kiwigrid · jansalapatek · Jun 2, 2022 · Jun 7, 2022 · Jun 10, 2022 · Jun 10, 2022
diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml
@@ -68,6 +68,7 @@ jobs:
 
         wait_for_pod_ready "sidecar"
         wait_for_pod_ready "sidecar-5xx"
+        wait_for_pod_ready "sidecar-api_key"
         wait_for_pod_ready "dummy-server-pod"
 
     - name: Install Configmaps and Secrets
@@ -80,6 +81,7 @@ jobs:
     - name: Retrieve pod logs
       run: |
         kubectl logs sidecar > /tmp/sidecar.log
+        kubectl logs sidecar > /tmp/sidecar-api_key.log
         kubectl logs sidecar-5xx > /tmp/sidecar-5xx.log
         kubectl logs dummy-server-pod > /tmp/dummy-server.log
     - name: Upload artifacts
@@ -109,6 +111,9 @@ jobs:
         kubectl cp sidecar-5xx:/tmp-5xx/relative/relative.txt /tmp/5xx/relative.txt
         kubectl cp sidecar-5xx:/tmp-5xx/500.txt /tmp/5xx/500.txt
 
+        echo "Downloading resource files from sidecar-api_key..."
+        kubectl cp sidecar-api_key:/tmp/api_key.txt /tmp/api-key/api_key.txt || true
+
     - name: Verify files
       run: |
         echo "Verifying file content from sidecar and sidecar-5xx ..."
@@ -126,4 +131,6 @@ jobs:
           echo -n "This absolutely exists" | diff - /tmp/5xx/absolute.txt &&
           echo -n "This relatively exists" | diff - /tmp/5xx/relative.txt &&
           echo -n "500" | diff - /tmp/5xx/500.txt &&
-          ls /tmp/5xx/script_result
+          ls /tmp/5xx/script_result &&
+          [ -f /tmp/api-key/api_key.txt ] && echo "api_key used for aouthentication"
+
diff --git a/test/resources/resources.yaml b/test/resources/resources.yaml
@@ -51,3 +51,12 @@ metadata:
     findme: "yup"
 data:
   500.txt.url: "http://dummy-server/500"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: url-configmap-api_key
+  labels:
+    findme: "sure"
+data:
+  api_key.txt.url: "http://dummy-server/200/api_key"
diff --git a/test/resources/sidecar.yaml b/test/resources/sidecar.yaml
@@ -105,6 +105,51 @@ spec:
       defaultMode: 0777
 ---
 apiVersion: v1
+kind: Secret
+metadata:
+  name: token-auth-sample-secret
+type: Opaque
+data:
+    REQ_TOKEN_KEY: private_token
+    REQ_TOKEN_VALUE: c3VwZXItZHVwZXItc2VjcmV0
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: sidecar-api_key
+  namespace: default
+spec:
+  serviceAccountName: sample-acc
+  containers:
+  - name: sidecar
+    image: kiwigrid/k8s-sidecar:testing
+    volumeMounts:
+    - name: shared-volume
+      mountPath: /tmp/
+    - name: script-volume
+      mountPath: /opt/script.sh
+      subPath: script.sh
+    envFrom:
+    - secretRef:
+        name: token-auth-sample-secret      
+    env:
+    - name: LABEL
+      value: "findme"
+    - name: FOLDER
+      value: /tmp/
+    - name: RESOURCE
+      value: both
+    - name: SCRIPT
+      value: "/opt/script.sh"
+  volumes:
+  - name: shared-volume
+    emptyDir: {}
+  - name: script-volume
+    configMap:
+      name: script-configmap
+      defaultMode: 0777
+---
+apiVersion: v1
 kind: Pod
 metadata:
   name: dummy-server-pod

diff --git a/test/server/server.py b/test/server/server.py
@@ -1,8 +1,19 @@
-from fastapi import FastAPI
-import uvicorn
+#from http.client import HTTPException, HTTPResponse
+from fastapi import FastAPI, Security, Depends, HTTPException
+from fastapi.security.api_key import APIKeyQuery, APIKey
+#import uvicorn
+
+API_KEY_NAME="private_token"
+API_KEY="super-duper-secret"
+api_key_query = APIKeyQuery(name=API_KEY_NAME, auto_error=True)
 
 app = FastAPI()
 
+def get_api_key (api_key_query: str = Security(api_key_query)):
+    if api_key_query == API_KEY:
+      return api_key_query
+    else:
+      raise HTTPException(403)
 
 @app.get("/", status_code=200)
 def read_root():
@@ -27,3 +38,9 @@ async def read_item():
 @app.post("/503", status_code=503)
 async def read_item():
     return 503
+
+
+@app.get("/200/api_key")
+def read_root(api_key: APIKey = Depends(get_api_key)):
+    return 200
+