Merging to master: Merging to release-5.3: [TT-13769] Extend plugin compiler test with arm64 cross build (#6813)

[buger]

User description

Merging to release-5.3: TT-13769 Extend plugin compiler test with arm64 cross build (#6813)

TT-13769 Extend plugin compiler test with arm64 cross build (#6813)

PR Type

tests

---

Description

• Extended the plugin compiler test script to include a
  cross-compilation step for the arm64 architecture.
• Added a Docker command with the GOARCH=arm64 environment variable to
  enable arm64 builds.
• Ensures compatibility and testing for arm64 architecture in the plugin
  compiler.

---

Changes walkthrough 📝

	Relevant files
Tests	test.sh Add arm64 cross-compilation to plugin compiler test script ci/tests/plugin-compiler/test.sh Added a cross-compilation step for building the plugin for the arm64 architecture. Introduced the use of the GOARCH=arm64 environment variable in the Docker command. +3/-0

---

💡 PR-Agent usage: Comment /help "your question" on any pull
request to receive relevant information

---

Co-authored-by: Tit Petric tit@tyk.io

---

PR Type

Tests

---

Description

• Added a new QA plugin written in Go to test plugin compiler functionality, including custom header addition and authentication checks.
• Extended the plugin compiler test script to include cross-compilation for the arm64 architecture using the GOARCH=arm64 environment variable.
• Updated the Taskfile.yml to include a new task for testing the QA plugin with both amd64 and arm64 builds.
• Enhanced documentation with examples and explanations for the new QA plugin and arm64 testing capabilities.

---

Changes walkthrough 📝

	Relevant files
Tests	main.go Add QA plugin for testing plugin compiler functionality.  ci/tests/plugin-compiler/testdata/qa-plugin/main.go Added a new Go plugin file for testing purposes. Implemented a custom header addition function and an authentication check function. Included session handling with rate limiting for specific tokens. +40/-0    test.sh Extend plugin compiler test script with arm64 cross-compilation. ci/tests/plugin-compiler/test.sh Added a cross-compilation step for the arm64 architecture. Introduced the GOARCH=arm64 environment variable in the Docker command. +3/-0
Documentation	README.md Update README with arm64 testing instructions.                      ci/tests/plugin-compiler/README.md Added an example for running a plugin subtest against a release image. Updated documentation to reflect new testing capabilities. +6/-0      README.md Add README for QA plugin.                                                                ci/tests/plugin-compiler/testdata/qa-plugin/README.md Added a README file for the QA plugin. Explained the purpose of the QA plugin and its unique build path. +6/-0
Configuration changes	Taskfile.yml Add QA plugin test task with arm64 support.                            ci/tests/plugin-compiler/Taskfile.yml Added a new task for testing the QA plugin with amd64 and arm64 builds. Updated task definitions to include arm64 cross-compilation. +15/-2

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[github-actions]

API Changes

no api changes detected

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis ✅ 6813 - Fully compliant Fully compliant requirements: Extend the plugin compiler test script to include a cross-compilation step for the arm64 architecture. Add a Docker command with the GOARCH=arm64 environment variable to enable arm64 builds. Ensure compatibility and testing for arm64 architecture in the plugin compiler. Not compliant requirements:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 PR contains tests

🔒 Security concerns Hardcoded tokens in the AuthCheck function could pose a security risk if used in production or if sensitive data is exposed inadvertently.

⚡ Recommended focus areas for review Possible Issue The added Docker command for cross-compilation to arm64 does not include error handling or validation to ensure the build succeeds. This could lead to silent failures. # Cross compile to arm64 docker run --rm -e GOARCH=arm64 -v $PLUGIN_SOURCE_PATH:/plugin-source $PLUGIN_COMPILER_IMAGE plugin.so Possible Issue The AuthCheck function uses hardcoded tokens for authorization, which could lead to security issues or reduced flexibility in testing. func AuthCheck(rw http.ResponseWriter, r *http.Request) { token := r.Header.Get("Authorization") if token != "d3fd1a57-94ce-4a36-9dfe-679a8f493b49" && token != "3be61aa4-2490-4637-93b9-105001aa88a5" { rw.WriteHeader(http.StatusUnauthorized) return } session := &user.SessionState{ Alias: token, Rate: 2, Per: 10, MetaData: map[string]interface{}{ token: token, }, KeyID: token, } ctx.SetSession(r, session, true) }

[github-actions]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Possible issue	Correct the function to modify the response headers instead of the request headers Ensure that the AddFooBarHeader function modifies the response writer (rw) instead of the request headers, as modifying the request headers in this context will not affect the response sent to the client. ci/tests/plugin-compiler/testdata/qa-plugin/main.go [14-16] func AddFooBarHeader(rw http.ResponseWriter, r *http.Request) { - r.Header.Add("Foo", "Bar") + rw.Header().Add("Foo", "Bar") } Suggestion importance[1-10]: 9 Why: The suggestion addresses a functional issue where the response headers should be modified instead of the request headers. This correction ensures the intended behavior of the function, which is critical for the proper functioning of the HTTP response.	9
General	Prevent overwriting an existing session when setting a new session Add a check to ensure that the ctx.SetSession call does not overwrite an existing session if one is already set, to avoid potential session conflicts. ci/tests/plugin-compiler/testdata/qa-plugin/main.go [35] -ctx.SetSession(r, session, true) +if ctx.GetSession(r) == nil { + ctx.SetSession(r, session, true) +} Suggestion importance[1-10]: 8 Why: This suggestion improves the robustness of the session management by preventing potential conflicts caused by overwriting an existing session. It ensures that the application handles sessions more safely and avoids unintended side effects.	8

[sonarqubecloud]

Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud