istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/https_jwt/main_test.go

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/https_jwt/main_test.go (about)

     1  //go:build integ
     2  // +build integ
     3  
     4  //  Copyright Istio Authors
     5  //
     6  //  Licensed under the Apache License, Version 2.0 (the "License");
     7  //  you may not use this file except in compliance with the License.
     8  //  You may obtain a copy of the License at
     9  //
    10  //      http://www.apache.org/licenses/LICENSE-2.0
    11  //
    12  //  Unless required by applicable law or agreed to in writing, software
    13  //  distributed under the License is distributed on an "AS IS" BASIS,
    14  //  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15  //  See the License for the specific language governing permissions and
    16  //  limitations under the License.
    17  
    18  package security
    19  
    20  import (
    21  	"path"
    22  	"testing"
    23  
    24  	"istio.io/istio/pkg/test/env"
    25  	"istio.io/istio/pkg/test/framework"
    26  	"istio.io/istio/pkg/test/framework/components/echo/common/deployment"
    27  	"istio.io/istio/pkg/test/framework/components/istio"
    28  	"istio.io/istio/pkg/test/framework/components/jwt"
    29  	"istio.io/istio/pkg/test/framework/components/namespace"
    30  	"istio.io/istio/pkg/test/framework/label"
    31  	"istio.io/istio/pkg/test/framework/resource"
    32  	"istio.io/istio/pkg/test/util/tmpl"
    33  	"istio.io/istio/tests/integration/security/util/cert"
    34  )
    35  
    36  var (
    37  	ist       istio.Instance
    38  	apps      deployment.SingleNamespaceView
    39  	jwtServer jwt.Server
    40  	echoNS    namespace.Instance
    41  	systemNs  namespace.Instance
    42  )
    43  
    44  func TestMain(m *testing.M) {
    45  	framework.
    46  		NewSuite(m).
    47  		Label(label.CustomSetup).
    48  		Setup(istio.Setup(&ist, setupConfig)).
    49  		Setup(func(ctx resource.Context) error {
    50  			var err error
    51  			systemNs, err = istio.ClaimSystemNamespace(ctx)
    52  			return err
    53  		}).
    54  		Setup(namespace.Setup(&echoNS, namespace.Config{Prefix: "echo1", Inject: true})).
    55  		SetupParallel(
    56  			jwt.Setup(&jwtServer, namespace.Future(&systemNs)),
    57  			deployment.SetupSingleNamespace(&apps, deployment.Config{
    58  				Namespaces: []namespace.Getter{
    59  					namespace.Future(&echoNS),
    60  				},
    61  			})).
    62  		Run()
    63  }
    64  
    65  func setupConfig(ctx resource.Context, cfg *istio.Config) {
    66  	if cfg == nil {
    67  		return
    68  	}
    69  	script := path.Join(env.IstioSrc, "samples/jwt-server/testdata", "ca.crt")
    70  	rootCaCert, err := cert.LoadCert(script)
    71  	if err != nil {
    72  		return
    73  	}
    74  	// command to generate certificate
    75  	// use the generated ca.crt by following https://github.com/istio/istio/blob/master/samples/jwt-server/testdata/README.MD
    76  	// TODO(garyan): enable the test for "PILOT_JWT_ENABLE_REMOTE_JWKS: true" as well.
    77  	cfg.ControlPlaneValues = tmpl.MustEvaluate(`
    78  values:
    79    pilot: 
    80      jwksResolverExtraRootCA: |
    81  {{.pem | indent 6}}
    82      env: 
    83        PILOT_JWT_ENABLE_REMOTE_JWKS: false
    84  meshConfig:
    85    accessLogFile: /dev/stdout`, map[string]string{"pem": rootCaCert})
    86  	cfg.ConfigClusterValues = cfg.ControlPlaneValues
    87  }