Prism with self-signed CA

[ser25630]

Hello,
Is there any command to run prism in proxy mode with trusted self-signed ca? I have structure: prism-proxy -> nginx-reverse-proxy(self-signed) -> web-services(self-signed). I can setup nginx reverse proxy to handle unencrypted http connection, but it seems that it's a wrong way, because for contract testing real data can be used and in some cases it's inappropriate to keep this data unencrypted (card data, passport data, etc.).
Is it posible to setup ssl certificate for prism-proxy? Or it's not correct? And I have to up another nginx reverse proxy container for that or put it behind existed one?

[XVincentX]

Hey,

Prism does not support running an HTTPS server at all.

I can setup nginx reverse proxy to handle unencrypted http connection, but it seems that it's a wrong way, because for contract testing real data can be used and in some cases it's inappropriate to keep this data unencrypted (card data, passport data, etc.).

You might want to explain the use case a little bit better; ideally Prism should be behind your protected network so that no data goes out of your cloud env at all.

[ser25630]

Thank you for your reply.
I have 3 docker containers: nginx-reverse-proxy, web-services(apache), swagger-ui. They work inside own bridge network and only nginx can be accessed from outside by random port mapped to 443. Nginx and apache have own certificates issued by same CA daily, client certificate authentication enabled between client and nginx, nginx and apache.
I found that I can add own CA as trusted to prism if I will add it to docker image by extending official one and add environment variable during run step:
-e NODE_EXTRA_CA_CERTS=/path/to/ca
And it will work as a charm 😄

[ser25630]

I tried a few requests to proxy and mock prism servers and faced with strange behaviour. In my case it seems, that prism validate only content-types and existence of path, but not types of property or formats or required flag, etc.
Is it a correct behaviour? Because my expectation was that prism proxy will do pre-validation before forwarding to my API server and will throw an exception in case any format mismatches.
Interesting thing is, when I send request to a prism mock it creates valid and correct response with random data based on OpenApi definitions.
I use OpenApi3 and have split structure of OpenApi files. When I initialised prism proxy I set web link to main yaml hosted in swagger-ui and direct link to my API, also I added --errors flag. For mock I set same web link. In my OpenApi documentation I mainly have json bodies in API requests definitions which stored in schemas and used by $ref. I could provide some examples of structure and OpenApi files if I'm doing right so far.

[ser25630]

I tried to setup scheme with default openapiv2 petstore specification and it worked well. It means that system structure is not a root of problem. Probably it's because of prism incomplete supporting of OpenAPI3 or just something inappropriate in my OpenApi3, but i don't sure. I will try to convert into OpenAPIv2 for test purposes and check it.

[XVincentX]

Can you provide an example OAS document so I can try to reproduce the issue?

[ser25630]

Hello,
I'm sorry for late response, I finally found what was the problem. It was a mistake in data type I followed wrong advice and in some cases used non-existent type - date instead of string. And in that cases prism doesn't validate requests at all and respond 200 all the time. It's not a problem I think, but it wasn't that obvious at the beginning 😄
Now I setup two schemes for feature developing with prism proxy behind it's own nginx-proxy to keep client certification verification, and another one with mock + prism proxy for cases when somebody needs alive endpoint to integrate with at the beginning of developing.