t/apicast-policy-caching: test allow mode

3scale · Jan 19, 2018 · 0a70362 · 0a70362
1 parent 3bd7a65
commit 0a70362
Showing 1 changed file with 102 additions and 0 deletions.
diff --git a/t/apicast-policy-caching.t b/t/apicast-policy-caching.t
@@ -175,3 +175,105 @@ auth error in the odd ones.
 ["yay, api backend\x{0a}", "Authentication failed", "yay, api backend\x{0a}", "Authentication failed"]
 --- error_code eval
 [ 200, 403, 200, 403 ]
+
+=== TEST 4: Caching policy configured as 'allow' with unseen request
+When the cache is configured as 'allow', all requests after the first one will
+be authorized when backend returns a 5XX if they do not have a 'denied' entry
+in the cache.
+--- configuration
+{
+  "services": [
+    {
+      "id": 42,
+      "backend_version":  1,
+      "backend_authentication_type": "service_token",
+      "backend_authentication_value": "token-value",
+      "proxy": {
+        "policy_chain": [
+          {
+            "name": "apicast.policy.caching",
+            "configuration": { "caching_type": "allow" }
+          },
+          {
+            "name": "apicast.policy.apicast"
+          }
+        ],
+        "api_backend": "http://test:$TEST_NGINX_SERVER_PORT/",
+        "proxy_rules": [
+          { "pattern": "/", "http_method": "GET", "metric_system_name": "hits", "delta": 2 }
+        ]
+      }
+    }
+  ]
+}
+--- backend
+  location /transactions/authrep.xml {
+    content_by_lua_block {
+      ngx.exit(502)
+    }
+  }
+--- upstream
+  location / {
+     echo 'yay, api backend';
+  }
+--- request eval
+["GET /?user_key=uk1", "GET /?user_key=uk1", "GET /?user_key=uk1"]
+--- response_body eval
+["Authentication failed", "yay, api backend\x{0a}", "yay, api backend\x{0a}"]
+--- error_code eval
+[403, 200, 200]
+
+=== TEST 5: Caching policy configured as 'allow' with previously denied request
+When the cache is configured as 'allow', requests will be denied if the last
+successful request to backend returned 'denied'.
+In order to test this, we use a backend that returns 403 on the first call, and
+502 on the rest.
+--- configuration
+{
+  "services": [
+    {
+      "id": 42,
+      "backend_version":  1,
+      "backend_authentication_type": "service_token",
+      "backend_authentication_value": "token-value",
+      "proxy": {
+        "policy_chain": [
+          {
+            "name": "apicast.policy.caching",
+            "configuration": { "caching_type": "allow" }
+          },
+          {
+            "name": "apicast.policy.apicast"
+          }
+        ],
+        "api_backend": "http://test:$TEST_NGINX_SERVER_PORT/",
+        "proxy_rules": [
+          { "pattern": "/", "http_method": "GET", "metric_system_name": "hits", "delta": 2 }
+        ]
+      }
+    }
+  ]
+}
+--- backend
+  location /transactions/authrep.xml {
+    content_by_lua_block {
+      local test_counter = ngx.shared.test_counter or 0
+      if test_counter == 0 then
+        ngx.shared.test_counter = test_counter + 1
+        ngx.exit(403)
+      else
+        ngx.shared.test_counter = test_counter + 1
+        ngx.exit(502)
+      end
+    }
+  }
+--- upstream
+  location / {
+     echo 'yay, api backend';
+  }
+--- request eval
+["GET /?user_key=uk1", "GET /?user_key=uk1", "GET /?user_key=uk1"]
+--- response_body eval
+["Authentication failed", "Authentication failed", "Authentication failed"]
+--- error_code eval
+[403, 403, 403]