This is an automated email from the ASF dual-hosted git repository. tokers pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix-ingress-controller.git
The following commit(s) were added to refs/heads/master by this push: new 783ba62 test: add e2e test cases for ip-restriction plugin (#388) 783ba62 is described below commit 783ba6257486c29d0c334513765fb9b1280b0424 Author: Alex Zhang <zchao1...@gmail.com> AuthorDate: Wed Apr 21 10:11:14 2021 +0800 test: add e2e test cases for ip-restriction plugin (#388) --- test/e2e/plugins/ip-restriction.go | 238 +++++++++++++++++++++++++++++++++++++ 1 file changed, 238 insertions(+) diff --git a/test/e2e/plugins/ip-restriction.go b/test/e2e/plugins/ip-restriction.go new file mode 100644 index 0000000..7242ef9 --- /dev/null +++ b/test/e2e/plugins/ip-restriction.go @@ -0,0 +1,238 @@ +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package plugins + +import ( + "fmt" + + "github.com/apache/apisix-ingress-controller/test/e2e/scaffold" + "github.com/onsi/ginkgo" + "github.com/stretchr/testify/assert" +) + +var _ = ginkgo.Describe("proxy-rewrite plugin", func() { + opts := &scaffold.Options{ + Name: "default", + Kubeconfig: scaffold.GetKubeconfig(), + APISIXConfigPath: "testdata/apisix-gw-config.yaml", + APISIXDefaultConfigPath: "testdata/apisix-gw-config-default.yaml", + IngressAPISIXReplicas: 1, + HTTPBinServicePort: 80, + APISIXRouteVersion: "apisix.apache.org/v2alpha1", + } + s := scaffold.NewScaffold(opts) + ginkgo.It("ip whitelist", func() { + backendSvc, backendPorts := s.DefaultHTTPBackend() + ar := fmt.Sprintf(` +apiVersion: apisix.apache.org/v2alpha1 +kind: ApisixRoute +metadata: + name: httpbin-route +spec: + http: + - name: rule1 + match: + hosts: + - httpbin.org + paths: + - /hello + backends: + - serviceName: %s + servicePort: %d + weight: 10 + plugins: + - name: ip-restriction + enable: true + config: + whitelist: + - "192.168.3.3" +`, backendSvc, backendPorts[0]) + + assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar)) + + err := s.EnsureNumApisixUpstreamsCreated(1) + assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams") + err = s.EnsureNumApisixRoutesCreated(1) + assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes") + + // As we use port forwarding so the ip address is 127.0.0.1 + s.NewAPISIXClient().GET("/hello").WithHeader("Host", "httpbin.org"). + Expect(). + Status(403). + Body(). + Contains("Your IP address is not allowed") + + ar = fmt.Sprintf(` +apiVersion: apisix.apache.org/v2alpha1 +kind: ApisixRoute +metadata: + name: httpbin-route +spec: + http: + - name: rule1 + match: + hosts: + - httpbin.org + paths: + - /ip + backends: + - serviceName: %s + servicePort: %d + weight: 10 + plugins: + - name: ip-restriction + enable: true + config: + whitelist: + - "127.0.0.1" +`, backendSvc, backendPorts[0]) + + assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar)) + + err = s.EnsureNumApisixUpstreamsCreated(1) + assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams") + err = s.EnsureNumApisixRoutesCreated(1) + assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes") + + // As we use port forwarding so the ip address is 127.0.0.1 + s.NewAPISIXClient().GET("/ip").WithHeader("Host", "httpbin.org"). + Expect(). + Status(200). + Body(). + Contains("origin") + }) + ginkgo.It("ip blacklist", func() { + backendSvc, backendPorts := s.DefaultHTTPBackend() + ar := fmt.Sprintf(` +apiVersion: apisix.apache.org/v2alpha1 +kind: ApisixRoute +metadata: + name: httpbin-route +spec: + http: + - name: rule1 + match: + hosts: + - httpbin.org + paths: + - /hello + backends: + - serviceName: %s + servicePort: %d + weight: 10 + plugins: + - name: ip-restriction + enable: true + config: + blacklist: + - "127.0.0.1" +`, backendSvc, backendPorts[0]) + + assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar)) + + err := s.EnsureNumApisixUpstreamsCreated(1) + assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams") + err = s.EnsureNumApisixRoutesCreated(1) + assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes") + + // As we use port forwarding so the ip address is 127.0.0.1 + s.NewAPISIXClient().GET("/hello").WithHeader("Host", "httpbin.org"). + Expect(). + Status(403). + Body(). + Contains("Your IP address is not allowed") + + ar = fmt.Sprintf(` +apiVersion: apisix.apache.org/v2alpha1 +kind: ApisixRoute +metadata: + name: httpbin-route +spec: + http: + - name: rule1 + match: + hosts: + - httpbin.org + paths: + - /ip + backends: + - serviceName: %s + servicePort: %d + weight: 10 + plugins: + - name: ip-restriction + enable: true + config: + blacklist: + - "192.168.12.12" +`, backendSvc, backendPorts[0]) + + assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar)) + + err = s.EnsureNumApisixUpstreamsCreated(1) + assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams") + err = s.EnsureNumApisixRoutesCreated(1) + assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes") + + // As we use port forwarding so the ip address is 127.0.0.1 + s.NewAPISIXClient().GET("/ip").WithHeader("Host", "httpbin.org"). + Expect(). + Status(200). + Body(). + Contains("origin") + }) + + ginkgo.It("disable plugin", func() { + backendSvc, backendPorts := s.DefaultHTTPBackend() + ar := fmt.Sprintf(` +apiVersion: apisix.apache.org/v2alpha1 +kind: ApisixRoute +metadata: + name: httpbin-route +spec: + http: + - name: rule1 + match: + hosts: + - httpbin.org + paths: + - /ip + backends: + - serviceName: %s + servicePort: %d + weight: 10 + plugins: + - name: ip-restriction + enable: false + config: + blacklist: + - "127.0.0.1" +`, backendSvc, backendPorts[0]) + + assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar)) + + err := s.EnsureNumApisixUpstreamsCreated(1) + assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams") + err = s.EnsureNumApisixRoutesCreated(1) + assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes") + + // As we use port forwarding so the ip address is 127.0.0.1 + s.NewAPISIXClient().GET("/ip").WithHeader("Host", "httpbin.org"). + Expect(). + Status(200). + Body(). + Contains("origin") + }) +})