From 6608e9cddd76397c19ba41d208c5da48eef44c85 Mon Sep 17 00:00:00 2001 From: ac892247 Date: Wed, 21 Jan 2026 09:57:32 +0100 Subject: [PATCH 1/7] prepare test task Signed-off-by: ac892247 --- .github/workflows/integration-tests.yml | 49 +++++++++++++++++++ integration-tests/build.gradle | 10 ++++ .../CertificateValidationDisabledTest.java | 21 ++++++++ 3 files changed, 80 insertions(+) create mode 100644 integration-tests/src/test/java/org/zowe/apiml/integration/proxy/CertificateValidationDisabledTest.java diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 66d9e7c41b..b46acc3565 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -57,6 +57,55 @@ jobs: - uses: ./.github/actions/teardown + CITestsModulithUnknownHostnames: + needs: PublishJibContainers + runs-on: ubuntu-latest + container: ubuntu:latest + timeout-minutes: 15 + + services: + apiml: + image: ghcr.io/balhar-jakub/apiml:${{ github.run_id }}-${{ github.run_number }} + volumes: + - /api-defs:/api-defs + env: + APIML_SECURITY_SSL_VERIFYSSLCERTIFICATESOFSERVICES: true + APIML_SECURITY_SSL_NONSTRICTVERIFYSSLCERTIFICATESOFSERVICES: true + + discoverable-client-unknown: + image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }} + env: + APIML_SERVICE_DISCOVERYSERVICEURLS: https://apiml:10011/eureka + SPRING_SERVLET_MULTIPART_MAXFILESIZE: 1024MB + SPRING_SERVLET_MULTIPART_MAXREQUESTSIZE: 1024MB + mock-services-unknown: + image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }} + + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.head_ref }} + + - uses: ./.github/actions/setup + + - name: Run CI Tests with Unknown Hostnames + timeout-minutes: 4 + run: > + ENV_CONFIG=docker-modulith ./gradlew runStartUpCheck :integration-tests:runUnknownHostnamesTests --info + -Ddiscoverableclient.instances=1 -Denvironment.config=-docker-modulith -Denvironment.modulith=true + - uses: ./.github/actions/dump-jacoco + if: always() + - name: Store results + uses: actions/upload-artifact@v4 + if: always() + with: + name: CITestsModulithUnknownHostnames-${{ env.JOB_ID }} + path: | + integration-tests/build/reports/** + results/** + integration-tests/build/test-results/runUnknownHostnamesTests/binary/** + integration-tests/build/test-results/runStartUpCheck/binary/** + - uses: ./.github/actions/teardown CITestsModulith: needs: PublishJibContainers runs-on: ubuntu-latest diff --git a/integration-tests/build.gradle b/integration-tests/build.gradle index 35331f7680..7b30c2c12f 100644 --- a/integration-tests/build.gradle +++ b/integration-tests/build.gradle @@ -108,6 +108,16 @@ task runStartUpCheck(type: Test) { outputs.upToDateWhen { false } } +task runUnknownHostnamesTests(type: Test) { + group 'integration tests' + description "Run integration tests where hostnames validation is disabled" + + systemProperties System.properties + useJUnitPlatform { + includeTags 'UnknownHostnamesTest' + } + outputs.upToDateWhen { false } +} task runLocalIntegrationTests(type: Test) { group "Integration tests" description "Run integration tests that are not dependent on mainframe" diff --git a/integration-tests/src/test/java/org/zowe/apiml/integration/proxy/CertificateValidationDisabledTest.java b/integration-tests/src/test/java/org/zowe/apiml/integration/proxy/CertificateValidationDisabledTest.java new file mode 100644 index 0000000000..b5301896ee --- /dev/null +++ b/integration-tests/src/test/java/org/zowe/apiml/integration/proxy/CertificateValidationDisabledTest.java @@ -0,0 +1,21 @@ +package org.zowe.apiml.integration.proxy; + +import org.junit.jupiter.api.Tag; +import org.junit.jupiter.api.Test; + +import static io.restassured.RestAssured.given; +import org.zowe.apiml.util.http.HttpRequestUtils; +import java.net.URI; +import org.zowe.apiml.util.requests.Endpoints; + +@Tag("UnknownHostnamesTest") +public class CertificateValidationDisabledTest { + @Test + void givenRequestToServiceWithInvalidHostname_thenRequestIsSuccessful() { + URI uri = HttpRequestUtils.getUriFromGateway(Endpoints.DISCOVERABLE_GREET); + given() + .get(uri) + .then() + .statusCode(200); + } +} From ecd0fa3f3bb385aaae0e729c9b3dc088db607317 Mon Sep 17 00:00:00 2001 From: ac892247 Date: Fri, 23 Jan 2026 10:54:23 +0100 Subject: [PATCH 2/7] static definition for unknown host mock services Signed-off-by: ac892247 --- .github/workflows/integration-tests.yml | 2 +- .../api-defs-unknown-host/mock-services.yml | 46 +++++++++++++++++++ 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 config/docker/api-defs-unknown-host/mock-services.yml diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index b46acc3565..45587aa049 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -67,7 +67,7 @@ jobs: apiml: image: ghcr.io/balhar-jakub/apiml:${{ github.run_id }}-${{ github.run_number }} volumes: - - /api-defs:/api-defs + - /api-defs-unknown-host:/api-defs env: APIML_SECURITY_SSL_VERIFYSSLCERTIFICATESOFSERVICES: true APIML_SECURITY_SSL_NONSTRICTVERIFYSSLCERTIFICATESOFSERVICES: true diff --git a/config/docker/api-defs-unknown-host/mock-services.yml b/config/docker/api-defs-unknown-host/mock-services.yml new file mode 100644 index 0000000000..21eb1a057c --- /dev/null +++ b/config/docker/api-defs-unknown-host/mock-services.yml @@ -0,0 +1,46 @@ +services: + - serviceId: mockzosmf # unique lowercase ID of the service + catalogUiTileId: zosmf # ID of the API Catalog UI tile (visual grouping of the services) + title: Mock zOSMF # Title of the service in the API catalog + description: Mock ZOSMF service # Description of the service in the API catalog + instanceBaseUrls: # list of base URLs for each instance + - https://mock-services-unknown:10013/ # scheme://hostname:port/contextPath + homePageRelativeUrl: # Normally used for informational purposes for other services to use it as a landing page + routes: + - gatewayUrl: api # [api/ui/ws]/v{majorVersion} + serviceRelativeUrl: # relativePath that is added to baseUrl of an instance + # List of APIs provided by the service (currently only one is supported): + authentication: + scheme: zosmf # This service expects z/OSMF LTPA token + apiInfo: + - apiId: ibm.zosmf + gatewayUrl: api/v1 + version: 2.4.0 + documentationUrl: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.4.0/com.ibm.zos.v2r4.izua700/IZUHPINFO_RESTServices.htm + swaggerUrl: https://mock-services-unknown:10013/zosmf/api/docs + - serviceId: zss # unique lowercase ID of the service + catalogUiTileId: zss # ID of the API Catalog UI tile (visual grouping of the services) + title: Statically Defined ZSS # Title of the service in the API catalog + description: Mock ZSS # Description of the service in the API catalog + instanceBaseUrls: # list of base URLs for each instance + - https://mock-services-unknown:10013/ # scheme://hostname:port/contextPath + homePageRelativeUrl: # Normally used for informational purposes for other services to use it as a landing page + routes: + - gatewayUrl: api/v1 # [api/ui/ws]/v{majorVersion} + serviceRelativeUrl: # relativePath that is added to baseUrl of an instance + # List of APIs provided by the service (currently only one is supported): + apiInfo: + - apiId: ibm.zosmf + gatewayUrl: api + version: 2.4.0 + documentationUrl: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.4.0/com.ibm.zos.v2r4.izua700/IZUHPINFO_RESTServices.htm + + +# List of tiles that can be used by services defined in the YAML file: +catalogUiTiles: + zosmf: + title: zOSMF + description: zOSMF + zss: + title: ZSS + description: ZSS From c815de0102791a3b8027575f78dbc9654656635c Mon Sep 17 00:00:00 2001 From: ac892247 Date: Fri, 23 Jan 2026 10:59:21 +0100 Subject: [PATCH 3/7] log req and resp if validation fails Signed-off-by: ac892247 --- .../integration/proxy/CertificateValidationDisabledTest.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/integration-tests/src/test/java/org/zowe/apiml/integration/proxy/CertificateValidationDisabledTest.java b/integration-tests/src/test/java/org/zowe/apiml/integration/proxy/CertificateValidationDisabledTest.java index b5301896ee..2425193cf5 100644 --- a/integration-tests/src/test/java/org/zowe/apiml/integration/proxy/CertificateValidationDisabledTest.java +++ b/integration-tests/src/test/java/org/zowe/apiml/integration/proxy/CertificateValidationDisabledTest.java @@ -14,8 +14,10 @@ public class CertificateValidationDisabledTest { void givenRequestToServiceWithInvalidHostname_thenRequestIsSuccessful() { URI uri = HttpRequestUtils.getUriFromGateway(Endpoints.DISCOVERABLE_GREET); given() + .log().ifValidationFails() .get(uri) .then() + .log().ifValidationFails() .statusCode(200); } } From ec6a3f458126d8a155a581830a123fcd4f67b094 Mon Sep 17 00:00:00 2001 From: ac892247 Date: Fri, 23 Jan 2026 11:21:23 +0100 Subject: [PATCH 4/7] staticdef Signed-off-by: ac892247 --- .github/workflows/integration-tests.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 45587aa049..3b17a7fe4d 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -66,11 +66,10 @@ jobs: services: apiml: image: ghcr.io/balhar-jakub/apiml:${{ github.run_id }}-${{ github.run_number }} - volumes: - - /api-defs-unknown-host:/api-defs env: APIML_SECURITY_SSL_VERIFYSSLCERTIFICATESOFSERVICES: true APIML_SECURITY_SSL_NONSTRICTVERIFYSSLCERTIFICATESOFSERVICES: true + APIML_DISCOVERY_STATICAPIDEFINITIONSDIRECTORIES: /docker/api-defs-unknown-host discoverable-client-unknown: image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }} From 772fc9b694958939eeb6d3188e0368108355c236 Mon Sep 17 00:00:00 2001 From: ac892247 Date: Fri, 23 Jan 2026 13:41:17 +0100 Subject: [PATCH 5/7] relaxed tls validation for test Signed-off-by: ac892247 --- .../proxy/CertificateValidationDisabledTest.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/integration-tests/src/test/java/org/zowe/apiml/integration/proxy/CertificateValidationDisabledTest.java b/integration-tests/src/test/java/org/zowe/apiml/integration/proxy/CertificateValidationDisabledTest.java index 2425193cf5..8cb93f913d 100644 --- a/integration-tests/src/test/java/org/zowe/apiml/integration/proxy/CertificateValidationDisabledTest.java +++ b/integration-tests/src/test/java/org/zowe/apiml/integration/proxy/CertificateValidationDisabledTest.java @@ -3,15 +3,19 @@ import org.junit.jupiter.api.Tag; import org.junit.jupiter.api.Test; -import static io.restassured.RestAssured.given; import org.zowe.apiml.util.http.HttpRequestUtils; import java.net.URI; import org.zowe.apiml.util.requests.Endpoints; +import io.restassured.RestAssured; + +import static io.restassured.RestAssured.given; + @Tag("UnknownHostnamesTest") public class CertificateValidationDisabledTest { @Test void givenRequestToServiceWithInvalidHostname_thenRequestIsSuccessful() { + RestAssured.useRelaxedHTTPSValidation(); URI uri = HttpRequestUtils.getUriFromGateway(Endpoints.DISCOVERABLE_GREET); given() .log().ifValidationFails() From f05bd08e3a3c9d4b1da49593cb083432951c03df Mon Sep 17 00:00:00 2001 From: ac892247 Date: Fri, 23 Jan 2026 13:53:20 +0100 Subject: [PATCH 6/7] hostname for registration Signed-off-by: ac892247 --- .github/workflows/integration-tests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 3b17a7fe4d..8dd660d0ac 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -74,6 +74,7 @@ jobs: discoverable-client-unknown: image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }} env: + APIML_SERVICE_HOSTNAME: discoverable-client-unknown APIML_SERVICE_DISCOVERYSERVICEURLS: https://apiml:10011/eureka SPRING_SERVLET_MULTIPART_MAXFILESIZE: 1024MB SPRING_SERVLET_MULTIPART_MAXREQUESTSIZE: 1024MB From f5a82d6b0c669f10db28ed7b5cf63dd398376583 Mon Sep 17 00:00:00 2001 From: ac892247 Date: Mon, 26 Jan 2026 13:42:20 +0100 Subject: [PATCH 7/7] add license Signed-off-by: ac892247 --- .../proxy/CertificateValidationDisabledTest.java | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/integration-tests/src/test/java/org/zowe/apiml/integration/proxy/CertificateValidationDisabledTest.java b/integration-tests/src/test/java/org/zowe/apiml/integration/proxy/CertificateValidationDisabledTest.java index 8cb93f913d..b08a683c12 100644 --- a/integration-tests/src/test/java/org/zowe/apiml/integration/proxy/CertificateValidationDisabledTest.java +++ b/integration-tests/src/test/java/org/zowe/apiml/integration/proxy/CertificateValidationDisabledTest.java @@ -1,3 +1,13 @@ +/* + * This program and the accompanying materials are made available under the terms of the + * Eclipse Public License v2.0 which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-v20.html + * + * SPDX-License-Identifier: EPL-2.0 + * + * Copyright Contributors to the Zowe Project. + */ + package org.zowe.apiml.integration.proxy; import org.junit.jupiter.api.Tag;