I’d like to use Gatling to load test some web services which use a custom authorization/authentication mechanism which includes a consumer’s API key and an HMAC of various key values from the request plus a timestamp.
Can Gatling be extended to sign requests using this custom mechanism, and if so how would I best go about it?
Any advice appreciated - I’m brand new to both Scala and Gatling, so forgive me if this an obvious question!
Sorry, I should have said. The Authorization header is populated with “[API key]:[HMAC]”, and a custom header is added with the timestamp to be used when recalculating the HMAC at the other end.
I’m just taking another look at this today, and I’m not sure I can see how I can get hold of the details of a request being build from a Session. Is that possible? I need to know the URL, HTTP method, request body and content type.
I’m using Gatling 2, since I don’t want to have to rewrite this all again in the near future, so I’ve been taking a look at Dino Fancellu’s code here.
I.e. write a sign method that takes a builder, inspects the HTTP attributes, computes the HMAC, adds the required headers, then returns the modified builder.
It doesn’t look like that’s possible in 2.0.0-M3a because the HttpAttributes are private in AbstractHttpRequestBuilder. If my understanding of Scala is correct, though, they’re public in master (there’s a “val” in the constructor on master). Is this likely to be released any time soon?
I.e. write a sign method that takes a builder, inspects the HTTP
attributes, computes the HMAC, adds the required headers, then returns the
modified builder.
Indeed, you could write such a method, that's a nice idea.
You would avoid repetition, but it will still have to generate the
boilerplate I mentioned (first resolve the expressions and store the
computed HMAC into the session in an exec(function) and then exec the
request).
It doesn't look like that's possible in 2.0.0-M3a because
the HttpAttributes are private in AbstractHttpRequestBuilder. If my
understanding of Scala is correct, though, they're public in master
(there's a "val" in the constructor on master).
Absolutely.
Is this likely to be released any time soon?
That's a matter of weeks.
There's still some stuff we have to fix/finish implementing in the recorder.
Until then, you can use snapshots hosted on Sonatype: