mirror of
https://gitee.com/iresty/apisix.git
synced 2024-12-15 09:21:26 +08:00
548 lines
14 KiB
Perl
548 lines
14 KiB
Perl
|
#
|
||
|
# Licensed to the Apache Software Foundation (ASF) under one or more
|
||
|
# contributor license agreements. See the NOTICE file distributed with
|
||
|
# this work for additional information regarding copyright ownership.
|
||
|
# The ASF licenses this file to You under the Apache License, Version 2.0
|
||
|
# (the "License"); you may not use this file except in compliance with
|
||
|
# the License. You may obtain a copy of the License at
|
||
|
#
|
||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||
|
#
|
||
|
# Unless required by applicable law or agreed to in writing, software
|
||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
# See the License for the specific language governing permissions and
|
||
|
# limitations under the License.
|
||
|
#
|
||
|
use t::APISIX;
|
||
|
|
||
|
my $nginx_binary = $ENV{'TEST_NGINX_BINARY'} || 'nginx';
|
||
|
my $version = eval { `$nginx_binary -V 2>&1` };
|
||
|
|
||
|
if ($version !~ m/\/apisix-nginx-module/) {
|
||
|
plan(skip_all => "apisix-nginx-module not installed");
|
||
|
} else {
|
||
|
plan('no_plan');
|
||
|
}
|
||
|
|
||
|
repeat_each(1);
|
||
|
log_level('info');
|
||
|
no_root_location();
|
||
|
no_shuffle();
|
||
|
|
||
|
add_block_preprocessor(sub {
|
||
|
my ($block) = @_;
|
||
|
|
||
|
if ((!defined $block->error_log) && (!defined $block->no_error_log)) {
|
||
|
$block->set_value("no_error_log", "[error]");
|
||
|
}
|
||
|
});
|
||
|
|
||
|
run_tests();
|
||
|
|
||
|
__DATA__
|
||
|
|
||
|
=== TEST 1: tls without key
|
||
|
--- config
|
||
|
location /t {
|
||
|
content_by_lua_block {
|
||
|
local t = require("lib.test_admin")
|
||
|
local json = require("toolkit.json")
|
||
|
local ssl_cert = t.read_file("t/certs/mtls_client.crt")
|
||
|
local data = {
|
||
|
upstream = {
|
||
|
scheme = "https",
|
||
|
type = "roundrobin",
|
||
|
nodes = {
|
||
|
["127.0.0.1:1983"] = 1,
|
||
|
},
|
||
|
tls = {
|
||
|
client_cert = ssl_cert,
|
||
|
}
|
||
|
},
|
||
|
uri = "/hello"
|
||
|
}
|
||
|
local code, body = t.test('/apisix/admin/routes/1',
|
||
|
ngx.HTTP_PUT,
|
||
|
json.encode(data)
|
||
|
)
|
||
|
|
||
|
if code >= 300 then
|
||
|
ngx.status = code
|
||
|
end
|
||
|
ngx.print(body)
|
||
|
}
|
||
|
}
|
||
|
--- request
|
||
|
GET /t
|
||
|
--- error_code: 400
|
||
|
--- response_body
|
||
|
{"error_msg":"invalid configuration: property \"upstream\" validation failed: property \"tls\" validation failed: property \"client_key\" is required"}
|
||
|
|
||
|
|
||
|
|
||
|
=== TEST 2: tls with bad key
|
||
|
--- config
|
||
|
location /t {
|
||
|
content_by_lua_block {
|
||
|
local t = require("lib.test_admin")
|
||
|
local json = require("toolkit.json")
|
||
|
local ssl_cert = t.read_file("t/certs/mtls_client.crt")
|
||
|
local data = {
|
||
|
upstream = {
|
||
|
scheme = "https",
|
||
|
type = "roundrobin",
|
||
|
nodes = {
|
||
|
["127.0.0.1:1983"] = 1,
|
||
|
},
|
||
|
tls = {
|
||
|
client_cert = ssl_cert,
|
||
|
client_key = ("AAA"):rep(128),
|
||
|
}
|
||
|
},
|
||
|
uri = "/hello"
|
||
|
}
|
||
|
local code, body = t.test('/apisix/admin/routes/1',
|
||
|
ngx.HTTP_PUT,
|
||
|
json.encode(data)
|
||
|
)
|
||
|
|
||
|
if code >= 300 then
|
||
|
ngx.status = code
|
||
|
end
|
||
|
ngx.print(body)
|
||
|
}
|
||
|
}
|
||
|
--- request
|
||
|
GET /t
|
||
|
--- error_code: 400
|
||
|
--- response_body
|
||
|
{"error_msg":"failed to decrypt previous encrypted key"}
|
||
|
--- error_log
|
||
|
decrypt ssl key failed
|
||
|
|
||
|
|
||
|
|
||
|
=== TEST 3: encrypt key by default
|
||
|
--- config
|
||
|
location /t {
|
||
|
content_by_lua_block {
|
||
|
local t = require("lib.test_admin")
|
||
|
local json = require("toolkit.json")
|
||
|
local ssl_cert = t.read_file("t/certs/mtls_client.crt")
|
||
|
local ssl_key = t.read_file("t/certs/mtls_client.key")
|
||
|
local data = {
|
||
|
upstream = {
|
||
|
scheme = "https",
|
||
|
type = "roundrobin",
|
||
|
nodes = {
|
||
|
["127.0.0.1:1983"] = 1,
|
||
|
},
|
||
|
tls = {
|
||
|
client_cert = ssl_cert,
|
||
|
client_key = ssl_key,
|
||
|
}
|
||
|
},
|
||
|
uri = "/hello"
|
||
|
}
|
||
|
local code, body = t.test('/apisix/admin/routes/1',
|
||
|
ngx.HTTP_PUT,
|
||
|
json.encode(data)
|
||
|
)
|
||
|
|
||
|
if code >= 300 then
|
||
|
ngx.status = code
|
||
|
ngx.say(body)
|
||
|
return
|
||
|
end
|
||
|
|
||
|
local code, body, res = t.test('/apisix/admin/routes/1',
|
||
|
ngx.HTTP_GET
|
||
|
)
|
||
|
|
||
|
if code >= 300 then
|
||
|
ngx.status = code
|
||
|
ngx.say(body)
|
||
|
return
|
||
|
end
|
||
|
|
||
|
res = json.decode(res)
|
||
|
ngx.say(res.node.value.upstream.tls.client_key == ssl_key)
|
||
|
|
||
|
-- upstream
|
||
|
local data = {
|
||
|
scheme = "https",
|
||
|
type = "roundrobin",
|
||
|
nodes = {
|
||
|
["127.0.0.1:1983"] = 1,
|
||
|
},
|
||
|
tls = {
|
||
|
client_cert = ssl_cert,
|
||
|
client_key = ssl_key,
|
||
|
}
|
||
|
}
|
||
|
local code, body = t.test('/apisix/admin/upstreams/1',
|
||
|
ngx.HTTP_PUT,
|
||
|
json.encode(data)
|
||
|
)
|
||
|
|
||
|
if code >= 300 then
|
||
|
ngx.status = code
|
||
|
ngx.say(body)
|
||
|
return
|
||
|
end
|
||
|
|
||
|
local code, body, res = t.test('/apisix/admin/upstreams/1',
|
||
|
ngx.HTTP_GET
|
||
|
)
|
||
|
|
||
|
if code >= 300 then
|
||
|
ngx.status = code
|
||
|
ngx.say(body)
|
||
|
return
|
||
|
end
|
||
|
|
||
|
res = json.decode(res)
|
||
|
ngx.say(res.node.value.tls.client_key == ssl_key)
|
||
|
|
||
|
local data = {
|
||
|
upstream = {
|
||
|
scheme = "https",
|
||
|
type = "roundrobin",
|
||
|
nodes = {
|
||
|
["127.0.0.1:1983"] = 1,
|
||
|
},
|
||
|
tls = {
|
||
|
client_cert = ssl_cert,
|
||
|
client_key = ssl_key,
|
||
|
}
|
||
|
},
|
||
|
}
|
||
|
local code, body = t.test('/apisix/admin/services/1',
|
||
|
ngx.HTTP_PUT,
|
||
|
json.encode(data)
|
||
|
)
|
||
|
|
||
|
if code >= 300 then
|
||
|
ngx.status = code
|
||
|
ngx.say(body)
|
||
|
return
|
||
|
end
|
||
|
|
||
|
local code, body, res = t.test('/apisix/admin/services/1',
|
||
|
ngx.HTTP_GET
|
||
|
)
|
||
|
|
||
|
if code >= 300 then
|
||
|
ngx.status = code
|
||
|
ngx.say(body)
|
||
|
return
|
||
|
end
|
||
|
|
||
|
res = json.decode(res)
|
||
|
ngx.say(res.node.value.upstream.tls.client_key == ssl_key)
|
||
|
}
|
||
|
}
|
||
|
--- request
|
||
|
GET /t
|
||
|
--- response_body
|
||
|
false
|
||
|
false
|
||
|
false
|
||
|
|
||
|
|
||
|
|
||
|
=== TEST 4: hit
|
||
|
--- upstream_server_config
|
||
|
ssl_client_certificate ../../certs/mtls_ca.crt;
|
||
|
ssl_verify_client on;
|
||
|
--- request
|
||
|
GET /hello
|
||
|
--- response_body
|
||
|
hello world
|
||
|
|
||
|
|
||
|
|
||
|
=== TEST 5: wrong cert
|
||
|
--- config
|
||
|
location /t {
|
||
|
content_by_lua_block {
|
||
|
local t = require("lib.test_admin")
|
||
|
local json = require("toolkit.json")
|
||
|
local ssl_cert = t.read_file("t/certs/apisix.crt")
|
||
|
local ssl_key = t.read_file("t/certs/apisix.key")
|
||
|
local data = {
|
||
|
upstream = {
|
||
|
scheme = "https",
|
||
|
type = "roundrobin",
|
||
|
nodes = {
|
||
|
["127.0.0.1:1983"] = 1,
|
||
|
},
|
||
|
tls = {
|
||
|
client_cert = ssl_cert,
|
||
|
client_key = ssl_key,
|
||
|
}
|
||
|
},
|
||
|
uri = "/hello"
|
||
|
}
|
||
|
local code, body = t.test('/apisix/admin/routes/1',
|
||
|
ngx.HTTP_PUT,
|
||
|
json.encode(data)
|
||
|
)
|
||
|
|
||
|
if code >= 300 then
|
||
|
ngx.status = code
|
||
|
end
|
||
|
|
||
|
ngx.say(body)
|
||
|
}
|
||
|
}
|
||
|
--- request
|
||
|
GET /t
|
||
|
--- response_body
|
||
|
passed
|
||
|
|
||
|
|
||
|
|
||
|
=== TEST 6: hit
|
||
|
--- upstream_server_config
|
||
|
ssl_client_certificate ../../certs/mtls_ca.crt;
|
||
|
ssl_verify_client on;
|
||
|
--- request
|
||
|
GET /hello
|
||
|
--- error_code: 400
|
||
|
--- error_log
|
||
|
client SSL certificate verify error
|
||
|
|
||
|
|
||
|
|
||
|
=== TEST 7: clean old data
|
||
|
--- config
|
||
|
location /t {
|
||
|
content_by_lua_block {
|
||
|
local t = require("lib.test_admin")
|
||
|
assert(t.test('/apisix/admin/routes/1',
|
||
|
ngx.HTTP_DELETE
|
||
|
))
|
||
|
assert(t.test('/apisix/admin/services/1',
|
||
|
ngx.HTTP_DELETE
|
||
|
))
|
||
|
assert(t.test('/apisix/admin/upstreams/1',
|
||
|
ngx.HTTP_DELETE
|
||
|
))
|
||
|
}
|
||
|
}
|
||
|
--- request
|
||
|
GET /t
|
||
|
|
||
|
|
||
|
|
||
|
=== TEST 8: don't encrypt key
|
||
|
--- yaml_config
|
||
|
apisix:
|
||
|
node_listen: 1984
|
||
|
admin_key: null
|
||
|
ssl:
|
||
|
key_encrypt_salt: null
|
||
|
--- config
|
||
|
location /t {
|
||
|
content_by_lua_block {
|
||
|
local t = require("lib.test_admin")
|
||
|
local json = require("toolkit.json")
|
||
|
local ssl_cert = t.read_file("t/certs/mtls_client.crt")
|
||
|
local ssl_key = t.read_file("t/certs/mtls_client.key")
|
||
|
local data = {
|
||
|
upstream = {
|
||
|
scheme = "https",
|
||
|
type = "roundrobin",
|
||
|
nodes = {
|
||
|
["127.0.0.1:1983"] = 1,
|
||
|
},
|
||
|
tls = {
|
||
|
client_cert = ssl_cert,
|
||
|
client_key = ssl_key,
|
||
|
}
|
||
|
},
|
||
|
uri = "/hello"
|
||
|
}
|
||
|
local code, body = t.test('/apisix/admin/routes/1',
|
||
|
ngx.HTTP_PUT,
|
||
|
json.encode(data)
|
||
|
)
|
||
|
|
||
|
if code >= 300 then
|
||
|
ngx.status = code
|
||
|
ngx.say(body)
|
||
|
return
|
||
|
end
|
||
|
|
||
|
local code, body, res = t.test('/apisix/admin/routes/1',
|
||
|
ngx.HTTP_GET
|
||
|
)
|
||
|
|
||
|
if code >= 300 then
|
||
|
ngx.status = code
|
||
|
ngx.say(body)
|
||
|
return
|
||
|
end
|
||
|
|
||
|
res = json.decode(res)
|
||
|
ngx.say(res.node.value.upstream.tls.client_key == ssl_key)
|
||
|
|
||
|
-- upstream
|
||
|
local data = {
|
||
|
scheme = "https",
|
||
|
type = "roundrobin",
|
||
|
nodes = {
|
||
|
["127.0.0.1:1983"] = 1,
|
||
|
},
|
||
|
tls = {
|
||
|
client_cert = ssl_cert,
|
||
|
client_key = ssl_key,
|
||
|
}
|
||
|
}
|
||
|
local code, body = t.test('/apisix/admin/upstreams/1',
|
||
|
ngx.HTTP_PUT,
|
||
|
json.encode(data)
|
||
|
)
|
||
|
|
||
|
if code >= 300 then
|
||
|
ngx.status = code
|
||
|
ngx.say(body)
|
||
|
return
|
||
|
end
|
||
|
|
||
|
local code, body, res = t.test('/apisix/admin/upstreams/1',
|
||
|
ngx.HTTP_GET
|
||
|
)
|
||
|
|
||
|
if code >= 300 then
|
||
|
ngx.status = code
|
||
|
ngx.say(body)
|
||
|
return
|
||
|
end
|
||
|
|
||
|
res = json.decode(res)
|
||
|
ngx.say(res.node.value.tls.client_key == ssl_key)
|
||
|
|
||
|
local data = {
|
||
|
upstream = {
|
||
|
scheme = "https",
|
||
|
type = "roundrobin",
|
||
|
nodes = {
|
||
|
["127.0.0.1:1983"] = 1,
|
||
|
},
|
||
|
tls = {
|
||
|
client_cert = ssl_cert,
|
||
|
client_key = ssl_key,
|
||
|
}
|
||
|
},
|
||
|
}
|
||
|
local code, body = t.test('/apisix/admin/services/1',
|
||
|
ngx.HTTP_PUT,
|
||
|
json.encode(data)
|
||
|
)
|
||
|
|
||
|
if code >= 300 then
|
||
|
ngx.status = code
|
||
|
ngx.say(body)
|
||
|
return
|
||
|
end
|
||
|
|
||
|
local code, body, res = t.test('/apisix/admin/services/1',
|
||
|
ngx.HTTP_GET
|
||
|
)
|
||
|
|
||
|
if code >= 300 then
|
||
|
ngx.status = code
|
||
|
ngx.say(body)
|
||
|
return
|
||
|
end
|
||
|
|
||
|
res = json.decode(res)
|
||
|
ngx.say(res.node.value.upstream.tls.client_key == ssl_key)
|
||
|
}
|
||
|
}
|
||
|
--- request
|
||
|
GET /t
|
||
|
--- response_body
|
||
|
true
|
||
|
true
|
||
|
true
|
||
|
|
||
|
|
||
|
|
||
|
=== TEST 9: bind upstream
|
||
|
--- config
|
||
|
location /t {
|
||
|
content_by_lua_block {
|
||
|
local t = require("lib.test_admin")
|
||
|
local json = require("toolkit.json")
|
||
|
local data = {
|
||
|
upstream_id = 1,
|
||
|
uri = "/server_port"
|
||
|
}
|
||
|
local code, body = t.test('/apisix/admin/routes/1',
|
||
|
ngx.HTTP_PUT,
|
||
|
json.encode(data)
|
||
|
)
|
||
|
|
||
|
if code >= 300 then
|
||
|
ngx.status = code
|
||
|
ngx.say(body)
|
||
|
return
|
||
|
end
|
||
|
}
|
||
|
}
|
||
|
--- request
|
||
|
GET /t
|
||
|
|
||
|
|
||
|
|
||
|
=== TEST 10: hit
|
||
|
--- upstream_server_config
|
||
|
ssl_client_certificate ../../certs/mtls_ca.crt;
|
||
|
ssl_verify_client on;
|
||
|
--- request
|
||
|
GET /server_port
|
||
|
--- response_body chomp
|
||
|
1983
|
||
|
|
||
|
|
||
|
|
||
|
=== TEST 11: bind service
|
||
|
--- config
|
||
|
location /t {
|
||
|
content_by_lua_block {
|
||
|
local t = require("lib.test_admin")
|
||
|
local json = require("toolkit.json")
|
||
|
local data = {
|
||
|
service_id = 1,
|
||
|
uri = "/hello_chunked"
|
||
|
}
|
||
|
local code, body = t.test('/apisix/admin/routes/1',
|
||
|
ngx.HTTP_PUT,
|
||
|
json.encode(data)
|
||
|
)
|
||
|
|
||
|
if code >= 300 then
|
||
|
ngx.status = code
|
||
|
ngx.say(body)
|
||
|
return
|
||
|
end
|
||
|
}
|
||
|
}
|
||
|
--- request
|
||
|
GET /t
|
||
|
|
||
|
|
||
|
|
||
|
=== TEST 12: hit
|
||
|
--- upstream_server_config
|
||
|
ssl_client_certificate ../../certs/mtls_ca.crt;
|
||
|
ssl_verify_client on;
|
||
|
--- request
|
||
|
GET /hello_chunked
|
||
|
--- response_body
|
||
|
hello world
|