Skip to content
This repository has been archived by the owner on Jul 28, 2021. It is now read-only.

Commit

Permalink
Update integration test (#19)
Browse files Browse the repository at this point in the history
* update integration test
  • Loading branch information
ishangulhane authored Jul 11, 2019
1 parent de0cf84 commit a6cc6a7
Show file tree
Hide file tree
Showing 19 changed files with 131 additions and 80 deletions.
3 changes: 2 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,5 @@ main
node_modules
.DS_Store
coverage.out
profile.out
profile.out
samples/testcrds/
2 changes: 1 addition & 1 deletion .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ script:
# Run coverage on unit tests
- go test -coverprofile=coverage.out ./adapter/... || travis_terminate 1;
# Run all integration tests
- go test -v -race ./tests/integration/...
- go test -v -race ./tests/integration/... || travis_terminate 1;

after_success:
- $HOME/gopath/bin/goveralls -service=travis-ci -coverprofile=coverage.out
Expand Down
9 changes: 3 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,20 +35,18 @@ To view the user session information including the session tokens, you can look
```
Authorization: Bearer <access_token> <id_token>
```
{: screen}

You can also logout authenticated users. When an authenticated user accesses any protected endpoint with `oidc/logout` appended as shown in the following example, they are logged out.

```
https://myhost/path/oidc/logout
```
{: screen}

If needed, a refresh token can be used to automatically acquire new access and identity tokens without your user's needing to re-authenticate. If the configured identity provider returns a refresh token, it is persisted in the session and used to retreive new tokens when the identity token expires.


### Protecting backend apps
{: #istio-backend}


The adapter can be used in collaboration with the OAuth 2.0 [JWT Bearer flow](https://tools.ietf.org/html/rfc6750) to protect service APIs by validating JWT Bearer tokens. The Bearer authorization flow expects a request to contain an Authorization header with a valid access token and an optional identity token. The expected header structure is `Authorization=Bearer {access_token} [{id_token}]`. Unauthenticated clients are returned an HTTP 401 response status with a list of the scopes that are needed to obtain authorization. If the tokens are invalid or expired, the API strategy returns an HTTP 401 response with an optional error component that says `Www-Authenticate=Bearer scope="{scope}" error="{error}"`.

Expand Down Expand Up @@ -246,18 +244,17 @@ For more information about getting support, see [how do I get the support that I


### Troubleshooting: Logging
{: #istio-logging}

By default, logs are styled as JSON and provided at an `info` visbility level to provide for ease of integration with external logging systems. To update the logging configuration, you can use the Helm chart. Supported logging levels include range `-1 - 7` as shown in Zapcore. For more information about the levels, see the [Zapcore documentation](https://godoc.org/go.uber.org/zap/zapcore#Level).

>>When you're manually viewing JSON logs, you might want to tail the logs and "pretty print" them by using [jq](https://brewinstall.org/install-jq-on-mac-with-brew/).
**Adapter**
To see the adapter logs, you can use `kubectl` or access the pod from the `ibmcloudappid` pod from the Kubernetes console.
To see the adapter logs, you can use `kubectl` or access the pod from the `appidentityandaccessadapter` pod from the Kubernetes console.
```bash
$ alias adapter_logs="kubectl -n istio-system logs -f $(kubectl -n istio-system get pods -lapp=ibmcloudappid -o jsonpath='{.items[0].metadata.name}')"
$ alias adapter_logs="kubectl -n istio-system logs -f $(kubectl -n istio-system get pods -lapp=appidentityandaccessadapter -o jsonpath='{.items[0].metadata.name}')"
$ adapter_logs | jq
```
Expand Down
10 changes: 6 additions & 4 deletions adapter/authserver/authserver_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,15 @@ package authserver

import (
"errors"
"github.com/ibm-cloud-security/app-identity-and-access-adapter/adapter/authserver/keyset"
"github.com/ibm-cloud-security/app-identity-and-access-adapter/adapter/networking"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"net/http"
"net/http/httptest"
"testing"

"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

"github.com/ibm-cloud-security/app-identity-and-access-adapter/adapter/authserver/keyset"
"github.com/ibm-cloud-security/app-identity-and-access-adapter/adapter/networking"
)

const (
Expand Down
6 changes: 4 additions & 2 deletions adapter/client/client_test.go
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
package client

import (
"testing"

"github.com/stretchr/testify/assert"

"github.com/ibm-cloud-security/app-identity-and-access-adapter/adapter/pkg/apis/policies/v1"
"github.com/ibm-cloud-security/app-identity-and-access-adapter/tests/fake"
"github.com/stretchr/testify/assert"
"testing"
)

func TestClientNew(t *testing.T) {
Expand Down
11 changes: 4 additions & 7 deletions bin/ibmcloud_login.sh
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,6 @@
#

## Cluster Information
region="us-south"
dataCenter="dal10"
clusterName="appid-istio-dev-dal10"

# Adapter information
adapterName="appidentityandaccessadapter"
Expand All @@ -39,18 +36,18 @@ function checkEnv() {

function configureCluster() {
echo "Logging into IBM Cloud."
ibmcloud login -r ${region} --apikey ${IBM_CLOUD_API_KEY}
ibmcloud login -r ${REGION} --apikey ${IBM_CLOUD_API_KEY}


ibmcloud ks cluster-config --cluster ${clusterName}
ibmcloud ks cluster-config --cluster ${CLUSTER_NAME}

local homeDir="home"
if [[ -z ${TRAVIS+x} ]]; then
homeDir="Users"
fi

echo "Exporting KUBECONFIG=/${homeDir}/${USER}/.bluemix/plugins/container-service/clusters/${clusterName}/kube-config-${dataCenter}-${clusterName}.yml"
export KUBECONFIG=/${homeDir}/${USER}/.bluemix/plugins/container-service/clusters/${clusterName}/kube-config-${dataCenter}-${clusterName}.yml
echo "Exporting KUBECONFIG=/${homeDir}/${USER}/.bluemix/plugins/container-service/clusters/${CLUSTER_NAME}/kube-config-${DATA_CENTER}-${CLUSTER_NAME}.yml"
export KUBECONFIG=/${homeDir}/${USER}/.bluemix/plugins/container-service/clusters/${CLUSTER_NAME}/kube-config-${DATA_CENTER}-${CLUSTER_NAME}.yml
}

# Execute
Expand Down
1 change: 0 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ require (
istio.io/api v0.0.0-20190515205759-982e5c3888c6
istio.io/istio v0.0.0-20190516081059-beb17827e164
k8s.io/api v0.0.0-20190612125737-db0771252981
k8s.io/apiextensions-apiserver v0.0.0-20190221221350-bfb440be4b87
k8s.io/apimachinery v0.0.0-20190612125636-6a5db36e93ad
k8s.io/client-go v10.0.0+incompatible
k8s.io/code-generator v0.0.0-20190612125529-c522cb6c26aa
Expand Down
6 changes: 5 additions & 1 deletion samples/app/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,12 @@
## Configure and Deploy

1. Enure your kubectl environment to use your second cluster 
```bash
$ kubectl label namespace sample-app istio-injection=enabled
```

2. Inject the Istio sidecar into your deployment

```
```bash
$ istioctl kube-inject -f ./sample-app.yaml | kubectl apply -f -
```
1 change: 1 addition & 0 deletions samples/app/app.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ app.get('/', (req, res) => {
routes: [
"/web/home",
"/web/home/:id",
"/web/user",
"/api/headers",
"/api/headers/:id",
]
Expand Down
4 changes: 2 additions & 2 deletions samples/app/cicd.sh
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/usr/bin/env bash
APP_NAME=demo
APP_NAME=app-identity-and-access-adapter-sample-app
APP_VERSION=latest
IMAGE_REGISTRY_NAMESPACE=ishangulhane
IMAGE_REGISTRY_NAMESPACE=ibmcloudsecurity
IMAGE_TAG=${IMAGE_REGISTRY_NAMESPACE}/${APP_NAME}:${APP_VERSION}

IMAGE_TAG=${IMAGE_REGISTRY_NAMESPACE}/${APP_NAME}:${APP_VERSION}
Expand Down
2 changes: 1 addition & 1 deletion samples/app/sample-app.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ spec:
spec:
containers:
- name: sample-app
image: ishangulhane/demo:latest
image: ibmcloudsecurity/app-identity-and-access-adapter-sample-app:latest
imagePullPolicy: Always
ports:
- containerPort: 8000
Expand Down
8 changes: 4 additions & 4 deletions tests/framework/appid.go
Original file line number Diff line number Diff line change
Expand Up @@ -135,10 +135,10 @@ func (m *AppIDManager) ROP(username string, password string) error {
return nil
}

///
/// App ID utility request functions to handle OIDC flow without UI
/// Redirect cannot be used as cookies will not be automatically set
///
//
// App ID utility request functions to handle OIDC flow without UI
// Redirect cannot be used as cookies will not be automatically set
//

func (m *AppIDManager) initialRequestToFrontend(t *testing.T, path string) (adapterState *http.Cookie, appIDState string, widgetURL string) {

Expand Down
3 changes: 2 additions & 1 deletion tests/framework/crd_manager.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@ package framework

import (
"fmt"
"github.com/ibm-cloud-security/app-identity-and-access-adapter/tests/framework/utils"
"math/rand"
"os"
"strings"
"text/template"

"github.com/ibm-cloud-security/app-identity-and-access-adapter/tests/framework/utils"
)

const (
Expand Down
2 changes: 1 addition & 1 deletion tests/framework/framework.go
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ func (s *Suite) run() (errLevel int) {
fmt.Printf("Cleanup failed %v\n", err)
}

return 0
return errLevel
}

func (s *Suite) runModifierFns(ctx *Context, fns []ModifierFn) (err error) {
Expand Down
Loading

0 comments on commit a6cc6a7

Please sign in to comment.