Automate un-/deployment of the Basic/Proxy Auth examples.

examples/authentication/cafe_acl_or_auth.vtc

+# looks like -*- vcl -*-
+
+varnishtest "cafe example, proxy authentication"
+
+client c1 -connect "${localhost} ${localport}" {
+	txreq -url /coffee -hdr "Host: cafe.example.com"
+	rxresp
+	expect resp.status == 401
+	expect resp.reason == "Unauthorized"
+	expect resp.http.WWW-Authenticate == {Basic realm="cafe"}
+
+	txreq -url /coffee -hdr "Host: cafe.example.com" \
+		-hdr "X-Real-IP: 127.0.0.1"
+	rxresp
+	expect resp.status == 401
+	expect resp.reason == "Unauthorized"
+	expect resp.http.WWW-Authenticate == {Basic realm="cafe"}
+
+	txreq -url /coffee -hdr "Host: cafe.example.com" \
+		-hdr "X-Real-IP: 192.0.2.1"
+	rxresp
+	expect resp.status == 200
+
+	# credentials foo:bar
+	txreq -url /coffee -hdr "Host: cafe.example.com" \
+		-hdr "Authorization: Basic Zm9vOmJhcg=="
+	rxresp
+	expect resp.status == 200
+
+	txreq -url /coffee -hdr "Host: cafe.example.com" \
+		-hdr "Authorization: Basic Zm9vOmJhcg==" \
+		-hdr "X-Real-IP: 127.0.0.1"
+	rxresp
+	expect resp.status == 200
+} -run

examples/authentication/cafe_basic_auth.vtc

+# looks like -*- vcl -*-
+
+varnishtest "cafe example, basic authentication"
+
+client c1 -connect "${localhost} ${localport}" {
+	txreq -url /coffee -hdr "Host: cafe.example.com"
+	rxresp
+	expect resp.status == 401
+	expect resp.reason == "Unauthorized"
+	expect resp.http.WWW-Authenticate == {Basic realm="coffee", charset="UTF-8"}
+
+	txreq -url /tea -hdr "Host: cafe.example.com"
+	rxresp
+	expect resp.status == 401
+	expect resp.reason == "Unauthorized"
+	expect resp.http.WWW-Authenticate == {Basic realm="tea"}
+
+	# credentials foo:bar
+	txreq -url /coffee -hdr "Host: cafe.example.com" \
+		-hdr "Authorization: Basic Zm9vOmJhcg=="
+	rxresp
+	expect resp.status == 200
+
+	# credentials tea-admin:awesomeness
+	txreq -url /tea -hdr "Host: cafe.example.com" \
+		-hdr "Authorization: Basic dGVhLWFkbWluOmF3ZXNvbWVuZXNz"
+	rxresp
+	expect resp.status == 200
+
+	txreq -url /milk -hdr "Host: cafe.example.com"
+	rxresp
+	expect resp.status == 404
+} -run

examples/authentication/cafe_proxy_auth.vtc

+# looks like -*- vcl -*-
+
+varnishtest "cafe example, proxy authentication"
+
+client c1 -connect "${localhost} ${localport}" {
+	txreq -url /coffee -hdr "Host: cafe.example.com"
+	rxresp
+	expect resp.status == 407
+	expect resp.reason == "Proxy Authentication Required"
+	expect resp.http.Proxy-Authenticate == {Basic realm="ingress"}
+
+	# credentials proxy-admin:studly
+	txreq -url /coffee -hdr "Host: cafe.example.com" \
+		-hdr "Proxy-Authorization: Basic cHJveHktYWRtaW46c3R1ZGx5"
+	rxresp
+	expect resp.status == 200
+} -run

examples/authentication/deploy_acl_or_auth.sh

+#! /bin/bash -ex
+
+kubectl apply -f ../hello/cafe.yaml
+
+kubectl apply -f ../hello/cafe-ingress.yaml
+
+kubectl apply -f basic-secrets.yaml
+
+kubectl apply -f acl-or-auth.yaml

examples/authentication/deploy_basic_auth.sh

+#! /bin/bash -ex
+
+kubectl apply -f ../hello/cafe.yaml
+
+kubectl apply -f ../hello/cafe-ingress.yaml
+
+kubectl apply -f basic-secrets.yaml
+
+kubectl apply -f basic-auth.yaml

examples/authentication/deploy_proxy_auth.sh

+#! /bin/bash -ex
+
+kubectl apply -f ../hello/cafe.yaml
+
+kubectl apply -f ../hello/cafe-ingress.yaml
+
+kubectl apply -f proxy-auth-secrets.yaml
+
+kubectl apply -f proxy-auth.yaml

examples/authentication/undeploy_acl_or_auth.sh

+#! /bin/bash -ex
+
+kubectl delete -f acl-or-auth.yaml
+
+kubectl delete -f basic-secrets.yaml
+
+kubectl delete -f ../hello/cafe-ingress.yaml
+
+kubectl delete -f ../hello/cafe.yaml
+
+echo "Waiting until varnish-ingress Pods are not ready"
+
+N=0
+until [ $N -ge 120 ]
+do
+    if kubectl get pods -l app=varnish-ingress | grep -q ' 1/1'; then
+        sleep 10
+        N=$(( N + 10 ))
+        continue
+    fi
+    exit 0
+done
+echo "Giving up"
+exit 1

examples/authentication/undeploy_basic_auth.sh

+#! /bin/bash -ex
+
+kubectl delete -f basic-auth.yaml
+
+kubectl delete -f basic-secrets.yaml
+
+kubectl delete -f ../hello/cafe-ingress.yaml
+
+kubectl delete -f ../hello/cafe.yaml
+
+echo "Waiting until varnish-ingress Pods are not ready"
+
+N=0
+until [ $N -ge 120 ]
+do
+    if kubectl get pods -l app=varnish-ingress | grep -q ' 1/1'; then
+        sleep 10
+        N=$(( N + 10 ))
+        continue
+    fi
+    exit 0
+done
+echo "Giving up"
+exit 1

examples/authentication/undeploy_proxy_auth.sh

+#! /bin/bash -ex
+
+kubectl delete -f proxy-auth.yaml
+
+kubectl delete -f proxy-auth-secrets.yaml
+
+kubectl delete -f ../hello/cafe-ingress.yaml
+
+kubectl delete -f ../hello/cafe.yaml
+
+echo "Waiting until varnish-ingress Pods are not ready"
+
+N=0
+until [ $N -ge 120 ]
+do
+    if kubectl get pods -l app=varnish-ingress | grep -q ' 1/1'; then
+        sleep 10
+        N=$(( N + 10 ))
+        continue
+    fi
+    exit 0
+done
+echo "Giving up"
+exit 1

examples/authentication/verify_acl_or_auth.sh

+#! /bin/bash -ex
+
+function killforward {
+    kill $KUBEPID
+}
+
+LOCALPORT=${LOCALPORT:-8888}
+
+kubectl wait --timeout=2m pod -l app=varnish-ingress --for=condition=Ready
+
+kubectl port-forward svc/varnish-ingress ${LOCALPORT}:80 >/dev/null &
+KUBEPID=$!
+trap killforward EXIT
+
+sleep 1
+varnishtest ${TESTOPTS} -Dlocalport=${LOCALPORT} cafe_acl_or_auth.vtc

examples/authentication/verify_basic_auth.sh

+#! /bin/bash -ex
+
+function killforward {
+    kill $KUBEPID
+}
+
+LOCALPORT=${LOCALPORT:-8888}
+
+kubectl wait --timeout=2m pod -l app=varnish-ingress --for=condition=Ready
+
+kubectl port-forward svc/varnish-ingress ${LOCALPORT}:80 >/dev/null &
+KUBEPID=$!
+trap killforward EXIT
+
+sleep 1
+varnishtest ${TESTOPTS} -Dlocalport=${LOCALPORT} cafe_basic_auth.vtc

examples/authentication/verify_proxy_auth.sh

+#! /bin/bash -ex
+
+function killforward {
+    kill $KUBEPID
+}
+
+LOCALPORT=${LOCALPORT:-8888}
+
+kubectl wait --timeout=2m pod -l app=varnish-ingress --for=condition=Ready
+
+kubectl port-forward svc/varnish-ingress ${LOCALPORT}:80 >/dev/null &
+KUBEPID=$!
+trap killforward EXIT
+
+sleep 1
+varnishtest ${TESTOPTS} -Dlocalport=${LOCALPORT} cafe_proxy_auth.vtc