Node.js header echo test service
Test service that echoes back the HTTP headers showcasing different routes supported on OpenShift.
To build the docker image, run make:
$ make # or make build
Note: Running make will also generate the TLS config used in the tests.
Ensure you build the docker image as mentioned above.
To run the test server with docker, run make run:
$ make run
Ensure you build the docker image as mentioned above. To run the test server with OpenShift 3, use:
$ oc create -f openshift/dc.json
$ oc create -f openshift/secure-service.json
$ oc create -f openshift/insecure-service.json
Ensure you build the docker image and add the header-test deployment config and service to OpenShift 3 as mentioned in the build and usage sections above.
$ podname=$(oc get pods | grep header | awk '{ print $1 }')
$ podip=$(oc get pods ${podname} -o json | grep "podIP" | cut -f 4 -d '"')
$ curl -vvv -H "foo: bar" -H "Host: header.test" http://${podip}:8080
$ # Add the different flavor routes.
$ for f in openshift/*route.json ; do
oc create -f "$f";
done
$ # Re-encrypt is a lil' bit different in that we need the destCA
$ # see: http://www.ulduzsoft.com/2012/01/creating-a-certificate-authority-and-signing-the-ssl-certificates-using-openssl/ for details
$ oc get routes
$ # Check unsecured route (http only).
$ curl --resolve unsecure.header.test:80:127.0.0.1 -vvv \
-H "test: http" -k http://unsecure.header.test
$ # Check edge terminated route with insecure allowed (http + https).
$ curl --resolve allow-http.header.test:80:127.0.0.1 -vvv \
-H "test: allow-http" -k http://allow-http.header.test
$ curl --resolve allow-http.header.test:443:127.0.0.1 -vvv \
-H "test: allow-https" -k https://allow-http.header.test
$ # Check edge terminated route with insecure disallowed (https only).
$ # This one should fail w/ a 503.
$ curl --resolve no-http.header.test:80:127.0.0.1 -vvv \
-H "test: disallow-http" -k http://no-http.header.test
$ # This one should be ok.
$ curl --resolve no-http.header.test:443:127.0.0.1 -vvv \
-H "test: disallow-https" -k https://no-http.header.test
$ # Check edge terminated route with insecure redirected
$ # (always https, http -> https).
$ curl --resolve redirect-http.header.test:80:127.0.0.1 -vvv \
-H "test: redirect-http" -k http://redirect-http.header.test
$ curl --resolve redirect-http.header.test:443:127.0.0.1 -vvv \
-H "test: redirect-https" -k https://redirect-http.header.test
$ # Check edge terminated route (https only).
$ # This one should fail w/ a 503.
$ curl --resolve edge.header.test:80:127.0.0.1 -vvv \
-H "test: edge-http" -k http://edge.header.test
$ curl --resolve edge.header.test:443:127.0.0.1 -vvv \
-H "test: edge-https" -k https://edge.header.test
$ # Check passthrough route (https only).
$ # This one should fail w/ a 503.
$ curl --resolve passthrough.header.test:80:127.0.0.1 -vvv \
-H "test: passthrough-http" -k http://passthrough.header.test
$ curl --resolve passthrough.header.test:443:127.0.0.1 -vvv \
-H "test: passthrough-http" -k https://passthrough.header.test
$ # Check re-encrypt route (https only).
$ # This one should fail w/ a 503.
$ curl --resolve reencrypt.header.test:80:127.0.0.1 -vvv \
-H "test: reencrypt-http" -k http://reencrypt.header.test
$ echo "need to add re-encrypt test w/ a known CA cert".