XiaoMo/frp
1
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-01-11 22:23:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

add e2e tests for exec-based token source (#5111)

Browse Source
This commit is contained in:
fatedier
2026-01-04 14:45:51 +08:00
committed by GitHub
parent ef96481f58
commit 33428ab538
1 changed files with 162 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

162
test/e2e/v1/basic/token_source.go
View File

@@ -29,6 +29,18 @@ import (
var _ = ginkgo.Describe("[Feature: TokenSource]", func() { var _ = ginkgo.Describe("[Feature: TokenSource]", func() {
f := framework.NewDefaultFramework() f := framework.NewDefaultFramework()
createExecTokenScript := func(name string) string {
scriptPath := filepath.Join(f.TempDirectory, name)
scriptContent := `#!/bin/sh
printf '%s\n' "$1"
`
err := os.WriteFile(scriptPath, []byte(scriptContent), 0o600)
framework.ExpectNoError(err)
err = os.Chmod(scriptPath, 0o700)
framework.ExpectNoError(err)
return scriptPath
}
ginkgo.Describe("File-based token loading", func() { ginkgo.Describe("File-based token loading", func() {
ginkgo.It("should work with file tokenSource", func() { ginkgo.It("should work with file tokenSource", func() {
// Create a temporary token file // Create a temporary token file
@@ -214,4 +226,154 @@ auth.tokenSource.file.path = "%s"
f.RunProcesses([]string{serverConf}, []string{}) f.RunProcesses([]string{serverConf}, []string{})
}) })
}) })
ginkgo.Describe("Exec-based token loading", func() {
ginkgo.It("should work with server tokenSource", func() {
execValue := "exec-server-value"
scriptPath := createExecTokenScript("server_token_exec.sh")
serverPort := f.AllocPort()
remotePort := f.AllocPort()
serverConf := fmt.Sprintf(`
bindAddr = "0.0.0.0"
bindPort = %d
auth.tokenSource.type = "exec"
auth.tokenSource.exec.command = %q
auth.tokenSource.exec.args = [%q]
`, serverPort, scriptPath, execValue)
clientConf := fmt.Sprintf(`
serverAddr = "127.0.0.1"
serverPort = %d
loginFailExit = false
auth.token = %q
[[proxies]]
name = "tcp"
type = "tcp"
localPort = %d
remotePort = %d
`, serverPort, execValue, f.PortByName(framework.TCPEchoServerPort), remotePort)
serverConfigPath := f.GenerateConfigFile(serverConf)
clientConfigPath := f.GenerateConfigFile(clientConf)
_, _, err := f.RunFrps("-c", serverConfigPath, "--allow-unsafe=TokenSourceExec")
framework.ExpectNoError(err)
_, _, err = f.RunFrpc("-c", clientConfigPath, "--allow-unsafe=TokenSourceExec")
framework.ExpectNoError(err)
framework.NewRequestExpect(f).Port(remotePort).Ensure()
})
ginkgo.It("should work with client tokenSource", func() {
execValue := "exec-client-value"
scriptPath := createExecTokenScript("client_token_exec.sh")
serverPort := f.AllocPort()
remotePort := f.AllocPort()
serverConf := fmt.Sprintf(`
bindAddr = "0.0.0.0"
bindPort = %d
auth.token = %q
`, serverPort, execValue)
clientConf := fmt.Sprintf(`
serverAddr = "127.0.0.1"
serverPort = %d
loginFailExit = false
auth.tokenSource.type = "exec"
auth.tokenSource.exec.command = %q
auth.tokenSource.exec.args = [%q]
[[proxies]]
name = "tcp"
type = "tcp"
localPort = %d
remotePort = %d
`, serverPort, scriptPath, execValue, f.PortByName(framework.TCPEchoServerPort), remotePort)
serverConfigPath := f.GenerateConfigFile(serverConf)
clientConfigPath := f.GenerateConfigFile(clientConf)
_, _, err := f.RunFrps("-c", serverConfigPath, "--allow-unsafe=TokenSourceExec")
framework.ExpectNoError(err)
_, _, err = f.RunFrpc("-c", clientConfigPath, "--allow-unsafe=TokenSourceExec")
framework.ExpectNoError(err)
framework.NewRequestExpect(f).Port(remotePort).Ensure()
})
ginkgo.It("should work with both server and client tokenSource", func() {
execValue := "exec-shared-value"
scriptPath := createExecTokenScript("shared_token_exec.sh")
serverPort := f.AllocPort()
remotePort := f.AllocPort()
serverConf := fmt.Sprintf(`
bindAddr = "0.0.0.0"
bindPort = %d
auth.tokenSource.type = "exec"
auth.tokenSource.exec.command = %q
auth.tokenSource.exec.args = [%q]
`, serverPort, scriptPath, execValue)
clientConf := fmt.Sprintf(`
serverAddr = "127.0.0.1"
serverPort = %d
loginFailExit = false
auth.tokenSource.type = "exec"
auth.tokenSource.exec.command = %q
auth.tokenSource.exec.args = [%q]
[[proxies]]
name = "tcp"
type = "tcp"
localPort = %d
remotePort = %d
`, serverPort, scriptPath, execValue, f.PortByName(framework.TCPEchoServerPort), remotePort)
serverConfigPath := f.GenerateConfigFile(serverConf)
clientConfigPath := f.GenerateConfigFile(clientConf)
_, _, err := f.RunFrps("-c", serverConfigPath, "--allow-unsafe=TokenSourceExec")
framework.ExpectNoError(err)
_, _, err = f.RunFrpc("-c", clientConfigPath, "--allow-unsafe=TokenSourceExec")
framework.ExpectNoError(err)
framework.NewRequestExpect(f).Port(remotePort).Ensure()
})
ginkgo.It("should fail validation without allow-unsafe", func() {
execValue := "exec-unsafe-value"
scriptPath := createExecTokenScript("unsafe_token_exec.sh")
serverPort := f.AllocPort()
serverConf := fmt.Sprintf(`
bindAddr = "0.0.0.0"
bindPort = %d
auth.tokenSource.type = "exec"
auth.tokenSource.exec.command = %q
auth.tokenSource.exec.args = [%q]
`, serverPort, scriptPath, execValue)
serverConfigPath := f.GenerateConfigFile(serverConf)
_, output, err := f.RunFrps("verify", "-c", serverConfigPath)
framework.ExpectNoError(err)
framework.ExpectContainSubstring(output, "unsafe feature \"TokenSourceExec\" is not enabled")
})
})
}) })