feat: bump endpoints version to support secret

gravitee-io · Jan 17, 2025 · e1467f4 · e1467f4
1 parent 7ddc6f6
commit e1467f4
Show file tree

Hide file tree

Showing 13 changed files with 535 additions and 10 deletions.
diff --git a/...ava/io/gravitee/apim/integration/tests/messages/AbstractMqtt5EndpointIntegrationTest.java b/...ava/io/gravitee/apim/integration/tests/messages/AbstractMqtt5EndpointIntegrationTest.java
@@ -149,7 +149,12 @@ public void configureApi(ReactableApi<?> api, Class<?> definitionClass) {
                 .flatMap(eg -> eg.getEndpoints().stream())
                 .filter(endpoint -> endpoint.getType().equals("mqtt5"))
                 .forEach(endpoint ->
-                    endpoint.setConfiguration(endpoint.getConfiguration().replace("mqtt5-port", Integer.toString(mqtt5.getMqttPort())))
+                    endpoint.setConfiguration(
+                        endpoint
+                            .getConfiguration()
+                            .replace("mqtt5-host", mqtt5.getHost())
+                            .replace("mqtt5-port", Integer.toString(mqtt5.getMqttPort()))
+                    )
                 );
         }
     }

diff --git a/...pim/integration/tests/messages/httpget/HttpGetEntrypointMqtt5EndpointIntegrationTest.java b/...pim/integration/tests/messages/httpget/HttpGetEntrypointMqtt5EndpointIntegrationTest.java
@@ -18,17 +18,27 @@
 import static org.assertj.core.api.Assertions.assertThat;
 
 import com.graviteesource.entrypoint.http.get.HttpGetEntrypointConnectorFactory;
+import com.graviteesource.secretprovider.hcvault.HCVaultSecretProvider;
+import com.graviteesource.secretprovider.hcvault.HCVaultSecretProviderFactory;
+import com.graviteesource.secretprovider.hcvault.config.manager.VaultConfig;
+import com.graviteesource.service.secrets.SecretsService;
 import com.hivemq.client.mqtt.datatypes.MqttQos;
 import io.gravitee.apim.gateway.tests.sdk.annotations.DeployApi;
 import io.gravitee.apim.gateway.tests.sdk.annotations.GatewayTest;
+import io.gravitee.apim.gateway.tests.sdk.configuration.GatewayConfigurationBuilder;
 import io.gravitee.apim.gateway.tests.sdk.connector.EntrypointBuilder;
+import io.gravitee.apim.gateway.tests.sdk.secrets.SecretProviderBuilder;
 import io.gravitee.apim.integration.tests.fake.MessageFlowReadyPolicy;
 import io.gravitee.apim.integration.tests.messages.AbstractMqtt5EndpointIntegrationTest;
 import io.gravitee.common.http.MediaType;
+import io.gravitee.common.service.AbstractService;
 import io.gravitee.common.utils.UUID;
 import io.gravitee.gateway.api.http.HttpHeaderNames;
 import io.gravitee.gateway.reactive.api.qos.Qos;
+import io.gravitee.node.secrets.plugins.SecretProviderPlugin;
 import io.gravitee.plugin.entrypoint.EntrypointConnectorPlugin;
+import io.gravitee.secrets.api.plugin.SecretManagerConfiguration;
+import io.gravitee.secrets.api.plugin.SecretProviderFactory;
 import io.reactivex.rxjava3.annotations.NonNull;
 import io.reactivex.rxjava3.core.Completable;
 import io.reactivex.rxjava3.core.Flowable;
@@ -41,19 +51,24 @@
 import io.vertx.rxjava3.core.buffer.Buffer;
 import io.vertx.rxjava3.core.http.HttpClient;
 import io.vertx.rxjava3.core.http.HttpClientResponse;
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicInteger;
+import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.DisplayNameGeneration;
 import org.junit.jupiter.api.DisplayNameGenerator;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.EnumSource;
 import org.junit.jupiter.params.provider.MethodSource;
+import org.testcontainers.containers.Container;
+import org.testcontainers.vault.VaultContainer;
 
 /**
  * @author Yann TAVERNIER (yann.tavernier at graviteesource.com)
@@ -63,11 +78,63 @@
 @DisplayNameGeneration(DisplayNameGenerator.ReplaceUnderscores.class)
 class HttpGetEntrypointMqtt5EndpointIntegrationTest extends AbstractMqtt5EndpointIntegrationTest {
 
+    private static final String VAULT_TOKEN = java.util.UUID.randomUUID().toString();
+
+    @org.testcontainers.junit.jupiter.Container
+    protected static final VaultContainer vaultContainer = new VaultContainer<>("hashicorp/vault:1.13.3")
+        .withVaultToken(VAULT_TOKEN)
+        .dependsOn(mqtt5);
+
+    @AfterAll
+    static void cleanup() {
+        vaultContainer.close();
+    }
+
     @Override
     public void configureEntrypoints(Map<String, EntrypointConnectorPlugin<?, ?>> entrypoints) {
         entrypoints.putIfAbsent("http-get", EntrypointBuilder.build("http-get", HttpGetEntrypointConnectorFactory.class));
     }
 
+    @Override
+    public void configureGateway(GatewayConfigurationBuilder configurationBuilder) {
+        super.configureGateway(configurationBuilder);
+        // create a renewable token so the plugin does not start panicking
+        Container.ExecResult execResult;
+        try {
+            execResult = vaultContainer.execInContainer("vault", "token", "create", "-period=10m", "-field", "token");
+        } catch (IOException | InterruptedException e) {
+            throw new RuntimeException(e);
+        }
+        String token = execResult.getStdout();
+        configurationBuilder.setYamlProperty("api.secrets.providers[0].plugin", "vault");
+        configurationBuilder.setYamlProperty("api.secrets.providers[0].configuration.enabled", true);
+        configurationBuilder.setYamlProperty("api.secrets.providers[0].configuration.host", vaultContainer.getHost());
+        configurationBuilder.setYamlProperty("api.secrets.providers[0].configuration.port", vaultContainer.getMappedPort(8200));
+        configurationBuilder.setYamlProperty("api.secrets.providers[0].configuration.ssl.enabled", "false");
+        configurationBuilder.setYamlProperty("api.secrets.providers[0].configuration.auth.method", "token");
+        configurationBuilder.setYamlProperty("api.secrets.providers[0].configuration.auth.config.token", token);
+        try {
+            vaultContainer.execInContainer("vault", "kv", "put", "secret/mqtt5", "host=" + mqtt5.getHost());
+        } catch (IOException | InterruptedException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    @Override
+    public void configureSecretProviders(
+        Set<SecretProviderPlugin<? extends SecretProviderFactory<?>, ? extends SecretManagerConfiguration>> secretProviderPlugins
+    ) {
+        secretProviderPlugins.add(
+            SecretProviderBuilder.build(HCVaultSecretProvider.PLUGIN_ID, HCVaultSecretProviderFactory.class, VaultConfig.class)
+        );
+    }
+
+    @Override
+    public void configureServices(Set<Class<? extends AbstractService<?>>> services) {
+        super.configureServices(services);
+        services.add(SecretsService.class);
+    }
+
     @ParameterizedTest
     @MethodSource("qosParameters")
     @DeployApi({ "/apis/v4/messages/mqtt5/mqtt5-endpoint-qos-auto.json", "/apis/v4/messages/mqtt5/mqtt5-endpoint-qos-none.json" })
@@ -216,6 +283,28 @@ void should_receive_error_messages_when_error_occurred(HttpClient httpClient) {
             });
     }
 
+    @Test
+    @DeployApi({ "/apis/v4/messages/mqtt5/mqtt5-endpoint-secret.json" })
+    void should_receive_messages_with_secret(HttpClient httpClient) {
+        final int messageCount = 10;
+        final List<Completable> readyObs = new ArrayList<>();
+
+        final Single<HttpClientResponse> get = createGetRequest("/test-secret", UUID.random().toString(), httpClient, readyObs);
+
+        final TestSubscriber<JsonObject> obs = Flowable
+            .fromSingle(get.doOnSuccess(response -> assertThat(response.statusCode()).isEqualTo(200)))
+            .concatWith(publishMessagesWhenReady(readyObs, TEST_TOPIC + "-secret", MqttQos.AT_LEAST_ONCE))
+            .flatMap(response -> response.rxBody().flatMapPublisher(buffer -> extractMessages(buffer, extractTransactionId(response))))
+            .take(messageCount)
+            .test()
+            .awaitDone(30, TimeUnit.SECONDS)
+            .assertValueCount(messageCount);
+
+        verifyMessagesAreOrdered(messageCount, obs);
+        verifyMessagesAreUniques(messageCount, obs);
+        verifyMessagesAreBetweenRange(0, messageCount, obs);
+    }
+
     @NonNull
     private Flowable<JsonObject> extractMessages(Buffer body, String transactionId) {
         final JsonObject jsonResponse = new JsonObject(body.toString());

diff --git a/.../integration/tests/messages/httpget/HttpGetEntrypointRabbitMQEndpointIntegrationTest.java b/.../integration/tests/messages/httpget/HttpGetEntrypointRabbitMQEndpointIntegrationTest.java
@@ -18,34 +18,101 @@
 import static org.assertj.core.api.Assertions.assertThat;
 
 import com.graviteesource.entrypoint.http.get.HttpGetEntrypointConnectorFactory;
+import com.graviteesource.secretprovider.hcvault.HCVaultSecretProvider;
+import com.graviteesource.secretprovider.hcvault.HCVaultSecretProviderFactory;
+import com.graviteesource.secretprovider.hcvault.config.manager.VaultConfig;
+import com.graviteesource.service.secrets.SecretsService;
 import io.gravitee.apim.gateway.tests.sdk.annotations.DeployApi;
 import io.gravitee.apim.gateway.tests.sdk.annotations.GatewayTest;
+import io.gravitee.apim.gateway.tests.sdk.configuration.GatewayConfigurationBuilder;
 import io.gravitee.apim.gateway.tests.sdk.connector.EntrypointBuilder;
+import io.gravitee.apim.gateway.tests.sdk.secrets.SecretProviderBuilder;
 import io.gravitee.apim.integration.tests.messages.AbstractRabbitMQEndpointIntegrationTest;
 import io.gravitee.common.http.MediaType;
+import io.gravitee.common.service.AbstractService;
 import io.gravitee.gateway.api.http.HttpHeaderNames;
 import io.gravitee.gateway.reactive.api.qos.Qos;
+import io.gravitee.node.secrets.plugins.SecretProviderPlugin;
 import io.gravitee.plugin.entrypoint.EntrypointConnectorPlugin;
+import io.gravitee.secrets.api.plugin.SecretManagerConfiguration;
+import io.gravitee.secrets.api.plugin.SecretProviderFactory;
 import io.vertx.core.http.HttpMethod;
 import io.vertx.core.json.JsonArray;
 import io.vertx.core.json.JsonObject;
 import io.vertx.rxjava3.core.http.HttpClient;
 import io.vertx.rxjava3.core.http.HttpClientResponse;
+import java.io.IOException;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.TimeUnit;
+import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.EnumSource;
+import org.testcontainers.containers.Container;
+import org.testcontainers.vault.VaultContainer;
 
 @GatewayTest
 class HttpGetEntrypointRabbitMQEndpointIntegrationTest extends AbstractRabbitMQEndpointIntegrationTest {
 
+    private static final String VAULT_TOKEN = java.util.UUID.randomUUID().toString();
+
+    @org.testcontainers.junit.jupiter.Container
+    protected static final VaultContainer vaultContainer = new VaultContainer<>("hashicorp/vault:1.13.3")
+        .withVaultToken(VAULT_TOKEN)
+        .dependsOn(rabbitmqContainer);
+
+    @AfterAll
+    static void cleanup() {
+        vaultContainer.close();
+    }
+
     @Override
     public void configureEntrypoints(Map<String, EntrypointConnectorPlugin<?, ?>> entrypoints) {
         entrypoints.putIfAbsent("http-get", EntrypointBuilder.build("http-get", HttpGetEntrypointConnectorFactory.class));
     }
 
+    @Override
+    public void configureGateway(GatewayConfigurationBuilder configurationBuilder) {
+        super.configureGateway(configurationBuilder);
+        // create a renewable token so the plugin does not start panicking
+        Container.ExecResult execResult;
+        try {
+            execResult = vaultContainer.execInContainer("vault", "token", "create", "-period=10m", "-field", "token");
+        } catch (IOException | InterruptedException e) {
+            throw new RuntimeException(e);
+        }
+        String token = execResult.getStdout();
+        configurationBuilder.setYamlProperty("api.secrets.providers[0].plugin", "vault");
+        configurationBuilder.setYamlProperty("api.secrets.providers[0].configuration.enabled", true);
+        configurationBuilder.setYamlProperty("api.secrets.providers[0].configuration.host", vaultContainer.getHost());
+        configurationBuilder.setYamlProperty("api.secrets.providers[0].configuration.port", vaultContainer.getMappedPort(8200));
+        configurationBuilder.setYamlProperty("api.secrets.providers[0].configuration.ssl.enabled", "false");
+        configurationBuilder.setYamlProperty("api.secrets.providers[0].configuration.auth.method", "token");
+        configurationBuilder.setYamlProperty("api.secrets.providers[0].configuration.auth.config.token", token);
+        try {
+            vaultContainer.execInContainer("vault", "kv", "put", "secret/rabbitmq", "host=" + rabbitmqContainer.getHost());
+        } catch (IOException | InterruptedException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    @Override
+    public void configureSecretProviders(
+        Set<SecretProviderPlugin<? extends SecretProviderFactory<?>, ? extends SecretManagerConfiguration>> secretProviderPlugins
+    ) {
+        secretProviderPlugins.add(
+            SecretProviderBuilder.build(HCVaultSecretProvider.PLUGIN_ID, HCVaultSecretProviderFactory.class, VaultConfig.class)
+        );
+    }
+
+    @Override
+    public void configureServices(Set<Class<? extends AbstractService<?>>> services) {
+        super.configureServices(services);
+        services.add(SecretsService.class);
+    }
+
     @Test
     @DeployApi({ "/apis/v4/messages/http-get/http-get-entrypoint-rabbitmq-endpoint.json" })
     void should_receive_messages(HttpClient client) {
@@ -69,6 +136,29 @@ void should_receive_messages(HttpClient client) {
             });
     }
 
+    @Test
+    @DeployApi({ "/apis/v4/messages/http-get/http-get-entrypoint-rabbitmq-endpoint-secret.json" })
+    void should_receive_messages_with_secret(HttpClient client) {
+        client
+            .rxRequest(HttpMethod.GET, "/test-secret")
+            .flatMap(request -> {
+                request.putHeader(HttpHeaderNames.ACCEPT.toString(), MediaType.APPLICATION_JSON);
+                return request.send();
+            })
+            .doOnSuccess(response -> assertThat(response.statusCode()).isEqualTo(200))
+            .flatMap(response -> publishToRabbitMQ(exchange, routingKey, List.of("message")).andThen(response.body()))
+            .test()
+            .awaitDone(30, TimeUnit.SECONDS)
+            .assertValue(body -> {
+                final JsonObject jsonResponse = new JsonObject(body.toString());
+                final JsonArray items = jsonResponse.getJsonArray("items");
+                assertThat(items).hasSize(1);
+                final JsonObject message = items.getJsonObject(0);
+                assertThat(message.getString("content")).isEqualTo("message");
+                return true;
+            });
+    }
+
     @EnumSource(value = Qos.class, names = { "AT_MOST_ONCE", "AT_LEAST_ONCE" })
     @ParameterizedTest(name = "should receive 400 bad request with {0} qos")
     @DeployApi(