From ecfe3c620940cd0ef2db884197edbf92ca5ee69a Mon Sep 17 00:00:00 2001 From: Timmy Date: Tue, 12 Mar 2024 15:07:21 +0800 Subject: [PATCH] tests: add plugin test nginx (#78) --- src/apisix/ci/Dockerfile.apisix-test-nginx | 1 + src/apisix/t/bk-delete-cookie.t | 101 ++++++++++ src/apisix/t/bk-ip-group-restriction.t | 212 +++++++++++++++++++++ src/apisix/t/bk-log-context.t | 202 ++++++++++++++++++++ src/apisix/t/bk-opentelemetry.t | 190 ++++++++++++++++++ src/apisix/t/bk-real-ip.t | 166 ++++++++++++++++ src/apisix/t/bk-resource-context.t | 116 +++++++++++ src/apisix/t/bk-response-check.t | 173 +++++++++++++++++ src/apisix/t/bk-stage-context.t | 158 +++++++++++++++ src/apisix/t/bk-status-rewrite.t | 98 ++++++++++ 10 files changed, 1417 insertions(+) create mode 100644 src/apisix/t/bk-delete-cookie.t create mode 100644 src/apisix/t/bk-ip-group-restriction.t create mode 100644 src/apisix/t/bk-log-context.t create mode 100644 src/apisix/t/bk-opentelemetry.t create mode 100644 src/apisix/t/bk-real-ip.t create mode 100644 src/apisix/t/bk-resource-context.t create mode 100644 src/apisix/t/bk-response-check.t create mode 100644 src/apisix/t/bk-status-rewrite.t diff --git a/src/apisix/ci/Dockerfile.apisix-test-nginx b/src/apisix/ci/Dockerfile.apisix-test-nginx index d92f6e4..7332fcf 100644 --- a/src/apisix/ci/Dockerfile.apisix-test-nginx +++ b/src/apisix/ci/Dockerfile.apisix-test-nginx @@ -18,6 +18,7 @@ RUN wget https://github.com/apache/apisix/archive/refs/tags/${APISIX_VERSION}.ta # install dependencies ARG CODE_DIR=/codes/apisix-${APISIX_VERSION} RUN sed -i 's#yum install -y openresty openresty-debug openresty-openssl111-debug-devel pcre pcre-devel#yum install -y openresty openresty-debug openresty-openssl111-debug-devel pcre pcre-devel --skip-broken#g' ${CODE_DIR}/ci/centos7-ci.sh +RUN sed -i 's|https://registry.npm.taobao.org|https://registry.npmmirror.com|g' ${CODE_DIR}/t/plugin/grpc-web/package-lock.json RUN cd ${CODE_DIR} && bash ./ci/centos7-ci.sh install_dependencies RUN cp -r ${CODE_DIR}/t /usr/local/apisix/ diff --git a/src/apisix/t/bk-delete-cookie.t b/src/apisix/t/bk-delete-cookie.t new file mode 100644 index 0000000..3d3d498 --- /dev/null +++ b/src/apisix/t/bk-delete-cookie.t @@ -0,0 +1,101 @@ +# +# TencentBlueKing is pleased to support the open source community by making +# 蓝鲸智云 - API 网关(BlueKing - APIGateway) available. +# Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved. +# Licensed under the MIT License (the "License"); you may not use this file except +# in compliance with the License. You may obtain a copy of the License at +# +# http://opensource.org/licenses/MIT +# +# Unless required by applicable law or agreed to in writing, software distributed under +# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +# either express or implied. See the License for the specific language governing permissions and +# limitations under the License. +# +# We undertake not to change the open source license (MIT license) applicable +# to the current version of the project delivered to anyone in the future. +# + +use t::APISIX 'no_plan'; + +repeat_each(1); +no_long_string(); +no_shuffle(); +no_root_location(); + +add_block_preprocessor(sub { + my ($block) = @_; + + if (!defined $block->request) { + $block->set_value("request", "GET /t"); + } +}); + +run_tests; + +__DATA__ + +=== TEST 1: sanity +--- config + location /t { + content_by_lua_block { + local plugin = require("apisix.plugins.bk-delete-cookie") + local ok, err = plugin.check_schema({}) + if not ok then + ngx.say(err) + end + + ngx.say("done") + } + } +--- response_body +done + + + +=== TEST 2: add route +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "bk-delete-cookie": {}, + "bk-proxy-rewrite": { + "uri": "/uri/plugin_proxy_rewrite" + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + if code >= 300 then + ngx.status = code + end + -- code is 201, body is passed + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 3: check with cookie +--- request +GET /hello HTTP/1.1 +--- more_headers +Cookie: test cookie +--- response_body +uri: /uri/plugin_proxy_rewrite +host: localhost +x-real-ip: 127.0.0.1 diff --git a/src/apisix/t/bk-ip-group-restriction.t b/src/apisix/t/bk-ip-group-restriction.t new file mode 100644 index 0000000..81e30fe --- /dev/null +++ b/src/apisix/t/bk-ip-group-restriction.t @@ -0,0 +1,212 @@ +# +# TencentBlueKing is pleased to support the open source community by making +# 蓝鲸智云 - API 网关(BlueKing - APIGateway) available. +# Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved. +# Licensed under the MIT License (the "License"); you may not use this file except +# in compliance with the License. You may obtain a copy of the License at +# +# http://opensource.org/licenses/MIT +# +# Unless required by applicable law or agreed to in writing, software distributed under +# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +# either express or implied. See the License for the specific language governing permissions and +# limitations under the License. +# +# We undertake not to change the open source license (MIT license) applicable +# to the current version of the project delivered to anyone in the future. +# + +BEGIN { + if ($ENV{TEST_NGINX_CHECK_LEAK}) { + $SkipReason = "unavailable for the hup tests"; + + } else { + $ENV{TEST_NGINX_USE_HUP} = 1; + undef $ENV{TEST_NGINX_USE_STAP}; + } +} + +use t::APISIX 'no_plan'; + +repeat_each(1); +no_long_string(); +no_shuffle(); +no_root_location(); + +run_tests; + +__DATA__ +=== TEST 1: sanity +--- config + location /t { + content_by_lua_block { + local plugin = require("apisix.plugins.bk-ip-group-restriction") + local ok, err = plugin.check_schema({ + allow = {{ + id = 1, + name = "1", + content = "1.1.1.1\n# test\n1.1.1.2", + comment = "test allow" + }}, + deny = {{ + id = 2, + name = "2", + content = "192.168.1.1\n# test\n192.168.1.2", + comment = "test deny" + }} + }) + if not ok then + ngx.say(err) + end + ngx.say("done") + } + } +--- request +GET /t +--- response_body +done + + + +=== TEST 2: add plugin allow ip group +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "bk-ip-group-restriction": { + "allow": [{ + "id": 1, + "name": "1", + "content": "127.0.0.0/24\n# test\n1.1.1.1", + "comment": "test allow" + }] + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + if code >= 300 then + ngx.status = code + end + -- code is 201, body is passed + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 3: hit route and ip cidr in the whitelist +--- request +GET /hello +--- response_body +hello world + + + +=== TEST 4: add plugin deny ip group +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "bk-ip-group-restriction": { + "deny": [{ + "id": 1, + "name": "1", + "content": "127.0.0.0/24\n# test\n1.1.1.1", + "comment": "test allow" + }] + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + if code >= 300 then + ngx.status = code + end + -- code is 201, body is passed + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 5: hit route and ip cidr in the denylist +--- request +GET /hello +--- error_code: 403 + + + +=== TEST 6: add plugin error ip +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "bk-ip-group-restriction": { + "allow": [{ + "id": 1, + "name": "1", + "content": "test error", + "comment": "test allow" + }] + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + if code >= 300 then + ngx.status = code + end + -- code is 201, body is passed + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 7: ignore error ip match +--- request +GET /hello +--- error_code: 403 diff --git a/src/apisix/t/bk-log-context.t b/src/apisix/t/bk-log-context.t new file mode 100644 index 0000000..f7b286a --- /dev/null +++ b/src/apisix/t/bk-log-context.t @@ -0,0 +1,202 @@ +# +# TencentBlueKing is pleased to support the open source community by making +# 蓝鲸智云 - API 网关(BlueKing - APIGateway) available. +# Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved. +# Licensed under the MIT License (the "License"); you may not use this file except +# in compliance with the License. You may obtain a copy of the License at +# +# http://opensource.org/licenses/MIT +# +# Unless required by applicable law or agreed to in writing, software distributed under +# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +# either express or implied. See the License for the specific language governing permissions and +# limitations under the License. +# +# We undertake not to change the open source license (MIT license) applicable +# to the current version of the project delivered to anyone in the future. +# + +use t::APISIX 'no_plan'; + +repeat_each(1); +no_long_string(); +no_shuffle(); +no_root_location(); + +add_block_preprocessor(sub { + my ($block) = @_; + + if (!defined $block->request) { + $block->set_value("request", "GET /t"); + } +}); + +run_tests; + +__DATA__ + +=== TEST 1: sanity +--- config + location /t { + content_by_lua_block { + local plugin = require("apisix.plugins.bk-log-context") + local ok, err = plugin.check_schema({ + log_2xx_response_body = false + }) + if not ok then + ngx.say(err) + end + + ngx.say("done") + } + } +--- response_body +done + + + +=== TEST 2: add route +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "bk-log-context": { + "log_2xx_response_body": true + }, + "serverless-post-function": { + "phase": "header_filter", + "functions" : ["return function(conf, ctx) ngx.log(ngx.ERR, string.format(\"should_log_response_body: %s\", ctx.var.should_log_response_body)); end"] + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + if code >= 300 then + ngx.status = code + end + -- code is 201, body is passed + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 3: check ctx var should_log_response_body +--- request +GET /hello HTTP/1.1 +--- error_log +should_log_response_body: true + + + +=== TEST 4: add route +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "bk-log-context": { + "log_2xx_response_body": true + }, + "serverless-post-function": { + "phase": "body_filter", + "functions" : ["return function(conf, ctx) ngx.log(ngx.ERR, string.format(\"backend_part_response_body: %s\", ctx.var._backend_part_response_body)); end"] + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + if code >= 300 then + ngx.status = code + end + -- code is 201, body is passed + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 5: check ctx var backend_part_response_body +--- request +GET /hello HTTP/1.1 +--- response_body +hello world +--- error_log +backend_part_response_body: hello world + + + +=== TEST 6: add route +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "bk-log-context": { + "log_2xx_response_body": false + }, + "serverless-post-function": { + "phase": "body_filter", + "functions" : ["return function(conf, ctx) ngx.log(ngx.ERR, string.format(\"backend_part_response_body: %s\", ctx.var._backend_part_response_body)); end"] + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + if code >= 300 then + ngx.status = code + end + -- code is 201, body is passed + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 7: check ctx var backend_part_response_body empty +--- request +GET /hello HTTP/1.1 +--- response_body +hello world +--- error_log +backend_part_response_body: diff --git a/src/apisix/t/bk-opentelemetry.t b/src/apisix/t/bk-opentelemetry.t new file mode 100644 index 0000000..95169eb --- /dev/null +++ b/src/apisix/t/bk-opentelemetry.t @@ -0,0 +1,190 @@ +# +# TencentBlueKing is pleased to support the open source community by making +# 蓝鲸智云 - API 网关(BlueKing - APIGateway) available. +# Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved. +# Licensed under the MIT License (the "License"); you may not use this file except +# in compliance with the License. You may obtain a copy of the License at +# +# http://opensource.org/licenses/MIT +# +# Unless required by applicable law or agreed to in writing, software distributed under +# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +# either express or implied. See the License for the specific language governing permissions and +# limitations under the License. +# +# We undertake not to change the open source license (MIT license) applicable +# to the current version of the project delivered to anyone in the future. +# + +use t::APISIX 'no_plan'; + +add_block_preprocessor(sub { + my ($block) = @_; + + if (!$block->extra_yaml_config) { + my $extra_yaml_config = <<_EOC_; +plugins: + - opentelemetry + - bk-opentelemetry + - bk-stage-context +plugin_attr: + bk-opentelemetry: + enabled: true + opentelemetry: + batch_span_processor: + max_export_batch_size: 1 + inactive_timeout: 0.5 +_EOC_ + $block->set_value("extra_yaml_config", $extra_yaml_config); + } + + + if (!$block->extra_init_by_lua) { + my $extra_init_by_lua = <<_EOC_; +-- mock exporter http client +local client = require("opentelemetry.trace.exporter.http_client") +client.do_request = function() + ngx.log(ngx.INFO, "opentelemetry export span") + return "ok" +end +_EOC_ + + $block->set_value("extra_init_by_lua", $extra_init_by_lua); + } + + if (!$block->request) { + $block->set_value("request", "GET /t"); + } + + if (!defined $block->response_body) { + $block->set_value("response_body", "passed\n"); + } + + $block; +}); + +repeat_each(1); +no_long_string(); +no_root_location(); +log_level("debug"); + +run_tests; + +__DATA__ + +=== TEST 1: set plugin meta data +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/plugin_metadata/bk-opentelemetry', + ngx.HTTP_PUT, + [[{ + "sampler": { + "name": "always_on" + } + }]] + ) + if code >= 300 then + ngx.status = code + end + -- code is 201, body is passed + ngx.say(body) + } + } + + + +=== TEST 2: add plugin route +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "bk-stage-context": { + "bk_gateway_name": "demo", + "bk_gateway_id": 1, + "bk_stage_name": "prod", + "jwt_private_key": "dGhpcyBpcyBhIGZha2Ugand0IHByaXZhdGUga2V5", + "bk_api_auth": { + "api_type": 10 + } + }, + "bk-opentelemetry": {} + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/opentracing" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } + + + +=== TEST 3: trigger opentelemetry +--- request +GET /opentracing +--- response_body +opentracing +--- wait: 1 +--- grep_error_log eval +qr/opentelemetry export span/ +--- grep_error_log_out +opentelemetry export span + + + +=== TEST 4: check inject span +--- extra_init_by_lua + local core = require("apisix.core") + local otlp = require("opentelemetry.trace.exporter.otlp") + local span_kind = require("opentelemetry.trace.span_kind") + otlp.export_spans = function(self, spans) + if (#spans ~= 1) then + ngx.log(ngx.ERR, "unexpected spans length: ", #spans) + return + end + + local span = spans[1] + + local current_span_kind = span:plain().kind + if current_span_kind ~= span_kind.server then + ngx.log(ngx.ERR, "expected span.kind to be server but got ", current_span_kind) + return + end + + if span.name ~= "/opentracing" then + ngx.log(ngx.ERR, "expect span name: /opentracing, but got ", span.name) + return + end + + -- bk-opentelemetry inject 8 attributes + service and route + if #span.attributes ~= 10 then + ngx.log(ngx.ERR, "expect len(span.attributes) = 10, but got ", #span.attributes) + return + end + + ngx.log(ngx.INFO, "opentelemetry export span") + end +--- request +GET /opentracing?foo=bar&a=b +--- response_body +opentracing +--- wait: 1 +--- grep_error_log eval +qr/opentelemetry export span/ +--- grep_error_log_out +opentelemetry export span diff --git a/src/apisix/t/bk-real-ip.t b/src/apisix/t/bk-real-ip.t new file mode 100644 index 0000000..91b2463 --- /dev/null +++ b/src/apisix/t/bk-real-ip.t @@ -0,0 +1,166 @@ +# +# TencentBlueKing is pleased to support the open source community by making +# 蓝鲸智云 - API 网关(BlueKing - APIGateway) available. +# Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved. +# Licensed under the MIT License (the "License"); you may not use this file except +# in compliance with the License. You may obtain a copy of the License at +# +# http://opensource.org/licenses/MIT +# +# Unless required by applicable law or agreed to in writing, software distributed under +# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +# either express or implied. See the License for the specific language governing permissions and +# limitations under the License. +# +# We undertake not to change the open source license (MIT license) applicable +# to the current version of the project delivered to anyone in the future. +# + +use t::APISIX; + +my $nginx_binary = $ENV{'TEST_NGINX_BINARY'} || 'nginx'; +my $version = eval { `$nginx_binary -V 2>&1` }; + +if ($version !~ m/\/apisix-nginx-module/) { + plan(skip_all => "apisix-nginx-module not installed"); +} else { + plan('no_plan'); +} + +repeat_each(1); +log_level('info'); +no_root_location(); +no_shuffle(); + +add_block_preprocessor(sub { + my ($block) = @_; + + if (!$block->request) { + $block->set_value("request", "GET /t"); + } +}); + +run_tests(); + + +__DATA__ + +=== TEST 1: sanity +--- config + location /t { + content_by_lua_block { + local plugin = require("apisix.plugins.bk-real-ip") + local ok, err = plugin.check_schema({}) + if not ok then + ngx.say(err) + end + ngx.say("done") + } + } +--- request +GET /t +--- response_body +done + + +=== TEST 2: add route +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "uri": "/hello", + "upstream": { + "type": "roundrobin", + "nodes": { + "127.0.0.1:1980": 1 + } + }, + "plugins": { + "bk-real-ip": {}, + "ip-restriction": { + "whitelist": ["1.1.1.1"] + } + } + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } +} +--- request +GET /t +--- response_body +passed + + + +=== TEST 3: hit +--- request +GET /hello +--- more_headers +X-Forwarded-For: 1.1.1.1 +--- response_body +hello world + + + +=== TEST 4: miss address +--- request +GET /hello +--- error_code: 403 + + + +=== TEST 5: set metadata +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/plugin_metadata/bk-real-ip', + ngx.HTTP_PUT, + [[{ + "source": "http_xff" + }]] + ) + if code >= 300 then + ngx.status = code + end + -- code is 201, body is passed + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 6: hit xxf +--- request +GET /hello +--- more_headers +XFF: 1.1.1.1 +--- response_body +hello world + + + +=== TEST 7: miss address xff +--- request +GET /hello +--- error_code: 403 + + +=== TEST 8: miss address with xff +--- request +GET /hello +--- more_headers +X-Forwarded-For: 1.1.1.1 +--- error_code: 403 diff --git a/src/apisix/t/bk-resource-context.t b/src/apisix/t/bk-resource-context.t new file mode 100644 index 0000000..d4ca7b3 --- /dev/null +++ b/src/apisix/t/bk-resource-context.t @@ -0,0 +1,116 @@ +# +# TencentBlueKing is pleased to support the open source community by making +# 蓝鲸智云 - API 网关(BlueKing - APIGateway) available. +# Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved. +# Licensed under the MIT License (the "License"); you may not use this file except +# in compliance with the License. You may obtain a copy of the License at +# +# http://opensource.org/licenses/MIT +# +# Unless required by applicable law or agreed to in writing, software distributed under +# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +# either express or implied. See the License for the specific language governing permissions and +# limitations under the License. +# +# We undertake not to change the open source license (MIT license) applicable +# to the current version of the project delivered to anyone in the future. +# + +use t::APISIX 'no_plan'; + +repeat_each(1); +no_long_string(); +no_shuffle(); +no_root_location(); + +add_block_preprocessor(sub { + my ($block) = @_; + + if (!defined $block->request) { + $block->set_value("request", "GET /t"); + } +}); + +run_tests; + +__DATA__ + +=== TEST 1: sanity +--- config + location /t { + content_by_lua_block { + local plugin = require("apisix.plugins.bk-resource-context") + local ok, err = plugin.check_schema({ + bk_resource_id = 1, + bk_resource_name = "resource", + bk_resource_auth = { + verified_app_required = true, + verified_user_required = true, + resource_perm_required = false, + skip_user_verification = true + } + }) + if not ok then + ngx.say(err) + end + + ngx.say("done") + } + } +--- response_body +done + + + +=== TEST 2: add route +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "bk-resource-context": { + "bk_resource_id": 1, + "bk_resource_name": "resource", + "bk_resource_auth": { + "verified_app_required": true, + "verified_user_required": true, + "resource_perm_required": false, + "skip_user_verification": true + } + }, + "serverless-post-function": { + "phase": "rewrite", + "functions" : ["return function(conf, ctx) ngx.say(string.format(\"bk_resource_id: %d, bk_resource_name: %s, bk_resource_auth: %s\", ctx.var.bk_resource_id, ctx.var.bk_resource_name, require(\"toolkit.json\").encode(ctx.var.bk_resource_auth))); ngx.exit(200); end"] + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + if code >= 300 then + ngx.status = code + end + -- code is 201, body is passed + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 3: check ctx var +--- request +GET /hello HTTP/1.1 +--- response_body +bk_resource_id: 1, bk_resource_name: resource, bk_resource_auth: {"resource_perm_required":false,"skip_user_verification":true,"verified_app_required":true,"verified_user_required":true} diff --git a/src/apisix/t/bk-response-check.t b/src/apisix/t/bk-response-check.t new file mode 100644 index 0000000..726a45a --- /dev/null +++ b/src/apisix/t/bk-response-check.t @@ -0,0 +1,173 @@ +# +# TencentBlueKing is pleased to support the open source community by making +# 蓝鲸智云 - API 网关(BlueKing - APIGateway) available. +# Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved. +# Licensed under the MIT License (the "License"); you may not use this file except +# in compliance with the License. You may obtain a copy of the License at +# +# http://opensource.org/licenses/MIT +# +# Unless required by applicable law or agreed to in writing, software distributed under +# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +# either express or implied. See the License for the specific language governing permissions and +# limitations under the License. +# +# We undertake not to change the open source license (MIT license) applicable +# to the current version of the project delivered to anyone in the future. +# + +BEGIN { + if ($ENV{TEST_NGINX_CHECK_LEAK}) { + $SkipReason = "unavailable for the hup tests"; + + } else { + $ENV{TEST_NGINX_USE_HUP} = 1; + undef $ENV{TEST_NGINX_USE_STAP}; + } +} + +use t::APISIX 'no_plan'; + +repeat_each(1); +no_long_string(); +no_shuffle(); +no_root_location(); + +add_block_preprocessor(sub { + my ($block) = @_; + + if (!defined $block->request) { + $block->set_value("request", "GET /t"); + } +}); + +run_tests; + +__DATA__ + +=== TEST 1: sanity +--- config + location /t { + content_by_lua_block { + local plugin = require("apisix.plugins.bk-response-check") + local ok, err = plugin.check_schema({}) + if not ok then + ngx.say(err) + end + + ngx.say("done") + } + } +--- response_body +done + + + +=== TEST 2: add route +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "bk-stage-context": { + "bk_gateway_name": "demo", + "bk_gateway_id": 1, + "bk_stage_name": "prod", + "jwt_private_key": "dGhpcyBpcyBhIGZha2Ugand0IHByaXZhdGUga2V5", + "bk_api_auth": { + "api_type": 10 + } + }, + "prometheus": {}, + "bk-response-check": {}, + "bk-log-context": { + "log_2xx_response_body": false + }, + "serverless-post-function": { + "phase": "rewrite", + "functions" : ["return function(conf, ctx) ctx.var.bk_app_code = \"demo\" end"] + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + if code >= 300 then + ngx.status = code + end + -- code is 201, body is passed + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 3: add route metrics +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/metrics', + ngx.HTTP_PUT, + [[{ + "plugins": { + "public-api": {} + }, + "uri": "/apisix/prometheus/metrics" + }]] + ) + if code >= 300 then + ngx.status = code + end + -- code is 201, body is passed + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 4: request from client (all hit) +--- pipelined_requests eval +["GET /hello", "GET /hello", "GET /hello", "GET /hello"] +--- error_code eval +[200, 200, 200, 200] + + + +=== TEST 5: fetch the prometheus metric data apisix_apigateway_api_requests_total +--- request +GET /apisix/prometheus/metrics +--- response_body eval +qr/apisix_apigateway_api_requests_total\{api_name="demo",stage_name="prod",resource_name="",status="200",proxy_phase="",proxy_error="0"\} 4/ + + + +=== TEST 6: fetch the prometheus metric data apisix_apigateway_api_request_duration_milliseconds_bucket +--- request +GET /apisix/prometheus/metrics +--- response_body eval +qr/apisix_apigateway_api_request_duration_milliseconds_bucket\{api_name="demo",stage_name="prod",resource_name="",le="5000"\} \d+/ + + + +=== TEST 7: fetch the prometheus metric data apisix_apigateway_app_requests_total +--- request +GET /apisix/prometheus/metrics +--- response_body eval +qr/apisix_apigateway_app_requests_total\{app_code="demo",api_name="demo",stage_name="prod",resource_name=""\} 4/ diff --git a/src/apisix/t/bk-stage-context.t b/src/apisix/t/bk-stage-context.t index 5ef3f34..e1d4b4b 100644 --- a/src/apisix/t/bk-stage-context.t +++ b/src/apisix/t/bk-stage-context.t @@ -58,6 +58,8 @@ __DATA__ --- response_body done + + === TEST 2: with allow_auth_from_params/allow_delete_sensitive_params --- config location /t { @@ -82,3 +84,159 @@ done } --- response_body done + + + +=== TEST 3: add route +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "bk-stage-context": { + "bk_gateway_name": "demo", + "bk_gateway_id": 1, + "bk_stage_name": "prod", + "jwt_private_key": "dGhpcyBpcyBhIGZha2Ugand0IHByaXZhdGUga2V5", + "bk_api_auth": { + "api_type": 10, + "unfiltered_sensitive_keys": ["a", "b"], + "include_system_headers": ["c", "d"], + "allow_auth_from_params": true, + "allow_delete_sensitive_params": false, + "uin_conf": { + "user_type": "uin", + "from_uin_skey": true, + "skey_type": 1, + "domain_id": 1, + "search_rtx": true, + "search_rtx_source": 1, + "from_auth_token": false + }, + "rtx_conf": { + "user_type": "rtx", + "from_operator": true, + "from_bk_ticket": true, + "from_auth_token": true + }, + "user_conf": { + "user_type": "user", + "from_bk_token": true, + "from_username": true + } + } + }, + "serverless-post-function": { + "phase": "rewrite", + "functions" : ["return function(conf, ctx) ngx.say(string.format(\"instance_id: %s, bk_gateway_name: %s, bk_gateway_id: %s, bk_stage_name: %s, jwt_private_key: %s\", ctx.var.instance_id, ctx.var.bk_gateway_name, ctx.var.bk_gateway_id, ctx.var.bk_stage_name, ctx.var.jwt_private_key)); ngx.exit(200); end"] + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + if code >= 300 then + ngx.status = code + end + -- code is 201, body is passed + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 4: check ctx var part one +--- request +GET /hello HTTP/1.1 +--- response_body +instance_id: 2c4562899afc453f85bb9c228ed6febd, bk_gateway_name: demo, bk_gateway_id: 1, bk_stage_name: prod, jwt_private_key: this is a fake jwt private key + + + +=== TEST 5: add route check +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "bk-stage-context": { + "bk_gateway_name": "demo", + "bk_gateway_id": 1, + "bk_stage_name": "prod", + "jwt_private_key": "dGhpcyBpcyBhIGZha2Ugand0IHByaXZhdGUga2V5", + "bk_api_auth": { + "api_type": 10, + "unfiltered_sensitive_keys": ["a", "b"], + "include_system_headers": ["c", "d"], + "allow_auth_from_params": true, + "allow_delete_sensitive_params": false, + "uin_conf": { + "user_type": "uin", + "from_uin_skey": true, + "skey_type": 1, + "domain_id": 1, + "search_rtx": true, + "search_rtx_source": 1, + "from_auth_token": false + }, + "rtx_conf": { + "user_type": "rtx", + "from_operator": true, + "from_bk_ticket": true, + "from_auth_token": true + }, + "user_conf": { + "user_type": "user", + "from_bk_token": true, + "from_username": true + } + } + }, + "serverless-post-function": { + "phase": "rewrite", + "functions" : ["return function(conf, ctx) ngx.say(string.format(\"bk_api_auth: %s, bk_resource_name: %s, bk_service_name: %s\", require(\"toolkit.json\").encode(ctx.var.bk_api_auth), ctx.var.bk_resource_name, ctx.var.bk_service_name)); ngx.exit(200); end"] + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + if code >= 300 then + ngx.status = code + end + -- code is 201, body is passed + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 6: check ctx var part two +--- request +GET /hello HTTP/1.1 +--- response_body +bk_api_auth: {"allow_auth_from_params":true,"allow_delete_sensitive_params":false,"api_type":10,"include_system_headers_mapping":{"c":true,"d":true},"rtx_conf":{"from_auth_token":true,"from_bk_ticket":true,"from_operator":true,"user_type":"rtx"},"uin_conf":{"domain_id":1,"from_auth_token":false,"from_uin_skey":true,"search_rtx":true,"search_rtx_source":1,"skey_type":1,"user_type":"uin"},"unfiltered_sensitive_keys":["a","b"],"user_conf":{"from_bk_token":true,"from_username":true,"user_type":"user"}}, bk_resource_name: nil, bk_service_name: nil diff --git a/src/apisix/t/bk-status-rewrite.t b/src/apisix/t/bk-status-rewrite.t new file mode 100644 index 0000000..cc4ff83 --- /dev/null +++ b/src/apisix/t/bk-status-rewrite.t @@ -0,0 +1,98 @@ +# +# TencentBlueKing is pleased to support the open source community by making +# 蓝鲸智云 - API 网关(BlueKing - APIGateway) available. +# Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved. +# Licensed under the MIT License (the "License"); you may not use this file except +# in compliance with the License. You may obtain a copy of the License at +# +# http://opensource.org/licenses/MIT +# +# Unless required by applicable law or agreed to in writing, software distributed under +# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +# either express or implied. See the License for the specific language governing permissions and +# limitations under the License. +# +# We undertake not to change the open source license (MIT license) applicable +# to the current version of the project delivered to anyone in the future. +# + +use t::APISIX 'no_plan'; + +repeat_each(1); +no_long_string(); +no_shuffle(); +no_root_location(); + +add_block_preprocessor(sub { + my ($block) = @_; + + if (!defined $block->request) { + $block->set_value("request", "GET /t"); + } +}); + +run_tests; + +__DATA__ + +=== TEST 1: sanity +--- config + location /t { + content_by_lua_block { + local plugin = require("apisix.plugins.bk-status-rewrite") + local ok, err = plugin.check_schema({}) + if not ok then + ngx.say(err) + end + + ngx.say("done") + } + } +--- response_body +done + + + +=== TEST 2: add route +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "bk-status-rewrite": {}, + "serverless-post-function": { + "phase": "rewrite", + "functions" : ["return function(conf, ctx) ngx.say(string.format(\"bk_status_rewrite_200: %s\", ctx.var.bk_status_rewrite_200)); ngx.exit(200); end"] + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + if code >= 300 then + ngx.status = code + end + -- code is 201, body is passed + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 3: check ctx var +--- request +GET /hello HTTP/1.1 +--- response_body +bk_status_rewrite_200: true