service_policy_kit is a Rust based toolkit for verifying HTTP services against policies.

Overview






Service Policy Kit

service_policy_kit is a Rust based toolkit for verifying HTTP services against policies. You can:

  • Build a complete testing framework on your own, with service_policy_kit taking care of all the expectation logic
  • Run fuzzing tests against your services
  • Integrate in your code to perform custom readiness/self checks
  • Build your own tools (CLIs) that perform service validation and security testing of different kinds

Quick Start

Add to Cargo.toml

service_policy_kit = "0.2.0"

Example

Here's a full-blown policy runner that you can reuse:

use serde_yaml;
use service_policy_kit::data::{Context, SequenceInteractions};
use service_policy_kit::runner::{RunOptions, SequenceRunner};
use std::process::exit;

fn main() {
    let opts = RunOptions::default();
    let runner = SequenceRunner::from_opts(&opts);

    let sequence: SequenceInteractions = serde_yaml::from_str(
        r#"
http_interactions:
- request:
    id: step one
    uri: http://example.com
  response:
    status_code: "200"
"#,
    )
    .unwrap();
    let mut context = Context::new();
    let res = runner.run(&mut context, &sequence.http_interactions);
    exit(if res.ok { 0 } else { 1 })
}

You can run it by cloning this repo, and then:

cargo run --example quick-start

You should get:

$ cargo run --examples quick-start

✔ step one: ok 288ms

Ran 1 interactions with 1 checks in 288ms

Success: 1
Failure: 0
  Error: 0
Skipped: 0

Capabilities

  •  Flexible design: Use the runner for any purpose, sequence or individual interactions
  •  Contextual flows: interactions can extract, define and pass variables to the next ones
  •  Out of the box reporters: saves you some boilerplate work Multiple checks included: content, benchmark, certificates
  •  Discovery (WIP): given recorded API interactions, or an API spec, automatically generate interactions.

Concepts

There are a few concepts that make up service_policy_kit: Interaction, Expectation, Check, Violation and Runners.

Interaction

An interaction is a definition of calling an external service, and the expected responses per check type.

Interaction {
   request,
   response,
   examples,
   benchmark,
   cert,
}

Expectation (Policy)

An expectation is a set of expected matchers for all of the parts that are extracted from an interaction response.

Each of the fields take regular expressions and are matched against a live response accordingly.

Response {
   headers,
   status_code,
   body,
   vars,
}

Check

A check is an abstract action over a response. For example, running content expectation, a benchmark, or any other policy against a service.

Violation

Any check can output violation. A successful check has no violations.

Runners

A runner takes a set of interactions and execute these. For example, the included SequenceRunner will always execute interactions in a sequence, extracting variables from one interaction and passing it to the next one via Context.

Thanks

To all Contributors - you make this happen, thanks!

Copyright

Copyright (c) 2021 @jondot. See LICENSE for further details.

You might also like...
Add Facebook and Google authentication to your HTTP REST API in Actix-web

I created this project while learning Rust. Project shows how to handle Facebook and Google token verification in Rust using Actix-Web. Hope this help

Node.js http server framework powered by Hyper native binding.

hnsjs POC project. Install this test package yarn add @hnsjs/core Support matrix node10 node12 node14 node15 Windows x64 ✓ ✓ ✓ ✓ Windows x32 ✓ ✓ ✓ ✓

RUSTENGINE is the high-assurance HTTP server.

RUSTENGINE Table of Contents RUSTENGINE Table of Contents About RUSTENGINE Inspiration with Rust Features Compares with Nginx Build & Run About this R

OxHTTP is a very simple synchronous HTTP client and server

OxHTTP is a very simple synchronous implementation of HTTP 1.1 in Rust. It provides both a client and a server.

A synchronous HTTP server built on hyper.

Astra Astra is a synchronous HTTP server built on top of hyper. use astra::{Body, Response, Server}; fn main() { Server::bind("localhost:3000")

Operator is a web server. You provide a directory and Operator serves it over HTTP.
Operator is a web server. You provide a directory and Operator serves it over HTTP.

Operator Operator is a web server. You provide a directory and Operator serves it over HTTP. It serves static files the way you'd expect, but it can a

Sincere is a micro web framework for Rust(stable) based on hyper and multithreading

The project is no longer maintained! Sincere Sincere is a micro web framework for Rust(stable) based on hyper and multithreading. Style like koa. The

simple static file server written in Rust based on axum framework

static-server simple static file server written in Rust based on axum framework I'm learning Rust and axum. My thought is simple. axum has a static-fi

A dead simple human-writable URL redirector based loosely on google's `go/` system.

Redirector a redirector written in rust intended for permanent human-readable redirects. The idea was semi-inspired by the book Software Engineering a

Owner
Automated Code Security for Modern Teams
null
Simple http server in Rust (Windows/Mac/Linux)

How it looks like? Screenshot Command Line Arguments Simple HTTP(s) Server 0.6.1 USAGE: simple-http-server [FLAGS] [OPTIONS] [--] [root] FLAGS:

LinFeng Qian 788 Dec 28, 2022
An HTTP library for Rust

hyper A fast and correct HTTP implementation for Rust. HTTP/1 and HTTP/2 Asynchronous design Leading in performance Tested and correct Extensive produ

null 11k Jan 7, 2023
[OUTDATED] A light HTTP framework for Rust

Rustful A light HTTP framework for Rust, with REST-like features. The main purpose of Rustful is to create a simple, modular and non-intrusive foundat

Erik Hedvall 873 Nov 12, 2022
Low level HTTP server library in Rust

tiny-http Documentation Tiny but strong HTTP server in Rust. Its main objectives are to be 100% compliant with the HTTP standard and to provide an eas

null 785 Dec 29, 2022
:zap: fast http framework for rust

zap ⚡ The mission of zap is, to deliver a basic, but fast rust web server library. Documentation About This code is based on tokio's minihttp project,

Daniel Oltmanns 51 Jun 7, 2022
Completely OBSOLETE Rust HTTP library (server and client)

OBSOLETION NOTICE This library is DEAD. It was a useful experiment and is now being replaced under the scope of the Teepee (experimentation grounds at

Chris Morgan 390 Dec 1, 2022
Archibald is my attempt at learning Rust and writing a HTTP 1.1 web server.

Archibald To be a butler, is to be able to maintain an even-temper, at all times. One must have exceptional personal hygiene and look sharp and profes

Daniel Cuthbert 4 Jun 20, 2022
Host These Things Please - a basic http server for hosting a folder fast and simply

http Host These Things Please - a basic HTTP server for hosting a folder fast and simply Selected features See the manpage for full list. Symlinks fol

thecoshman 367 Dec 23, 2022
🌟 For when you really just want to serve some files over HTTP right now!

miniserve - a CLI tool to serve files and dirs over HTTP For when you really just want to serve some files over HTTP right now! miniserve is a small,

Sven-Hendrik Haase 4.1k Dec 31, 2022
Fully async-await http server framework

Saphir is a fully async-await http server framework for rust The goal is to give low-level control to your web stack (as hyper does) without the time

Richer Archambault 83 Dec 19, 2022