Merge branch 'master' into feat/master/build-module

Author: anestos

Makefile

@@ -20,7 +20,11 @@ clean:
 	rm -rf .build.info nginx-$(NGINX_VERSION) nginx-$(NGINX_VERSION).tar.gz* t/servroot
 
 test: all
-	PATH=$(NGINX_SRC_DIR)/objs:$$PATH prove -v t/		
+	docker-compose up -d
+	@echo "Waiting for the Curity Identity Server to start..."
+	@bash -c 'c=0; while [[ $$c -lt 25 && "$$(curl -fs -w ''%{http_code}'' localhost:8443)" != "404" ]]; do ((c++)); echo -n "."; sleep 1; done'
+	PATH=$(NGINX_SRC_DIR)/objs:$$PATH prove -v -f t/
+	docker-compose down
 
 .build.info $(NGINX_SRC_DIR)/Makefile:
 	$(error You need to run the configure script in the root of this directory before building the source)

README.md

@@ -297,15 +297,20 @@ Pre-built binaries of this module are provided for the following versions of NGI
 
 ## Testing
 
-To test this module, you'll need the [Test::Nginx Perl module](https://github.com/openresty/test-nginx) installed. Then, run `prove` passing in the test or test directory (`t`). This can be done automatically by running `make test`. If Curity isn't running or the `idsh` command can't be found in the system path, then the functional tests that require such a connection will be skipped. Curity should be configured with an OAuth profile that has:
+To test this module, you'll need the [Test::Nginx Perl module](https://github.com/openresty/test-nginx) and [docker-compose](https://docs.docker.com/compose/install/) installed. 
 
-* A run-time node listening on `localhost` port `8443` for HTTP (not HTTPS) traffic;
-* A token endpoint with a URI of `/dev/oauth/token`;
-* An introspection endpoint with a URI of `/introspection`;
-* An OAuth client named `client-one` with a secret of `0ne!Secret` and the client credential capability; and
-* An OAuth client named `test_gateway_client` and a secret of `Password1` with the introspection capability.
+To run the tests do the following:
 
-Internet access to `httpbin.org` is required for the `curity.t` test suite to pass.
+* run `./configure`, make sure you select _No_ for Dynamic module 
+* run `make`
+* Setup an `ADMIN_PASSWORD` and the `LICENSE_KEY` for the Curity Identity server that is used in tests*
+* run `make test`
+
+This, will run `prove` passing in the test or test directory (`t`). 
+
+Internet access to `hub.docker.com` is required for the `curity.t` test suite to pass, if the images required are not present locally.
+
+\* These variables can be set inline, in your environment or in the docker-compose.yaml file.
 
 NGINX must be in the system path; the tests will run the first `nginx` command that's found or bail if none is located. Also, the tests assume that the module is statically linked with NGINX. Before running them, be sure that the module is linked into the NGINX binary. Also, debug logging must be compiled into NGINX for some tests in `config.t` to pass. (This is the case if `nginx -V` includes `--with-debug` in the output.)
 

configure

@@ -3,9 +3,11 @@
 set -e
 
 SRC_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
-NGINX_VERSION=${NGINX_VERSION:-1.15.2}
+
+NGINX_VERSION=${NGINX_VERSION:-1.19.0}
 BUILD_INFO_FILE="$SRC_DIR/.build.info"
 test -f "$BUILD_INFO_FILE" && . "$BUILD_INFO_FILE"
+
 declare -a CONFIG_OPTS=($CONFIG_OPTS --with-compat --with-cc-opt="-Wformat -Werror=format-security")
 
 if [[ -z "$NGINX_SRC_DIR" ]]; then

curity-test-config.xml

@@ -0,0 +1,19 @@
+version: '3.2'
+services:
+  curity-service:
+    image: curity/idsvr
+    ports:
+      - 6749:6749
+      - 8443:8443
+    environment:
+      - ADMIN=true
+      - SERVICE_ROLE=default
+      - LICENSE_KEY=${LICENSE_KEY:?err}
+      - ADMIN_PASSWORD=${ADMIN_PASSWORD:?err}
+    volumes:
+      - ./curity-test-config.xml:/opt/idsvr/etc/init/curity-test-config.xml
+
+  httpbin-service:
+    image: kennethreitz/httpbin
+    ports:
+      - 8080:80

docker-compose.yaml

@@ -1,5 +1,6 @@
 #!/usr/bin/perl
 
+use FindBin;
 use Test::Nginx::Socket 'no_plan';
 run_tests();
 
@@ -84,6 +85,8 @@ GET /t
 --- error_log
 Module disabled
 
+--- skip_eval: 1: open(FH, "<", "$FindBin::Bin/../.build.info"); my $skip=0; while (<FH>) { $skip = 1 if ($_ =~ /DEBUG=n/) } $skip
+
 === TEST 6: HTTP level config is overridden by location directive
 
 --- http_config

t/config.t

@@ -7,47 +7,24 @@ use lib "$FindBin::Bin/lib";
 use Test::Nginx::Socket 'no_plan';
 
 SKIP: {
-    my $exit_code = 0;
+      our $token = &get_token_from_idsvr();
 
-    eval { 
-        my $message = <<'EOF';
-configure
-commit
-
-# Switch test server to HTTP
-set environments environment services service TestServer1 protocol http
-
-EOF
-
-        $exit_code = system("echo '$message' | idsh -s");
-    };
-
-    if ($@ or $exit_code != 0) {
-        skip("could not configure idsvr; server probably isn't running or idsh isn't in path");
-    }
-    else {
-        our $token = &get_token_from_idsvr();
-
-        if ($token) {
-            run_tests();
-        }
-        else {
-            fail("Could not get token from idsvr");
-        }
-
-        # Revert the config changes
-        system("echo 'configure\nrollback 0\ncommit\n' | idsh -s");
-    }
+      if ($token) {
+          run_tests();
+      }
+      else {
+          fail("Could not get token from idsvr");
+      }
 }
 
 sub get_token_from_idsvr {
     use LWP::UserAgent;
 
     my $ua = LWP::UserAgent->new();
 
-    my $response = $ua->post("http://localhost:8443/dev/oauth/token", { 
-        "client_id" => "client-one",
-        "client_secret" => "0ne!Secret",
+    my $response = $ua->post("http://localhost:8443/oauth/v2/oauth-token", {
+        "client_id" => "test-client",
+        "client_secret" => "secret1",
         "grant_type" => "client_credentials"
     });
     my $content = $response->decoded_content();
@@ -76,14 +53,14 @@ __DATA__
 
 --- config
 location tt {
-    proxy_pass "http://localhost:8443/introspection";   
+    proxy_pass "http://localhost:8443/oauth/v2/oauth-introspect";
 }
 
 location /t {
-    proxy_pass         "http://httpbin.org/get";
+    proxy_pass         "http://localhost:8080/anything";
 
     phantom_token on;
-    phantom_token_client_credential "test_gateway_client" "Password1";
+    phantom_token_client_credential "test-nginx" "secret2";
     phantom_token_introspection_endpoint tt;    
 }
 
@@ -104,14 +81,14 @@ main::process_json_from_backend()
 
 --- config
 location tt {
-    proxy_pass "http://localhost:8443/introspection";   
+    proxy_pass "http://localhost:8443/oauth/v2/oauth-introspect";
 }
 
 location /t {
-    proxy_pass         "http://httpbin.org/get";
+    proxy_pass         "http://localhost:8080/anything";
 
     phantom_token on;
-    phantom_token_client_credential "test_gateway_client" "Password1";
+    phantom_token_client_credential "test-nginx" "secret2";
     phantom_token_introspection_endpoint tt;    
 }
 
@@ -127,14 +104,14 @@ GET /t
 
 --- config
 location tt {
-    proxy_pass "http://localhost:8443/introspection";   
+    proxy_pass "http://localhost:8443/oauth/v2/oauth-introspect";
 }
 
 location /t {
-    proxy_pass         "http://httpbin.org/get";
+    proxy_pass         "http://localhost:8080/anything";
 
     phantom_token on;
-    phantom_token_client_credential "test_gateway_client" "Password1";
+    phantom_token_client_credential "test-nginx" "secret2";
     phantom_token_introspection_endpoint tt;    
 }
 
@@ -150,14 +127,14 @@ GET /t
 
 --- config
 location tt {
-    proxy_pass "http://localhost:8443/introspection";   
+    proxy_pass "http://localhost:8443/oauth/v2/oauth-introspect";
 }
 
 location /t {
-    proxy_pass         "http://httpbin.org/get";
+    proxy_pass         "http://localhost:8080/anything";
 
     phantom_token on;
-    phantom_token_client_credential "test_gateway_client" "Password1";
+    phantom_token_client_credential "test-nginx" "secret2";
     phantom_token_introspection_endpoint tt;    
 }
 
@@ -170,14 +147,14 @@ GET /t
 
 --- config
 location tt {
-    proxy_pass "http://localhost:8443/introspection";   
+    proxy_pass "http://localhost:8443/oauth/v2/oauth-introspect";
 }
 
 location /t {
-    proxy_pass         "http://httpbin.org/get";
+    proxy_pass         "http://localhost:8080/anything";
 
     phantom_token on;
-    phantom_token_client_credential "test_gateway_client" "Password1";
+    phantom_token_client_credential "test-nginx" "secret2";
     phantom_token_introspection_endpoint tt;    
 }
 
@@ -193,14 +170,14 @@ GET /t
 
 --- config
 location tt {
-    proxy_pass "http://localhost:8443/introspection";   
+    proxy_pass "http://localhost:8443/oauth/v2/oauth-introspect";
 }
 
 location /t {
-    proxy_pass         "http://httpbin.org/get";
+    proxy_pass         "http://localhost:8080/anything";
 
     phantom_token on;
-    phantom_token_client_credential "test_gateway_client" "Password1";
+    phantom_token_client_credential "test-nginx" "secret2";
     phantom_token_introspection_endpoint tt;    
 }
 
@@ -221,14 +198,14 @@ main::process_json_from_backend()
 
 --- config
 location tt {
-    proxy_pass "http://localhost:8443/introspection";   
+    proxy_pass "http://localhost:8443/oauth/v2/oauth-introspect";
 }
 
 location /t {
-    proxy_pass         "http://httpbin.org/get";
+    proxy_pass         "http://localhost:8080/anything";
 
     phantom_token on;
-    phantom_token_client_credential "test_gateway_client" "Password1";
+    phantom_token_client_credential "test-nginx" "secret2";
     phantom_token_introspection_endpoint tt;    
 }
 
@@ -249,14 +226,14 @@ main::process_json_from_backend()
 
 --- config
 location tt {
-    proxy_pass "http://localhost:8443/introspection";   
+    proxy_pass "http://localhost:8443/oauth/v2/oauth-introspect";
 }
 
 location /t {
-    proxy_pass         "http://httpbin.org/get";
+    proxy_pass         "http://localhost:8080/anything";
 
     phantom_token on;
-    phantom_token_client_credential "test_gateway_client" "Password1";
+    phantom_token_client_credential "test-nginx" "secret2";
     phantom_token_introspection_endpoint tt;    
 }