Added basic e2e tests

.github/codecov.yml

@@ -1,5 +1,3 @@
-# Copyright (c) Tetrate, Inc 2024 All Rights Reserved.
-
 codecov:
   # we build and upload only a single coverage file, so we don't need to wait for other CI
   # jobs to complete for us to see the coverage results

.github/workflows/ci.yaml

@@ -1,5 +1,3 @@
-# Copyright (c) Tetrate, Inc 2024 All Rights Reserved.
-
 name: CI
 
 on:
@@ -111,16 +109,9 @@ jobs:
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
 
-  docker:
+  e2e:
     needs: check
     runs-on: ubuntu-latest
-    services:
-      registry:
-        image: registry:2
-        ports:
-          - 5000:5000
-    env:
-      DOCKER_HUB: localhost:5000
     steps:
       - uses: actions/setup-go@v3
         with:
@@ -134,4 +125,4 @@ jobs:
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
-      - run: make docker
+      - run: make docker e2e

.github/workflows/publish.yaml

@@ -1,5 +1,3 @@
-# Copyright (c) Tetrate, Inc 2024 All Rights Reserved.
-
 name: Publish
 
 on:
@@ -36,4 +34,4 @@ jobs:
         shell: bash
 
       - run: make check
-      - run: make docker
+      - run: make docker-push

.gitignore

@@ -2,3 +2,4 @@ bin/
 .idea
 .makerc
 .vimrc
+logs/

.licenserignore

@@ -7,3 +7,5 @@ go.sum
 config/**/*.go
 bin/
 .vimrc
+*.json
+LICENSE

Makefile

@@ -16,7 +16,7 @@ NAME       ?= authservice
 PKG	   	   ?= ./cmd
 BUILD_OPTS ?=
 TEST_OPTS  ?=
-TEST_PKGS  ?= ./...
+TEST_PKGS  ?= $(shell go list ./... | grep -v /e2e)
 OUTDIR     ?= bin
 TARGETS    ?= linux-amd64 linux-arm64 #darwin-amd64 darwin-arm64
 
@@ -65,17 +65,21 @@ $(OUTDIR)/$(NAME)-static-%: $(OUTDIR)
 		-o $@ $(PKG)
 
 .PHONY: clean
-clean:  ## Clean the build artifacts
+clean: clean/e2e  ## Clean the build artifacts
 	@rm -rf $(OUTDIR)
 
 .PHONY: clean/coverage
 clean/coverage:  ## Clean the coverage report
 	@rm -rf $(OUTDIR)/coverage
 
 .PHONY: clean/all
-clean/all: clean config/clean  ## Clean everything
+clean/all: clean config/clean   ## Clean everything
 	@rm -rf $(OUTDIR)
 
+.PHONY: clean/e2e
+clean/e2e:  ## Clean the e2e test artifacts
+	@$(MAKE) -C $(@F) $(@D)
+
 
 ##@ Config Proto targets
 
@@ -111,11 +115,15 @@ coverage:  ## Creates coverage report for all projects
 		$(COVERAGE_PACKAGES)
 	@go tool cover -html="$(OUTDIR)/$@/coverage.out" -o "$(OUTDIR)/$@/coverage.html"
 
+.PHONY: e2e
+e2e:
+	@$(MAKE) -C e2e e2e
+
 
 ##@ Docker targets
 
 .PHONY: docker-pre
-docker-pre:
+docker-pre: $(DOCKER_TARGETS:%=$(OUTDIR)/$(NAME)-static-%)
 	@docker buildx inspect $(DOCKER_BUILDER_NAME) || \
 		docker buildx create --name $(DOCKER_BUILDER_NAME) \
 			--driver docker-container --driver-opt network=host \
@@ -125,10 +133,29 @@ comma     := ,
 space     := $(empty) $(empty)
 PLATFORMS := $(subst -,/,$(subst $(space),$(comma),$(DOCKER_TARGETS)))
 INSECURE_REGISTRY_ARG := --output=type=registry,registry.insecure=true
+
 .PHONY: docker
-docker: $(DOCKER_TARGETS:%=$(OUTDIR)/$(NAME)-static-%) docker-pre  ## Build and push the multi-arch Docker images
+docker: $(DOCKER_TARGETS:%=docker-%)  ## Build the docker images
+
+docker-%: PLATFORM=$(subst -,/,$(*))
+docker-%: ARCH=$(notdir $(subst -,/,$(PLATFORM)))
+docker-%: docker-pre $(OUTDIR)/$(NAME)-static-%
+	@echo "Building Docker image $(DOCKER_HUB)/$(NAME):$(DOCKER_TAG)-$(ARCH)"
+	@docker buildx build \
+		$(DOCKER_BUILD_ARGS) \
+		--builder $(DOCKER_BUILDER_NAME) \
+		--load \
+		-f Dockerfile \
+		--platform $(PLATFORM) \
+		-t $(DOCKER_HUB)/$(NAME):latest-$(ARCH) \
+		-t $(DOCKER_HUB)/$(NAME):$(DOCKER_TAG)-$(ARCH) \
+		.
+
+.PHONY: docker-push
+docker-push: docker-pre  ## Build and push the multi-arch Docker images
 	@echo "Pushing Docker image $(DOCKER_HUB)/$(NAME):$(DOCKER_TAG)"
-	@docker buildx build $(DOCKER_BUILD_ARGS) \
+	@docker buildx build \
+		$(DOCKER_BUILD_ARGS) \
 		--builder $(DOCKER_BUILDER_NAME) \
 		$(if $(USE_INSECURE_REGISTRY),$(INSECURE_REGISTRY_ARG),--push) \
 		-f Dockerfile \

cmd/main.go

@@ -18,11 +18,12 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/tetrateio/authservice-go/internal"
-	"github.com/tetrateio/authservice-go/internal/server"
 	"github.com/tetratelabs/log"
 	"github.com/tetratelabs/run"
 	"github.com/tetratelabs/run/pkg/signal"
+
+	"github.com/tetrateio/authservice-go/internal"
+	"github.com/tetrateio/authservice-go/internal/server"
 )
 
 func main() {

e2e/Makefile

@@ -0,0 +1,28 @@
+# Copyright 2024 Tetrate
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+SUITES := mock
+
+.PHONY: e2e
+e2e: $(SUITES:%=e2e/%)  ## Run all e2e tests
+
+e2e/%:
+	@$(MAKE) -C $(@F) $(@D)
+
+.PHONY: clean
+clean: $(SUITES:%=clean/%)
+
+clean/%:
+	@$(MAKE) -C $(@F) $(@D)

e2e/mock/Makefile

@@ -0,0 +1,39 @@
+# Copyright 2024 Tetrate
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+.PHONY: e2e
+e2e: e2e-pre
+	@go test $(E2E_TEST_OPTS) ./... || ( $(MAKE) e2e-test-post-error; exit 1 )
+	@$(MAKE) e2e-test-post
+
+.PHONY: e2e-pre
+e2e-pre:
+	@docker compose up --detach --wait --force-recreate --remove-orphans || ($(MAKE) e2e-test-post-error; exit 1)
+
+.PHONY: e2e-test-post
+e2e-test-post:
+	@docker compose down
+
+.PHONY: e2e-test-post-error
+e2e-test-post-error: capture-logs
+
+.PHONY: capture-logs
+capture-logs:
+	@mkdir -p ./logs
+	@docker compose logs > logs/docker-compose-logs.log
+
+.PHONY: clean
+clean:
+	@rm -rf ./logs

e2e/mock/authz-config.json

@@ -0,0 +1,43 @@
+{
+  "log_level": "debug",
+  "chains": [
+    {
+      "name": "mock-allow",
+      "match": {
+        "header": "X-Authz-Decision",
+        "equality": "allow"
+      },
+      "filters": [
+        {
+          "mock": {
+            "allow": true
+          }
+        }
+      ]
+    },
+    {
+      "name": "mock-allow-prefix",
+      "match": {
+        "header": "X-Authz-Decision",
+        "prefix": "ok"
+      },
+      "filters": [
+        {
+          "mock": {
+            "allow": true
+          }
+        }
+      ]
+    },
+    {
+      "name": "mock-deny",
+      "filters": [
+        {
+          "mock": {
+            "allow": false
+          }
+        }
+      ]
+    }
+  ]
+}

e2e/mock/docker-compose.yaml

@@ -0,0 +1,35 @@
+# Copyright 2024 Tetrate
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+version: "3.9"
+
+services:
+  envoy:
+    image: envoyproxy/envoy:v1.29-latest
+    platform: linux/arm64
+    command: -c /etc/envoy/envoy-config.yaml --log-level warning
+    ports:
+      - "8080:80"  # Make it accessible from the host (HTTP traffic)
+    volumes:
+      - type: bind
+        source: envoy-config.yaml
+        target: /etc/envoy/envoy-config.yaml
+
+  ext-authz:
+    image: gcr.io/tetrate-internal-containers/authservice:latest-${ARCH:-amd64}
+    platform: linux/${ARCH:-amd64}
+    volumes:
+      - type: bind
+        source: authz-config.json
+        target: /etc/authservice/config.json