You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/04/20 10:57:14 UTC
[GitHub] [apisix-ingress-controller] Chever-John opened a new pull request, #976: feat: improve the e2e test of referer-restriction plugin
Chever-John opened a new pull request, #976:
URL: https://github.com/apache/apisix-ingress-controller/pull/976
<!-- Please answer these questions before submitting a pull request -->
The original e2e testing of the referer-restriction plugin was not perfect, and the purpose of this PR is to improve the testing of the plugin.
### Type of change:
<!-- Please delete options that are not relevant. -->
- [ ] Bugfix
- [ ] New feature provided
- [ ] Improve performance
- [ ] Backport patches
### What this PR does / why we need it:
<!--- Why is this change required? What problem does it solve? -->
<!--- If it fixes an open issue, please link to the issue here. -->
### Pre-submission checklist:
<!--
Please follow the requirements:
1. Use Draft if the PR is not ready to be reviewed
2. Test is required for the feat/fix PR, unless you have a good reason
3. Doc is required for the feat PR
4. Use a new commit to resolve review instead of `push -f`
5. Use "request review" to notify the reviewer once you have resolved the review
-->
* [ ] Did you explain what problem does this PR solve? Or what new features have been added?
* [ ] Have you added corresponding test cases?
* [ ] Have you modified the corresponding document?
* [ ] Is this PR backward compatible? **If it is not backward compatible, please discuss on the [mailing list](https://github.com/apache/apisix-ingress-controller#community) first**
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] Chever-John commented on a diff in pull request #976: feat: improve the e2e test of referer-restriction plugin
Posted by GitBox <gi...@apache.org>.
Chever-John commented on code in PR #976:
URL: https://github.com/apache/apisix-ingress-controller/pull/976#discussion_r855997910
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+
+ // "Referer" match passed
+ resp := s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://test.com").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" match failed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.test.com").
+ Expect()
+ resp.Status(http.StatusOK)
+ resp.Body().Contains("origin")
+
+ // "Referer" match passed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.foo.com").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
Review Comment:
Sure~
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+
+ // "Referer" match passed
+ resp := s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://test.com").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" match failed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.test.com").
+ Expect()
+ resp.Status(http.StatusOK)
+ resp.Body().Contains("origin")
+
+ // "Referer" match passed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.foo.com").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" is missing
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+ })
+
+ ginkgo.It("Customize message", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ whitelist:
+ - test.com
+ - "*.foo.com"
+ message: "You can customize the message any way you like"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
Review Comment:
Done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] Chever-John commented on a diff in pull request #976: feat: improve the e2e test of referer-restriction plugin
Posted by GitBox <gi...@apache.org>.
Chever-John commented on code in PR #976:
URL: https://github.com/apache/apisix-ingress-controller/pull/976#discussion_r855986209
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
Review Comment:
Sure~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] Chever-John commented on a diff in pull request #976: feat: improve the e2e test of referer-restriction plugin
Posted by GitBox <gi...@apache.org>.
Chever-John commented on code in PR #976:
URL: https://github.com/apache/apisix-ingress-controller/pull/976#discussion_r855995354
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+
+ // "Referer" match passed
+ resp := s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://test.com").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
Review Comment:
OK~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] Chever-John commented on a diff in pull request #976: feat: improve the e2e test of referer-restriction plugin
Posted by GitBox <gi...@apache.org>.
Chever-John commented on code in PR #976:
URL: https://github.com/apache/apisix-ingress-controller/pull/976#discussion_r855948083
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
Review Comment:
Sure~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] Chever-John commented on pull request #976: feat: improve the e2e test of referer-restriction plugin
Posted by GitBox <gi...@apache.org>.
Chever-John commented on PR #976:
URL: https://github.com/apache/apisix-ingress-controller/pull/976#issuecomment-1104024818
> thanks, can you add a case for check the message?
have finished it~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] Chever-John commented on a diff in pull request #976: feat: improve the e2e test of referer-restriction plugin
Posted by GitBox <gi...@apache.org>.
Chever-John commented on code in PR #976:
URL: https://github.com/apache/apisix-ingress-controller/pull/976#discussion_r855971043
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list", func() {
Review Comment:
OK~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] codecov-commenter commented on pull request #976: feat: improve the e2e test of referer-restriction plugin
Posted by GitBox <gi...@apache.org>.
codecov-commenter commented on PR #976:
URL: https://github.com/apache/apisix-ingress-controller/pull/976#issuecomment-1103802457
# [Codecov](https://codecov.io/gh/apache/apisix-ingress-controller/pull/976?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#976](https://codecov.io/gh/apache/apisix-ingress-controller/pull/976?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (ab4d18e) into [master](https://codecov.io/gh/apache/apisix-ingress-controller/commit/0f4391a87a38ae9a2c61a0cea717cb831fc55506?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (0f4391a) will **not change** coverage.
> The diff coverage is `n/a`.
> :exclamation: Current head ab4d18e differs from pull request most recent head 3376d47. Consider uploading reports for the commit 3376d47 to get more accurate results
```diff
@@ Coverage Diff @@
## master #976 +/- ##
=======================================
Coverage 31.91% 31.91%
=======================================
Files 73 73
Lines 7953 7953
=======================================
Hits 2538 2538
Misses 5139 5139
Partials 276 276
```
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/apisix-ingress-controller/pull/976?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/apisix-ingress-controller/pull/976?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Last update [0f4391a...3376d47](https://codecov.io/gh/apache/apisix-ingress-controller/pull/976?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 commented on pull request #976: feat: improve the e2e test of referer-restriction plugin
Posted by GitBox <gi...@apache.org>.
tao12345666333 commented on PR #976:
URL: https://github.com/apache/apisix-ingress-controller/pull/976#issuecomment-1103923602
thanks, can you add a case for check the message?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] jwrookie commented on a diff in pull request #976: feat: improve the e2e test of referer-restriction plugin
Posted by GitBox <gi...@apache.org>.
jwrookie commented on code in PR #976:
URL: https://github.com/apache/apisix-ingress-controller/pull/976#discussion_r855926002
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
Review Comment:
```suggestion
assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of upstreams")
```
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list", func() {
Review Comment:
```suggestion
ginkgo.It("referer-restriction plugin configuration deny list", func() {
```
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+
+ // "Referer" match passed
+ resp := s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://test.com").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" match failed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.test.com").
+ Expect()
+ resp.Status(http.StatusOK)
+ resp.Body().Contains("origin")
+
+ // "Referer" match passed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.foo.com").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
Review Comment:
DITTO
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list", func() {
Review Comment:
black and white will make people think of skin color, how about using deny list instead of it?
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+
+ // "Referer" match passed
+ resp := s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://test.com").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
Review Comment:
Comment conflicts with the `resp.Body`
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+
+ // "Referer" match passed
+ resp := s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://test.com").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" match failed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.test.com").
+ Expect()
+ resp.Status(http.StatusOK)
+ resp.Body().Contains("origin")
+
+ // "Referer" match passed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.foo.com").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" is missing
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+ })
+
+ ginkgo.It("Customize message", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ whitelist:
+ - test.com
+ - "*.foo.com"
+ message: "You can customize the message any way you like"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
Review Comment:
```suggestion
assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of upstreams")
```
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
Review Comment:
```suggestion
assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of routes")
```
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+
+ // "Referer" match passed
+ resp := s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://test.com").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" match failed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.test.com").
+ Expect()
+ resp.Status(http.StatusOK)
+ resp.Body().Contains("origin")
+
+ // "Referer" match passed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.foo.com").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" is missing
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+ })
+
+ ginkgo.It("Customize message", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ whitelist:
+ - test.com
+ - "*.foo.com"
+ message: "You can customize the message any way you like"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
Review Comment:
```suggestion
assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of routes")
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] Chever-John commented on a diff in pull request #976: feat: improve the e2e test of referer-restriction plugin
Posted by GitBox <gi...@apache.org>.
Chever-John commented on code in PR #976:
URL: https://github.com/apache/apisix-ingress-controller/pull/976#discussion_r855999690
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+
+ // "Referer" match passed
+ resp := s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://test.com").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" match failed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.test.com").
+ Expect()
+ resp.Status(http.StatusOK)
+ resp.Body().Contains("origin")
+
+ // "Referer" match passed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.foo.com").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" is missing
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+ })
+
+ ginkgo.It("Customize message", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ whitelist:
+ - test.com
+ - "*.foo.com"
+ message: "You can customize the message any way you like"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
Review Comment:
Thank you very much for your valuable comments!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] Chever-John commented on a diff in pull request #976: feat: improve the e2e test of referer-restriction plugin
Posted by GitBox <gi...@apache.org>.
Chever-John commented on code in PR #976:
URL: https://github.com/apache/apisix-ingress-controller/pull/976#discussion_r855998506
##########
test/e2e/suite-plugins/referer-restriction.go:
##########
@@ -101,6 +101,125 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})
+ ginkgo.It("referer-restriction plugin configuration blacklist list", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ blacklist:
+ - test.com
+ - "*.foo.com"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+
+ // "Referer" match passed
+ resp := s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://test.com").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" match failed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.test.com").
+ Expect()
+ resp.Status(http.StatusOK)
+ resp.Body().Contains("origin")
+
+ // "Referer" match passed
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("Referer", "http://www.foo.com").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+
+ // "Referer" is missing
+ resp = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ Expect()
+ resp.Status(http.StatusForbidden)
+ resp.Body().Contains("Your referer host is not allowed")
+ })
+
+ ginkgo.It("Customize message", func() {
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ weight: 10
+ plugins:
+ - name: referer-restriction
+ enable: true
+ config:
+ whitelist:
+ - test.com
+ - "*.foo.com"
+ message: "You can customize the message any way you like"
+`, backendSvc, backendPorts[0])
+
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+
+ err := s.EnsureNumApisixUpstreamsCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+ err = s.EnsureNumApisixRoutesCreated(1)
+ assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
Review Comment:
Done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 merged pull request #976: feat: improve the e2e test of referer-restriction plugin
Posted by GitBox <gi...@apache.org>.
tao12345666333 merged PR #976:
URL: https://github.com/apache/apisix-ingress-controller/pull/976
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org