Log testing

Author: joan7770

scripts

@@ -190,6 +190,7 @@ build_test() {
     --build-arg RUNNER_BASE_IMAGE=${runnerBaseImage} \
     --build-arg PORT=${port} \
     --build-arg SSL_PORT=${sslPort} \
+    --build-arg platform="linux/amd64" \
      ${dockerArgs}
 }
 
@@ -239,9 +240,16 @@ get_port() {
   endPort=$((startPort + 100))
 
   for p in $(seq ${startPort} ${endPort}); do
-    if ! ss -ln | grep -q ":${p} "; then
-      echo ${p}
-      break
+    if [ "$(uname)" == "Darwin" ]; then
+      if ! lsof -i -P | grep LISTEN | grep -q ":${p} "; then
+        echo ${p}
+        break
+      fi
+    elif [ "$(expr substr $(uname -s) 1 5)" == "Linux" ]; then
+      if ! ss -ln | grep -q ":${p} "; then
+        echo ${p}
+        break
+      fi
     fi
   done
 }

test/etc/nginx/conf.d/test.conf

@@ -1,6 +1,8 @@
 error_log /var/log/nginx/debug.log debug;
 access_log /var/log/nginx/access.log;
 
+log_format  extractTest  'Log extract test sub: $jwt_claim_sub';
+
 server {
     listen %{PORT};
     listen %{SSL_PORT} ssl;
@@ -449,4 +451,16 @@ vXjq39xtcIBRTO1c2zs=
         auth_jwt_enabled on;
         auth_jwt_redirect on;
     }
+
+    ___location /log {
+        auth_jwt_enabled on;
+        auth_jwt_redirect off;
+        auth_jwt_location HEADER=Authorization;
+        auth_jwt_validate_sub on;
+        auth_jwt_extract_var_claims sub;
+
+        access_log /var/log/nginx/test_access.log extractTest;
+
+        return 200 "logged sub";
+    }
 }

test/test.sh

@@ -27,9 +27,10 @@ run_test () {
     local curlCommand=
     local exitCode=
     local response=
+    local expectedLogSub=
     local testNum="${GRAY}${NUM_TESTS}${NC}\t"
 
-    while getopts "n:asp:r:c:x:" option; do
+    while getopts "n:asp:r:c:x:l:" option; do
       case $option in
         n)
           name=$OPTARG;;
@@ -44,6 +45,8 @@ run_test () {
           expectedResponseRegex=$OPTARG;;
         x)
           extraCurlOpts=$OPTARG;;
+        l)
+          expectedLogSub=$OPTARG;;
         \?) # Invalid option
           printf "Error: Invalid option\n";
           exit;;
@@ -81,6 +84,16 @@ run_test () {
       if [ "${okay}" == '1' ]; then
         printf "${GREEN}${name}";
       fi
+
+      if ["${expectedLogSub}" != ""]; then
+        local logEntry=$(tail -n 1 /var/log/nginx/test_access.log)
+
+        if ["${logEntry}" != "Log extract test sub:${expectedLogSub}"]; then
+          printf "${RED}${name} -- log extracted sub is not what is expected:${expectedLogSub}; logged: ${logEntry}"
+          NUM_FAILED=$((${NUM_FAILED} + 1))
+          okay=0
+        fi
+      fi
     fi
 
     if [ "${DEBUG}" == "${NUM_TESTS}" ]; then
@@ -374,6 +387,13 @@ main() {
   run_test -n 'return_url includes query when redirected to login' \
            -p '/return-url?test=123' \
            -r '< Location: https://example\.com/login\?return_url=http://nginx.*/return-url%3Ftest=123'
+  
+  run_test -n 'acess_log extract valid sub' \
+           -p '/log' \
+           -c 200 \
+           -r 'logged sub' \
+           -x '--header "Authorization: Bearer ${JWT_HS256_VALID}"' \
+           -l 'some-long-uuid'
 
   if [[ "${NUM_FAILED}" = '0' ]]; then
     printf "\nRan ${NUM_TESTS} tests successfully (skipped ${NUM_SKIPPED}).\n"