jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-06-09 04:37:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(plugin): implement golang version of plugin jwt-auth (#743)

Browse Source 
Signed-off-by: Ink33 <Ink33@smlk.org>
This commit is contained in:
Ink33
2024-06-06 10:22:51 +08:00
committed by GitHub
parent 6a40d83ec0
commit ed976c6d06
24 changed files with 2713 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

142
test/e2e/conformance/tests/go-wasm-jwt-auth-allow.yaml Normal file
View File

@@ -0,0 +1,142 @@
# Copyright (c) 2024 Alibaba Group Holding Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
name: wasmplugin-jwt-auth
namespace: higress-conformance-infra
spec:
ingressClassName: higress
rules:
- host: "foo.com"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: infra-backend-v1
port:
number: 8080
---
apiVersion: extensions.higress.io/v1alpha1
kind: WasmPlugin
metadata:
name: jwt-auth
namespace: higress-system
spec:
defaultConfig:
consumers:
- name: consumer1
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "EC",
"kid": "p256",
"crv": "P-256",
"x": "GWym652nfByDbs4EzNpGXCkdjG03qFZHulNDHTo3YJU",
"y": "5uVg_n-flqRJ5Zhf_aEKS0ow9SddTDgxGduSCgpoAZQ"
},
{
"kty": "RSA",
"kid": "rsa",
"n": "pFKAKJ0V3vFwGTvBSHbPwrNdvPyr-zMTh7Y9IELFIMNUQfG9_d2D1wZcrX5CPvtEISHin3GdPyfqEX6NjPyqvCLFTuNh80-r5Mvld-A5CHwITZXz5krBdqY5Z0wu64smMbzst3HNxHbzLQvHUY-KS6hceOB84d9B4rhkIJEEAWxxIA7yPJYjYyIC_STpPddtJkkweVvoa0m0-_FQkDFsbRS0yGgMNG4-uc7qLIU4kSwMQWcw1Rwy39LUDP4zNzuZABbWsDDBsMlVUaszRdKIlk5AQ-Fkah3E247dYGUQjSQ0N3dFLlMDv_e62BT3IBXGLg7wvGosWFNT_LpIenIW6Q",
"e": "AQAB"
}
]
}
- name: consumer_hedaer
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "EC",
"kid": "p256",
"crv": "P-256",
"x": "GWym652nfByDbs4EzNpGXCkdjG03qFZHulNDHTo3YJU",
"y": "5uVg_n-flqRJ5Zhf_aEKS0ow9SddTDgxGduSCgpoAZQ"
},
{
"kty": "RSA",
"kid": "rsa",
"n": "pFKAKJ0V3vFwGTvBSHbPwrNdvPyr-zMTh7Y9IELFIMNUQfG9_d2D1wZcrX5CPvtEISHin3GdPyfqEX6NjPyqvCLFTuNh80-r5Mvld-A5CHwITZXz5krBdqY5Z0wu64smMbzst3HNxHbzLQvHUY-KS6hceOB84d9B4rhkIJEEAWxxIA7yPJYjYyIC_STpPddtJkkweVvoa0m0-_FQkDFsbRS0yGgMNG4-uc7qLIU4kSwMQWcw1Rwy39LUDP4zNzuZABbWsDDBsMlVUaszRdKIlk5AQ-Fkah3E247dYGUQjSQ0N3dFLlMDv_e62BT3IBXGLg7wvGosWFNT_LpIenIW6Q",
"e": "AQAB"
}
]
}
from_headers:
- name: jwt
value_prefix: "Bearer "
- name: consumer_params
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "EC",
"kid": "p256",
"crv": "P-256",
"x": "GWym652nfByDbs4EzNpGXCkdjG03qFZHulNDHTo3YJU",
"y": "5uVg_n-flqRJ5Zhf_aEKS0ow9SddTDgxGduSCgpoAZQ"
},
{
"kty": "RSA",
"kid": "rsa",
"n": "pFKAKJ0V3vFwGTvBSHbPwrNdvPyr-zMTh7Y9IELFIMNUQfG9_d2D1wZcrX5CPvtEISHin3GdPyfqEX6NjPyqvCLFTuNh80-r5Mvld-A5CHwITZXz5krBdqY5Z0wu64smMbzst3HNxHbzLQvHUY-KS6hceOB84d9B4rhkIJEEAWxxIA7yPJYjYyIC_STpPddtJkkweVvoa0m0-_FQkDFsbRS0yGgMNG4-uc7qLIU4kSwMQWcw1Rwy39LUDP4zNzuZABbWsDDBsMlVUaszRdKIlk5AQ-Fkah3E247dYGUQjSQ0N3dFLlMDv_e62BT3IBXGLg7wvGosWFNT_LpIenIW6Q",
"e": "AQAB"
}
]
}
from_params:
- jwt_token
- name: consumer_cookies
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "EC",
"kid": "p256",
"crv": "P-256",
"x": "GWym652nfByDbs4EzNpGXCkdjG03qFZHulNDHTo3YJU",
"y": "5uVg_n-flqRJ5Zhf_aEKS0ow9SddTDgxGduSCgpoAZQ"
},
{
"kty": "RSA",
"kid": "rsa",
"n": "pFKAKJ0V3vFwGTvBSHbPwrNdvPyr-zMTh7Y9IELFIMNUQfG9_d2D1wZcrX5CPvtEISHin3GdPyfqEX6NjPyqvCLFTuNh80-r5Mvld-A5CHwITZXz5krBdqY5Z0wu64smMbzst3HNxHbzLQvHUY-KS6hceOB84d9B4rhkIJEEAWxxIA7yPJYjYyIC_STpPddtJkkweVvoa0m0-_FQkDFsbRS0yGgMNG4-uc7qLIU4kSwMQWcw1Rwy39LUDP4zNzuZABbWsDDBsMlVUaszRdKIlk5AQ-Fkah3E247dYGUQjSQ0N3dFLlMDv_e62BT3IBXGLg7wvGosWFNT_LpIenIW6Q",
"e": "AQAB"
}
]
}
from_cookies:
- jwt_token
global_auth: false
defaultConfigDisable: false
matchRules:
- config:
allow:
- consumer1
- consumer_hedaer
- consumer_params
- consumer_cookies
configDisable: false
ingress:
- higress-conformance-infra/wasmplugin-jwt-auth
url: file:///opt/plugins/wasm-go/extensions/jwt-auth/plugin.wasm

131
test/e2e/conformance/tests/go-wasm-jwt-auth-deny.yaml Normal file
View File

@@ -0,0 +1,131 @@
# Copyright (c) 2024 Alibaba Group Holding Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
name: wasmplugin-jwt-auth
namespace: higress-conformance-infra
spec:
ingressClassName: higress
rules:
- host: "foo.com"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: infra-backend-v1
port:
number: 8080
---
apiVersion: extensions.higress.io/v1alpha1
kind: WasmPlugin
metadata:
name: jwt-auth
namespace: higress-system
spec:
defaultConfig:
consumers:
- name: consumerEC
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "EC",
"kid": "p256",
"crv": "P-256",
"x": "GWym652nfByDbs4EzNpGXCkdjG03qFZHulNDHTo3YJU",
"y": "5uVg_n-flqRJ5Zhf_aEKS0ow9SddTDgxGduSCgpoAZQ"
}
]
}
- name: consumerRSA
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "RSA",
"kid": "rsa",
"n": "pFKAKJ0V3vFwGTvBSHbPwrNdvPyr-zMTh7Y9IELFIMNUQfG9_d2D1wZcrX5CPvtEISHin3GdPyfqEX6NjPyqvCLFTuNh80-r5Mvld-A5CHwITZXz5krBdqY5Z0wu64smMbzst3HNxHbzLQvHUY-KS6hceOB84d9B4rhkIJEEAWxxIA7yPJYjYyIC_STpPddtJkkweVvoa0m0-_FQkDFsbRS0yGgMNG4-uc7qLIU4kSwMQWcw1Rwy39LUDP4zNzuZABbWsDDBsMlVUaszRdKIlk5AQ-Fkah3E247dYGUQjSQ0N3dFLlMDv_e62BT3IBXGLg7wvGosWFNT_LpIenIW6Q",
"e": "AQAB"
}
]
}
- name: consumerEC_hedaer
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "EC",
"kid": "p256",
"crv": "P-256",
"x": "GWym652nfByDbs4EzNpGXCkdjG03qFZHulNDHTo3YJU",
"y": "5uVg_n-flqRJ5Zhf_aEKS0ow9SddTDgxGduSCgpoAZQ"
}
]
}
from_headers:
- name: jwt
value_prefix: "Bearer "
- name: consumerEC_params
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "EC",
"kid": "p256",
"crv": "P-256",
"x": "GWym652nfByDbs4EzNpGXCkdjG03qFZHulNDHTo3YJU",
"y": "5uVg_n-flqRJ5Zhf_aEKS0ow9SddTDgxGduSCgpoAZQ"
}
]
}
from_params:
- jwt_token
- name: consumerEC_cookies
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "EC",
"kid": "p256",
"crv": "P-256",
"x": "GWym652nfByDbs4EzNpGXCkdjG03qFZHulNDHTo3YJU",
"y": "5uVg_n-flqRJ5Zhf_aEKS0ow9SddTDgxGduSCgpoAZQ"
}
]
}
from_cookies:
- jwt_token
global_auth: false
defaultConfigDisable: false
matchRules:
- config:
allow:
- consumerEC
- consumerEC_hedaer
- consumerEC_params
- consumerEC_cookies
configDisable: false
ingress:
- higress-conformance-infra/wasmplugin-jwt-auth
url: file:///opt/plugins/wasm-go/extensions/jwt-auth/plugin.wasm

128
test/e2e/conformance/tests/go-wasm-jwt-auth-single-consumer.yaml Normal file
View File

@@ -0,0 +1,128 @@
# Copyright (c) 2024 Alibaba Group Holding Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
name: wasmplugin-jwt-auth
namespace: higress-conformance-infra
spec:
ingressClassName: higress
rules:
- host: "foo.com"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: infra-backend-v1
port:
number: 8080
---
apiVersion: extensions.higress.io/v1alpha1
kind: WasmPlugin
metadata:
name: jwt-auth
namespace: higress-system
spec:
defaultConfig:
consumers:
- name: consumerEC
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "EC",
"kid": "p256",
"crv": "P-256",
"x": "GWym652nfByDbs4EzNpGXCkdjG03qFZHulNDHTo3YJU",
"y": "5uVg_n-flqRJ5Zhf_aEKS0ow9SddTDgxGduSCgpoAZQ"
}
]
}
- name: consumerRSA
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "RSA",
"kid": "rsa",
"n": "pFKAKJ0V3vFwGTvBSHbPwrNdvPyr-zMTh7Y9IELFIMNUQfG9_d2D1wZcrX5CPvtEISHin3GdPyfqEX6NjPyqvCLFTuNh80-r5Mvld-A5CHwITZXz5krBdqY5Z0wu64smMbzst3HNxHbzLQvHUY-KS6hceOB84d9B4rhkIJEEAWxxIA7yPJYjYyIC_STpPddtJkkweVvoa0m0-_FQkDFsbRS0yGgMNG4-uc7qLIU4kSwMQWcw1Rwy39LUDP4zNzuZABbWsDDBsMlVUaszRdKIlk5AQ-Fkah3E247dYGUQjSQ0N3dFLlMDv_e62BT3IBXGLg7wvGosWFNT_LpIenIW6Q",
"e": "AQAB"
}
]
}
- name: consumerEC_hedaer
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "EC",
"kid": "p256",
"crv": "P-256",
"x": "GWym652nfByDbs4EzNpGXCkdjG03qFZHulNDHTo3YJU",
"y": "5uVg_n-flqRJ5Zhf_aEKS0ow9SddTDgxGduSCgpoAZQ"
}
]
}
from_headers:
- name: jwt
value_prefix: "Bearer "
- name: consumerEC_params
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "EC",
"kid": "p256",
"crv": "P-256",
"x": "GWym652nfByDbs4EzNpGXCkdjG03qFZHulNDHTo3YJU",
"y": "5uVg_n-flqRJ5Zhf_aEKS0ow9SddTDgxGduSCgpoAZQ"
}
]
}
from_params:
- jwt_token
- name: consumerEC_cookies
issuer: higress-test
jwks: |-
{
"keys": [
{
"kty": "EC",
"kid": "p256",
"crv": "P-256",
"x": "GWym652nfByDbs4EzNpGXCkdjG03qFZHulNDHTo3YJU",
"y": "5uVg_n-flqRJ5Zhf_aEKS0ow9SddTDgxGduSCgpoAZQ"
}
]
}
from_cookies:
- jwt_token
global_auth: false
defaultConfigDisable: false
matchRules:
- config:
allow:
- consumerEC
configDisable: false
ingress:
- higress-conformance-infra/wasmplugin-jwt-auth
url: file:///opt/plugins/wasm-go/extensions/jwt-auth/plugin.wasm

944
test/e2e/conformance/tests/go-wasm-jwt-auth.go Normal file
View File

@@ -0,0 +1,944 @@
// Copyright (c) 2024 Alibaba Group Holding Ltd.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package tests
import (
"testing"
"github.com/alibaba/higress/test/e2e/conformance/utils/http"
"github.com/alibaba/higress/test/e2e/conformance/utils/suite"
)
const (
ES256Allow string = "eyJhbGciOiJFUzI1NiIsImtpZCI6InAyNTYiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZm9vIiwiYmFyIl0sImV4cCI6MjAxOTY4NjQwMCwiaXNzIjoiaGlncmVzcy10ZXN0IiwibmJmIjoxNzA0MDY3MjAwLCJzdWIiOiJoaWdyZXNzLXRlc3QifQ.hm71YWfjALshUAgyOu-r9W2WBG_zfqIZZacAbc7oIH1r7dbB0sGQn3wKMWMmOzmxX0UyaVZ0KMk-HFTA1hDnBQ"
ES256Expried string = "eyJhbGciOiJFUzI1NiIsImtpZCI6InAyNTYiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZm9vIiwiYmFyIl0sImV4cCI6MTcwNDA2NzIwMCwiaXNzIjoiaGlncmVzcy10ZXN0IiwibmJmIjoxNzA0MDY3MjAwLCJzdWIiOiJoaWdyZXNzLXRlc3QifQ.9AnXd2rZ6FirHZQAoabyL4xZNz0jr-3LmcV4-pFV3JrdtUT4386Mw5Qan125fUB-rZf_ZBlv0Bft2tWY149fyg"
RS256Allow string = "eyJhbGciOiJSUzI1NiIsImtpZCI6InJzYSIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiZm9vIiwiYmFyIl0sImV4cCI6MjAxOTY4NjQwMCwiaXNzIjoiaGlncmVzcy10ZXN0IiwibmJmIjoxNzA0MDY3MjAwLCJzdWIiOiJoaWdyZXNzLXRlc3QifQ.iO0wPY91b_VNGUMZ1n-Ub-SRmEkDQMFLSi77z49tEzll3UZXwmBraP5udM_OPUAdk9ZO3dbb_fOgdcN9V1H9p5kiTr-l-pZTFTJHrPJj8wC519sYRcCk3wrZ9aXR5tNMwOsMdQb7waTBatDQLmHPWzAoTNBc8mwXkRcv1dmJLvsJgxyCl1I9CMOMPq0fYj1NBvaUDIdVSL1o7GGiriD8-0UIOmS72-I3mbaoCIyVb0h3wx7gnIW3zr0yYWaYoiIgmHLag-eEGxHp4-BjtCqcokU4QVMS91qpH7Mkl1iv2WHEkuDQRJ-nLzYGwXb7Dncx9K5tNWHJuZ-DihIU2oT0aA"
RS256Expried string = "eyJhbGciOiJSUzI1NiIsImtpZCI6InJzYSIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiZm9vIiwiYmFyIl0sImV4cCI6MTcwNDA2NzIwMCwiaXNzIjoiaGlncmVzcy10ZXN0IiwibmJmIjoxNzA0MDY3MjAwLCJzdWIiOiJoaWdyZXNzLXRlc3QifQ.jqzlhBPk9mmvtTT5aCYf-_5uXXSEU5bQ32fx78XeboCnjR9K1CsI4KYUIkXEX3bk66XJQUeSes7lz3gA4Yzkd-v9oADHTgpKnIxzv_5mD0_afIwEFjcalqVbSvCmro4PessQZDnmU7AIzoo3RPSqbmq8xbPVYUH9I-OO8aUu2ATd1HozgxJH1XnRU8k9KMkVW8XhvJXLKZJmnqe3Tu6pCU_tawFlBfBC4fAhMf0yX2CGE0ABAHubcdiI6JXObQmQQ9Or2a-g2a8g_Bw697PoPOsAn0YpTrHst9GcyTpkbNTAq9X8fc5EM7hiDM1FGeMYcaQTdMnOh4HBhP0p4YEhvA"
)
func init() {
Register(WasmPluginsJWTAuthAllow)
Register(WasmPluginsJWTAuthExpried)
Register(WasmPluginsJWTAuthDeny)
Register(WasmPluginsJWTAuthSingleConsumer)
}
var WasmPluginsJWTAuthAllow = suite.ConformanceTest{
ShortName: "WasmPluginsJWTAuth",
Description: "The Ingress in the higress-conformance-infra namespace test the jwt-auth WASM plugin.",
Manifests: []string{"tests/go-wasm-jwt-auth-allow.yaml"},
Features: []suite.SupportedFeature{suite.WASMGoConformanceFeature},
Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
testcases := []http.Assertion{
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "1. Default header with ES256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"Authorization": "Bearer " + ES256Allow},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "2. Default header with RS256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"Authorization": "Bearer " + RS256Allow},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "3. Default params with ES256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?access_token=" + ES256Allow,
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "4. Default params with RS256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?access_token=" + RS256Allow,
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "5. Custom header with ES256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"jwt": "Bearer " + ES256Allow},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "6. Custom header with RS256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"jwt": "Bearer " + RS256Allow},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "7. Custom params with ES256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?jwt_token=" + ES256Allow,
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "8. Custom params with RS256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?jwt_token=" + RS256Allow,
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "9. Custom cookies with ES256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
Headers: map[string]string{"Cookie": "jwt_token=" + ES256Allow},
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "10. Custom cookies with RS256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
Headers: map[string]string{"Cookie": "jwt_token=" + RS256Allow},
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
}
t.Run("WasmPlugins jwt-auth", func(t *testing.T) {
for _, testcase := range testcases {
http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, suite.GatewayAddress, testcase)
}
})
},
}
var WasmPluginsJWTAuthExpried = suite.ConformanceTest{
ShortName: "WasmPluginsJWTAuthExpried",
Description: "The Ingress in the higress-conformance-infra namespace test the jwt-auth WASM plugin.",
Manifests: []string{"tests/go-wasm-jwt-auth-deny.yaml"},
Features: []suite.SupportedFeature{suite.WASMGoConformanceFeature},
Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
testcases := []http.Assertion{
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "1. Default header with expried ES256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"Authorization": "Bearer " + ES256Expried},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "2. Default header with expried RS256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"Authorization": "Bearer " + RS256Expried},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "3. Default params with expried ES256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?access_token=" + ES256Expried,
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "4. Default params with expried RS256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?access_token=" + RS256Expried,
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "5. Custom header with expried ES256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"jwt": "Bearer " + ES256Expried},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "6. Custom header with expried RS256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"jwt": "Bearer " + RS256Expried},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "7. Custom params with expried ES256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?jwt_token=" + ES256Expried,
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "8. Custom params with expried RS256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?jwt_token=" + RS256Expried,
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "9. Custom cookies with expried ES256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
Headers: map[string]string{"Cookie": "jwt_token=" + ES256Expried},
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "10. Custom cookies with expried RS256",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
Headers: map[string]string{"Cookie": "jwt_token=" + RS256Expried},
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
}
t.Run("WasmPlugins jwt-auth", func(t *testing.T) {
for _, testcase := range testcases {
http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, suite.GatewayAddress, testcase)
}
})
},
}
var WasmPluginsJWTAuthDeny = suite.ConformanceTest{
ShortName: "WasmPluginsJWTAuthDeny",
Description: "The Ingress in the higress-conformance-infra namespace test the jwt-auth WASM plugin.",
Manifests: []string{"tests/go-wasm-jwt-auth-deny.yaml"},
Features: []suite.SupportedFeature{suite.WASMGoConformanceFeature},
Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
testcases := []http.Assertion{
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "1. Default header with RS256 but unauthorized consumer",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"Authorization": "Bearer " + RS256Allow},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "2. No token",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "3. Default header with no token",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"Authorization": "Bearer " + ""},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "4. Default params with no token",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?access_token=" + "",
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "5. Custom header with no token",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"jwt": "Bearer " + ""},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "6. Custom params with no token",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?jwt_token=" + "",
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "7. Custom cookies with no token",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
Headers: map[string]string{"Cookie": "jwt_token=" + ""},
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "8. Default header with fake token",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"Authorization": "Bearer " + "faketoken"},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "9. Default params with fake token",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?access_token=" + "faketoken",
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "10. Custom header with fake token",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"jwt": "Bearer " + "faketoken"},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "11. Custom params with fake token",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?jwt_token=" + "faketoken",
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "12. Custom cookies with fake token",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
Headers: map[string]string{"Cookie": "jwt_token=" + "faketoken"},
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
}
t.Run("WasmPlugins jwt-auth", func(t *testing.T) {
for _, testcase := range testcases {
http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, suite.GatewayAddress, testcase)
}
})
},
}
var WasmPluginsJWTAuthSingleConsumer = suite.ConformanceTest{
ShortName: "WasmPluginsJWTAuthSingleConsumer",
Description: "The Ingress in the higress-conformance-infra namespace test the jwt-auth WASM plugin.",
Manifests: []string{"tests/go-wasm-jwt-auth-single-consumer.yaml"},
Features: []suite.SupportedFeature{suite.WASMGoConformanceFeature},
Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
testcases := []http.Assertion{
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "1. Default hedaer with ES256 by single consumer_EC",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"Authorization": "Bearer " + ES256Allow},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "2. Default hedaer with expried ES256 by single consumer_EC",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"Authorization": "Bearer " + ES256Expried},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 401,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "3. Default hedaer with fake token by single consumer_EC",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"Authorization": "Bearer " + "faketoken"},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 401,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "4. No token by single consumer_EC",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 401,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "5. Default header with RS256 by single consumer_EC",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info",
UnfollowRedirect: true,
Headers: map[string]string{"Authorization": "Bearer " + RS256Allow},
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "6. Default params with ES256 by single consumer_EC",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?access_token=" + ES256Allow,
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 200,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "7. Default params with expried ES256 by single consumer_EC",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?access_token=" + ES256Expried,
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 401,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "8. Default params with fake token by single consumer_EC",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?access_token=" + "faketoken",
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 401,
},
ExpectedResponseNoRequest: true,
},
},
{
Meta: http.AssertionMeta{
TargetBackend: "infra-backend-v1",
TargetNamespace: "higress-conformance-infra",
TestCaseName: "9. Default params with RS256 by single consumer_EC",
},
Request: http.AssertionRequest{
ActualRequest: http.Request{
Host: "foo.com",
Path: "/info?access_token=" + RS256Allow,
UnfollowRedirect: true,
},
},
Response: http.AssertionResponse{
ExpectedResponse: http.Response{
StatusCode: 403,
},
ExpectedResponseNoRequest: true,
},
},
}
t.Run("WasmPlugins jwt-auth", func(t *testing.T) {
for _, testcase := range testcases {
http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, suite.GatewayAddress, testcase)
}
})
},
}

2
test/e2e/conformance/tests/go-wasm-simple-jwt-auth.go
View File

@@ -26,7 +26,7 @@ func init() {
}
var WasmPluginsJwtAuth = suite.ConformanceTest{
ShortName: "WasmPluginsJwtAuth",
ShortName: "WasmPluginsSimpleJwtAuth",
Description: "The Ingress in the higress-conformance-infra namespace test the simple-jwt-auth wasmplugins.",
Manifests: []string{"tests/go-wasm-simple-jwt-auth.yaml"},
Features: []suite.SupportedFeature{suite.WASMGoConformanceFeature},