def warmup(self, up_to_number, sleep_seconds, check, url):
for i in range(1,up_to_number):
headers = {}
response = RestHelper(url).get_text(None, headers)
if len(response) > 0:
if check in response:
return
time.sleep(sleep_seconds)
return
def test_simple_hello_uc3_empty_token(self):
token_gcf = None
self.assertIn('INGRESS_ISTIO_HOST', os.environ, "INGRESS_ISTIO_HOST environment variable not set")
self.assertTrue(len(os.environ['INGRESS_ISTIO_HOST']) > 0, "INGRESS_ISTIO_HOST empty - len == 0")
full_url = self.get_url(os.environ['INGRESS_ISTIO_HOST'],
'app-allowed-jwt-istio-appconfigv2-service-sm-', 'uc-allowed-jwt-istio', [ '2', '3' ])
headers = {"Host": "test-simple-hello.example.com"}
response = RestHelper(full_url).get_text(token_gcf,headers)
self.assertTrue(len(response) > 0, "response empty - len == 0")
self.assertIn("401", response, "Failed Test")
def test_simple_hello_uc3_with_google_com_token(self):
self.assertIn('GOOGLE_APPLICATION_CREDENTIALS', os.environ, "INGRESS_ISTIO_HOST environment variable not set")
self.assertTrue(len(os.environ['INGRESS_ISTIO_HOST']) > 0, "INGRESS_ISTIO_HOST empty - len == 0")
o_auth_helper = GCPAuthHelper()
token_gcf = o_auth_helper.get_google_open_id_connect_token("https://site2.ecom1.joecloudy.com")
full_url = self.get_url(os.environ['INGRESS_ISTIO_HOST'],
'app-allowed-jwt-istio-appconfigv2-service-sm-', 'uc-allowed-jwt-istio', [ '2', '3' ])
headers = {"Host": "test-simple-hello.example.com"}
response = RestHelper(full_url).get_text(token_gcf,headers)
self.assertTrue(len(response) > 0, "response empty - len == 0")
self.assertIn("Last Call Successful", response, "Failed Test")
def test_simple_hello_uc5_simple_external_not_google_apis(self):
uc = "uc-secrets-istio"
self.assertIn('INGRESS_ISTIO_HOST', os.environ, "INGRESS_ISTIO_HOST environment variable not set")
self.assertTrue(len(os.environ['INGRESS_ISTIO_HOST']) > 0, "INGRESS_ISTIO_HOST empty - len == 0")
full_url = "http://" + os.environ['INGRESS_ISTIO_HOST'] + "/testcallseq?"
full_url = full_url + self.util("1", "app-secrets-istio-appconfigv2-service-sm-2", uc)
full_url = full_url + "&" + self.util("2", "app-secrets-istio-appconfigv2-service-sm-3", None)
full_url = full_url + "&call3=https://httpbin.org/get"
headers = {"Host": "test-simple-hello.example.com"}
response = RestHelper(full_url).get_text(None,headers)
self.assertTrue(len(response) > 0, "response empty - len == 0")
self.assertIn('*Error*', response, "Failed Test - Last Call")
def test_simple_hello_uc2_service_ok(self):
uc = "uc-allowed-services-istio"
self.assertTrue(len(os.environ['INGRESS_ISTIO_HOST']) > 0, "INGRESS_ISTIO_HOST empty - len == 0")
full_url = "http://" + os.environ['INGRESS_ISTIO_HOST'] + "/testcallseq?"
full_url = full_url + self.util("1", "app-allowed-istio-appconfigv2-service-sm-2", uc)
full_url = full_url + "&" + self.util("2", "app-allowed-istio-appconfigv2-service-sm-3", uc)
headers = {}
response = RestHelper(full_url).get_text(None,headers)
self.assertTrue(len(response) > 0, "response empty - len == 0")
self.assertNotIn('*Error*', response, "Failed Test")
self.assertNotIn('403', response, "Failed Test- 403")
self.assertNotIn('PERMISSION_DENIED', response, "Failed Test - Denied Text")
def test_simple_hello_uc1_outbound_ok(self):
uc = "uc-allowed-services-k8s"
self.assertTrue(len(os.environ['INGRESS_NO_ISTIO_HOST']) > 0, "INGRESS_NO_ISTIO_HOST empty - len == 0")
full_url = "http://" + os.environ['INGRESS_NO_ISTIO_HOST'] + "/testcallseq?"
full_url = full_url + self.util("1", "app-allowed-k8s-appconfigv2-service-sm-2", uc)
full_url = full_url + "&" + self.util("2", "app-allowed-k8s-appconfigv2-service-sm-1", uc)
full_url = full_url + "&call3=https://httpbin.org/get"
headers = {"Host": "test-simple-hello.example.com"}
response = RestHelper(full_url).get_text(None,headers)
self.assertTrue(len(response) > 0, "response empty - len == 0")
self.assertIn('"User-Agent": "python-requests/2.22.0"', response, "Failed Test")
self.assertIn('"Host": "httpbin.org"', response, "Failed Test")
def workload_identity_pubsub_ok(self):
uc = "uc-workload-identity"
self.assertIn('INGRESS_NO_ISTIO_HOST', os.environ, "INGRESS_NO_ISTIO_HOST environment variable not set")
self.assertTrue(len(os.environ['INGRESS_NO_ISTIO_HOST']) > 0, "INGRESS_NO_ISTIO_HOST empty - len == 0")
self.assertIn('PUBSUB_GCP_PROJECT', os.environ, "PUBSUB_GCP_PROJECT environment variable not set")
self.assertTrue(len(os.environ['PUBSUB_GCP_PROJECT']) > 0, "PUBSUB_GCP_PROJECT empty - len == 0")
full_url = "http://" + os.environ['INGRESS_NO_ISTIO_HOST'] + "/testcallseq?"
full_url = full_url + "call1=http://workload-identity-pubsub-app." + uc + ":8000"
full_url = full_url + "?gcpProjectID=" + os.environ['PUBSUB_GCP_PROJECT']
full_url = full_url + "&topic=workload-identity-topic&message=hello"
headers = {"Host": "test-simple-hello.example.com"}
response = RestHelper(full_url).get_text(None,headers)
self.assertTrue(len(response) > 0, "response empty - len == 0")
self.assertIn('Publish Success:', response, "Failed Test - Publish")
def test_simple_hello_uc5_pubsub_topic_acl_not_allowed(self):
uc = "uc-secrets-istio"
self.assertIn('INGRESS_ISTIO_HOST', os.environ, "INGRESS_ISTIO_HOST environment variable not set")
self.assertTrue(len(os.environ['INGRESS_ISTIO_HOST']) > 0, "INGRESS_ISTIO_HOST empty - len == 0")
self.assertIn('PUBSUB_GCP_PROJECT', os.environ, "PUBSUB_GCP_PROJECT environment variable not set")
self.assertTrue(len(os.environ['PUBSUB_GCP_PROJECT']) > 0, "PUBSUB_GCP_PROJECT empty - len == 0")
full_url = "http://" + os.environ['INGRESS_ISTIO_HOST'] + "/testcallseq?"
full_url = full_url + self.util("1", "app-secrets-istio-appconfigv2-service-sm-2", uc)
full_url = full_url + "&" + self.util("2", "app-secrets-istio-appconfigv2-service-sm-3", uc)
full_url = full_url + "&call3=http://app-secrets-istio-appconfigv2-service-pubsub?"
full_url = full_url + "gcpProjectID=" + os.environ['PUBSUB_GCP_PROJECT']
full_url = full_url + "&topic=appconfigcrd-demo-topic1&message=hello2"
headers = {"Host": "test-simple-hello.example.com"}
response = RestHelper(full_url).get_text(None,headers)
self.assertTrue(len(response) > 0, "response empty - len == 0")
self.assertIn('PermissionDenied', response, "Failed Test - Publish")
def test_simple_hello_uc1_service_blocked(self):
uc = "uc-allowed-services-k8s"
self.assertTrue(len(os.environ['INGRESS_NO_ISTIO_HOST']) > 0, "INGRESS_ISTIO_HOST empty - len == 0")
full_url = "http://" + os.environ['INGRESS_NO_ISTIO_HOST'] + "/testcallseq?"
full_url = full_url + self.util("1", "app-allowed-k8s-appconfigv2-service-sm-2", uc)
full_url = full_url + "&" + self.util("2", "app-allowed-k8s-appconfigv2-service-sm-3", uc)
full_url = full_url + "&call3=https://httpbin.org/get"
headers = {"Host": "test-simple-hello.example.com"}
try:
response = RestHelper(full_url).get_text(None,headers)
except:
print('exception')
return
self.fail('Should fail with Timeout')
parser.add_argument('--debug')
parser.add_argument('--host', required=True)
parser.add_argument('--service_name', required=True)
parser.add_argument('--namespace_name', required=True)
parser.add_argument('--nested_calls', required=True)
parser.add_argument('--skip_jwt')
args = parser.parse_args()
port = '80'
host = args.host
service_name = args.service_name
namespace_name = args.namespace_name
nested_calls = args.nested_calls
skip_jwt = args.skip_jwt
if 'INGRESS_ISTIO_HOST' in os.environ and os.environ['INGRESS_ISTIO_HOST']:
o_auth_helper = GCPAuthHelper()
token_gcf = o_auth_helper.get_google_open_id_connect_token(
"https://site2.ecom1.joecloudy.com")
if skip_jwt:
print('Empty JWT')
token_gcf = None
# token_gcf = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'
headers = {'Host': host}
full_url = get_url(os.environ['INGRESS_ISTIO_HOST'], service_name,
namespace_name, nested_calls.split(','))
print('full_url', full_url, 'host', host)
print(RestHelper(full_url).get_text(token_gcf, headers))
else:
print('Need to export INGRESS_ISTIO_HOST IP')