From f8b00e990666036278e4c4c499423831a1b75aff Mon Sep 17 00:00:00 2001
From: Eguzki Astiz Lezaun <eastizle@redhat.com>
Date: Sun, 4 Feb 2024 19:05:10 +0100
Subject: [PATCH] THREESCALE-10582 e2e tests

---
 gateway/src/resty/balancer.lua         |  2 +
 gateway/src/resty/resolver/http.lua    | 10 ++-
 t/apicast-policy-http-proxy.t          |  4 +-
 t/apicast-policy-upstream-connection.t | 87 ++++++++++++++++++++++++++
 4 files changed, 99 insertions(+), 4 deletions(-)

diff --git a/gateway/src/resty/balancer.lua b/gateway/src/resty/balancer.lua
index 7f7af2e22..831140beb 100644
--- a/gateway/src/resty/balancer.lua
+++ b/gateway/src/resty/balancer.lua
@@ -146,6 +146,8 @@ function _M:set_timeouts(connect_timeout, send_timeout, read_timeout)
 
   -- If one of the values is nil, the default applies:
   -- https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/balancer.md#set_timeouts
+  ngx.log(ngx.DEBUG, 'setting timeouts (secs), connect_timeout: ', connect_timeout,
+    ' send_timeout: ', send_timeout, ' read_timeout: ', read_timeout)
   return ngx_balancer.set_timeouts(connect_timeout, send_timeout, read_timeout)
 end
 
diff --git a/gateway/src/resty/resolver/http.lua b/gateway/src/resty/resolver/http.lua
index 06e832b7f..b58c62d45 100644
--- a/gateway/src/resty/resolver/http.lua
+++ b/gateway/src/resty/resolver/http.lua
@@ -14,7 +14,15 @@ function _M.new(opts)
 
   local timeouts = opts.timeouts
   if timeouts then
-    http:set_timeouts(timeouts.connect_timeout, timeouts.send_timeout, timeouts.read_timeout)
+    ngx.log(ngx.DEBUG, 'setting timeouts (secs), connect_timeout: ', timeouts.connect_timeout,
+      ' send_timeout: ', timeouts.send_timeout, ' read_timeout: ', timeouts.read_timeout)
+    -- lua-resty-http uses nginx API for lua sockets
+    -- in milliseconds
+    -- https://github.com/openresty/lua-nginx-module?tab=readme-ov-file#tcpsocksettimeouts
+    local connect_timeout = timeouts.connect_timeout and timeouts.connect_timeout * 1000
+    local send_timeout = timeouts.send_timeout and timeouts.send_timeout * 1000
+    local read_timeout = timeouts.read_timeout and timeouts.read_timeout * 1000
+    http:set_timeouts(connect_timeout, send_timeout, read_timeout)
   end
 
   http.resolver = resty_resolver:instance()
diff --git a/t/apicast-policy-http-proxy.t b/t/apicast-policy-http-proxy.t
index 5655a5fd2..199657190 100644
--- a/t/apicast-policy-http-proxy.t
+++ b/t/apicast-policy-http-proxy.t
@@ -202,10 +202,8 @@ ETag: foobar
 --- error_code: 200
 --- error_log env
 proxy request: CONNECT test-upstream.lvh.me:$TEST_NGINX_RANDOM_PORT HTTP/1.1
---- user_files fixture=tls.pl eval
---- error_log env
 using proxy: $TEST_NGINX_HTTPS_PROXY
-
+--- user_files fixture=tls.pl eval
 
 === TEST 4: using HTTP proxy with Basic Auth
 --- configuration
diff --git a/t/apicast-policy-upstream-connection.t b/t/apicast-policy-upstream-connection.t
index 21a36aadb..767e32ce2 100644
--- a/t/apicast-policy-upstream-connection.t
+++ b/t/apicast-policy-upstream-connection.t
@@ -1,6 +1,8 @@
 use lib 't';
 use Test::APIcast::Blackbox 'no_plan';
 
+require("http_proxy.pl");
+
 run_tests();
 
 __DATA__
@@ -59,3 +61,88 @@ GET /
 --- error_log
 upstream timed out
 --- error_code:
+
+=== TEST 2: Set timeouts using HTTPS proxy for backend
+In this test we set some timeouts to 1s. To force a read timeout, the upstream
+returns part of the response, then waits 3s (more than the timeout defined),
+and after that, it returns the rest of the response. Backend is configured with https_proxy
+This test uses the "ignore_response" section, because we know that the response
+is not going to be complete and that makes the Test::Nginx framework raise an
+error. With "ignore_response" that error is ignored.
+--- configuration random_port env
+{
+  "services": [
+    {
+      "backend_version":  1,
+      "proxy": {
+        "api_backend": "https://test-upstream.lvh.me:$TEST_NGINX_RANDOM_PORT",
+        "proxy_rules": [
+          { "pattern": "/test", "http_method": "GET", "metric_system_name": "hits", "delta": 2 }
+        ],
+        "policy_chain": [
+          {
+            "name": "apicast.policy.upstream_connection",
+            "configuration": {
+              "connect_timeout": 1,
+              "send_timeout": 1,
+              "read_timeout": 1
+            }
+          },
+          {
+            "name": "apicast.policy.http_proxy",
+            "configuration": {
+                "https_proxy": "$TEST_NGINX_HTTPS_PROXY"
+            }
+          },
+          {
+            "name": "apicast.policy.apicast"
+          }
+        ]
+      }
+    }
+  ]
+}
+--- backend
+  location /transactions/authrep.xml {
+    content_by_lua_block {
+      ngx.exit(ngx.OK)
+    }
+  }
+--- upstream env
+server_name test-upstream.lvh.me;
+listen $TEST_NGINX_RANDOM_PORT ssl;
+
+ssl_certificate $TEST_NGINX_SERVER_ROOT/html/server.crt;
+ssl_certificate_key $TEST_NGINX_SERVER_ROOT/html/server.key;
+
+location /test {
+    content_by_lua_block {
+      ngx.say("first part")
+      ngx.flush(true)
+      ngx.sleep(3)
+      ngx.say("yay, second part")
+    }
+
+    access_by_lua_block {
+      assert = require('luassert')
+      assert.equal('https', ngx.var.scheme)
+      assert.equal('$TEST_NGINX_RANDOM_PORT', ngx.var.server_port)
+      assert.equal('test-upstream.lvh.me', ngx.var.ssl_server_name)
+
+      local host = ngx.req.get_headers()["Host"]
+      local result = string.match(host, "^test%-upstream%.lvh%.me:")
+      assert.equals(result, "test-upstream.lvh.me:")
+    }
+}
+--- request
+GET /test?user_key=test3
+--- ignore_response
+--- more_headers
+User-Agent: Test::APIcast::Blackbox
+ETag: foobar
+--- error_code:
+--- error_log env
+proxy request: CONNECT test-upstream.lvh.me:$TEST_NGINX_RANDOM_PORT HTTP/1.1
+using proxy: $TEST_NGINX_HTTPS_PROXY
+proxy_response(): timeout
+--- user_files fixture=tls.pl eval