jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-04-20 19:47:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
2b3d0d72074ee7cf5359f975e075ed0fa02bed5b
higress/plugins/wasm-go/extensions/hmac-auth-apisix/config/config_test.go

389 lines
8.0 KiB
Go
Raw Blame History

package config
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/tidwall/gjson"
)
func TestParseGlobalConfig(t *testing.T) {
tests := []struct {
name string
jsonConfig string
expectError bool
validate func(*testing.T, *HmacAuthConfig)
}{
{
name: "Valid config with named consumers",
jsonConfig: `{
"consumers": [
{
"name": "consumer1",
"access_key": "ak1",
"secret_key": "sk1"
},
{
"name": "consumer2",
"access_key": "ak2",
"secret_key": "sk2"
}
]
}`,
expectError: false,
validate: func(t *testing.T, config *HmacAuthConfig) {
assert.Equal(t, 2, len(config.Consumers))
assert.Equal(t, "consumer1", config.Consumers[0].Name)
assert.Equal(t, "ak1", config.Consumers[0].AccessKey)
assert.Equal(t, "sk1", config.Consumers[0].SecretKey)
assert.Equal(t, "consumer2", config.Consumers[1].Name)
assert.Equal(t, "ak2", config.Consumers[1].AccessKey)
assert.Equal(t, "sk2", config.Consumers[1].SecretKey)
// 默认值检查
assert.Equal(t, []string{"hmac-sha1", "hmac-sha256", "hmac-sha512"}, config.AllowedAlgorithms)
assert.Equal(t, 300, config.ClockSkew)
},
},
{
name: "Valid config without names (use access_key as name)",
jsonConfig: `{
"consumers": [
{
"access_key": "ak1",
"secret_key": "sk1"
},
{
"access_key": "ak2",
"secret_key": "sk2"
}
]
}`,
expectError: false,
validate: func(t *testing.T, config *HmacAuthConfig) {
assert.Equal(t, 2, len(config.Consumers))
assert.Equal(t, "ak1", config.Consumers[0].Name)
assert.Equal(t, "ak1", config.Consumers[0].AccessKey)
assert.Equal(t, "ak2", config.Consumers[1].Name)
assert.Equal(t, "ak2", config.Consumers[1].AccessKey)
},
},
{
name: "Missing consumers",
jsonConfig: `{
"other_field": "value"
}`,
expectError: true,
},
{
name: "Empty consumers array",
jsonConfig: `{
"consumers": []
}`,
expectError: true,
},
{
name: "Missing access_key",
jsonConfig: `{
"consumers": [
{
"secret_key": "sk1"
}
]
}`,
expectError: true,
},
{
name: "Missing secret_key",
jsonConfig: `{
"consumers": [
{
"access_key": "ak1"
}
]
}`,
expectError: true,
},
{
name: "Duplicate access_key",
jsonConfig: `{
"consumers": [
{
"access_key": "ak1",
"secret_key": "sk1"
},
{
"access_key": "ak1",
"secret_key": "sk2"
}
]
}`,
expectError: true,
},
{
name: "Valid global_auth",
jsonConfig: `{
"consumers": [
{
"access_key": "ak1",
"secret_key": "sk1"
}
],
"global_auth": true
}`,
expectError: false,
validate: func(t *testing.T, config *HmacAuthConfig) {
assert.NotNil(t, config.GlobalAuth)
assert.True(t, *config.GlobalAuth)
},
},
{
name: "Valid allowed_algorithms",
jsonConfig: `{
"consumers": [
{
"access_key": "ak1",
"secret_key": "sk1"
}
],
"allowed_algorithms": ["hmac-sha256"]
}`,
expectError: false,
validate: func(t *testing.T, config *HmacAuthConfig) {
assert.Equal(t, []string{"hmac-sha256"}, config.AllowedAlgorithms)
},
},
{
name: "Invalid allowed_algorithms",
jsonConfig: `{
"consumers": [
{
"access_key": "ak1",
"secret_key": "sk1"
}
],
"allowed_algorithms": ["invalid-algorithm"]
}`,
expectError: true,
},
{
name: "Valid clock_skew",
jsonConfig: `{
"consumers": [
{
"access_key": "ak1",
"secret_key": "sk1"
}
],
"clock_skew": 600
}`,
expectError: false,
validate: func(t *testing.T, config *HmacAuthConfig) {
assert.Equal(t, 600, config.ClockSkew)
},
},
{
name: "Valid signed_headers",
jsonConfig: `{
"consumers": [
{
"access_key": "ak1",
"secret_key": "sk1"
}
],
"signed_headers": ["host", "date"]
}`,
expectError: false,
validate: func(t *testing.T, config *HmacAuthConfig) {
assert.Equal(t, []string{"host", "date"}, config.SignedHeaders)
},
},
{
name: "Valid validate_request_body",
jsonConfig: `{
"consumers": [
{
"access_key": "ak1",
"secret_key": "sk1"
}
],
"validate_request_body": true
}`,
expectError: false,
validate: func(t *testing.T, config *HmacAuthConfig) {
assert.True(t, config.ValidateRequestBody)
},
},
{
name: "Valid hide_credentials",
jsonConfig: `{
"consumers": [
{
"access_key": "ak1",
"secret_key": "sk1"
}
],
"hide_credentials": true
}`,
expectError: false,
validate: func(t *testing.T, config *HmacAuthConfig) {
assert.True(t, config.HideCredentials)
},
},
{
name: "Valid anonymous_consumer",
jsonConfig: `{
"consumers": [
{
"access_key": "ak1",
"secret_key": "sk1"
}
],
"anonymous_consumer": "anonymous"
}`,
expectError: false,
validate: func(t *testing.T, config *HmacAuthConfig) {
assert.Equal(t, "anonymous", config.AnonymousConsumer)
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
jsonData := gjson.Parse(tt.jsonConfig)
config := &HmacAuthConfig{}
defer func() {
if r := recover(); r != nil {
// 忽略日志相关的 panic
}
}()
err := ParseGlobalConfig(jsonData, config)
if tt.expectError {
assert.Error(t, err)
} else {
assert.NoError(t, err)
if tt.validate != nil {
tt.validate(t, config)
}
}
})
}
}
func TestParseOverrideRuleConfig(t *testing.T) {
globalConfig := HmacAuthConfig{
Consumers: []Consumer{
{
Name: "consumer1",
AccessKey: "ak1",
SecretKey: "sk1",
},
{
Name: "consumer2",
AccessKey: "ak2",
SecretKey: "sk2",
},
},
AllowedAlgorithms: []string{"hmac-sha1", "hmac-sha256", "hmac-sha512"},
ClockSkew: 300,
}
tests := []struct {
name string
jsonConfig string
validate func(*testing.T, *HmacAuthConfig)
expectError bool
}{
{
name: "Default values when no overrides",
jsonConfig: `{
"some_other_field": "value"
}`,
validate: func(t *testing.T, config *HmacAuthConfig) {
assert.Equal(t, []string{"hmac-sha1", "hmac-sha256", "hmac-sha512"}, config.AllowedAlgorithms)
assert.Equal(t, 300, config.ClockSkew)
assert.Equal(t, 2, len(config.Consumers))
},
expectError: false,
},
{
name: "Valid allow list",
jsonConfig: `{
"allow": ["consumer1", "consumer2"]
}`,
validate: func(t *testing.T, config *HmacAuthConfig) {
assert.Equal(t, []string{"consumer1", "consumer2"}, config.Allow)
},
expectError: false,
},
{
name: "Allow list with non-existent consumer",
jsonConfig: `{
"allow": ["consumer1", "nonexistent"]
}`,
validate: func(t *testing.T, config *HmacAuthConfig) {
assert.Equal(t, []string{"consumer1", "nonexistent"}, config.Allow)
},
expectError: false,
},
{
name: "Empty allow list",
jsonConfig: `{
"allow": []
}`,
validate: func(t *testing.T, config *HmacAuthConfig) {
assert.Equal(t, []string{}, config.Allow)
},
expectError: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
jsonData := gjson.Parse(tt.jsonConfig)
config := &HmacAuthConfig{}
defer func() {
if r := recover(); r != nil {
// 忽略日志相关的 panic
}
}()
err := ParseOverrideRuleConfig(jsonData, globalConfig, config)
if tt.expectError {
assert.Error(t, err)
} else {
assert.NoError(t, err)
if tt.validate != nil {
tt.validate(t, config)
}
}
})
}
}
func TestValidAlgorithms(t *testing.T) {
tests := []struct {
algorithm string
valid bool
}{
{"hmac-sha1", true},
{"hmac-sha256", true},
{"hmac-sha512", true},
{"invalid-algorithm", false},
{"", false},
{"hmac-md5", false},
}
for _, tt := range tests {
t.Run(tt.algorithm, func(t *testing.T) {
_, exists := validAlgorithms[tt.algorithm]
assert.Equal(t, tt.valid, exists)
})
}
}
Reference in New Issue View Git Blame Copy Permalink