tao12345666333 commented on code in PR #1035:
URL:
https://github.com/apache/apisix-ingress-controller/pull/1035#discussion_r882374057
##########
test/e2e/suite-features/consumer.go:
##########
@@ -636,6 +636,208 @@ spec:
assert.Contains(ginkgo.GinkgoT(), msg401, "Missing rbac token
in request")
})
+ ginkgo.It("ApisixRoute with hmacAuth consumer", func() {
+ ac := `
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixConsumer
+metadata:
+ name: hmacvalue
+spec:
+ authParameter:
+ hmacAuth:
+ value:
+ access_key: papa
+ secret_key: fatpa
+ algorithm: "hmac-sha256"
+ clock_skew: 0
+`
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ac),
"creating hmacAuth ApisixConsumer")
+
+ // Wait until the ApisixConsumer create event was delivered.
+ time.Sleep(6 * time.Second)
+
+ grs, err := s.ListApisixConsumers()
+ assert.Nil(ginkgo.GinkgoT(), err, "listing consumer")
+ assert.Len(ginkgo.GinkgoT(), grs, 1)
+ assert.Len(ginkgo.GinkgoT(), grs[0].Plugins, 1)
+ hmacAuth, _ :=
grs[0].Plugins["hmac-auth"].(map[string]interface{})
+ assert.Equal(ginkgo.GinkgoT(), "papa", hmacAuth["access_key"])
+ assert.Equal(ginkgo.GinkgoT(), "fatpa", hmacAuth["secret_key"])
+ assert.Equal(ginkgo.GinkgoT(), "hmac-sha256",
hmacAuth["algorithm"])
+ assert.Equal(ginkgo.GinkgoT(), float64(0),
hmacAuth["clock_skew"])
+
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ exprs:
+ - subject:
+ scope: Header
+ name: X-Foo
+ op: Equal
+ value: bar
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ authentication:
+ enable: true
+ type: hmacAuth
+`, backendSvc, backendPorts[0])
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar),
"creating ApisixRoute with hmacAuth")
+ assert.Nil(ginkgo.GinkgoT(), s.EnsureNumApisixRoutesCreated(1),
"Checking number of routes")
+ assert.Nil(ginkgo.GinkgoT(),
s.EnsureNumApisixUpstreamsCreated(1), "Checking number of upstreams")
+
+ _ = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("X-Foo", "bar").
+ WithHeader("X-HMAC-SIGNATURE",
"l3Uka7E1kxPA/owQ2+OqJUmflRppjD5q8xPcWbyKKrg=").
+ WithHeader("X-HMAC-ACCESS-KEY", "papa").
+ WithHeader("X-HMAC-ALGORITHM", "hmac-sha256").
+ WithHeader("X-HMAC-SIGNED-HEADERS", "User-Agent;X-Foo").
+ WithHeader("User-Agent", "curl/7.29.0").
+ Expect().
+ Status(http.StatusOK)
+
+ msg := s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("X-Foo", "bar").
+ Expect().
+ Status(http.StatusUnauthorized).
+ Body().
+ Raw()
+ assert.Contains(ginkgo.GinkgoT(), msg, "access key or signature
missing")
+
+ msg = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("X-Foo", "baz").
+ WithHeader("X-HMAC-SIGNATURE",
"MhGJMkEYFD+98qtvoDPlvCGIUSmmUaw0In/D0vt2Z4E=").
+ WithHeader("X-HMAC-ACCESS-KEY", "papa").
+ WithHeader("X-HMAC-ALGORITHM", "hmac-sha256").
+ WithHeader("X-HMAC-SIGNED-HEADERS", "User-Agent;X-Foo").
+ WithHeader("User-Agent", "curl/7.29.0").
+ Expect().
+ Status(http.StatusNotFound).
+ Body().
+ Raw()
+ assert.Contains(ginkgo.GinkgoT(), msg, "404 Route Not Found")
+ })
+
+ ginkgo.It("ApisixRoute with hmacAuth consumer using secret", func() {
+ secret := `
+apiVersion: v1
+kind: Secret
+metadata:
+ name: hmac
+data:
+ access_key: cGFwYQ==
+ secret_key: ZmF0cGE=
+ algorithm: aG1hYy1zaGEyNTY=
+ clock_skew: MA==
+`
+ assert.Nil(ginkgo.GinkgoT(),
s.CreateResourceFromString(secret), "creating hmac secret for ApisixConsumer")
+
+ ac := `
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixConsumer
+metadata:
+ name: hmacvalue
+spec:
+ authParameter:
+ hmacAuth:
+ secretRef:
+ name: hmac
+`
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ac),
"creating hmacAuth ApisixConsumer")
+
+ // Wait until the ApisixConsumer create event was delivered.
+ time.Sleep(6 * time.Second)
+
+ grs, err := s.ListApisixConsumers()
+ assert.Nil(ginkgo.GinkgoT(), err, "listing consumer")
+ assert.Len(ginkgo.GinkgoT(), grs, 1)
+ assert.Len(ginkgo.GinkgoT(), grs[0].Plugins, 1)
+ hmacAuth, _ :=
grs[0].Plugins["hmac-auth"].(map[string]interface{})
+ assert.Equal(ginkgo.GinkgoT(), hmacAuth["access_key"], "papa")
+ assert.Equal(ginkgo.GinkgoT(), hmacAuth["secret_key"], "fatpa")
+ assert.Equal(ginkgo.GinkgoT(), hmacAuth["algorithm"],
"hmac-sha256")
+ assert.Equal(ginkgo.GinkgoT(), hmacAuth["clock_skew"],
float64(0))
Review Comment:
the order
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
