This is an automated email from the ASF dual-hosted git repository.
zhangjintao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-ingress-controller.git
The following commit(s) were added to refs/heads/master by this push:
new 1899d901 feat: improve the e2e test of referer-restriction plugin
(#976)
1899d901 is described below
commit 1899d9018ba05eeb34c171d279c445815f248bf8
Author: John Chever <[email protected]>
AuthorDate: Tue May 10 17:16:38 2022 +0800
feat: improve the e2e test of referer-restriction plugin (#976)
---
test/e2e/suite-plugins/referer-restriction.go | 127 +++++++++++++++++++++++++-
1 file changed, 123 insertions(+), 4 deletions(-)
diff --git a/test/e2e/suite-plugins/referer-restriction.go
b/test/e2e/suite-plugins/referer-restriction.go
index 91297973..3bcb057b 100644
--- a/test/e2e/suite-plugins/referer-restriction.go
+++ b/test/e2e/suite-plugins/referer-restriction.go
@@ -34,7 +34,7 @@ var _ = ginkgo.Describe("suite-plugins: referer-restriction
plugin", func() {
APISIXRouteVersion: "apisix.apache.org/v2beta3",
}
s := scaffold.NewScaffold(opts)
- ginkgo.It("referer-restriction plugin configuration whitelist list",
func() {
+ ginkgo.It("configure a access list", func() {
backendSvc, backendPorts := s.DefaultHTTPBackend()
ar := fmt.Sprintf(`
apiVersion: apisix.apache.org/v2beta3
@@ -101,7 +101,126 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
- ginkgo.It("the bypass_missing field is true", func() {
+ ginkgo.It("configure a deny access list", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of
upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of
routes")
+
+ // "Referer" match failed
+ resp := s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://test.com";).
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" match passed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.test.com";).
+ Expect()
+ resp.Status(http.StatusOK)
+ resp.Body().Contains("origin")
+
+ // "Referer" match failed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.foo.com";).
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" is missing
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+ })
+
+ ginkgo.It("customize return message", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ whitelist:
+ - test.com
+ - "*.foo.com"
+ message: "You can customize the message any way you like"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of
upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of
routes")
+
+ // "Referer" match failed
+ resp := s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.test.com";).
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("You can customize the message any way you
like")
+
+ // "Referer" is missing
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("You can customize the message any way you
like")
+ })
+
+ ginkgo.It("configure bypass_missing field to true", func() {
backendSvc, backendPorts := s.DefaultHTTPBackend()
ar := fmt.Sprintf(`
apiVersion: apisix.apache.org/v2beta3
@@ -132,9 +251,9 @@ spec:
assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
err := s.EnsureNumApisixUpstreamsCreated(1)
- assert.Nil(ginkgo.GinkgoT(), err, "Checking number of
upstreams")
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of
upstreams")
err = s.EnsureNumApisixRoutesCreated(1)
- assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of
routes")
// "Referer" is missing
resp := s.NewAPISIXClient().GET("/ip").WithHeader("Host",
"httpbin.org").Expect()
