mirror of
https://github.com/alibaba/higress.git
synced 2026-06-26 10:45:25 +08:00
10498a2c86
Signed-off-by: EndlessSeeker <1766508902@qq.com> Co-authored-by: Jingze <52855280+Jing-ze@users.noreply.github.com>
94 lines
2.9 KiB
Go
94 lines
2.9 KiB
Go
package main
|
|
|
|
import (
|
|
"encoding/json"
|
|
"testing"
|
|
|
|
"github.com/higress-group/proxy-wasm-go-sdk/proxywasm/types"
|
|
"github.com/higress-group/wasm-go/pkg/test"
|
|
)
|
|
|
|
func oidcTestConfig(matchList []map[string]interface{}) json.RawMessage {
|
|
data, _ := json.Marshal(map[string]interface{}{
|
|
"redirect_url": "http://foo.bar.com/oauth2/callback",
|
|
"oidc_issuer_url": "http://127.0.0.1:65535/realms/poc",
|
|
"client_id": "poc",
|
|
"client_secret": "poc",
|
|
"cookie_secret": "nqavJrGvRmQxWwGNptLdyUVKcBNZ2b18Guc1n_8DCfY=",
|
|
"service_name": "keycloak.static",
|
|
"service_port": 80,
|
|
"service_host": "127.0.0.1:65535",
|
|
"match_type": "whitelist",
|
|
"match_list": matchList,
|
|
"verifier_interval": "2s",
|
|
})
|
|
return data
|
|
}
|
|
|
|
func TestOnHttpRequestHeadersVerifierUnavailable(t *testing.T) {
|
|
test.RunTest(t, func(t *testing.T) {
|
|
host, status := test.NewTestHost(oidcTestConfig(nil))
|
|
defer host.Reset()
|
|
if status != types.OnPluginStartStatusOK {
|
|
t.Fatalf("plugin start status = %v, want %v", status, types.OnPluginStartStatusOK)
|
|
}
|
|
|
|
action := host.CallOnHttpRequestHeaders([][2]string{
|
|
{":scheme", "http"},
|
|
{":authority", "foo.bar.com"},
|
|
{":path", "/protected"},
|
|
{":method", "GET"},
|
|
})
|
|
|
|
if action != types.ActionPause {
|
|
t.Fatalf("request action = %v, want %v", action, types.ActionPause)
|
|
}
|
|
if streamAction := host.GetHttpStreamAction(); streamAction != types.ActionPause {
|
|
t.Fatalf("stream action = %v, want %v", streamAction, types.ActionPause)
|
|
}
|
|
localResponse := host.GetLocalResponse()
|
|
if localResponse == nil {
|
|
t.Fatal("local response is nil")
|
|
}
|
|
if localResponse.StatusCode != 503 {
|
|
t.Fatalf("local response status = %d, want 503", localResponse.StatusCode)
|
|
}
|
|
if body := string(localResponse.Data); body != "OIDC verifier is unavailable" {
|
|
t.Fatalf("local response body = %q, want %q", body, "OIDC verifier is unavailable")
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestOnHttpRequestHeadersAllowlistBypassesVerifierCheck(t *testing.T) {
|
|
test.RunTest(t, func(t *testing.T) {
|
|
host, status := test.NewTestHost(oidcTestConfig([]map[string]interface{}{
|
|
{
|
|
"match_rule_domain": "foo.bar.com",
|
|
"match_rule_path": "/public",
|
|
"match_rule_type": "prefix",
|
|
},
|
|
}))
|
|
defer host.Reset()
|
|
if status != types.OnPluginStartStatusOK {
|
|
t.Fatalf("plugin start status = %v, want %v", status, types.OnPluginStartStatusOK)
|
|
}
|
|
|
|
action := host.CallOnHttpRequestHeaders([][2]string{
|
|
{":scheme", "http"},
|
|
{":authority", "foo.bar.com"},
|
|
{":path", "/public/info"},
|
|
{":method", "GET"},
|
|
})
|
|
|
|
if action != types.ActionContinue {
|
|
t.Fatalf("request action = %v, want %v", action, types.ActionContinue)
|
|
}
|
|
if streamAction := host.GetHttpStreamAction(); streamAction != types.ActionContinue {
|
|
t.Fatalf("stream action = %v, want %v", streamAction, types.ActionContinue)
|
|
}
|
|
if localResponse := host.GetLocalResponse(); localResponse != nil {
|
|
t.Fatalf("local response = %+v, want nil", localResponse)
|
|
}
|
|
})
|
|
}
|