Add tests

Author: m7moud

.busted

@@ -0,0 +1,7 @@
+return {
+  default = {
+    verbose = true,
+    coverage = false,
+    output = "gtest",
+  },
+}

.circleci/config.yml

@@ -0,0 +1,28 @@
+version: 2.1
+
+jobs:
+  test:
+    machine:
+        image: ubuntu-2004:202010-01
+        docker_layer_caching: true
+    steps:
+      - checkout
+      - run:
+          name: Install pongo
+          command: |
+            git clone --single-branch https://github.com/Kong/kong-pongo ../kong-pongo
+            ../kong-pongo/pongo.sh up
+            ../kong-pongo/pongo.sh build
+      - run:
+          name: Lint
+          command: |
+            ../kong-pongo/pongo.sh lint
+      - run:
+          name: Test
+          command: |
+            ../kong-pongo/pongo.sh run
+
+workflows:
+  test:
+    jobs:
+      - test

.editorconfig

@@ -0,0 +1,22 @@
+root                     = true
+
+[*]
+end_of_line              = lf
+insert_final_newline     = true
+trim_trailing_whitespace = true
+charset                  = utf-8
+
+[*.lua]
+indent_style             = space
+indent_size              = 2
+
+[kong/templates/nginx*]
+indent_style             = space
+indent_size              = 4
+
+[*.template]
+indent_style             = space
+indent_size              = 4
+
+[Makefile]
+indent_style             = tab

.gitignore

@@ -0,0 +1,4 @@
+# servroot typically is the Kong working directory for tests
+servroot
+# exclude generated packed rocks
+*.rock

.luacheckrc

@@ -0,0 +1,35 @@
+std             = "ngx_lua"
+unused_args     = false
+redefined       = false
+max_line_length = false
+
+
+include_files = {
+  "**/*.lua",
+  "*.rockspec",
+  ".busted",
+  ".luacheckrc",
+}
+
+
+globals = {
+    "_KONG",
+    "kong",
+    "ngx.IS_CLI",
+}
+
+
+not_globals = {
+    "string.len",
+    "table.getn",
+}
+
+
+ignore = {
+    "6.", -- ignore whitespace warnings
+}
+
+
+files["spec/**/*.lua"] = {
+    std = "ngx_lua+busted",
+}

.pongo/pongorc

@@ -0,0 +1,2 @@
+--postgres
+--cassandra

kong/plugins/access-token-introspection/access.lua

@@ -14,7 +14,7 @@ end
 function _M.introspect_access_token_req(access_token)
     local httpc = http:new()
 
-    local res, err = httpc:request_uri(_M.conf.introspection_endpoint, {
+    local res, _ = httpc:request_uri(_M.conf.introspection_endpoint, {
         method = "POST",
         ssl_verify = false,
         body = "token=" .. access_token .. "&client_id=" .. _M.conf.client_id .. "&client_secret=" .. _M.conf.client_secret,

kong/plugins/access-token-introspection/schema.lua

@@ -3,13 +3,13 @@ local typedefs = require "kong.db.schema.typedefs"
 
 local function validate_url(value)
     local parsed_url = url.parse(value)
-    if parsed_url.scheme and parsed_url.host then
-        parsed_url.scheme = parsed_url.scheme:lower()
-        if not (parsed_url.scheme == "http" or parsed_url.scheme == "https") then
-            return false, "Supported protocols are HTTP and HTTPS"
-        end
+    if parsed_url.scheme == nil or parsed_url.host == nil then
+        return nil, "Invalid URL"
     end
 
+    if not (parsed_url.scheme:lower() == "http" or parsed_url.scheme:lower() ==
+        "https") then return nil, "Supported protocols are HTTP and HTTPS" end
+
     return true
 end
 

spec/access-token-introspection/01-schema_spec.lua

@@ -0,0 +1,75 @@
+local PLUGIN_NAME = "access-token-introspection"
+
+-- helper function to validate data against a schema
+local validate
+do
+    local validate_entity =
+        require("spec.helpers").validate_plugin_config_schema
+    local plugin_schema = require("kong.plugins." .. PLUGIN_NAME .. ".schema")
+
+    function validate(data) return validate_entity(data, plugin_schema) end
+end
+
+describe(PLUGIN_NAME .. ": (schema)", function()
+
+    it("requires distinct client_id, client_secret, and introspection_endpoint",
+       function()
+        local ok, err = validate({
+            client_id = "CLIENT_ID",
+            client_secret = "CLIENT_SECRET",
+            introspection_endpoint = "http://localhost:8080"
+        })
+        assert.is_nil(err)
+        assert.is_truthy(ok)
+    end)
+
+    it("validates introspection_endpoint is a valid URL", function()
+        local ok, err = validate({
+            client_id = "CLIENT_ID",
+            client_secret = "CLIENT_SECRET",
+            introspection_endpoint = "xyz"
+        })
+        assert.falsy(ok)
+        assert.same("Invalid URL", err.config.introspection_endpoint)
+    end)
+
+    it("validates token_cache_time is an integer", function()
+        local ok, err = validate({
+            client_id = "CLIENT_ID",
+            client_secret = "CLIENT_SECRET",
+            introspection_endpoint = "http://localhost:8080",
+            token_cache_time = "60"
+        })
+        assert.falsy(ok)
+        assert.same("expected a number", err.config.token_cache_time)
+    end)
+
+    it("validates introspection_map supports body, headers, and static",
+       function()
+        local ok, err = validate({
+            client_id = "CLIENT_ID",
+            client_secret = "CLIENT_SECRET",
+            introspection_endpoint = "http://localhost:8080",
+            introspection_map = {
+                body = {Header1 = "index-1"},
+                headers = {Header2 = "X-User"},
+                static = {Header3 = "zyx"}
+            }
+        })
+        assert.is_nil(err)
+        assert.is_truthy(ok)
+    end)
+
+    it("validates introspection_map only supports body, headers, and static",
+       function()
+        local ok, err = validate({
+            client_id = "CLIENT_ID",
+            client_secret = "CLIENT_SECRET",
+            introspection_endpoint = "http://localhost:8080",
+            introspection_map = {xyz = "zyx"}
+        })
+        assert.falsy(ok)
+        assert.same("unknown field", err.config.introspection_map.xyz)
+    end)
+
+end)

spec/access-token-introspection/02-access_spec.lua

@@ -0,0 +1,74 @@
+local PLUGIN_NAME = "access-token-introspection"
+local helpers = require "spec.helpers"
+
+for _, strategy in helpers.each_strategy() do
+    describe(PLUGIN_NAME .. ": (access) [#" .. strategy .. "]", function()
+        local client
+
+        lazy_setup(function()
+
+            local bp = helpers.get_db_utils(strategy, nil, {PLUGIN_NAME})
+
+            -- Inject a test route. No need to create a service, there is a default
+            -- service which will echo the request.
+            local route1 = bp.routes:insert({hosts = {"test1.com"}})
+            local route2 = bp.routes:insert({hosts = {"test2.com"}})
+            -- add the plugin to test to the route we created
+            bp.plugins:insert{
+                name = PLUGIN_NAME,
+                route = {id = route1.id},
+                config = {
+                    client_id = "CLIENT_ID",
+                    client_secret = "CLIENT_SECRET",
+                    introspection_endpoint = "http://auth.com",
+                }
+            }
+
+            bp.plugins:insert{
+                name = PLUGIN_NAME,
+                route = {id = route2.id},
+                config = {
+                    client_id = "CLIENT_ID",
+                    client_secret = "CLIENT_SECRET",
+                    introspection_endpoint = "http://auth.com",
+                    require_success = false
+                }
+            }
+
+            -- start kong
+            assert(helpers.start_kong({
+                -- set the strategy
+                database = strategy,
+                -- use the custom test template to create a local mock server
+                nginx_conf = "spec/fixtures/custom_nginx.template",
+                -- make sure our plugin gets loaded
+                plugins = "bundled," .. PLUGIN_NAME
+            }))
+        end)
+
+        lazy_teardown(function() helpers.stop_kong(nil, true) end)
+
+        before_each(function() client = helpers.proxy_client() end)
+
+        after_each(function() if client then client:close() end end)
+
+        describe("with default config", function()
+            it("responds with unauthorized", function()
+                local r = client:get("/request",
+                                     {headers = {host = "test1.com"}})
+                -- validate that the request fails, response status 401
+                assert.response(r).has.status(401)
+            end)
+        end)
+
+        describe("with require_success = false", function()
+            it("responds with ok", function()
+                local r = client:get("/request",
+                                     {headers = {host = "test2.com"}})
+                -- validate that the request succeeded, response status 200
+                assert.response(r).has.status(200)
+            end)
+        end)
+
+    end)
+end