add cucumber test for mtls

wso2 · May 8, 2024 · aaa9180 · aaa9180
1 parent af1445e
commit aaa9180
Show file tree

Hide file tree

Showing 4 changed files with 120 additions and 1 deletion.
diff --git a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/BaseSteps.java b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/BaseSteps.java
@@ -174,8 +174,16 @@ public void GetStudent(String arg0, int arg1) throws StatusRuntimeException {
         } catch (StatusRuntimeException e) {
             if (e.getStatus().getCode()== Status.Code.PERMISSION_DENIED){
                 sharedContext.setGrpcErrorCode(403);
+            } else if (e.getStatus().getCode()== Status.Code.UNIMPLEMENTED){
+                sharedContext.setGrpcErrorCode(501);
+            } else if (e.getStatus().getCode()== Status.Code.UNAVAILABLE){
+                sharedContext.setGrpcErrorCode(503);
+            } else if (e.getStatus().getCode()== Status.Code.NOT_FOUND){
+                sharedContext.setGrpcErrorCode(404);
+            } else if (e.getStatus().getCode()== Status.Code.UNAUTHENTICATED){
+                sharedContext.setGrpcErrorCode(401);
             } else {
-                logger.error(e.getMessage());
+                logger.error(e.getMessage() + "code: " + e.getStatus().getCode());
             }
         }
     }

diff --git a/...test/resources/artifacts/apk-confs/grpc/grpc_with_mtls_mandatory_oauth2_disabled.apk-conf b/...test/resources/artifacts/apk-confs/grpc/grpc_with_mtls_mandatory_oauth2_disabled.apk-conf
@@ -0,0 +1,36 @@
+---
+name: "demo-grpc-api"
+basePath: "/dineth.grpc.api"
+version: "v1"
+type: "GRPC"
+id: "grpc-mtls-mandatory-oauth2-disabled"
+endpointConfigurations:
+  production:
+    endpoint: "http://grpc-backend:6565"
+defaultVersion: false
+subscriptionValidation: false
+operations:
+- target: "student.StudentService"
+  verb: "GetStudent"
+  secured: true
+  scopes: []
+- target: "student.StudentService"
+  verb: "GetStudentStream"
+  secured: true
+  scopes: []
+- target: "student.StudentService"
+  verb: "SendStudentStream"
+  secured: true
+  scopes: []
+- target: "student.StudentService"
+  verb: "SendAndGetStudentStream"
+  secured: true
+  scopes: []
+authentication:
+  - authType: OAuth2
+    enabled: false
+  - authType: mTLS
+    required: mandatory
+    certificates:
+      - name: mtls-test-configmap
+        key: tls.crt
diff --git a/.../test/resources/artifacts/apk-confs/grpc/grpc_with_mtls_optional_oauth2_optional.apk-conf b/.../test/resources/artifacts/apk-confs/grpc/grpc_with_mtls_optional_oauth2_optional.apk-conf
@@ -0,0 +1,36 @@
+---
+name: "demo-grpc-api"
+basePath: "/dineth.grpc.api"
+version: "v1"
+type: "GRPC"
+id: "grpc-mtls-optional-oauth2-optional"
+endpointConfigurations:
+  production:
+    endpoint: "http://grpc-backend:6565"
+defaultVersion: false
+subscriptionValidation: false
+operations:
+- target: "student.StudentService"
+  verb: "GetStudent"
+  secured: true
+  scopes: []
+- target: "student.StudentService"
+  verb: "GetStudentStream"
+  secured: true
+  scopes: []
+- target: "student.StudentService"
+  verb: "SendStudentStream"
+  secured: true
+  scopes: []
+- target: "student.StudentService"
+  verb: "SendAndGetStudentStream"
+  secured: true
+  scopes: []
+authentication:
+  - authType: OAuth2
+    required: optional
+  - authType: mTLS
+    required: optional
+    certificates:
+      - name: mtls-test-configmap
+        key: tls.crt
diff --git a/test/cucumber-tests/src/test/resources/tests/api/GRPCMTLS.feature b/test/cucumber-tests/src/test/resources/tests/api/GRPCMTLS.feature
@@ -0,0 +1,39 @@
+Feature: Test mTLS between client and gateway with client certificate sent in header
+    Scenario: Test API with mandatory mTLS and OAuth2 disabled
+        Given The system is ready
+        And I have a valid token with a client certificate "invalid-cert.txt"
+        When I use the APK Conf file "artifacts/apk-confs/grpc/grpc_with_mtls_mandatory_oauth2_disabled.apk-conf"
+        And the definition file "artifacts/definitions/student.proto"
+        And make the API deployment request
+        Then the response status code should be 200
+        Then I set headers
+            | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} |
+        And I make grpc request GetStudent to "default.gw.wso2.com" with port 9095
+        And I eventually receive 200 response code, not accepting
+            | 401 |
+        And the student response body should contain name: "Dineth" age: 10
+
+    Scenario: Undeploy API
+        Given The system is ready
+        And I have a valid subscription
+        When I undeploy the API whose ID is "grpc-mtls-mandatory-oauth2-disabled"
+        Then the response status code should be 202
+
+    Scenario: Test optional mTLS and optional OAuth2 with an invalid client certificate and invalid token in header
+        Given The system is ready
+        And I have a valid token with a client certificate "invalid-cert.txt"
+        When I use the APK Conf file "artifacts/apk-confs/grpc/grpc_with_mtls_optional_oauth2_optional.apk-conf"
+        And the definition file "artifacts/definitions/student.proto"
+        And make the API deployment request
+        Then the response status code should be 200
+        Then I set headers
+            | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} |
+            | Authorization             | bearer {accessToken} |
+        And I make grpc request GetStudent to "default.gw.wso2.com" with port 9095
+        And the grpc error response status code should be 401
+
+    Scenario: Undeploy API
+        Given The system is ready
+        And I have a valid subscription
+        When I undeploy the API whose ID is "grpc-mtls-optional-oauth2-optional"
+        Then the response status code should be 202