Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CheckResponse to ext_authz grpc fuzzer input #34045

Merged
merged 2 commits into from
May 13, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions test/extensions/filters/http/ext_authz/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -95,13 +95,14 @@ envoy_proto_library(
"//test/fuzz:common_proto",
"@envoy_api//envoy/config/core/v3:pkg",
"@envoy_api//envoy/extensions/filters/http/ext_authz/v3:pkg",
"@envoy_api//envoy/service/auth/v3:pkg",
],
)

envoy_cc_fuzz_test(
name = "ext_authz_grpc_fuzz_test",
srcs = ["ext_authz_grpc_fuzz_test.cc"],
corpus = "ext_authz_corpus",
corpus = "ext_authz_grpc_corpus",
deps = [
":ext_authz_fuzz_lib",
":ext_authz_fuzz_proto_cc_proto",
Expand All @@ -110,14 +111,15 @@ envoy_cc_fuzz_test(
"//test/extensions/filters/common/ext_authz:ext_authz_test_common",
"//test/extensions/filters/http/common/fuzz:http_filter_fuzzer_lib",
"//test/mocks/grpc:grpc_mocks",
"@envoy_api//envoy/extensions/filters/http/ext_authz/v3:pkg_cc_proto",
"@envoy_api//envoy/service/auth/v3:pkg_cc_proto",
],
)

envoy_cc_fuzz_test(
name = "ext_authz_http_fuzz_test",
srcs = ["ext_authz_http_fuzz_test.cc"],
corpus = "ext_authz_corpus",
corpus = "ext_authz_http_corpus",
deps = [
":ext_authz_fuzz_lib",
":ext_authz_fuzz_proto_cc_proto",
Expand All @@ -128,6 +130,7 @@ envoy_cc_fuzz_test(
"//test/mocks/network:network_mocks",
"//test/mocks/server:server_factory_context_mocks",
"//test/mocks/upstream:cluster_manager_mocks",
"@envoy_api//envoy/extensions/filters/http/ext_authz/v3:pkg_cc_proto",
"@envoy_api//envoy/service/auth/v3:pkg_cc_proto",
],
)
Expand All @@ -144,6 +147,5 @@ envoy_cc_test_library(
"//test/mocks/network:network_mocks",
"//test/mocks/server:server_factory_context_mocks",
"@envoy_api//envoy/config/core/v3:pkg_cc_proto",
"@envoy_api//envoy/extensions/filters/http/ext_authz/v3:pkg_cc_proto",
],
)

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

37 changes: 26 additions & 11 deletions test/extensions/filters/http/ext_authz/ext_authz_fuzz.proto
Original file line number Diff line number Diff line change
@@ -1,29 +1,44 @@
syntax = "proto3";
package envoy.extensions.filters.http.ext_authz;

import "envoy/config/core/v3/base.proto";
import "envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto";
import "envoy/service/auth/v3/external_auth.proto";
import "test/fuzz/common.proto";
import "envoy/config/core/v3/base.proto";
import "validate/validate.proto";

// We only fuzz a single request per iteration.
message ExtAuthzTestCase {
message ExtAuthzTestCaseBase {
envoy.extensions.filters.http.ext_authz.v3.ExtAuthz config = 1
[(validate.rules).message = {required: true}];
// HTTP request data.
test.fuzz.HttpData request_data = 2 [(validate.rules).message = {required: true}];
// Filter metadata.
envoy.config.core.v3.Metadata filter_metadata = 4;
}

message ExtAuthzTestCaseGrpc {
ExtAuthzTestCaseBase base = 1 [(validate.rules).message = {required: true}];

oneof response_or_failure_reason {
// Full auth check result. Note it is not validated to simulate an untrusted authz server (i.e.
// it can contain garbage mutations).
envoy.service.auth.v3.CheckResponse response = 2 [(validate.rules).message.skip = true];
antoniovleonti marked this conversation as resolved.
Show resolved Hide resolved
// If this is set onFailure will be called instead of onSuccess.
string failure_reason = 3;
antoniovleonti marked this conversation as resolved.
Show resolved Hide resolved
}
}

message ExtAuthzTestCaseHttp {
ExtAuthzTestCaseBase base = 1 [(validate.rules).message = {required: true}];

enum AuthResult {
// Possible results for a check call. Taken from
// https://github.com/envoyproxy/envoy/blob/945b5833f094dee31d2971cee8d40553bb0fe714/source/extensions/filters/common/ext_authz/ext_authz.h#L65
OK = 0;
DENIED = 1;
ERROR = 2;
}

envoy.extensions.filters.http.ext_authz.v3.ExtAuthz config = 1
[(validate.rules).message = {required: true}];
// HTTP request data.
test.fuzz.HttpData request_data = 2 [(validate.rules).message = {required: true}];
// Set default auth check result.
AuthResult result = 3 [(validate.rules).enum.defined_only = true];
// Filter metadata.
envoy.config.core.v3.Metadata filter_metadata = 4;
// TODO: Add headers and data to ExtAuthz::Response and check that the request headers and data
// were updated.
}
10 changes: 1 addition & 9 deletions test/extensions/filters/http/ext_authz/ext_authz_fuzz_lib.cc
Original file line number Diff line number Diff line change
@@ -1,13 +1,11 @@
#include "test/extensions/filters/http/ext_authz/ext_authz_fuzz_lib.h"

#include "envoy/config/core/v3/base.pb.h"
#include "envoy/extensions/filters/http/ext_authz/v3/ext_authz.pb.validate.h"

#include "source/common/network/address_impl.h"
#include "source/extensions/filters/http/ext_authz/ext_authz.h"

#include "test/extensions/filters/http/ext_authz/ext_authz_fuzz.pb.h"
#include "test/extensions/filters/http/ext_authz/ext_authz_fuzz.pb.validate.h"
#include "test/mocks/network/mocks.h"

#include "gmock/gmock.h"
Expand Down Expand Up @@ -43,14 +41,8 @@ ReusableFilterFactory::newFilter(FilterConfigSharedPtr config,
}

absl::StatusOr<std::unique_ptr<Filter>> ReusableFuzzerUtil::setup(
const envoy::extensions::filters::http::ext_authz::ExtAuthzTestCase& input,
const envoy::extensions::filters::http::ext_authz::ExtAuthzTestCaseBase& input,
Filters::Common::ExtAuthz::ClientPtr client) {
try {
antoniovleonti marked this conversation as resolved.
Show resolved Hide resolved
TestUtility::validate(input);
} catch (const EnvoyException& e) {
ENVOY_LOG_MISC(debug, "EnvoyException during validation: {}", e.what());
return absl::InvalidArgumentError(absl::StrCat("EnvoyException during validation: ", e.what()));
}

// Prepare filter.
const envoy::extensions::filters::http::ext_authz::v3::ExtAuthz proto_config = input.config();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ class ReusableFuzzerUtil {
public:
// Validate input, then create a filter using the input.config() & the provided client.
absl::StatusOr<std::unique_ptr<Filter>>
setup(const envoy::extensions::filters::http::ext_authz::ExtAuthzTestCase& input,
setup(const envoy::extensions::filters::http::ext_authz::ExtAuthzTestCaseBase& input,
Filters::Common::ExtAuthz::ClientPtr client);

private:
Expand Down
Loading