jwrookie commented on code in PR #976:
URL:
https://github.com/apache/apisix-ingress-controller/pull/976#discussion_r855926002
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list",
func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of
upstreams")
Review Comment:
```suggestion
assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of
upstreams")
```
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list",
func() {
Review Comment:
```suggestion
ginkgo.It("referer-restriction plugin configuration deny list", func() {
```
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list",
func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of
upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+
+ // "Referer" match passed
+ resp := s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://test.com";).
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" match failed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.test.com";).
+ Expect()
+ resp.Status(http.StatusOK)
+ resp.Body().Contains("origin")
+
+ // "Referer" match passed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.foo.com";).
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
Review Comment:
DITTO
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list",
func() {
Review Comment:
black and white will make people think of skin color, how about using deny
list instead of it?
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list",
func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of
upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+
+ // "Referer" match passed
+ resp := s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://test.com";).
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
Review Comment:
Comment conflicts with the `resp.Body`
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list",
func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of
upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+
+ // "Referer" match passed
+ resp := s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://test.com";).
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" match failed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.test.com";).
+ Expect()
+ resp.Status(http.StatusOK)
+ resp.Body().Contains("origin")
+
+ // "Referer" match passed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.foo.com";).
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" is missing
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+ })
+
+ ginkgo.It("Customize message", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ whitelist:
+ - test.com
+ - "*.foo.com"
+ message: "You can customize the message any way you like"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of
upstreams")
Review Comment:
```suggestion
assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of
upstreams")
```
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list",
func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of
upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
Review Comment:
```suggestion
assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of
routes")
```
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list",
func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of
upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+
+ // "Referer" match passed
+ resp := s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://test.com";).
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" match failed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.test.com";).
+ Expect()
+ resp.Status(http.StatusOK)
+ resp.Body().Contains("origin")
+
+ // "Referer" match passed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.foo.com";).
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" is missing
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+ })
+
+ ginkgo.It("Customize message", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ whitelist:
+ - test.com
+ - "*.foo.com"
+ message: "You can customize the message any way you like"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of
upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
Review Comment:
```suggestion
assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of
routes")
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
