Adding test cases for token issuer with environments

build-apk.sh

@@ -14,6 +14,8 @@ cd gateway/router;./gradlew build;
 cd $current_dir;
 cd gateway/enforcer;./gradlew build;
 cd $current_dir;
+cd common-controller;./gradlew build;
+cd $current_dir;
 cd idp/idp-domain-service;./gradlew build;
 cd $current_dir;
 cd idp/idp-ui;./gradlew build;

test/cucumber-tests/CRs/artifacts.yaml

@@ -578,6 +578,54 @@ spec:
     kind: Gateway
     name: default
 ---
+kind: TokenIssuer
+apiVersion: dp.wso2.com/v1alpha1
+metadata:
+  name: multi-env-token-issuer-all-envs
+  namespace: apk-integration-test
+spec:
+  consumerKeyClaim: azp
+  issuer: https://idp1.com
+  name: idp-all-env
+  organization: org3
+  scopesClaim: scope
+  environments:
+  - "*"
+  signatureValidation:
+    jwks:
+      url: "http://dynamic-backend-service:8080/idp1/jwks"
+  claimMappings:
+    - remoteClaim: "organization"
+      localClaim:  "x-wso2-organization"
+  targetRef:
+    group: gateway.networking.k8s.io
+    kind: Gateway
+    name: default
+---
+kind: TokenIssuer
+apiVersion: dp.wso2.com/v1alpha1
+metadata:
+  name: multi-env-token-issuer-dev-env
+  namespace: apk-integration-test
+spec:
+  consumerKeyClaim: azp
+  issuer: https://idp1.com
+  name: idp-dev-only
+  organization: org4
+  scopesClaim: scope
+  environments:
+  - "dev"
+  signatureValidation:
+    jwks:
+      url: "http://dynamic-backend-service:8080/idp1/jwks"
+  claimMappings:
+    - remoteClaim: "organization"
+      localClaim:  "x-wso2-organization"
+  targetRef:
+    group: gateway.networking.k8s.io
+    kind: Gateway
+    name: default
+---
 # We have removed the Envoy admin interface port from our helm gateway service yaml. So we need this one here.
 apiVersion: v1
 kind: Service

test/cucumber-tests/scripts/setup-hosts.sh

@@ -12,8 +12,12 @@ sudo echo "$IP api.am.wso2.com" | sudo tee -a /etc/hosts
 sudo echo "$IP default.gw.wso2.com" | sudo tee -a /etc/hosts
 sudo echo "$IP org1.gw.wso2.com" | sudo tee -a /etc/hosts
 sudo echo "$IP org2.gw.wso2.com" | sudo tee -a /etc/hosts
+sudo echo "$IP org3.gw.wso2.com" | sudo tee -a /etc/hosts
+sudo echo "$IP org4.gw.wso2.com" | sudo tee -a /etc/hosts
 sudo echo "$IP default.sandbox.gw.wso2.com" | sudo tee -a /etc/hosts
-sudo echo "$IP default-qa.gw.wso2.com" | sudo tee -a /etc/hosts
 sudo echo "$IP default-dev.gw.wso2.com" | sudo tee -a /etc/hosts
+sudo echo "$IP org3-qa.gw.wso2.com" | sudo tee -a /etc/hosts
+sudo echo "$IP org4-qa.gw.wso2.com" | sudo tee -a /etc/hosts
+sudo echo "$IP org4-dev.gw.wso2.com" | sudo tee -a /etc/hosts
 sudo echo "255.255.255.255 broadcasthost" | sudo tee -a /etc/hosts
 sudo echo "::1 localhost" | sudo tee -a /etc/hosts

test/cucumber-tests/src/test/resources/artifacts/apk-confs/multi-env/employees_conf.yaml

@@ -0,0 +1,27 @@
+---
+name: "EmployeeServiceAPIDev"
+basePath: "/withoutenv"
+version: "3.14"
+id: "without-env-api"
+type: "REST"
+defaultVersion: false
+endpointConfigurations:
+  production:
+    endpoint: "http://backend:80/anything"
+operations:
+  - target: "/employee"
+    verb: "GET"
+    secured: true
+    scopes: []
+  - target: "/employee"
+    verb: "POST"
+    secured: true
+    scopes: []
+  - target: "/employee/{employeeId}"
+    verb: "PUT"
+    secured: true
+    scopes: []
+  - target: "/employee/{employeeId}"
+    verb: "DELETE"
+    secured: true
+    scopes: []

test/cucumber-tests/src/test/resources/tests/api/MultiEnvironment.feature

@@ -1,37 +1,106 @@
 Feature: Deploy APIs in multiple environments
-  Scenario: Deploying an API in Dev Environment for Organization, test123
+  Scenario: Deploying an API without specifing an Environment and token issuer has no environments.
     Given The system is ready
     And I have a valid subscription
-    When I use the APK Conf file "artifacts/apk-confs/multi-env/employees_conf_dev.yaml"
+    When I use the APK Conf file "artifacts/apk-confs/multi-env/employees_conf.yaml"
     And the definition file "artifacts/definitions/employees_api.json"
     And make the API deployment request
     Then the response status code should be 200
     Then I set headers
       |Authorization|bearer ${accessToken}|
-    And I send "GET" request to "https://default-dev.gw.wso2.com:9095/multienv/3.14/employee/" with body ""
+    And I send "GET" request to "https://default.gw.wso2.com:9095/withoutenv/3.14/employee/" with body ""
+    And I eventually receive 200 response code, not accepting
+      |429|
+    When I undeploy the API whose ID is "without-env-api"
+    Then the response status code should be 202
+
+  Scenario: Deploying an API without specifing an Environment and token issuer has all(*) environments.
+    Given The system is ready
+    And I have a valid token for organization "org3"
+    When I use the APK Conf file "artifacts/apk-confs/multi-env/employees_conf.yaml"
+    And the definition file "artifacts/definitions/employees_api.json"
+    And make the API deployment request for organization "org3"
+    Then the response status code should be 200
+    Then I set headers
+      |Authorization|bearer ${org3}|
+    And I send "GET" request to "https://org3.gw.wso2.com:9095/withoutenv/3.14/employee/" with body ""
     And I eventually receive 200 response code, not accepting
       |429|
-
-  Scenario: Deploying the same API in QA Environment for Organization, test123
+    When I undeploy the API whose ID is "without-env-api" and organization "org3"
+    Then the response status code should be 202
+
+  Scenario: Deploying an API without specifing an Environment and token issuer has only dev environment.
+    Given The system is ready
+    And I have a valid token for organization "org4"
+    When I use the APK Conf file "artifacts/apk-confs/multi-env/employees_conf.yaml"
+    And the definition file "artifacts/definitions/employees_api.json"
+    And make the API deployment request for organization "org4"
+    Then the response status code should be 200
+    Then I set headers
+      |Authorization|bearer ${org4}|
+    And I send "GET" request to "https://org4.gw.wso2.com:9095/withoutenv/3.14/employee/" with body ""
+    And I eventually receive 401 response code, not accepting
+      |200|
+    When I undeploy the API whose ID is "without-env-api" and organization "org4"
+    Then the response status code should be 202
+
+  Scenario: Deploying an API in Dev environment and token issuer has no environments.
     Given The system is ready
     And I have a valid subscription
-    When I use the APK Conf file "artifacts/apk-confs/multi-env/employees_conf_qa.yaml"
+    When I use the APK Conf file "artifacts/apk-confs/multi-env/employees_conf_dev.yaml"
     And the definition file "artifacts/definitions/employees_api.json"
     And make the API deployment request
     Then the response status code should be 200
     Then I set headers
       |Authorization|bearer ${accessToken}|
-    And I send "GET" request to "https://default-qa.gw.wso2.com:9095/multienv/3.14/employee/" with body ""
+    And I send "GET" request to "https://default-dev.gw.wso2.com:9095/multienv/3.14/employee/" with body ""
     And I eventually receive 200 response code, not accepting
       |429|
-
-  Scenario Outline: Undeploy API
+    When I undeploy the API whose ID is "multi-env-dev-api"
+    Then the response status code should be 202
+
+  Scenario: Deploying an API in QA environment and token issuer has all(*) environments.
     Given The system is ready
-    And I have a valid subscription
-    When I undeploy the API whose ID is "<apiID>"
-    Then the response status code should be <expectedStatusCode>
+    And I have a valid token for organization "org3"
+    When I use the APK Conf file "artifacts/apk-confs/multi-env/employees_conf_qa.yaml"
+    And the definition file "artifacts/definitions/employees_api.json"
+    And make the API deployment request for organization "org3"
+    Then the response status code should be 200
+    Then I set headers
+      |Authorization|bearer ${org3}|
+    And I send "GET" request to "https://org3-qa.gw.wso2.com:9095/multienv/3.14/employee/" with body ""
+    And I eventually receive 200 response code, not accepting
+      |401|
+    When I undeploy the API whose ID is "multi-env-qa-api" and organization "org3"
+    Then the response status code should be 202
+
+  Scenario: Deploying an API in QA environment and token issuer has only Dev environment.
+    Given The system is ready
+    And I have a valid token for organization "org4"
+    When I use the APK Conf file "artifacts/apk-confs/multi-env/employees_conf_qa.yaml"
+    And the definition file "artifacts/definitions/employees_api.json"
+    And make the API deployment request for organization "org4"
+    Then the response status code should be 200
+    Then I set headers
+      |Authorization|bearer ${org4}|
+    And I send "GET" request to "https://org4-qa.gw.wso2.com:9095/multienv/3.14/employee/" with body ""
+    And I eventually receive 401 response code, not accepting
+      |200|
+    When I undeploy the API whose ID is "multi-env-qa-api" and organization "org4"
+    Then the response status code should be 202
 
-    Examples:
-      | apiID                    | expectedStatusCode |
-      | multi-env-dev-api        | 202                |
-      | multi-env-qa-api         | 202                |
+  Scenario: Deploying an API in Dev environment and token issuer has only Dev environment.
+    Given The system is ready
+    And I have a valid token for organization "org4"
+    When I use the APK Conf file "artifacts/apk-confs/multi-env/employees_conf_dev.yaml"
+    And the definition file "artifacts/definitions/employees_api.json"
+    And make the API deployment request for organization "org4"
+    Then the response status code should be 200
+    Then I set headers
+      |Authorization|bearer ${org4}|
+    And I send "GET" request to "https://org4-dev.gw.wso2.com:9095/multienv/3.14/employee/" with body ""
+    And I eventually receive 200 response code, not accepting
+      |401|
+    When I undeploy the API whose ID is "multi-env-dev-api" and organization "org4"
+    Then the response status code should be 202
+