TIPS: If you use it under Proxy, set NO_PROXY!
komikoni opened this issue · 15 comments
When used under PROXY, mock-jwks does not work properly.
This is probably due to the routing to PROXY first.
The solution is simple.
Add the HOST name of ISSUER to NO_PROXY as shown below. Now you can use it properly!
let originalNoProxy;
beforeAll(async () => {
jwks.start();
originalNoProxy = process.env.NO_PROXY;
process.env.NO_PROXY += `, ${issuerHost}`;
});
afterAll(async () => {
jwks.stop();
process.env.NO_PROXY = originalNoProxy;
});
If possible, please add it to the Readme.
Or I would like it to be included in jwks.start() and stop().
Thank you for reporting this. Would be able to create a PR adding a test that reproduces your issue?
If not then I would need a demo repo which I can check out to understand what exactly you have set up. I think at the moment that there might also be some other misconfiguration in your setup.
Also: If you use a proxy for outgoing request, then "not using that proxy" is most probably not an option. Whats the point of setting the proxy in the first place, if you have direct access to the internet?
Thank you for your reply. Wait a moment for the problem to be reproduced.
Proxy is always set as an environment variable on the company PC.
The CI/CD environment on the cloud does not cause any problems, but the company PC does.
This may be a problem with the nock, not mock-jwks.
My gut feeling is: It is a problem with the proxy and the ssl certs.
I made a sample, but I can not reproduce it just by setting the PROXY environment variable
It wasn't reproduced unless it was actually the proxy environment of the company.
https://github.com/komikoni/mock-jwks-under-proxy
mistook
I was going to test at a remote site (company), but I was testing at my own PC.
I found a better solution.
When I changed the version of nock from v11 to v12, it worked without setting NO_PROXY.
So it was a problem with the version of nock.
I have a question
mock-jwks depends on nock.
However, only the devDependencies describes the nock,
so you need to manually insert the nock.
Is there any intention of this?
Excuse me, it was peer Dependencies. I understood the intention.
Reproduction source was made.
In the repository below npm i and npm test please.
https://github.com/komikoni/mock-jwks-under-proxy
This test includes an error case with HTTP_PROXY and a success case with NO_PROXY.
We thank you for your cooperation.
Do I get this right? You are writing tests that do requests against your API. In your test you want to mock the responses from the JWKS but you want the requests to other services to go through (like potentially a remote database connection or some server side API calls).
So you are mocking the JWKS but you do not mock the other APIs that you are using in your backend.
I am sorry but my answer to that is: Unsupported scenario. You either should mock everything or nothing. I will not support mixing the two patterns. It is bad practice.
In your concrete scenario I suggest that you just also use the real JWKS and somehow implement a "login and get the jwt" procedure in your tests to always get a valid token.
This library has been written to enable people to test their API without doing any network requests. So these tests can run on every code change. If you add real remote calls to your tests your tests will be slow, nobody will run them on every code change, then nobody will ever run them ever, your code will rot, etc. I cannot support / advise this anti-pattern, sorry.
It seems that my thoughts are not well communicated.
The tests provided are for reproducing the following events.
(I try not to need it in the environment that uses Proxy)
- Mock-jwks gives an error when HTTP_PRPXY is set
- Mock-jwks works correctly if NO_PROXY is set
That is, we confirm that mock-jwks is affected by the PROXY setting.
I have no idea to run tests that cross the network and those that do not.
Generally, a PC that uses Proxy has Proxy set as an environment variable. This environment variable is implicitly applied when running unit tests on that PC.
I think that when running mocked tests using mock-jwks, mocking should be applied correctly with or without Proxy settings.
Therefore, it is necessary to set NO_PROXY or clear HTTP_PRPXY, HTTPS_PROXY in the test.
(This is what I want to convey most about this ticket)
As you say, mock-jwks itself may not be a consideration. However, I'd appreciate it if you added to the README "Set NO_PROXY or clear HTTP_PRPXY, HTTPS_PROXY when executing under PROXY environment".
To engineers living in a wonderful world unrelated to PROXY.
Engineers working in the PROXY environment are constantly disturbed by PROXY. This is really painful. Nobody wants
mock-jwks is a great tool, thanks for providing it.
This library is for testing a software to be run on a server. If your server uses a proxy to connect to the internet, that is just wrong. However even if so, your software should be written just as if there was no proxy (not even when running the software in production mode). Node will make sure that this software also works with a proxy.
That means that all your tests should be run without a proxy. However your tests may then fail on your machine, because you are in a closed network and can only connect to the internet via a proxy. But then the solution is not to use a proxy, but to make your tests not trigger any requests to the internet! You are doing it wrong: This library helps to to run your tests without ever contacting a remote machine. If your tests do not connect to a remote machine, you need no proxy, even in the worst corporate network. So as I was telling you the problem is not, that my library does not support proxy, but that you need a proxy for your tests to pass.
You have some method / function that triggers a request to an external resource in your code. Use nock to intercept this request locally and you do not need a proxy any more.