToken} | +# And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" +# And I eventually receive 200 response code, not accepting +# |429| +# |401| +# And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" +# Then the response status code should be 200 +# And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" +# Then the response status code should be 429 +# And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" +# Then the response status code should be 429 +# #From here onwards, it should query an endpoint without rate limit +# And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ human(id:1000){ id name }}\"}"; +# Then the response status code should be 200 +# And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ human(id:1000){ id name }}\"}"; +# Then the response status code should be 200 +# And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ human(id:1000){ id name }}\"}"; +# Then the response status code should be 200 +# Then I wait for next minute strictly +# And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" +# Then the response status code should be 200 +# And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" +# Then the response status code should be 200 + + +# Scenario: Undeploy the created GraphQL API +# And I have a DCR application +# And I have a valid Devportal access token +# Then I delete the application "TestApp" from devportal +# Then the response status code should be 200 +# And I have a valid Publisher access token +# Then I find the apiUUID of the API created with the name "StarwarsAPI" +# Then I undeploy the selected API +# Then the response status code should be 200 +# And I have a valid Adminportal access token +# Then I delete the created API throttling policy +# Then the response status code should be 200 + diff --git a/test/cucumber-tests/src/test/resources/tests/agent-cptodp/ResourceLevelInterceptor.feature b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/ResourceLevelInterceptor.feature new file mode 100644 index 0000000000..cffaf524b7 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/ResourceLevelInterceptor.feature @@ -0,0 +1,62 @@ +Feature: API Policy Addition(Interceptor Service) + Background: + Given The system is ready + Scenario: Create a REST API and add policy for request flow over Resource Level + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/api_policy/original.json" + When the definition file "artifacts/definitions/cors-definition.json" + And make the import API Creation request using OAS "File" + Then the response status code should be 201 + And the response body should contain "ResourceLevelIntercepterAPI" + Then I use the Payload file "artifacts/payloads/api_policy/resource_level_interceptor.json" + And I update the API settings + Then the response status code should be 200 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/rlintercepter/1.0.0/get" with body "" + And the response body should not contain "\"Interceptor-Header\"" + Then the response status code should be 200 + Then the response headers not contains key "interceptor-response-header" + And I send "GET" request to "https://default.gw.wso2.com:9095/rlintercepter/1.0.0/headers" with body "" + And the response body should contain + |"Interceptor-Header": "Interceptor-header-value"| + # |"Interceptor-Header-Apigroup": "Gold"| + # |"Interceptor-Header-Apitier": "Unlimited"| + Then the response status code should be 200 + Then the response headers contains key "interceptor-response-header" and value "Interceptor-Response-header-value" + + Scenario: Undeploying an already existing REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "ResourceLevelIntercepterAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/rlintercepter/1.0.0/get" with body "" + And I eventually receive 404 response code, not accepting + |200| diff --git a/test/cucumber-tests/src/test/resources/tests/agent-cptodp/Scopes.feature b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/Scopes.feature new file mode 100644 index 0000000000..25e1be6b7e --- /dev/null +++ b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/Scopes.feature @@ -0,0 +1,113 @@ +Feature: Invoking APIs with scopes enabled + Background: + Given The system is ready + Scenario: Create API and enable scopes for resources and invoke them using keys with and without proper scopes + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/api1.json" + And I use the OAS URL "https://petstore3.swagger.io/api/v3/openapi.json" + And make the import API Creation request using OAS "URL" + Then the response status code should be 201 + And the response body should contain "SwaggerPetstore" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/1.0.0/pet/4" with body "" + And I eventually receive 200 response code, not accepting + |429| + Then I make Access Token Generation request without scopes + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/1.0.0/pet/4" with body "" + Then the response status code should be 403 + + Scenario: Undeploy the created REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "SwaggerPetstore" + Then I undeploy the selected API + Then the response status code should be 200 + + Scenario: Deploying a GraphQL API with scopes and invoking it with and without scopes + And I have a DCR application + And I have a valid Publisher access token + When the definition file "artifacts/definitions/schema_graphql.graphql" + When I use the Payload file "artifacts/payloads/gql_with_scopes.json" + Then I make the import GraphQLAPI Creation request + Then the response status code should be 201 + And the response body should contain "StarWarsAPI" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "TestApp" + Then the response status code should be 201 + And the response body should contain "TestApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + Then the response status code should be 200 + And I eventually receive 200 response code, not accepting + | 404 | + | 401 | + Then I make Access Token Generation request without scopes + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + Then the response status code should be 403 + + Scenario: Undeploying an already existing GraphQL API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "TestApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "StarWarsAPI" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ hero { name } }\"}" + And I eventually receive 404 response code, not accepting + |200| \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/tests/agent-cptodp/SubscriptionBlocking.feature b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/SubscriptionBlocking.feature new file mode 100644 index 0000000000..ecf3051dbb --- /dev/null +++ b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/SubscriptionBlocking.feature @@ -0,0 +1,60 @@ +Feature: Blocking the subscription for a selected application + Background: + Given The system is ready + Scenario: Checking the subscription blocking for an REST API + And I have a DCR application + And I have a valid Publisher access token + When I use the Payload file "artifacts/payloads/api1.json" + And I use the OAS URL "https://petstore3.swagger.io/api/v3/openapi.json" + And make the import API Creation request using OAS "URL" + Then the response status code should be 201 + And the response body should contain "SwaggerPetstore" + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "SampleApp" + Then the response status code should be 201 + And the response body should contain "SampleApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/1.0.0/pet/4" with body "" + And I eventually receive 200 response code, not accepting + |429| + Then I send the subcription blocking request + And the response status code should be 200 + And the response body should contain "BLOCKED" + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/1.0.0/pet/4" with body "" + And I eventually receive 403 response code, not accepting + |200| + |201| + |429| + |500| + + Scenario: Undeploying the created REST API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "SampleApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "SwaggerPetstore" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/petstore/1.0.0/pet/4" with body "" + And I eventually receive 404 response code, not accepting + |200| \ No newline at end of file diff --git a/test/cucumber-tests/src/test/resources/tests/agent-cptodp/graphQLmTLS.feature b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/graphQLmTLS.feature new file mode 100644 index 0000000000..ef2a0c22e2 --- /dev/null +++ b/test/cucumber-tests/src/test/resources/tests/agent-cptodp/graphQLmTLS.feature @@ -0,0 +1,181 @@ +Feature: Test mTLS between client and gateway with client certificate sent in header + Background: + Given The system is ready + Scenario: Deploying GraphQL API with mTLS mandatory and valid certificate + And I have a DCR application + And I have a valid Publisher access token + When the definition file "artifacts/definitions/schema_graphql.graphql" + When I use the Payload file "artifacts/payloads/mtls/graphql_with_mtls.json" + Then I make the import GraphQLAPI Creation request + Then the response status code should be 201 + And the response body should contain "GraphQLAPImTLS" + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "TestApp" + Then the response status code should be 201 + And the response body should contain "TestApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ allHumans { name } }\"}" + And I eventually receive 200 response code, not accepting + | 429 | + | 500 | + And the response body should contain "\"name\":\"string\"" + + Scenario: Undeploy API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "TestApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "GraphQLAPImTLS" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + |200| + + + Scenario: Deploying GraphQL API with mTLS mandatory and no certificate + And I have a DCR application + And I have a valid Publisher access token + When the definition file "artifacts/definitions/schema_graphql.graphql" + When I use the Payload file "artifacts/payloads/mtls/graphql_with_mtls.json" + Then I make the import GraphQLAPI Creation request + Then the response status code should be 201 + And the response body should contain "GraphQLAPImTLS" + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "TestApp" + Then the response status code should be 201 + And the response body should contain "TestApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ allHumans { name } }\"}" + And I eventually receive 401 response code, not accepting + | 200 | + | 429 | + | 500 | + + Scenario: Undeploy API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "TestApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "GraphQLAPImTLS" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + |200| + + Scenario: Deploying GraphQL API with OAuth2 mandatory mTLS optional + And I have a DCR application + And I have a valid Publisher access token + When the definition file "artifacts/definitions/schema_graphql.graphql" + When I use the Payload file "artifacts/payloads/mtls/graphql_with_mtls_optional_oauth2_mandatory.json" + Then I make the import GraphQLAPI Creation request + Then the response status code should be 201 + And the response body should contain "GraphQLAPImTLS" + And I have a client certificate "config-map-1.crt" + Then I update the API with mtls certificate data with the alias "mtls-test-configmap" + Then the response status code should be 201 + And make the API Revision Deployment request + Then the response status code should be 201 + Then I wait for 40 seconds + And make the Change Lifecycle request + Then the response status code should be 200 + And I have a valid Devportal access token + And make the Application Creation request with the name "TestApp" + Then the response status code should be 201 + And the response body should contain "TestApp" + And I have a KeyManager + And make the Generate Keys request + Then the response status code should be 200 + And the response body should contain "consumerKey" + And the response body should contain "consumerSecret" + And make the Subscription request + Then the response status code should be 201 + And the response body should contain "Unlimited" + And I get "production" oauth keys for application + Then the response status code should be 200 + And make the Access Token Generation request for "production" + Then the response status code should be 200 + And the response body should contain "accessToken" + Then I set headers + | Authorization | Bearer ${accessToken} | + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ allHumans { name } }\"}" + And I eventually receive 200 response code, not accepting + | 429 | + | 500 | + And the response body should contain "\"name\":\"string\"" + Then I remove the header "X-WSO2-CLIENT-CERTIFICATE" + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ allHumans { name } }\"}" + And I eventually receive 200 response code, not accepting + | 429 | + | 500 | + And the response body should contain "\"name\":\"string\"" + And I have a client certificate "invalid-cert.crt" + Then I set headers + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ allHumans { name } }\"}" + And I eventually receive 401 response code, not accepting + | 429 | + | 500 | + + Scenario: Undeploy API + And I have a DCR application + And I have a valid Devportal access token + Then I delete the application "TestApp" from devportal + Then the response status code should be 200 + And I have a valid Publisher access token + Then I find the apiUUID of the API created with the name "GraphQLAPImTLS" + Then I undeploy the selected API + Then the response status code should be 200 + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee" with body "" + And I eventually receive 404 response code, not accepting + |200| +