Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add invalid and incorrect URI tests to E2E script #363

Merged
merged 6 commits into from
Oct 23, 2023
Merged

Add invalid and incorrect URI tests to E2E script #363

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
31f4241
Add negative authorization test to E2E script
okhasawn Oct 20, 2023
4178ae8
Fix linting issues
okhasawn Oct 20, 2023
0b5a582
Add description for test
okhasawn Oct 20, 2023
39f809c
Merge branch 'main' into negativeAuth
okhasawn Oct 20, 2023
8521fa1
Add missing creds scenario
okhasawn Oct 20, 2023
3a61ee2
Added tests for invalid and incorrect URIs
okhasawn Oct 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 43 additions & 3 deletions test/tests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
import time
import requests
import uuid
import string
import secrets
from requests.exceptions import ConnectionError, SSLError

logger = logging.getLogger(__name__)
Expand Down Expand Up @@ -69,7 +71,7 @@ def tearDown(self):
delete_index(self.proxy_endpoint, self.index, self.auth)
delete_document(self.proxy_endpoint, self.index, self.doc_id, self.auth)

def test_001_index(self):
def test_0001_index(self):
# This test will verify that an index will be created (then deleted) on the target cluster when one is created
# on the source cluster by going through the proxy first. It will verify that the traffic is captured by the
# proxy and that the traffic reaches the source cluster, replays said traffic to the target cluster by the
Expand Down Expand Up @@ -98,7 +100,7 @@ def test_001_index(self):
expected_status_code=HTTPStatus.NOT_FOUND)
self.assertEqual(source_response.status_code, HTTPStatus.NOT_FOUND)

def test_002_document(self):
def test_0002_document(self):
# This test will verify that a document will be created (then deleted) on the target cluster when one is created
# on the source cluster by going through the proxy first. It will verify that the traffic is captured by the
# proxy and that the traffic reaches the source cluster, replays said traffic to the target cluster by the
Expand Down Expand Up @@ -156,7 +158,45 @@ def test_002_document(self):
expected_status_code=HTTPStatus.NOT_FOUND)
self.assertEqual(source_response.status_code, HTTPStatus.NOT_FOUND)

def test_003_jupyterAwake(self):
def test_0003_jupyterAwake(self):
# Making sure that the Jupyter notebook is up and can be reached.
response = requests.get(self.jupyter_endpoint)
self.assertEqual(response.status_code, HTTPStatus.OK)

def test_0004_negativeAuth_invalidCreds(self):
# This test sends negative credentials to the clusters to validate that unauthorized access is prevented.
alphabet = string.ascii_letters + string.digits
for _ in range(10):
username = ''.join(secrets.choice(alphabet) for _ in range(8))
password = ''.join(secrets.choice(alphabet) for _ in range(8))

credentials = [
(username, password),
(self.username, password),
(username, self.password)
]

for user, pw in credentials:
response = requests.get(self.proxy_endpoint, auth=(user, pw), verify=False)
self.assertEqual(response.status_code, HTTPStatus.UNAUTHORIZED)

def test_0005_negativeAuth_missingCreds(self):
# This test will use no credentials at all
# With an empty authorization header
response = requests.get(self.proxy_endpoint, auth=('', ''), verify=False)
self.assertEqual(response.status_code, HTTPStatus.UNAUTHORIZED)

# Without an authorization header.
response = requests.get(self.proxy_endpoint, verify=False)
self.assertEqual(response.status_code, HTTPStatus.UNAUTHORIZED)

def test_0006_invalidIncorrectUri(self):
# This test will send an invalid URI
invalidUri = "/invalidURI"
response = requests.get(f'{self.proxy_endpoint}{invalidUri}', auth=self.auth, verify=False)
self.assertEqual(response.status_code, HTTPStatus.NOT_FOUND)

# This test will send an incorrect URI
incorrectUri = "/_cluster/incorrectUri"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was surprised by this request returning a 405 so I checked on the OpenSearch cluster and the return is different. Nothing to action now. Just something to keep in mind:

TrafficCapture git:(all-cdk-poc) ✗ curl https://localhost:19200/_cluster/incorrectUri --insecure -u admin:admin -v
*   Trying 127.0.0.1:19200...
* Connected to localhost (127.0.0.1) port 19200 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Request CERT (13):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Certificate (11):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: DC=de; L=test; O=node; OU=node; CN=node-0.example.com
*  start date: Apr 22 03:43:47 2018 GMT
*  expire date: Apr 19 03:43:47 2028 GMT
*  issuer: DC=com; DC=example; O=Example Com Inc.; OU=Example Com Inc. Root CA; CN=Example Com Inc. Root CA
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* using HTTP/1.x
* Server auth using Basic with user 'admin'
> GET /_cluster/incorrectUri HTTP/1.1
> Host: localhost:19200
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/8.1.2
> Accept: */*
>
< HTTP/1.1 405 Method Not Allowed
< Allow: POST
< content-type: application/json; charset=UTF-8
< content-length: 113
<
* Connection #0 to host localhost left intact
{"error":"Incorrect HTTP method for uri [/_cluster/incorrectUri] and method [GET], allowed: [POST]","status":405}%
➜  TrafficCapture git:(all-cdk-poc) ✗ curl https://localhost:29200/_cluster/incorrectUri --insecure -u admin:admin -v
*   Trying 127.0.0.1:29200...
* Connected to localhost (127.0.0.1) port 29200 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Request CERT (13):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Certificate (11):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: DC=de; L=test; O=node; OU=node; CN=node-0.example.com
*  start date: Apr 22 03:43:47 2018 GMT
*  expire date: Apr 19 03:43:47 2028 GMT
*  issuer: DC=com; DC=example; O=Example Com Inc.; OU=Example Com Inc. Root CA; CN=Example Com Inc. Root CA
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* using HTTP/1.x
* Server auth using Basic with user 'admin'
> GET /_cluster/incorrectUri HTTP/1.1
> Host: localhost:29200
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/8.1.2
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< content-type: application/json; charset=UTF-8
< content-length: 78
<
* Connection #0 to host localhost left intact
{"error":"no handler found for uri [/_cluster/incorrectUri] and method [GET]"}%

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for pointing that out Brian!

response = requests.get(f'{self.proxy_endpoint}{incorrectUri}', auth=self.auth, verify=False)
self.assertEqual(response.status_code, HTTPStatus.METHOD_NOT_ALLOWED)
Loading