[apisix-ingress-controller] branch master updated: test: add e2e test cases for cors plugin (#334)

[kv...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

kvn pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-ingress-controller.git


The following commit(s) were added to refs/heads/master by this push:
     new 456efa6  test: add e2e test cases for cors plugin (#334)
456efa6 is described below

commit 456efa6836e3195cc0fcb6603fb9243c1033860a
Author: Alex Zhang <to...@apache.org>
AuthorDate: Sat Apr 3 08:12:47 2021 +0800

    test: add e2e test cases for cors plugin (#334)
---
 test/e2e/plugins/cors.go | 254 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 254 insertions(+)

diff --git a/test/e2e/plugins/cors.go b/test/e2e/plugins/cors.go
new file mode 100644
index 0000000..aa5ada8
--- /dev/null
+++ b/test/e2e/plugins/cors.go
@@ -0,0 +1,254 @@
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements.  See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License.  You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package plugins
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/apache/apisix-ingress-controller/test/e2e/scaffold"
+	"github.com/onsi/ginkgo"
+	"github.com/stretchr/testify/assert"
+)
+
+var _ = ginkgo.Describe("fault-injection plugin", func() {
+	opts := &scaffold.Options{
+		Name:                    "default",
+		Kubeconfig:              scaffold.GetKubeconfig(),
+		APISIXConfigPath:        "testdata/apisix-gw-config.yaml",
+		APISIXDefaultConfigPath: "testdata/apisix-gw-config-default.yaml",
+		IngressAPISIXReplicas:   1,
+		HTTPBinServicePort:      80,
+		APISIXRouteVersion:      "apisix.apache.org/v2alpha1",
+	}
+	s := scaffold.NewScaffold(opts)
+	ginkgo.It("empty config", func() {
+		backendSvc, backendPorts := s.DefaultHTTPBackend()
+		ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2alpha1
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+   match:
+     hosts:
+     - httpbin.org
+     paths:
+       - /ip
+   backends:
+   - serviceName: %s
+     servicePort: %d
+     weight: 10
+   plugins:
+   - name: cors
+     enable: true
+`, backendSvc, backendPorts[0])
+
+		assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+		err := s.EnsureNumApisixUpstreamsCreated(1)
+		assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+		err = s.EnsureNumApisixRoutesCreated(1)
+		assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+
+		resp := s.NewAPISIXClient().GET("/ip").WithHeader("Host", "httpbin.org").Expect()
+		resp.Status(http.StatusOK)
+		resp.Header("Access-Control-Allow-Origin").Equal("*")
+		resp.Header("Access-Control-Allow-Methods").Equal("*")
+		resp.Header("Access-Control-Allow-Headers").Equal("*")
+		resp.Header("Access-Control-Expose-Headers").Equal("*")
+		resp.Header("Access-Control-Max-Age").Equal("5")
+		resp.Body().Contains("origin")
+	})
+	ginkgo.It("finer granularity config", func() {
+		backendSvc, backendPorts := s.DefaultHTTPBackend()
+		ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2alpha1
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+   match:
+     hosts:
+     - httpbin.org
+     paths:
+       - /ip
+   backends:
+   - serviceName: %s
+     servicePort: %d
+     weight: 10
+   plugins:
+   - name: cors
+     enable: true
+     config:
+       allow_origins: http://foo.bar.org
+       allow_methods: "GET,POST"
+       max_age: 3600
+       expose_headers: x-foo,x-baz
+       allow_headers: x-from-ingress
+       allow_credential: true
+`, backendSvc, backendPorts[0])
+
+		assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+		err := s.EnsureNumApisixUpstreamsCreated(1)
+		assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+		err = s.EnsureNumApisixRoutesCreated(1)
+		assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+
+		resp := s.NewAPISIXClient().GET("/ip").
+			WithHeader("Host", "httpbin.org").
+			WithHeader("Origin", "http://foo.bar.org").
+			Expect()
+		resp.Status(http.StatusOK)
+		resp.Header("Access-Control-Allow-Origin").Equal("http://foo.bar.org")
+		resp.Header("Access-Control-Allow-Methods").Equal("GET,POST")
+		resp.Header("Access-Control-Allow-Headers").Equal("x-from-ingress")
+		resp.Header("Access-Control-Expose-Headers").Equal("x-foo,x-baz")
+		resp.Header("Access-Control-Max-Age").Equal("3600")
+		resp.Header("Access-Control-Allow-Credentials").Equal("true")
+		resp.Body().Contains("origin")
+
+		resp = s.NewAPISIXClient().GET("/ip").
+			WithHeader("Host", "httpbin.org").
+			WithHeader("Origin", "http://foo.bar2.org").
+			Expect()
+		resp.Header("Access-Control-Allow-Methods").Empty()
+		resp.Header("Access-Control-Allow-Headers").Empty()
+		resp.Header("Access-Control-Expose-Headers").Empty()
+		resp.Header("Access-Control-Max-Age").Empty()
+		// httpbin set it by itself.
+		//resp.Header("Access-Control-Allow-Credentials").Empty()
+		resp.Body().Contains("origin")
+	})
+	ginkgo.It("allow_origins_by_regex", func() {
+		ginkgo.Skip("APISIX version priors to 2.5 doesn't contain allow_origins_by_regex in cors plugin")
+		backendSvc, backendPorts := s.DefaultHTTPBackend()
+		ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2alpha1
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+   match:
+     hosts:
+     - httpbin.org
+     paths:
+       - /ip
+   backends:
+   - serviceName: %s
+     servicePort: %d
+     weight: 10
+   plugins:
+   - name: cors
+     enable: true
+     config:
+       allow_origins_by_regex:
+       - foo\\.(bar|baz)\\.org
+       allow_methods: "GET,POST"
+       max_age: 3600
+       expose_headers: x-foo,x-baz
+       allow_headers: x-from-ingress
+`, backendSvc, backendPorts[0])
+
+		assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+		err := s.EnsureNumApisixUpstreamsCreated(1)
+		assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+		err = s.EnsureNumApisixRoutesCreated(1)
+		assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+
+		resp := s.NewAPISIXClient().GET("/ip").
+			WithHeader("Host", "httpbin.org").
+			WithHeader("Origin", "http://foo.bar.org").
+			Expect()
+		resp.Status(http.StatusOK)
+		resp.Header("Access-Control-Allow-Origin").Equal("http://foo.bar.org")
+		resp.Header("Access-Control-Allow-Methods").Equal("GET,POST")
+		resp.Header("Access-Control-Allow-Headers").Equal("x-from-ingress")
+		resp.Header("Access-Control-Expose-Headers").Equal("x-foo,x-baz")
+		resp.Header("Access-Control-Max-Age").Equal("3600")
+		resp.Header("Access-Control-Allow-Credentials").Equal("true")
+		resp.Body().Contains("origin")
+
+		resp = s.NewAPISIXClient().GET("/ip").
+			WithHeader("Host", "httpbin.org").
+			WithHeader("Origin", "http://foo.baz.org").
+			Expect()
+		resp.Status(http.StatusOK)
+		resp.Header("Access-Control-Allow-Origin").Equal("http://foo.baz.org")
+		resp.Header("Access-Control-Allow-Methods").Equal("GET,POST")
+		resp.Header("Access-Control-Allow-Headers").Equal("x-from-ingress")
+		resp.Header("Access-Control-Expose-Headers").Equal("x-foo,x-baz")
+		resp.Header("Access-Control-Max-Age").Equal("3600")
+		resp.Header("Access-Control-Allow-Credentials").Equal("true")
+		resp.Body().Contains("origin")
+
+		resp = s.NewAPISIXClient().GET("/ip").
+			WithHeader("Host", "httpbin.org").
+			WithHeader("Origin", "http://foo.bar2.org").
+			Expect()
+		resp.Header("Access-Control-Allow-Methods").Empty()
+		resp.Header("Access-Control-Allow-Headers").Empty()
+		resp.Header("Access-Control-Expose-Headers").Empty()
+		resp.Header("Access-Control-Max-Age").Empty()
+		// httpbin set it by itself.
+		//resp.Header("Access-Control-Allow-Credentials").Empty()
+		resp.Body().Contains("origin")
+	})
+	ginkgo.It("disable plugin", func() {
+		backendSvc, backendPorts := s.DefaultHTTPBackend()
+		ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2alpha1
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+   match:
+     hosts:
+     - httpbin.org
+     paths:
+       - /ip
+   backends:
+   - serviceName: %s
+     servicePort: %d
+     weight: 10
+   plugins:
+   - name: cors
+     enable: false
+`, backendSvc, backendPorts[0])
+
+		assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))
+		err := s.EnsureNumApisixUpstreamsCreated(1)
+		assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
+		err = s.EnsureNumApisixRoutesCreated(1)
+		assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
+
+		resp := s.NewAPISIXClient().GET("/ip").WithHeader("Host", "httpbin.org").Expect()
+		resp.Status(http.StatusOK)
+		// httpbin sets this header by itself.
+		//resp.Header("Access-Control-Allow-Origin").Empty()
+		resp.Header("Access-Control-Allow-Methods").Empty()
+		resp.Header("Access-Control-Allow-Headers").Empty()
+		resp.Header("Access-Control-Expose-Headers").Empty()
+		resp.Header("Access-Control-Max-Age").Empty()
+		resp.Body().Contains("origin")
+	})
+})