Skip to content

Commit fb2c0a9

Browse files
ddragosdddragosd
committed
WIP on #2 
1 parent a505571 commit fb2c0a9

File tree

7 files changed

+186
-253
lines changed

7 files changed

+186
-253
lines changed

Makefile

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,13 +29,28 @@ install: all
2929
$(INSTALL) src/lua/api-gateway/aws/lambda/*.lua $(DESTDIR)/$(LUA_LIB_DIR)/api-gateway/aws/lambda/
3030
# $(INSTALL) src/lua/api-gateway/aws/s3/*.lua $(DESTDIR)/$(LUA_LIB_DIR)/api-gateway/aws/s3/
3131

32+
test-docker:
33+
echo "running tests with docker ..."
34+
mkdir -p $(BUILD_DIR)
35+
mkdir -p $(BUILD_DIR)/test-logs
36+
# cp -r test/resources/api-gateway $(BUILD_DIR)
37+
# sed -i '' 's/127\.0\.0\.1/redis\.docker/g' $(BUILD_DIR)/api-gateway/redis-upstream.conf
38+
rm -f $(BUILD_DIR)/test-logs/*
39+
mkdir -p ~/tmp/apiplatform/api-gateway-aws
40+
cp -r ./src ~/tmp/apiplatform/api-gateway-aws/
41+
cp -r ./test ~/tmp/apiplatform/api-gateway-aws/
42+
cp -r ./target ~/tmp/apiplatform/api-gateway-aws/
43+
TEST_NGINX_AWS_CLIENT_ID="${TEST_NGINX_AWS_CLIENT_ID}" TEST_NGINX_AWS_SECRET="${TEST_NGINX_AWS_SECRET}" TEST_NGINX_AWS_SECURITY_TOKEN="${TEST_NGINX_AWS_SECURITY_TOKEN}" docker-compose -f ./test/docker-compose.yml up
44+
cp -r ~/tmp/apiplatform/api-gateway-aws/target/ ./target
45+
rm -rf ~/tmp/apiplatform/api-gateway-aws
46+
3247
test:
3348
echo "updating git submodules ..."
3449
if [ ! -d "test/resources/test-nginx/lib" ]; then git submodule update --init --recursive; fi
3550
echo "running tests ..."
3651
# cp -r test/resources/api-gateway $(BUILD_DIR)
3752
mkdir -p $(BUILD_DIR)
38-
TEST_NGINX_AWS_CLIENT_ID="${TEST_NGINX_AWS_CLIENT_ID}" TEST_NGINX_AWS_SECRET="${TEST_NGINX_AWS_SECRET}" TEST_NGINX_AWS_SECURITY_TOKEN="${TEST_NGINX_AWS_SECURITY_TOKEN}" PATH=/usr/local/sbin:$$PATH TEST_NGINX_SERVROOT=`pwd`/$(BUILD_DIR)/servroot TEST_NGINX_PORT=1989 prove -I ./test/resources/test-nginx/lib -r ./test/perl
53+
TEST_NGINX_AWS_CLIENT_ID="${TEST_NGINX_AWS_CLIENT_ID}" TEST_NGINX_AWS_SECRET="${TEST_NGINX_AWS_SECRET}" TEST_NGINX_AWS_SECURITY_TOKEN="${TEST_NGINX_AWS_SECURITY_TOKEN}" PATH=/usr/local/sbin:$$PATH TEST_NGINX_SERVROOT=`pwd`/$(BUILD_DIR)/servroot TEST_NGINX_PORT=1989 prove -I ./test/resources/test-nginx/lib -r ./test/perl/
3954

4055
package:
4156
git tag -a v1.6 -m 'release-1.6'

test/docker-compose.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
gateway:
2+
image: adobeapiplatform/apigateway
3+
volumes:
4+
- ~/tmp/apiplatform/api-gateway-aws/src/lua/api-gateway/aws:/usr/local/api-gateway/lualib/api-gateway/aws
5+
- ~/tmp/apiplatform/api-gateway-aws/test/perl:/tmp/perl
6+
- ~/tmp/apiplatform/api-gateway-aws/test/integration:/tmp/integration
7+
- ~/tmp/apiplatform/api-gateway-aws/target/:/t
8+
environment:
9+
- LOG_LEVEL=debug
10+
- TEST_NGINX_AWS_CLIENT_ID
11+
- TEST_NGINX_AWS_SECRET
12+
- TEST_NGINX_AWS_SECURITY_TOKEN
13+
- TEST_NGINX_PORT=1989
14+
entrypoint: ["prove", "-I", "/usr/local/test-nginx-0.24/lib", "-I", "/usr/local/test-nginx-0.24/inc", "-r", "/tmp/perl"]

test/perl/kinesis.t renamed to test/integration/kinesis.t

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# Running this unit test:
2-
# TEST_NGINX_AWS_SECRET=${AWS_SECRET_ACCESS_KEY} TEST_NGINX_AWS_CLIENT_ID=${AWS_ACCESS_KEY_ID} TEST_NGINX_AWS_TOKEN=${AWS_SECURITY_TOKEN} PATH=/usr/local/sbin:$PATH TEST_NGINX_SERVROOT=`pwd`/target/servroot TEST_NGINX_PORT=1989 prove -I ./test/resources/test-nginx/lib -r ./test/perl/kinesis.t
2+
# TEST_NGINX_AWS_SECRET=${AWS_SECRET_ACCESS_KEY} TEST_NGINX_AWS_CLIENT_ID=${AWS_ACCESS_KEY_ID} TEST_NGINX_AWS_SECURITY_TOKEN=${AWS_SECURITY_TOKEN} PATH=/usr/local/sbin:$PATH TEST_NGINX_SERVROOT=`pwd`/target/servroot TEST_NGINX_PORT=1989 prove -I ./test/resources/test-nginx/lib -r ./test/perl/kinesis.t
33

44
# vim:set ft= ts=4 sw=4 et fdm=marker:
55
use lib 'lib';
@@ -77,14 +77,14 @@ __DATA__
7777
"Type" : "AWS-HMAC",
7878
"AccessKeyId" : "$TEST_NGINX_AWS_CLIENT_ID",
7979
"SecretAccessKey" : "$TEST_NGINX_AWS_SECRET",
80-
"Token" : "$TEST_NGINX_AWS_TOKEN",
80+
"Token" : "$TEST_NGINX_AWS_SECURITY_TOKEN",
8181
"Expiration" : "$expiration"
8282
}';
8383
}
8484
8585
location /test {
86-
set $aws_access_key $TEST_NGINX_AWS_CLIENT_ID;
87-
set $aws_secret_key $TEST_NGINX_AWS_SECRET;
86+
set $aws_access_key '$TEST_NGINX_AWS_CLIENT_ID';
87+
set $aws_secret_key '$TEST_NGINX_AWS_SECRET';
8888
set $aws_region us-east-1;
8989
set $aws_service kms;
9090

test/perl/kms.t renamed to test/integration/kms.t

Lines changed: 105 additions & 100 deletions
Original file line numberDiff line numberDiff line change
@@ -53,23 +53,115 @@ run_tests();
5353
5454
__DATA__
5555
56+
#
57+
#=== TEST 1: test GenerateDataKey with given Credentials
58+
#--- http_config eval: $::HttpConfig
59+
#--- config
60+
# error_log ../kms_test1_error.log debug;
61+
#
62+
# location /test-signature {
63+
# set $aws_access_key $TEST_NGINX_AWS_CLIENT_ID;
64+
# set $aws_secret_key $TEST_NGINX_AWS_SECRET;
65+
# set $aws_region us-east-1;
66+
# set $aws_service kms;
67+
#
68+
# content_by_lua '
69+
# local KmsService = require "api-gateway.aws.kms.KmsService"
70+
#
71+
# local service = KmsService:new({
72+
# aws_region = ngx.var.aws_region,
73+
# aws_secret_key = ngx.var.aws_secret_key,
74+
# aws_access_key = ngx.var.aws_access_key,
75+
# aws_debug = true, -- print warn level messages on the nginx logs
76+
# aws_conn_keepalive = 60000, -- how long to keep the sockets used for AWS alive
77+
# aws_conn_pool = 100 -- the connection pool size for sockets used to connect to AWS
78+
# })
79+
#
80+
# -- search for aliases
81+
# local list = service:listAliases()
82+
# assert(list ~= nil, "ListAliases should return at least 1 key")
83+
#
84+
# -- pick the first alias
85+
# local KeyId = list.Aliases[1].AliasName
86+
# ngx.say("KEY-ALIAS:" .. tostring(KeyId))
87+
#
88+
# -- generate a data key
89+
# local cipher = service:generateDataKey(KeyId, "AES_256")
90+
# local blob = cipher.CiphertextBlob
91+
# local blob_text = cipher.Plaintext
92+
# ngx.say("BLOB:" .. blob)
93+
#
94+
# local decoded = service:decrypt(blob)
95+
# if decoded.Plaintext ~= blob_text then
96+
# error( "KMS Error: [" .. blob_text .. "] does not match [" .. decoded.Plaintext .. "]" )
97+
# end
98+
#
99+
# -- encrypt a text
100+
# local encryptResult = service:encrypt(KeyId, blob_text)
101+
# local decryptResult = service:decrypt(encryptResult.CiphertextBlob)
102+
#
103+
# if decryptResult.Plaintext ~= blob_text then
104+
# error( "KMS Encrypt/Decrypt Error: [" .. blob_text .. "] does not match [" .. decryptResult.Plaintext .. "]" )
105+
# end
106+
# ';
107+
# }
108+
#
109+
#--- request
110+
#GET /test-signature?Action=GenerateDataKey
111+
#--- response_body_like eval
112+
#[".*KEY-ALIAS\\:.*BLOB\\:.*"]
113+
#--- error_code: 200
114+
#--- no_error_log
115+
#[error]
116+
#--- more_headers
117+
#X-Test: test
56118
57-
=== TEST 1: test GenerateDataKey with given Credentials
119+
# the next test is commented b/c you need IAM Credentials
120+
# to run it, connect to an EC2 node, and run curl http://169.254.169.254//latest/meta-data/iam/security-credentials/<iam-user>
121+
# then use AccessKeyId, SecretAccessKey and Token into the TEST command, like the following cmd :
122+
#
123+
#$ TEST_NGINX_AWS_CLIENT_ID="<AccessKeyId>"
124+
# TEST_NGINX_AWS_SECRET="<SecretAccessKey>" \
125+
# TEST_NGINX_AWS_TOKEN="<Token>" \
126+
# PATH=/usr/local/sbin:$PATH \
127+
# TEST_NGINX_SERVROOT=`pwd`/target/servroot \
128+
# TEST_NGINX_PORT=1989 \
129+
# prove -I ./test/resources/test-nginx/lib -r ./test/perl/kms.t
130+
#
131+
#
132+
=== TEST 2: test with IAM User. DO NOT PROVIDE ANY CREDENTIALS AND LET KMS FIGURE IT OUT AUTOMATICALLY USING IAM ROLES
58133
--- http_config eval: $::HttpConfig
59134
--- config
60-
location /test-signature {
61-
set $aws_access_key $TEST_NGINX_AWS_CLIENT_ID;
62-
set $aws_secret_key $TEST_NGINX_AWS_SECRET;
135+
error_log ../kms_test2_error.log debug;
136+
137+
location = /latest/meta-data/iam/security-credentials/ {
138+
return 200 'test-iam-user';
139+
}
140+
141+
location = /latest/meta-data/iam/security-credentials/test-iam-user {
142+
return 200 '{
143+
"Code" : "Success",
144+
"LastUpdated" : "2014-11-03T01:56:20Z",
145+
"Type" : "AWS-HMAC",
146+
"AccessKeyId" : "$TEST_NGINX_AWS_CLIENT_ID",
147+
"SecretAccessKey" : "$TEST_NGINX_AWS_SECRET",
148+
"Token" : "$TEST_NGINX_AWS_SECURITY_TOKEN",
149+
"Expiration" : "2014-11-03T08:07:52Z"
150+
}';
151+
}
152+
location /test-with-iam {
153+
#set $aws_access_key $TEST_NGINX_AWS_CLIENT_ID;
154+
#set $aws_secret_key $TEST_NGINX_AWS_SECRET;
63155
set $aws_region us-east-1;
64156
set $aws_service kms;
65157

66158
content_by_lua '
67159
local KmsService = require "api-gateway.aws.kms.KmsService"
68160
69161
local service = KmsService:new({
162+
security_credentials_host = "127.0.0.1",
163+
security_credentials_port = $TEST_NGINX_PORT,
70164
aws_region = ngx.var.aws_region,
71-
aws_secret_key = ngx.var.aws_secret_key,
72-
aws_access_key = ngx.var.aws_access_key,
73165
aws_debug = true, -- print warn level messages on the nginx logs
74166
aws_conn_keepalive = 60000, -- how long to keep the sockets used for AWS alive
75167
aws_conn_pool = 100 -- the connection pool size for sockets used to connect to AWS
@@ -83,6 +175,9 @@ __DATA__
83175
local KeyId = list.Aliases[1].AliasName
84176
ngx.say("KEY-ALIAS:" .. tostring(KeyId))
85177
178+
local KeyId = "alias/GW-CACHE-MK"
179+
ngx.say("KEY ALIAS:" .. tostring(KeyId))
180+
86181
-- generate a data key
87182
local cipher = service:generateDataKey(KeyId, "AES_256")
88183
local blob = cipher.CiphertextBlob
@@ -103,105 +198,15 @@ __DATA__
103198
end
104199
';
105200
}
106-
201+
--- more_headers
202+
X-Test: test
107203
--- request
108-
GET /test-signature?Action=GenerateDataKey
204+
GET /test-with-iam
109205
--- response_body_like eval
110-
[".*KEY-ALIAS\\:.*BLOB\\:.*"]
206+
[".*KEY\\sALIAS\\:.*BLOB\\:.*"]
111207
--- error_code: 200
112208
--- no_error_log
113209
[error]
114-
--- more_headers
115-
X-Test: test
116-
117-
# the next test is commented b/c you need IAM Credentials
118-
# to run it, connect to an EC2 node, and run curl http://169.254.169.254//latest/meta-data/iam/security-credentials/<iam-user>
119-
# then use AccessKeyId, SecretAccessKey and Token into the TEST command, like the following cmd :
120-
#
121-
#$ TEST_NGINX_AWS_CLIENT_ID="<AccessKeyId>"
122-
# TEST_NGINX_AWS_SECRET="<SecretAccessKey>" \
123-
# TEST_NGINX_AWS_TOKEN="<Token>" \
124-
# PATH=/usr/local/sbin:$PATH \
125-
# TEST_NGINX_SERVROOT=`pwd`/target/servroot \
126-
# TEST_NGINX_PORT=1989 \
127-
# prove -I ./test/resources/test-nginx/lib -r ./test/perl/kms.t
128-
#
129-
#
130-
#=== TEST 2: test with IAM User. DO NOT PROVIDE ANY CREDENTIALS AND LET KMS FIGURE IT OUT AUTOMATICALLY USING IAM ROLES
131-
#--- http_config eval: $::HttpConfig
132-
#--- config
133-
# location = /latest/meta-data/iam/security-credentials/ {
134-
# return 200 'test-iam-user';
135-
# }
136-
#
137-
# location = /latest/meta-data/iam/security-credentials/test-iam-user {
138-
# return 200 '{
139-
# "Code" : "Success",
140-
# "LastUpdated" : "2014-11-03T01:56:20Z",
141-
# "Type" : "AWS-HMAC",
142-
# "AccessKeyId" : "$TEST_NGINX_AWS_CLIENT_ID",
143-
# "SecretAccessKey" : "$TEST_NGINX_AWS_SECRET",
144-
# "Token" : "$TEST_NGINX_AWS_TOKEN",
145-
# "Expiration" : "2014-11-03T08:07:52Z"
146-
# }';
147-
# }
148-
# location /test-with-iam {
149-
# #set $aws_access_key $TEST_NGINX_AWS_CLIENT_ID;
150-
# #set $aws_secret_key $TEST_NGINX_AWS_SECRET;
151-
# set $aws_region us-east-1;
152-
# set $aws_service kms;
153-
#
154-
# content_by_lua '
155-
# local KmsService = require "api-gateway.aws.kms.KmsService"
156-
#
157-
# local service = KmsService:new({
158-
# security_credentials_host = "127.0.0.1",
159-
# security_credentials_port = $TEST_NGINX_PORT,
160-
# aws_region = ngx.var.aws_region,
161-
# aws_debug = true, -- print warn level messages on the nginx logs
162-
# aws_conn_keepalive = 60000, -- how long to keep the sockets used for AWS alive
163-
# aws_conn_pool = 100 -- the connection pool size for sockets used to connect to AWS
164-
# })
165-
#
166-
# -- search for aliases
167-
# -- local list = service:listAliases()
168-
# -- assert(list ~= nil, "ListAliases should return at least 1 key")
169-
#
170-
# -- pick the first alias
171-
# -- local KeyId = list.Aliases[1].AliasName
172-
#
173-
# local KeyId = "alias/GW-CACHE-MK"
174-
# ngx.say("KEY ALIAS:" .. tostring(KeyId))
175-
#
176-
# -- generate a data key
177-
# local cipher = service:generateDataKey(KeyId, "AES_256")
178-
# local blob = cipher.CiphertextBlob
179-
# local blob_text = cipher.Plaintext
180-
# ngx.say("BLOB:" .. blob)
181-
#
182-
# local decoded = service:decrypt(blob)
183-
# if decoded.Plaintext ~= blob_text then
184-
# error( "KMS Error: [" .. blob_text .. "] does not match [" .. decoded.Plaintext .. "]" )
185-
# end
186-
#
187-
# -- encrypt a text
188-
# local encryptResult = service:encrypt(KeyId, blob_text)
189-
# local decryptResult = service:decrypt(encryptResult.CiphertextBlob)
190-
#
191-
# if decryptResult.Plaintext ~= blob_text then
192-
# error( "KMS Encrypt/Decrypt Error: [" .. blob_text .. "] does not match [" .. decryptResult.Plaintext .. "]" )
193-
# end
194-
# ';
195-
# }
196-
#--- more_headers
197-
#X-Test: test
198-
#--- request
199-
#GET /test-with-iam
200-
#--- response_body_like eval
201-
#[".*KEY\\sALIAS\\:.*BLOB\\:.*"]
202-
#--- error_code: 200
203-
#--- no_error_log
204-
#[error]
205210

206211

207212

test/perl/lambda.t renamed to test/integration/lambda.t

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# Running this unit test:
2-
# TEST_NGINX_AWS_SECRET=${AWS_SECRET_ACCESS_KEY} TEST_NGINX_AWS_CLIENT_ID=${AWS_ACCESS_KEY_ID} TEST_NGINX_AWS_TOKEN=${AWS_SECURITY_TOKEN} PATH=/usr/local/sbin:$PATH TEST_NGINX_SERVROOT=`pwd`/target/servroot TEST_NGINX_PORT=1989 prove -I ./test/resources/test-nginx/lib -r ./test/perl/lambda.t
2+
# TEST_NGINX_AWS_SECRET=${AWS_SECRET_ACCESS_KEY} TEST_NGINX_AWS_CLIENT_ID=${AWS_ACCESS_KEY_ID} TEST_NGINX_AWS_SECURITY_TOKEN=${AWS_SECURITY_TOKEN} PATH=/usr/local/sbin:$PATH TEST_NGINX_SERVROOT=`pwd`/target/servroot TEST_NGINX_PORT=1989 prove -I ./test/resources/test-nginx/lib -r ./test/perl/lambda.t
33

44
# vim:set ft= ts=4 sw=4 et fdm=marker:
55
use lib 'lib';
@@ -77,7 +77,7 @@ __DATA__
7777
"Type" : "AWS-HMAC",
7878
"AccessKeyId" : "$TEST_NGINX_AWS_CLIENT_ID",
7979
"SecretAccessKey" : "$TEST_NGINX_AWS_SECRET",
80-
"Token" : "$TEST_NGINX_AWS_TOKEN",
80+
"Token" : "$TEST_NGINX_AWS_SECURITY_TOKEN",
8181
"Expiration" : "$expiration"
8282
}';
8383
}
@@ -89,7 +89,7 @@ __DATA__
8989
set $aws_service kms;
9090
9191
content_by_lua '
92-
ngx.say("NOTE: THIS TEST EXPECTS THE HELLO-WORLD FUNCTION TO EXIST, ACCEPTING {key1:k1,key2:k2} AS PAYLOAD")
92+
ngx.say("NOTE: THIS TEST EXPECTS THE hello-world-test FUNCTION TO EXIST, ACCEPTING {key1:k1,key2:k2} AS PAYLOAD")
9393
local LambdaService = require "api-gateway.aws.lambda.LambdaService"
9494
local cjson = require "cjson"
9595
@@ -137,7 +137,7 @@ __DATA__
137137
--- request
138138
GET /test
139139
--- response_body_like eval
140-
[".*INVOKING FUNCTION\\:hello.*EXECUTION RESULT\\:.*"]
140+
[".*INVOKING FUNCTION\\:.*hello.*EXECUTION RESULT\\:.*"]
141141
--- error_code: 200
142142
--- no_error_log
143143
[error]

0 commit comments

Comments
 (0)