- Improving.

general-kroll-4-life · general-kroll-4-life · commit 7f72991799c4 · 2025-01-29T20:39:47.000+11:00
diff --git a/test/assets/credentials/dummy/google/docker-functional-test-dummy-sa-key.json b/test/assets/credentials/dummy/google/docker-functional-test-dummy-sa-key.json
@@ -6,7 +6,7 @@
   "client_email": "silly-sa@silly-project-01.iam.gserviceaccount.com",
   "client_id": "11",
   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
-  "token_uri": "http://host.docker.internal:2091/google/simple/token",
+  "token_uri": "https://host.docker.internal:2091/google/simple/token",
   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/silly-sa%40silly-project-01.iam.gserviceaccount.com"
 }
diff --git a/test/assets/credentials/dummy/google/functional-test-dummy-sa-key.json b/test/assets/credentials/dummy/google/functional-test-dummy-sa-key.json
@@ -6,7 +6,7 @@
   "client_email": "silly-sa@silly-project-01.iam.gserviceaccount.com",
   "client_id": "11",
   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
-  "token_uri": "http://localhost:2091/google/simple/token",
+  "token_uri": "https://localhost:2091/google/simple/token",
   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/silly-sa%40silly-project-01.iam.gserviceaccount.com"
 }
diff --git a/test/python/flask/README.md b/test/python/flask/README.md
@@ -18,74 +18,80 @@ pgrep -f flask | xargs kill -9
 GCP mocks:
 
 ```bash
-flask --app=${HOME}/stackql/stackql-devel/test/python/flask/gcp/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem  --port  1080
+flask --app=${HOME}/stackql/stackql-devel/test/python/flask/gcp/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem --host 0.0.0.0 --port  1080
 ```
 
 Azure mocks:
 
 ```bash
-flask --app=${HOME}/stackql/stackql-devel/test/python/flask/azure/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem --port 1095
+flask --app=${HOME}/stackql/stackql-devel/test/python/flask/azure/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem --host 0.0.0.0 --port 1095
 ```
 
 Okta mocks:
 
 ```bash
-flask --app=${HOME}/stackql/stackql-devel/test/python/flask/okta/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem  --port 1090
+flask --app=${HOME}/stackql/stackql-devel/test/python/flask/okta/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem --host 0.0.0.0  --port 1090
 ```
 
 AWS mocks:
 
 ```bash
-flask --app=${HOME}/stackql/stackql-devel/test/python/flask/aws/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem  --port 1091
+flask --app=${HOME}/stackql/stackql-devel/test/python/flask/aws/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem --host 0.0.0.0  --port 1091
 ```
 
 Github mocks:
 
 ```bash
-flask --app=${HOME}/stackql/stackql-devel/test/python/flask/github/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem  --port 1093
+flask --app=${HOME}/stackql/stackql-devel/test/python/flask/github/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem --host 0.0.0.0 --port 1093
 ```
 
 Sumologic mocks:
 
 ```bash
-flask --app=${HOME}/stackql/stackql-devel/test/python/flask/okta/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem  --port 1096
+flask --app=${HOME}/stackql/stackql-devel/test/python/flask/okta/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem --host 0.0.0.0 --port 1096
 ```
 
 Digitalocean mocks:
 
 ```bash
-flask --app=${HOME}/stackql/stackql-devel/test/python/flask/digitalocean/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem  --port 1097
+flask --app=${HOME}/stackql/stackql-devel/test/python/flask/digitalocean/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem --host 0.0.0.0 --port 1097
 ```
 
 `googleadmin` mocks:
 
 ```bash
-flask --app=${HOME}/stackql/stackql-devel/test/python/flask/googleadmin/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem  --port 1098
+flask --app=${HOME}/stackql/stackql-devel/test/python/flask/googleadmin/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem --host 0.0.0.0 --port 1098
 ```
 
 stackql auth testing mocks:
 
 ```bash
-flask --app=${HOME}/stackql/stackql-devel/test/python/flask/static_auth/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem  --port  1170
+flask --app=${HOME}/stackql/stackql-devel/test/python/flask/static_auth/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem --host 0.0.0.0 --port  1170
+```
+
+Token server mocks:
+
+```bash
+flask --app=${HOME}/stackql/stackql-devel/test/python/flask/static_auth/app run --cert=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_cert.pem --key=${HOME}/stackql/stackql-devel/test/server/mtls/credentials/pg_server_key.pem --host 0.0.0.0 --port  2091
 ```
 
 
 ### Manually testing mocks
 
-With embedded `sqlite` (default):
+With embedded `sqlite` (default), from the root of this repository:
 
 ```bash
-export workspaceFolder='/path/to/repository/root'  # change this
+export workspaceFolder="$(pwd)"
 
 stackql --registry="{ \"url\": \"file://${workspaceFolder}/test/registry-mocked\", \"localDocRoot\": \"${workspaceFolder}/test/registry-mocked\", \"verifyConfig\": { \"nopVerify\": true } }" --tls.allowInsecure shell
 ```
 
-With `postgres`:
+With `postgres`, from the root of this repository:
 
 ```bash
 docker compose -f docker-compose-externals.yml up postgres_stackql -d
 
-export workspaceFolder='/path/to/repository/root'  # change this
+export workspaceFolder="$(pwd)"
 
 stackql --registry="{ \"url\": \"file://${workspaceFolder}/test/registry-mocked\", \"localDocRoot\": \"${workspaceFolder}/test/registry-mocked\", \"verifyConfig\": { \"nopVerify\": true } }" --tls.allowInsecure --sqlBackend="{ \"dbEngine\": \"postgres_tcp\", \"sqlDialect\": \"postgres\", \"dsn\": \"postgres://stackql:stackql@127.0.0.1:7432/stackql\" }" shell
 ```
diff --git a/test/registry/src/stackql_oauth2_testing/v0.1.0/provider.yaml b/test/registry/src/stackql_oauth2_testing/v0.1.0/provider.yaml
@@ -27,7 +27,7 @@ config:
     client_secret_env_var: 'YOUR_OAUTH2_CLIENT_SECRET_ENV_VAR'
     type: "oauth2"
     grant_type: "client_credentials"
-    token_url: 'http://localhost:2091/{{ .__env__YOUR_OAUTH2_SOME_SYSTEM_ACCOUNT_ID }}/simple/token'
+    token_url: 'https://localhost:2091/{{ .__env__YOUR_OAUTH2_SOME_SYSTEM_ACCOUNT_ID }}/simple/token'
     scopes:
       - 'scope-01'
       - 'scope-02'
diff --git a/test/robot/lib/stackql_context.py b/test/robot/lib/stackql_context.py
@@ -249,7 +249,7 @@ def get_local_temp_path(inode_name: str, execution_env: str) -> str:
   "grant_type": "client_credentials",
   "client_id": "dummy_client_id",
   "client_secret": "dummy_client_secret",
-  "token_url": "http://localhost:2091/contrived/simple/error/token",
+  "token_url": "https://localhost:2091/contrived/simple/error/token",
   "scopes": ["scope1", "scope2"]
 }
 
@@ -312,7 +312,7 @@ def get_local_temp_path(inode_name: str, execution_env: str) -> str:
   "grant_type": "client_credentials",
   "client_id": "dummy_client_id",
   "client_secret": "dummy_client_secret",
-  "token_url": "http://host.docker.internal:2091/contrived/simple/error/token",
+  "token_url": "https://host.docker.internal:2091/contrived/simple/error/token",
   "scopes": ["scope1", "scope2"]
 }
 
diff --git a/test/tcp/reverse-proxy/nginx/elegant-sni-proxy.conf b/test/tcp/reverse-proxy/nginx/elegant-sni-proxy.conf
@@ -0,0 +1,31 @@
+worker_processes  1;
+
+#error_log  logs/error.log;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+
+#pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+stream {  
+
+  map $ssl_preread_server_name $targetBackend {
+    storage.googleapis.com  127.0.0.1:1080;
+    localhost  127.0.0.1:2091;
+  }   
+ 
+  server {
+    listen 1443; 
+        
+    proxy_connect_timeout 1s;
+    proxy_timeout 3s;
+    resolver 1.1.1.1;
+    
+    proxy_pass $targetBackend;       
+    ssl_preread on;
+  }
+}
diff --git a/test/tcp/reverse-proxy/nginx/mocks-tls-pass-through.conf b/test/tcp/reverse-proxy/nginx/mocks-tls-pass-through.conf
@@ -0,0 +1,42 @@
+worker_processes  1;
+
+#error_log  logs/error.log;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+
+#pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+stream {
+    upstream web_server {
+        # Our web server, listening for SSL traffic
+        # Note the web server will expect traffic
+        # at this xip.io "domain", just for our
+        # example here
+        server 127.0.0.1:1080;
+    }
+
+    upstream token_server {
+        # Our web server, listening for SSL traffic
+        # Note the web server will expect traffic
+        # at this xip.io "domain", just for our
+        # example here
+        server 127.0.0.1:2091;
+    }
+
+    server {
+        listen 1443;
+        server_name  storage.googleapis.com;
+        proxy_pass web_server;
+    }
+
+    server {
+        listen 1443;
+        server_name  localhost;
+        proxy_pass token_server;
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`	`"client_email": "[email protected]",`
`7`	`7`	`"client_id": "11",`
`8`	`8`	`"auth_uri": "https://accounts.google.com/o/oauth2/auth",`
`9`		`- "token_uri": "http://host.docker.internal:2091/google/simple/token",`
	`9`	`+ "token_uri": "https://host.docker.internal:2091/google/simple/token",`
`10`	`10`	`"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",`
`11`	`11`	`"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/silly-sa%40silly-project-01.iam.gserviceaccount.com"`
`12`	`12`	`}`