Audit Tools
 

Network & Gitlab

MicroServices

Network

Network

frontend api_gateway
    bind *:80
    bind *:443 ssl crt /usr/local/etc/haproxy/app.docker.pem

    # MS Stock
    acl PATH_STOCK path_beg -i /stock
    acl PATH_STOCK path_beg -i /stores
    acl PATH_STOCK path_beg -i /sites

    # MS Invoice
    acl PATH_INVOICE path_beg -i /vats
    acl PATH_INVOICE path_beg -i /invoices
    acl PATH_INVOICE path_beg -i /invoice_batch

    http-request set-header Host stock.bo.app.docker if VHOST_API PATH_STOCK
    http-request set-header Host invoice.bo.app.docker if VHOST_API PATH_INVOICE

    use_backend backend_stock if PATH_STOCK VHOST_SSL
    use_backend backend_invoice if PATH_INVOICE VHOST_SSL

Configuration #HAProxy

Zoom

Ce système permet au consomateur des WebService de ProwebCE de s'abraitre de l'architecture applicative.
Le consommateur n'a pas à connaitre les 15 domaines

Map

  • 16 MicroServices
  • Une moyenne de 46 URL par MicroService
  • Un total de 750 web service qui doivent être redirigé sur les 16 applications

Failures ?

Failure #1

404 Not Found

Failure #2

503 Service Unavailable

Comment tester tous les WebService ?

#750_routes

#1 Récupérer toutes les routes d'une application

#2 Requêter chaque route

POC

#1 Récupérer toutes les routes d'une application

#2 Requêter chaque route

POC

/** @var RouterInterface $router */
$routes = $router->getRouteCollection()->all();
/** @var HttpClientInterface $httpClient */
$httpClient->request('GET', 'https://api.xxx.com/products');
public function testApiGateway(): void
{
    $apiUrls = $this->router->getRouteCollection()->all();

    foreach ($apiUrls as $url) {
        fwrite(STDERR, print_r("Test path: $url\n", true));

        // Run an HEAD request to be fase, we don't need a fully "GET" request.
        $response = $this->httpClient->request('HEAD', $url);

        if ($response->getStatusCode() === 503) {
            $this->fail(sprintf('Fail on %s', $url));
        } elseif ($response->getStatusCode() >= 500) {
            $this->fail(sprintf('Something goes wrong on %s status code: %s', 
                $url, $response->getStatusCode()));
        }
    }
}

POC

Converting in a test for one application

Converting for all applications !

# Makefile

phpunit-api-gateway:
	$(call api_command, ./bin/phpunit --group api-gateway --testsuite $$ms)
define api_command
	@ for ms in $(API_CONTAINERS); \
	do \
		echo "MicroService: ${GREEN}$$ms${RESET}"; \
		$(DOCKER_EXEC) --user www-data $$ms $1 || exit 1; \
	done
endef

Helper Makefile

Conclusion

#2 Failure handled

# gitlab-ci.yaml
phpunit_tests:
    <<: *template-tests
    stage: tests
    script:
        - make pull_and_up_base_and_all_ms
        - make microservices/vendor
        - make -j -O phpunit-functional-exec
        - make -j -O phpunit-api-gateway

Go further !

What about #1 Failure ?

HyperMedia ?

#hyperMedia

#ApiPlatform

#jsonLd

#hydra

public function testApiGateway(string $hostExcepted): void
{
    $apiUrls = $this->router->getRouteCollection()->all();

    foreach ($apiUrls as $url) {
        fwrite(STDERR, print_r("Test path: $url\n", true));

        // Run an HEAD request to be fase, we don't need a fully "GET" request.
        $response = $this->httpClient->request('HEAD', $url);

        if ($response->getStatusCode() === 503) {
            $this->fail(sprintf('Fail on %s', $url));
        } elseif ($response->getStatusCode() >= 500) {
            $this->fail(sprintf('Something goes wrong on %s status code: %s', 
                $url, $response->getStatusCode()));
        }
        
        $this->assertTrue($this->headerLinkContainsHost($response, $hostExcepted));
    }
}

Test host

Demo

test-vpn-up:
	bash test-vpn-up.sh
#!/bin/bash
# Check if the VPN is UP

value=$(curl -s ifconfig.me | grep -c "91.134.250.162")
if [ $value -eq 0 ]; then
    echo -e "\e[33mYou need to run the VPN\e[0m"
    exit 1
fi

exit 0

Tips VPN

test-vpn-up:
	bash test-vpn-up.sh

test-api-gateway: test-vpn-up
	bash test-api-gateway.sh

deck

By skigun

deck

  • 262