istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/archive/v1.14/docs/tasks/security/authorization/authz-ingress/test.sh

89 lines
3.4 KiB
Bash
Raw Permalink Blame History

#!/usr/bin/env bash
# shellcheck disable=SC1090,SC2154
# Copyright Istio Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -e
set -u
set -o pipefail
# @setup profile=default
# Set retries to a higher value because config update is slow.
export VERIFY_TIMEOUT=300
export CLIENT_IP
snip_before_you_begin_1
_wait_for_deployment foo httpbin
_verify_contains snip_before_you_begin_2 "rbac: debug"
# Export the INGRESS_ environment variables
_set_ingress_environment_variables
_verify_same snip_before_you_begin_3 "$snip_before_you_begin_3_out"
snip_source_ip_address_of_the_original_client_3
snip_ipbased_allow_list_and_deny_list_1
_wait_for_istio authorizationpolicy istio-system ingress-policy
_verify_same snip_ipbased_allow_list_and_deny_list_3 "$snip_ipbased_allow_list_and_deny_list_3_out"
snip_ipbased_allow_list_and_deny_list_2
_wait_for_istio authorizationpolicy istio-system ingress-policy
_verify_same snip_ipbased_allow_list_and_deny_list_3 "$snip_ipbased_allow_list_and_deny_list_3_out"
_verify_like snip_ipbased_allow_list_and_deny_list_4 "$snip_ipbased_allow_list_and_deny_list_4_out"
CLIENT_IP=$(kubectl get pods -n istio-system | grep ingress | awk '{print $1}' | while read -r pod; do kubectl logs "$pod" -n istio-system | grep remoteIP; done | tail -1 | awk -F, '{print $3}' | awk -F: '{print $2}' | sed 's/ //') && echo "$CLIENT_IP"
snip_ipbased_allow_list_and_deny_list_5
_wait_for_istio authorizationpolicy istio-system ingress-policy
_verify_same snip_ipbased_allow_list_and_deny_list_8 "$snip_ipbased_allow_list_and_deny_list_8_out"
_verify_like snip_ipbased_allow_list_and_deny_list_6 "$snip_ipbased_allow_list_and_deny_list_6_out"
CLIENT_IP=$(kubectl get pods -n istio-system | grep ingress | awk '{print $1}' | while read -r pod; do kubectl logs "$pod" -n istio-system | grep remoteIP; done | tail -1 | awk -F, '{print $4}' | awk -F: '{print $2}' | sed 's/ //') && echo "$CLIENT_IP"
snip_ipbased_allow_list_and_deny_list_7
_wait_for_istio authorizationpolicy istio-system ingress-policy
_verify_same snip_ipbased_allow_list_and_deny_list_8 "$snip_ipbased_allow_list_and_deny_list_8_out"
snip_ipbased_allow_list_and_deny_list_9
_wait_for_istio authorizationpolicy istio-system ingress-policy
CLIENT_IP=$(curl "$INGRESS_HOST":"$INGRESS_PORT"/ip -s | grep "origin" | cut -d'"' -f 4)
_verify_same snip_ipbased_allow_list_and_deny_list_11 "$snip_ipbased_allow_list_and_deny_list_11_out"
snip_ipbased_allow_list_and_deny_list_10
_wait_for_istio authorizationpolicy istio-system ingress-policy
CLIENT_IP=$(kubectl get pods -n istio-system | grep ingress | awk '{print $1}' | while read -r pod; do kubectl logs "$pod" -n istio-system | grep remoteIP; done | tail -1 | awk -F, '{print $4}' | awk -F: '{print $2}' | sed 's/ //') && echo "$CLIENT_IP"
_verify_same snip_ipbased_allow_list_and_deny_list_11 "$snip_ipbased_allow_list_and_deny_list_11_out"
_verify_contains snip_ipbased_allow_list_and_deny_list_12 "remoteIP"
# @cleanup
snip_clean_up_1
snip_clean_up_2
Reference in New Issue View Git Blame Copy Permalink