End to end tests for #359

scripts/build.sh

@@ -51,6 +51,8 @@ test_server () {
 test_mtls () {
   cd $LOCATION/scripts/mtls-test
   sh ./test.sh
+  killall go >> /dev/null
+  killall java >> /dev/null
   rc=$?; if [ $rc != 0 ]; then exit $rc; fi
 }
 

scripts/mtls-tests/.gitignore

@@ -1,3 +1,4 @@
 *.out
 *.pem
-*.jar
+*.jar
+node_modules

scripts/mtls-tests/check.js

@@ -0,0 +1,11 @@
+const fs = require('fs');
+
+const clientbackend = fs.readFileSync('./clientbackend.go').toString('utf8');
+const clientfrontend = fs.readFileSync('./clientfrontend.go').toString('utf8');
+const foundbackend = clientbackend.indexOf('Hello, world!') > -1;
+const foundfrontend = clientfrontend.indexOf('Hello, world!') > -1;
+if (foundbackend && foundfrontend) {
+  process.exit(0);
+} else {
+  process.exit(-1);
+}

scripts/mtls-tests/oto.js

@@ -0,0 +1,311 @@
+const fs = require('fs');
+const fetch = require('node-fetch');
+
+const authToken = Buffer.from(`admin-api-apikey-id:admin-api-apikey-secret`).toString('base64');
+
+const certFront = fs.readFileSync('./cert-frontend.pem').toString('utf8');
+const certFrontKey = fs.readFileSync('./cert-frontend-key.pem').toString('utf8');
+const certBack = fs.readFileSync('./cert-backend.pem').toString('utf8');
+const certBackKey = fs.readFileSync('./cert-backend-key.pem').toString('utf8');
+
+const service = {
+  "id": "service",
+  "groupId": "default",
+  "name": "mtls",
+  "env": "prod",
+  "domain": "oto.tools",
+  "subdomain": "mtls",
+  "targetsLoadBalancing": {
+    "type": "RoundRobin"
+  },
+  "targets": [
+    {
+      "host": "localhost:8444",
+      "scheme": "https",
+      "weight": 1,
+      "protocol": "HTTP/1.1",
+      "predicate": {
+        "type": "AlwaysMatch"
+      },
+      "ipAddress": null
+    }
+  ],
+  "root": "/hello",
+  "matchingRoot": null,
+  "localHost": "localhost:8080",
+  "localScheme": "http",
+  "redirectToLocal": false,
+  "enabled": true,
+  "userFacing": false,
+  "privateApp": false,
+  "forceHttps": false,
+  "logAnalyticsOnServer": false,
+  "useAkkaHttpClient": true,
+  "tcpTunneling": false,
+  "detectApiKeySooner": false,
+  "maintenanceMode": false,
+  "buildMode": false,
+  "strictlyPrivate": false,
+  "enforceSecureCommunication": false,
+  "sendInfoToken": true,
+  "sendStateChallenge": true,
+  "sendOtoroshiHeadersBack": false,
+  "readOnly": false,
+  "xForwardedHeaders": false,
+  "overrideHost": true,
+  "allowHttp10": true,
+  "secComHeaders": {
+    "claimRequestName": null,
+    "stateRequestName": null,
+    "stateResponseName": null
+  },
+  "secComTtl": 30000,
+  "secComVersion": 1,
+  "secComInfoTokenVersion": "Legacy",
+  "secComExcludedPatterns": [],
+  "securityExcludedPatterns": [],
+  "publicPatterns": [
+    "/.*"
+  ],
+  "privatePatterns": [],
+  "additionalHeaders": {},
+  "additionalHeadersOut": {},
+  "removeHeadersIn": [],
+  "removeHeadersOut": [],
+  "headersVerification": {},
+  "matchingHeaders": {},
+  "ipFiltering": {
+    "whitelist": [],
+    "blacklist": []
+  },
+  "api": {
+    "exposeApi": false
+  },
+  "healthCheck": {
+    "enabled": false,
+    "url": "/"
+  },
+  "clientConfig": {
+    "useCircuitBreaker": true,
+    "retries": 1,
+    "maxErrors": 20,
+    "retryInitialDelay": 50,
+    "backoffFactor": 2,
+    "callTimeout": 30000,
+    "callAndStreamTimeout": 120000,
+    "connectionTimeout": 10000,
+    "idleTimeout": 60000,
+    "globalTimeout": 30000,
+    "sampleInterval": 2000,
+    "proxy": {},
+    "customTimeouts": []
+  },
+  "canary": {
+    "enabled": false,
+    "traffic": 0.2,
+    "targets": [],
+    "root": "/"
+  },
+  "gzip": {
+    "enabled": false,
+    "excludedPatterns": [],
+    "whiteList": [
+      "text/*",
+      "application/javascript",
+      "application/json"
+    ],
+    "blackList": [],
+    "bufferSize": 8192,
+    "chunkedThreshold": 102400,
+    "compressionLevel": 5
+  },
+  "metadata": {},
+  "chaosConfig": {
+    "enabled": false,
+    "largeRequestFaultConfig": {
+      "ratio": 0.2,
+      "additionalRequestSize": 0
+    },
+    "largeResponseFaultConfig": {
+      "ratio": 0.2,
+      "additionalResponseSize": 0
+    },
+    "latencyInjectionFaultConfig": {
+      "ratio": 0.2,
+      "from": 0,
+      "to": 0
+    },
+    "badResponsesFaultConfig": {
+      "ratio": 0.2,
+      "responses": []
+    }
+  },
+  "jwtVerifier": {
+    "type": "ref",
+    "id": null,
+    "enabled": false,
+    "excludedPatterns": []
+  },
+  "secComSettings": {
+    "type": "HSAlgoSettings",
+    "size": 512,
+    "secret": "${config.app.claim.sharedKey}"
+  },
+  "cors": {
+    "enabled": false,
+    "allowOrigin": "*",
+    "exposeHeaders": [],
+    "allowHeaders": [],
+    "allowMethods": [],
+    "excludedPatterns": [],
+    "maxAge": null,
+    "allowCredentials": true
+  },
+  "redirection": {
+    "enabled": false,
+    "code": 303,
+    "to": "https://www.otoroshi.io"
+  },
+  "authConfigRef": null,
+  "clientValidatorRef": null,
+  "transformerRef": null,
+  "transformerConfig": {},
+  "thirdPartyApiKey": {
+    "enabled": false,
+    "quotasEnabled": true,
+    "uniqueApiKey": false,
+    "type": "OIDC",
+    "oidcConfigRef": null,
+    "localVerificationOnly": false,
+    "mode": "Tmp",
+    "ttl": 0,
+    "headerName": "Authorization",
+    "throttlingQuota": 100,
+    "dailyQuota": 10000000,
+    "monthlyQuota": 10000000,
+    "excludedPatterns": [],
+    "scopes": [],
+    "rolesPath": [],
+    "roles": []
+  },
+  "apiKeyConstraints": {
+    "basicAuth": {
+      "enabled": true,
+      "headerName": null,
+      "queryName": null
+    },
+    "customHeadersAuth": {
+      "enabled": true,
+      "clientIdHeaderName": null,
+      "clientSecretHeaderName": null
+    },
+    "clientIdAuth": {
+      "enabled": true,
+      "headerName": null,
+      "queryName": null
+    },
+    "jwtAuth": {
+      "enabled": true,
+      "includeRequestAttributes": false,
+      "maxJwtLifespanSecs": null,
+      "headerName": null,
+      "queryName": null,
+      "cookieName": null
+    },
+    "routing": {
+      "noneTagIn": [],
+      "oneTagIn": [],
+      "allTagsIn": [],
+      "noneMetaIn": {},
+      "oneMetaIn": {},
+      "allMetaIn": {}
+    }
+  },
+  "restrictions": {
+    "enabled": false,
+    "allowLast": true,
+    "allowed": [],
+    "forbidden": [],
+    "notFound": []
+  }
+};
+
+const otoCertFront = {
+  "id": "otoCertFront",
+  "domain": "mtl.oto.tools",
+  "chain": certFront,
+  "caRef": null,
+  "privateKey": certFrontKey,
+  "selfSigned": true,
+  "ca": false,
+  "valid": true,
+  "autoRenew": false,
+  "subject": "CN=mtl.oto.tools",
+  "from": 1569941242000,
+  "to": 1885301242000
+};
+
+const otoCertBack = {
+  "id": "otoCertBack",
+  "domain": "localhost",
+  "chain": certBack,
+  "caRef": null,
+  "privateKey": certBackKey,
+  "selfSigned": true,
+  "ca": false,
+  "valid": true,
+  "autoRenew": false,
+  "subject": "CN=localhost",
+  "from": 1569941242000,
+  "to": 1885301242000
+};
+
+
+fetch('http://otoroshi-api.oto.tools:8080/api/certificates', {
+  method: 'GET',
+  headers: {
+    'Accept': 'application/json',
+    'Authorization': `Basic ${authToken}`
+  }
+}).then(r => r.json()).then(certs => {
+  return Promise.all(certs.map(cert => {
+    console.log(cert)
+    return fetch(`http://otoroshi-api.oto.tools:8080/api/certificates/${cert.id}`, {
+      method: 'DELETE',
+      headers: {
+        'Accept': 'application/json',
+        'Authorization': `Basic ${authToken}`
+      }
+    }).then(r => r.json());
+  })).then(() => {
+    return fetch(`http://otoroshi-api.oto.tools:8080/api/certificates`, {
+      method: 'POST',
+      headers: {
+        'Accept': 'application/json',
+        'Content-Type': 'application/json',
+        'Authorization': `Basic ${authToken}`
+      },
+      body: JSON.stringify(otoCertFront)
+    }).then(r => r.json()).then(() => {
+      return fetch(`http://otoroshi-api.oto.tools:8080/api/certificates`, {
+        method: 'POST',
+        headers: {
+          'Accept': 'application/json',
+          'Content-Type': 'application/json',
+          'Authorization': `Basic ${authToken}`
+        },
+        body: JSON.stringify(otoCertBack)
+      }).then(r => r.json()).then(() => {
+        return fetch(`http://otoroshi-api.oto.tools:8080/api/services`, {
+          method: 'POST',
+          headers: {
+            'Accept': 'application/json',
+            'Content-Type': 'application/json',
+            'Authorization': `Basic ${authToken}`
+          },
+          body: JSON.stringify(service)
+        }).then(r => r.json())
+      });
+    });
+  });
+});

scripts/mtls-tests/package.json

@@ -0,0 +1,9 @@
+{
+  "name": "mtls-tests",
+  "version": "1.0.0",
+  "main": "index.js",
+  "license": "MIT",
+  "dependencies": {
+    "node-fetch": "^2.6.0"
+  }
+}

scripts/mtls-tests/test.sh

@@ -1,15 +1,11 @@
 sh ./certs.sh
 go run backend.go &
 go run clientbackend.go > clientbackend.out
-# TODO: assert clientbackend.out content
 cp ../../otoroshi/target/scala-2.12/otoroshi.jar ./otoroshi.jar
 java -Dapp.domain=oto.tools -jar otoroshi.jar &
 sleep 10
-# TODO: delete existing certs in otoroshi 
-# TODO: inject certs in otoroshi
-# TODO: create service
+yarn install
+node oto.sh
 sleep 10
 go run clientfrontend.go > clientfrontend.out
-# TODO: assert clientfrontend.out content
-killall go >> /dev/null
-killall java >> /dev/null
+node check.js

scripts/mtls-tests/yarn.lock

@@ -0,0 +1,8 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+node-fetch@^2.6.0:
+  version "2.6.0"
+  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.0.tgz#e633456386d4aa55863f676a7ab0daa8fdecb0fd"
+  integrity sha512-8dG4H5ujfvFiqDmVu9fQ5bOHUC15JMjMY/Zumv26oOvvVJjM67KF8koCWIabKQ1GJIa9r2mMZscBq/TbdOcmNA==