Implement integration tests. Minor tidy up too.

Author: tecarter94

domain-proxy/go.mod

@@ -1,3 +1,60 @@
 module github.com/redhat-appstudio/jvm-build-service/domain-proxy
 
 go 1.23
+
+require (
+	github.com/testcontainers/testcontainers-go v0.31.0
+	github.com/wiremock/go-wiremock v1.8.0
+	github.com/wiremock/wiremock-testcontainers-go v1.0.0-alpha-9
+)
+
+require (
+	dario.cat/mergo v1.0.0 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/Microsoft/hcsshim v0.11.4 // indirect
+	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
+	github.com/containerd/containerd v1.7.15 // indirect
+	github.com/containerd/log v0.1.0 // indirect
+	github.com/cpuguy83/dockercfg v0.3.1 // indirect
+	github.com/distribution/reference v0.5.0 // indirect
+	github.com/docker/docker v25.0.5+incompatible // indirect
+	github.com/docker/go-connections v0.5.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-ole/go-ole v1.2.6 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/klauspost/compress v1.16.0 // indirect
+	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/moby/patternmatcher v0.6.0 // indirect
+	github.com/moby/sys/sequential v0.5.0 // indirect
+	github.com/moby/sys/user v0.1.0 // indirect
+	github.com/moby/term v0.5.0 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
+	github.com/shirou/gopsutil/v3 v3.23.12 // indirect
+	github.com/shoenig/go-m1cpu v0.1.6 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
+	github.com/tklauser/go-sysconf v0.3.12 // indirect
+	github.com/tklauser/numcpus v0.6.1 // indirect
+	github.com/yusufpapurcu/wmi v1.2.3 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
+	go.opentelemetry.io/otel v1.24.0 // indirect
+	go.opentelemetry.io/otel/metric v1.24.0 // indirect
+	go.opentelemetry.io/otel/trace v1.24.0 // indirect
+	golang.org/x/crypto v0.22.0 // indirect
+	golang.org/x/mod v0.16.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
+	golang.org/x/tools v0.13.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230731190214-cbb8c96f2d6d // indirect
+	google.golang.org/grpc v1.58.3 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+)

domain-proxy/go.sum

@@ -0,0 +1,257 @@
+package integration
+
+import (
+	"context"
+	"crypto/md5"
+	"crypto/tls"
+	"encoding/hex"
+	. "github.com/redhat-appstudio/jvm-build-service/domain-proxy/pkg/client"
+	. "github.com/redhat-appstudio/jvm-build-service/domain-proxy/pkg/common"
+	. "github.com/redhat-appstudio/jvm-build-service/domain-proxy/pkg/server"
+	"github.com/testcontainers/testcontainers-go"
+	"github.com/testcontainers/testcontainers-go/wait"
+	"github.com/wiremock/go-wiremock"
+	. "github.com/wiremock/wiremock-testcontainers-go"
+	"io"
+	"math/rand"
+	"net/http"
+	"net/url"
+	"os"
+	"strconv"
+	"strings"
+	"testing"
+	"time"
+)
+
+const (
+	WireMockHttpPort  = "8080"
+	WireMockHttpsPort = "8443"
+	WireMockProtocol  = "/tcp"
+	ProxyUrl          = "http://" + Localhost + ":8081"
+	ContentType       = "text/xml"
+	Md5Hash           = "ea3ca57f8f99d1d210d1b438c9841440"
+	ContentLength     = "403"
+)
+
+type containerCustomizer struct{}
+
+func (c containerCustomizer) Customize(req *testcontainers.GenericContainerRequest) error {
+	req.ExposedPorts = []string{WireMockHttpPort + WireMockProtocol, WireMockHttpsPort + WireMockProtocol}
+	req.WaitingFor = wait.ForListeningPort(WireMockHttpPort)
+	req.Cmd = []string{"--port", WireMockHttpPort, "--https-port", WireMockHttpsPort}
+	return nil
+}
+
+func createClient(t *testing.T) *http.Client {
+	proxy, err := url.Parse(ProxyUrl)
+	if err != nil {
+		t.Fatal(err)
+	}
+	transport := &http.Transport{
+		Proxy:           http.ProxyURL(proxy),
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	}
+	return &http.Client{
+		Transport: transport,
+	}
+}
+
+func getMd5Hash(bytes []byte) string {
+	hash := md5.Sum(bytes)
+	return hex.EncodeToString(hash[:])
+}
+
+func head(urlMatchingPair wiremock.URLMatcher) *wiremock.StubRule {
+	return wiremock.NewStubRule(http.MethodHead, urlMatchingPair)
+}
+
+func TestDomainProxy(t *testing.T) {
+	// Start Wiremock container
+	ctx := context.Background()
+	container, err := RunContainerAndStopOnCleanup(ctx, t, containerCustomizer{})
+	if err != nil {
+		t.Fatal(err)
+	}
+	// HTTP Get stub
+	pom, err := os.ReadFile("testdata/bar-1.0.pom")
+	err = container.Client.StubFor(
+		wiremock.Get(wiremock.URLEqualTo("/com/foo/bar/1.0/bar-1.0.pom")).
+			WillReturnResponse(
+				wiremock.NewResponse().
+					WithHeader("Content-Type", ContentType).
+					WithBody(string(pom)).
+					WithStatus(http.StatusOK),
+			),
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	// HTTP Head stub
+	err = container.Client.StubFor(
+		head(wiremock.URLEqualTo("/com/foo/bar/1.0/bar-1.0.pom")).
+			WillReturnResponse(
+				wiremock.NewResponse().
+					WithHeader("Content-Type", ContentType).
+					WithHeader("Content-Length", ContentLength).
+					WithStatus(http.StatusOK),
+			),
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	// Set env variables
+	os.Setenv(DomainSocketKey, "/tmp/domain-socket-"+strconv.Itoa(rand.Int())+".sock")
+	os.Setenv(ServerHttpPortKey, "8081")
+	os.Setenv(ProxyTargetWhitelistKey, "localhost,foo.bar")
+	// Start services
+	domainProxyServer := NewDomainProxyServer()
+	go domainProxyServer.Start()
+	domainProxyClient := NewDomainProxyClient()
+	go domainProxyClient.Start()
+	time.Sleep(1 * time.Second)
+	defer domainProxyServer.Stop()
+	defer domainProxyClient.Stop()
+	// Get Wiremock container details
+	mappedHttpPort, err := container.MappedPort(ctx, WireMockHttpPort)
+	mappedHttpsPort, err := container.MappedPort(ctx, WireMockHttpsPort)
+	wireMockHttpUrl := "http://" + Localhost + ":" + mappedHttpPort.Port()
+	wireMockHttpsUrl := "https://" + Localhost + ":" + mappedHttpsPort.Port()
+	// Create HTTP client
+	httpClient := createClient(t)
+
+	t.Run("Test HTTP GET dependency", func(t *testing.T) {
+		response, err := httpClient.Get(wireMockHttpUrl + "/com/foo/bar/1.0/bar-1.0.pom")
+		if err != nil {
+			t.Fatal(err)
+		}
+		if response.StatusCode != http.StatusOK {
+			t.Fatalf("Actual HTTP status %d did not match expected HTTP status %d", response.StatusCode, http.StatusOK)
+		}
+		defer response.Body.Close()
+		pom, err := io.ReadAll(response.Body)
+		if err != nil {
+			t.Fatal(err)
+		}
+		hash := getMd5Hash(pom)
+		if hash != Md5Hash {
+			t.Fatalf("Actual MD5 hash %s did not match expected MD5 hash %s", hash, Md5Hash)
+		}
+	})
+
+	t.Run("Test HTTPS GET dependency", func(t *testing.T) {
+		response, err := httpClient.Get(wireMockHttpsUrl + "/com/foo/bar/1.0/bar-1.0.pom")
+		if err != nil {
+			t.Fatal(err)
+		}
+		if response.StatusCode != http.StatusOK {
+			t.Fatalf("Actual HTTP status %d did not match expected HTTP status %d", response.StatusCode, http.StatusOK)
+		}
+		defer response.Body.Close()
+		pom, err := io.ReadAll(response.Body)
+		if err != nil {
+			t.Fatal(err)
+		}
+		hash := getMd5Hash(pom)
+		if hash != Md5Hash {
+			t.Fatalf("Actual MD5 hash %s did not match expected MD5 hash %s", hash, Md5Hash)
+		}
+	})
+
+	t.Run("Test HTTP GET non-existent dependency", func(t *testing.T) {
+		response, err := httpClient.Get(wireMockHttpUrl + "/com/foo/bar/1.0/bar-2.0.pom")
+		if err != nil {
+			t.Fatal(err)
+		}
+		if response.StatusCode != http.StatusNotFound {
+			t.Fatalf("Actual HTTP status %d did not match expected HTTP status %d", response.StatusCode, http.StatusNotFound)
+		}
+	})
+
+	t.Run("Test HTTPS GET non-existent dependency", func(t *testing.T) {
+		response, err := httpClient.Get(wireMockHttpsUrl + "/com/foo/bar/1.0/bar-2.0.pom")
+		if err != nil {
+			t.Fatal(err)
+		}
+		if response.StatusCode != http.StatusNotFound {
+			t.Fatalf("Actual HTTP status %d did not match expected HTTP status %d", response.StatusCode, http.StatusNotFound)
+		}
+	})
+
+	t.Run("Test HTTP non-whitelisted host", func(t *testing.T) {
+		response, err := httpClient.Get("http://repo1.maven.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.4.1/maven-jar-plugin-3.4.1.jar")
+		if err != nil {
+			t.Fatal(err)
+		}
+		if response.StatusCode != http.StatusForbidden {
+			t.Fatalf("Actual HTTP status %d did not match expected HTTP status %d", response.StatusCode, http.StatusForbidden)
+		}
+	})
+
+	t.Run("Test HTTPS non-whitelisted host", func(t *testing.T) {
+		_, err := httpClient.Get("https://repo1.maven.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.4.1/maven-jar-plugin-3.4.1.jar")
+		statusText := http.StatusText(http.StatusForbidden)
+		if !strings.Contains(err.Error(), statusText) {
+			t.Fatalf("Actual error %s did not contain expected HTTP status text %s", err.Error(), statusText)
+		}
+	})
+
+	t.Run("Test HTTP non-existent host", func(t *testing.T) {
+		response, err := httpClient.Get("http://foo.bar")
+		if err != nil {
+			t.Fatal(err)
+		}
+		if response.StatusCode != http.StatusBadGateway {
+			t.Fatalf("Actual HTTP status %d did not match expected HTTP status %d", response.StatusCode, http.StatusBadGateway)
+		}
+	})
+
+	t.Run("Test HTTPS non-existent host", func(t *testing.T) {
+		_, err := httpClient.Get("https://foo.bar")
+		statusText := http.StatusText(http.StatusBadGateway)
+		if !strings.Contains(err.Error(), statusText) {
+			t.Fatalf("Actual error %s did not contain expected HTTP status text %s", err.Error(), statusText)
+		}
+	})
+
+	t.Run("Test HTTP HEAD dependency", func(t *testing.T) {
+		response, err := httpClient.Head(wireMockHttpUrl + "/com/foo/bar/1.0/bar-1.0.pom")
+		if err != nil {
+			t.Fatal(err)
+		}
+		actualContentLength := response.Header.Get("Content-Length")
+		if actualContentLength != ContentLength {
+			t.Fatalf("Actual content length %s did not match expected content length %s", actualContentLength, ContentLength)
+		}
+	})
+
+	t.Run("Test HTTPS HEAD dependency", func(t *testing.T) {
+		response, err := httpClient.Head(wireMockHttpsUrl + "/com/foo/bar/1.0/bar-1.0.pom")
+		if err != nil {
+			t.Fatal(err)
+		}
+		actualContentLength := response.Header.Get("Content-Length")
+		if actualContentLength != ContentLength {
+			t.Fatalf("Actual content length %s did not match expected content length %s", actualContentLength, ContentLength)
+		}
+	})
+
+	t.Run("Test HTTP HEAD non-existent dependency", func(t *testing.T) {
+		response, err := httpClient.Head(wireMockHttpUrl + "/com/foo/bar/1.0/bar-2.0.pom")
+		if err != nil {
+			t.Fatal(err)
+		}
+		if response.StatusCode != http.StatusNotFound {
+			t.Fatalf("Actual HTTP status %d did not match expected HTTP status %d", response.StatusCode, http.StatusNotFound)
+		}
+	})
+
+	t.Run("Test HTTPS HEAD non-existent dependency", func(t *testing.T) {
+		response, err := httpClient.Head(wireMockHttpsUrl + "/com/foo/bar/1.0/bar-2.0.pom")
+		if err != nil {
+			t.Fatal(err)
+		}
+		if response.StatusCode != http.StatusNotFound {
+			t.Fatalf("Actual HTTP status %d did not match expected HTTP status %d", response.StatusCode, http.StatusNotFound)
+		}
+	})
+}

domain-proxy/integration/domain_proxy_test.go

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.foo</groupId>
+    <artifactId>bar</artifactId>
+    <version>1.0</version>
+</project>

domain-proxy/integration/testdata/bar-1.0.pom

@@ -17,7 +17,7 @@ const (
 	HttpPort                     = 80
 	HttpsPort                    = 443
 	ProxyTargetWhitelistKey      = "PROXY_TARGET_WHITELIST"
-	DefaultProxyTargetWhitelist  = "repo1.maven.org,repo.maven.apache.org,repository.jboss.org,packages.confluent.io,jitpack.io,repo.gradle.org,plugins.gradle.org"
+	DefaultProxyTargetWhitelist  = "localhost,repo1.maven.org,repo.maven.apache.org,repository.jboss.org,packages.confluent.io,jitpack.io,repo.gradle.org,plugins.gradle.org"
 	InternalNonProxyHostsKey     = "INTERNAL_NON_PROXY_HOSTS"
 	DefaultInternalNonProxyHosts = "localhost"
 	DomainSocketToHttp           = "Domain Socket <-> HTTP"
@@ -200,8 +200,8 @@ func getTargetHostAndPort(host string, defaultPort int) (string, int) {
 }
 
 func (dps *DomainProxyServer) isTargetWhitelisted(targetHost string, writer http.ResponseWriter) bool {
-	if !dps.proxyTargetWhitelist[targetHost] && !dps.nonProxyHosts[targetHost] {
-		message := fmt.Sprintf("Target host %s is not whitelisted nor a non-proxy host", targetHost)
+	if !dps.proxyTargetWhitelist[targetHost] {
+		message := fmt.Sprintf("Target host %s is not whitelisted", targetHost)
 		logger.Println(message)
 		http.Error(writer, message, http.StatusForbidden)
 		return false

domain-proxy/integration_tests/integration_test.go

@@ -556,7 +556,7 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi
 					Name: "PROXY_TARGET_WHITELIST",
 					Value: tektonpipeline.ParamValue{
 						Type:      tektonpipeline.ParamTypeString,
-						StringVal: "cdn-ubi.redhat.com,repo1.maven.org,repo.scala-sbt.org,scala.jfrog.io,repo.typesafe.com,jfrog-prod-usw2-shared-oregon-main.s3.amazonaws.com",
+						StringVal: whitelistUrl.Host + ",localhost,cdn-ubi.redhat.com,repo1.maven.org,repo.scala-sbt.org,scala.jfrog.io,repo.typesafe.com,jfrog-prod-usw2-shared-oregon-main.s3.amazonaws.com",
 					},
 				},
 				{