devbennett7/goma-gateway
1
0
Fork 0
Code Pull Requests Activity

refactor: update test, configuration deployment examples

Browse Source
This commit is contained in:
Jonas Kaninda
2024-11-10 21:05:19 +01:00
parent 410879748d
commit e25bc218b5
4 changed files with 169 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
examples/configMap.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: goma-config name: goma-config
data: data:
goma.yml: | goma.yml: |
# Goma Gateway configurations # Goma Gateway configurations
version: 1.0 version: 1.0
gateway: gateway:
# Proxy write timeout # Proxy write timeout
@@ -19,6 +19,7 @@ data:
sslKeyFile: ''#key.pem sslKeyFile: ''#key.pem
# Proxy rate limit, it's In-Memory IP based # Proxy rate limit, it's In-Memory IP based
rateLimit: 0 rateLimit: 0
logLevel: info # debug, trace
accessLog: "/dev/Stdout" accessLog: "/dev/Stdout"
errorLog: "/dev/stderr" errorLog: "/dev/stderr"
## Enable, disable routes health check ## Enable, disable routes health check
@@ -50,10 +51,10 @@ data:
##### Define routes ##### Define routes
routes: routes:
# Example of a route | 1 # Example of a route | 1
- name: Public # Name is optional - path: /
name: Public # Name is optional
# host Domain/host based request routing # host Domain/host based request routing
host: "" # Host is optional hosts: [] # Hosts are optional
path: /public
## Rewrite a request path ## Rewrite a request path
# e.g rewrite: /store to / # e.g rewrite: /store to /
rewrite: / rewrite: /
@@ -64,8 +65,6 @@ data:
# [X-Forwarded-Host, X-Forwarded-For, Host, Scheme ] # [X-Forwarded-Host, X-Forwarded-For, Host, Scheme ]
# It will not match the backend route, by default, it's disabled # It will not match the backend route, by default, it's disabled
disableHeaderXForward: false disableHeaderXForward: false
# Internal health check
healthCheck: '' #/internal/health/ready
# Route Cors, global cors will be overridden by route # Route Cors, global cors will be overridden by route
cors: cors:
# Route Origins Cors, route will override global cors origins # Route Origins Cors, route will override global cors origins
@@ -85,17 +84,27 @@ data:
middlewares: middlewares:
- api-forbidden-paths - api-forbidden-paths
# Example of a route | 2 # Example of a route | 2
- name: Basic auth - path: /protected
path: /protected name: Basic auth
rewrite: / rewrite: /
destination: https://example.com destination: ''
methods: [] backends:
- https://example.com
- https://example2.com
methods:
- GET
# Route healthcheck
healthCheck: healthCheck:
path: /health/live
interval: 30
timeout: 10
healthyStatuses:
- 200
- 404
cors: {} cors: {}
middlewares: middlewares:
- api-forbidden-paths - api-forbidden-paths
- basic-auth - basic-auth
#Defines proxy middlewares #Defines proxy middlewares
# middleware name must be unique # middleware name must be unique
middlewares: middlewares:
@@ -148,3 +157,43 @@ data:
- /api-docs/* - /api-docs/*
- /internal/* - /internal/*
- /actuator/* - /actuator/*
- name: oauth-google
type: oauth
paths:
- /protected
- /example-of-oauth
rule:
clientId: xxx
clientSecret: xxx
provider: google
endpoint:
userInfoUrl: ""
redirectUrl: http://localhost:8080/callback
redirectPath: ""
cookiePath: ""
scopes:
- https://www.googleapis.com/auth/userinfo.email
- https://www.googleapis.com/auth/userinfo.profile
state: randomStateString
jwtSecret: your-strong-jwt-secret | It's optional
- name: oauth-authentik
type: oauth
paths:
- /protected
- /example-of-oauth
rule:
clientId: xxx
clientSecret: xxx
provider: custom
endpoint:
authUrl: https://authentik.example.com/application/o/authorize/
tokenUrl: https://authentik.example.com/application/o/token/
userInfoUrl: https://authentik.example.com/application/o/userinfo/
redirectUrl: http://localhost:8080/callback
redirectPath: ""
cookiePath: ""
scopes:
- email
- openid
state: randomStateString
jwtSecret: your-strong-jwt-secret | It's optional

29
examples/goma.yml
View File

@@ -13,6 +13,7 @@ gateway:
sslKeyFile: ''#key.pem sslKeyFile: ''#key.pem
# Proxy rate limit, it's In-Memory IP based # Proxy rate limit, it's In-Memory IP based
rateLimit: 0 rateLimit: 0
logLevel: info # debug, trace
accessLog: "/dev/Stdout" accessLog: "/dev/Stdout"
errorLog: "/dev/stderr" errorLog: "/dev/stderr"
## Enable, disable routes health check ## Enable, disable routes health check
@@ -44,10 +45,10 @@ gateway:
##### Define routes ##### Define routes
routes: routes:
# Example of a route | 1 # Example of a route | 1
- name: Public # Name is optional - path: /
name: Public # Name is optional
# host Domain/host based request routing # host Domain/host based request routing
host: "" # Host is optional hosts: [] # Hosts are optional
path: /public
## Rewrite a request path ## Rewrite a request path
# e.g rewrite: /store to / # e.g rewrite: /store to /
rewrite: / rewrite: /
@@ -58,8 +59,6 @@ gateway:
# [X-Forwarded-Host, X-Forwarded-For, Host, Scheme ] # [X-Forwarded-Host, X-Forwarded-For, Host, Scheme ]
# It will not match the backend route, by default, it's disabled # It will not match the backend route, by default, it's disabled
disableHeaderXForward: false disableHeaderXForward: false
# Internal health check
healthCheck: '' #/internal/health/ready
# Route Cors, global cors will be overridden by route # Route Cors, global cors will be overridden by route
cors: cors:
# Route Origins Cors, route will override global cors origins # Route Origins Cors, route will override global cors origins
@@ -79,17 +78,27 @@ gateway:
middlewares: middlewares:
- api-forbidden-paths - api-forbidden-paths
# Example of a route | 2 # Example of a route | 2
- name: Basic auth - path: /protected
path: /protected name: Basic auth
rewrite: / rewrite: /
destination: https://example.com destination: ''
methods: [] backends:
- https://example.com
- https://example2.com
methods:
- GET
# Route healthcheck
healthCheck: healthCheck:
path: /health/live
interval: 30
timeout: 10
healthyStatuses:
- 200
- 404
cors: {} cors: {}
middlewares: middlewares:
- api-forbidden-paths - api-forbidden-paths
- basic-auth - basic-auth
#Defines proxy middlewares #Defines proxy middlewares
# middleware name must be unique # middleware name must be unique
middlewares: middlewares:

86
internal/middleware_test.go
View File

@@ -32,7 +32,7 @@ func TestMiddleware(t *testing.T) {
middlewares := []Middleware{ middlewares := []Middleware{
{ {
Name: "basic-auth", Name: "basic-auth",
Type: "basic", Type: BasicAuth,
Paths: []string{"/", "/admin"}, Paths: []string{"/", "/admin"},
Rule: BasicRuleMiddleware{ Rule: BasicRuleMiddleware{
Username: "goma", Username: "goma",
@@ -41,7 +41,7 @@ func TestMiddleware(t *testing.T) {
}, },
{ {
Name: "forbidden path access", Name: "forbidden path access",
Type: "access", Type: AccessMiddleware,
Paths: []string{"/", "/admin"}, Paths: []string{"/", "/admin"},
Rule: BasicRuleMiddleware{ Rule: BasicRuleMiddleware{
Username: "goma", Username: "goma",
@@ -51,7 +51,7 @@ func TestMiddleware(t *testing.T) {
{ {
Name: "jwt", Name: "jwt",
Type: "jwt", Type: JWTAuth,
Paths: []string{"/", "/admin"}, Paths: []string{"/", "/admin"},
Rule: JWTRuleMiddleware{ Rule: JWTRuleMiddleware{
URL: "https://www.googleapis.com/auth/userinfo.email", URL: "https://www.googleapis.com/auth/userinfo.email",
@@ -59,6 +59,35 @@ func TestMiddleware(t *testing.T) {
Params: map[string]string{}, Params: map[string]string{},
}, },
}, },
{
Name: "oauth-google",
Type: OAuth,
Paths: []string{
"/protected",
"/example-of-oauth",
},
Rule: OauthRulerMiddleware{
ClientID: "xxx",
ClientSecret: "xxx",
Provider: "google",
JWTSecret: "your-strong-jwt-secret | It's optional",
RedirectURL: "http://localhost:8080/callback",
Scopes: []string{"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile"},
Endpoint: OauthEndpoint{},
State: "randomStateString",
},
},
{
Name: "api-forbidden-paths",
Type: AccessMiddleware,
Paths: []string{
"/swagger-ui/*",
"/v2/swagger-ui/*",
"/api-docs/*",
"/actuator/*",
},
},
} }
yamlData, err := yaml.Marshal(&middlewares) yamlData, err := yaml.Marshal(&middlewares)
if err != nil { if err != nil {
@@ -74,28 +103,43 @@ func TestMiddleware(t *testing.T) {
func TestReadMiddleware(t *testing.T) { func TestReadMiddleware(t *testing.T) {
TestMiddleware(t) TestMiddleware(t)
middlewares := getMiddlewares(t) middlewares := getMiddlewares(t)
middleware, err := getMiddleware(rules, middlewares) m, err := getMiddleware(rules, middlewares)
if err != nil { if err != nil {
t.Fatalf("Error searching middleware %s", err.Error()) t.Fatalf("Error searching middleware %s", err.Error())
} }
switch middleware.Type { log.Printf("Middleware: %v\n", m)
case "basic":
log.Println("Basic auth")
basicAuth, err := getBasicAuthMiddleware(middleware.Rule)
if err != nil {
log.Fatalln("error:", err)
}
log.Printf("Username: %s and password: %s\n", basicAuth.Username, basicAuth.Password)
case "jwt":
log.Println("JWT auth")
jwt, err := getJWTMiddleware(middleware.Rule)
if err != nil {
log.Fatalln("error:", err)
}
log.Printf("JWT authentification URL is %s\n", jwt.URL)
default:
t.Errorf("Unknown middleware type %s", middleware.Type)
for _, middleware := range middlewares {
switch middleware.Type {
case BasicAuth:
log.Println("Basic auth")
basicAuth, err := getBasicAuthMiddleware(middleware.Rule)
if err != nil {
log.Fatalln("error:", err)
}
log.Printf("Username: %s and password: %s\n", basicAuth.Username, basicAuth.Password)
case JWTAuth:
log.Println("JWT auth")
jwt, err := getJWTMiddleware(middleware.Rule)
if err != nil {
log.Fatalln("error:", err)
}
log.Printf("JWT authentification URL is %s\n", jwt.URL)
case OAuth:
log.Println("OAuth auth")
oauth, err := oAuthMiddleware(middleware.Rule)
if err != nil {
log.Fatalln("error:", err)
}
log.Printf("OAuth authentification: provider %s\n", oauth.Provider)
case AccessMiddleware:
log.Println("Access middleware")
log.Printf("Access middleware: paths: [%s]\n", middleware.Paths)
default:
t.Errorf("Unknown middleware type %s", middleware.Type)
}
} }
} }

26
internal/server_test.go
View File

@@ -1,6 +1,8 @@
package pkg package pkg
import ( import (
"context"
"log"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"os" "os"
@@ -19,6 +21,16 @@ func TestInit(t *testing.T) {
} }
} }
func TestCheckConfig(t *testing.T) {
TestInit(t)
initConfig(configFile)
err := CheckConfig(configFile)
if err != nil {
t.Error(err)
}
log.Println("Goma Gateway configuration file checked successfully")
}
func TestStart(t *testing.T) { func TestStart(t *testing.T) {
TestInit(t) TestInit(t)
initConfig(configFile) initConfig(configFile)
@@ -28,7 +40,8 @@ func TestStart(t *testing.T) {
t.Error(err) t.Error(err)
} }
route := gatewayServer.Initialize() route := gatewayServer.Initialize()
route.HandleFunc("/", func(rw http.ResponseWriter, r *http.Request) {
route.HandleFunc("/test", func(rw http.ResponseWriter, r *http.Request) {
_, err := rw.Write([]byte("Hello Goma Proxy")) _, err := rw.Write([]byte("Hello Goma Proxy"))
if err != nil { if err != nil {
t.Fatalf("Failed writing HTTP response: %v", err) t.Fatalf("Failed writing HTTP response: %v", err)
@@ -43,10 +56,19 @@ func TestStart(t *testing.T) {
t.Fatalf("expected a status code of 200, got %v", resp.StatusCode) t.Fatalf("expected a status code of 200, got %v", resp.StatusCode)
} }
} }
ctx := context.Background()
go func() {
err = gatewayServer.Start(ctx)
if err != nil {
t.Error(err)
return
}
}()
t.Run("httpServer", func(t *testing.T) { t.Run("httpServer", func(t *testing.T) {
s := httptest.NewServer(route) s := httptest.NewServer(route)
defer s.Close() defer s.Close()
assertResponseBody(t, s, "Hello Goma Proxy") assertResponseBody(t, s, "Hello Goma Proxy")
}) })
ctx.Done()
} }