integration: add single-cluster integration tests (#2516)

* integration: add single-cluster integration tests * remove kind load
2025-08-03 08:50:42 +02:00 · 2021-08-24 15:35:05 -06:00 · 2021-08-24 15:35:05 -06:00 · 48cd10d46b
commit 48cd10d46b
parent f5a558d4a0
53 changed files with 7455 additions and 31 deletions
--- a/integration/tpl/backends/routes.libsonnet
+++ b/integration/tpl/backends/routes.libsonnet
@ -0,0 +1,197 @@
+local Routes(mode, idp, dns_suffix) =
+  [
+    {
+      from: 'https://mock-idp.localhost.pomerium.io',
+      to: 'http://mock-idp' + dns_suffix + ':8024',
+      allow_public_unauthenticated_access: true,
+      preserve_host_header: true,
+    },
+    {
+      from: 'https://envoy.localhost.pomerium.io',
+      to: 'http://localhost:9901',
+      allow_public_unauthenticated_access: true,
+    },
+    {
+      from: 'https://verify.localhost.pomerium.io',
+      to: 'http://verify' + dns_suffix + ':80',
+      allow_any_authenticated_user: true,
+      pass_identity_headers: true,
+    },
+    {
+      from: 'https://websocket-echo.localhost.pomerium.io',
+      to: 'http://websocket-echo' + dns_suffix + ':80',
+      allow_public_unauthenticated_access: true,
+      allow_websockets: true,
+    },
+    {
+      from: 'https://fortio-ui.localhost.pomerium.io',
+      to: 'https://fortio' + dns_suffix + ':8080',
+      allow_any_authenticated_user: true,
+    },
+    {
+      from: 'https://fortio-ping.localhost.pomerium.io',
+      to: 'https://fortio' + dns_suffix + ':8079',
+      allow_public_unauthenticated_access: true,
+      tls_custom_ca: std.base64(importstr '../files/ca.pem'),
+      tls_server_name: 'fortio-ping.localhost.pomerium.io',
+    },
+    {
+      from: 'tcp+https://redis.localhost.pomerium.io:6379',
+      to: 'tcp://redis' + dns_suffix + ':6379',
+      allow_any_authenticated_user: true,
+    },
+    // tls_skip_verify
+    {
+      from: 'https://httpdetails.localhost.pomerium.io',
+      to: 'https://trusted-httpdetails' + dns_suffix + ':8443',
+      path: '/tls-skip-verify-enabled',
+      tls_skip_verify: true,
+      allow_public_unauthenticated_access: true,
+    },
+    {
+      from: 'https://httpdetails.localhost.pomerium.io',
+      to: 'https://trusted-httpdetails' + dns_suffix + ':8443',
+      path: '/tls-skip-verify-disabled',
+      tls_skip_verify: false,
+      allow_public_unauthenticated_access: true,
+    },
+    // tls_server_name
+    {
+      from: 'https://httpdetails.localhost.pomerium.io',
+      to: 'https://wrongly-named-httpdetails' + dns_suffix + ':8443',
+      path: '/tls-server-name-enabled',
+      tls_server_name: 'httpdetails.localhost.notpomerium.io',
+      allow_public_unauthenticated_access: true,
+    },
+    {
+      from: 'https://httpdetails.localhost.pomerium.io',
+      to: 'https://wrongly-named-httpdetails' + dns_suffix + ':8443',
+      path: '/tls-server-name-disabled',
+      allow_public_unauthenticated_access: true,
+    },
+    // tls_custom_certificate_authority
+    {
+      from: 'https://httpdetails.localhost.pomerium.io',
+      to: 'https://untrusted-httpdetails' + dns_suffix + ':8443',
+      path: '/tls-custom-ca-enabled',
+      tls_custom_ca: std.base64(importstr '../files/untrusted-ca.pem'),
+      tls_server_name: 'httpdetails.localhost.pomerium.io',
+      allow_public_unauthenticated_access: true,
+    },
+    {
+      from: 'https://httpdetails.localhost.pomerium.io',
+      to: 'https://untrusted-httpdetails' + dns_suffix + ':8443',
+      path: '/tls-custom-ca-disabled',
+      allow_public_unauthenticated_access: true,
+    },
+    // tls_client_cert
+    // {
+    //   from: 'http://httpdetails.localhost.pomerium.io',
+    //   to: 'https://mtls-http-details' + dns_suffix + ':8443',
+    //   path: '/tls-client-cert-enabled',
+    //   tls_client_cert: std.base64(tls.trusted.client.cert),
+    //   tls_client_key: std.base64(tls.trusted.client.key),
+    //   tls_server_name: 'httpdetails.localhost.pomerium.io',
+    //   allow_public_unauthenticated_access: true,
+    // },
+    // {
+    //   from: 'http://httpdetails.localhost.pomerium.io',
+    //   to: 'https://mtls-http-details' + dns_suffix + ':8443',
+    //   path: '/tls-client-cert-disabled',
+    //   allow_public_unauthenticated_access: true,
+    // },
+    // cors_allow_preflight option
+    {
+      from: 'https://httpdetails.localhost.pomerium.io',
+      to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
+      prefix: '/cors-enabled',
+      cors_allow_preflight: true,
+    },
+    {
+      from: 'https://httpdetails.localhost.pomerium.io',
+      to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
+      prefix: '/cors-disabled',
+      cors_allow_preflight: false,
+    },
+    // preserve_host_header option
+    {
+      from: 'https://httpdetails.localhost.pomerium.io',
+      to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
+      prefix: '/preserve-host-header-enabled',
+      allow_public_unauthenticated_access: true,
+      preserve_host_header: true,
+    },
+    {
+      from: 'https://httpdetails.localhost.pomerium.io',
+      to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
+      prefix: '/preserve-host-header-disabled',
+      allow_public_unauthenticated_access: true,
+      preserve_host_header: false,
+    },
+    // authorization policy
+    {
+      from: 'https://restricted-httpdetails.localhost.pomerium.io',
+      to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
+      allow_any_authenticated_user: true,
+      pass_identity_headers: true,
+    },
+    {
+      from: 'https://httpdetails.localhost.pomerium.io',
+      prefix: '/by-domain',
+      to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
+      allowed_domains: ['dogs.test'],
+      pass_identity_headers: true,
+    },
+    {
+      from: 'https://httpdetails.localhost.pomerium.io',
+      prefix: '/by-user',
+      to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
+      allowed_users: ['user1@dogs.test'],
+      pass_identity_headers: true,
+    },
+    // catch-all
+    {
+      from: 'https://httpdetails.localhost.pomerium.io',
+      to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
+      allow_public_unauthenticated_access: true,
+      pass_identity_headers: true,
+      set_request_headers: {
+        'X-Custom-Request-Header': 'custom-request-header-value',
+      },
+    },
+    // websockets
+    {
+      from: 'https://enabled-ws-echo.localhost.pomerium.io',
+      to: 'http://websocket-echo' + dns_suffix + ':80',
+      allow_public_unauthenticated_access: true,
+      allow_websockets: true,
+    },
+    {
+      from: 'https://disabled-ws-echo.localhost.pomerium.io',
+      to: 'http://websocket-echo' + dns_suffix + ':80',
+      allow_public_unauthenticated_access: true,
+    },
+    // cloudrun
+    {
+      from: 'https://cloudrun.localhost.pomerium.io',
+      to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
+      allow_public_unauthenticated_access: true,
+      pass_identity_headers: true,
+      enable_google_cloud_serverless_authentication: true,
+      set_request_headers: {
+        'x-idp': idp,
+      },
+    },
+  ] + if mode == 'multi' then [
+    {
+      from: 'https://authenticate.localhost.pomerium.io',
+      to: 'https://pomerium-authenticate',
+      allow_public_unauthenticated_access: true,
+      host_rewrite: 'authenticate.localhost.pomerium.io',
+      tls_skip_verify: true,
+    },
+  ] else [];
+
+{
+  Routes: Routes,
+}