Running FAST Node via the Wallarm API

Chapter Prerequisites

To follow the steps described in this chapter, you need to obtain a token.

The following values are used as examples throughout this chapter:

  • token_Qwe12345 as a token.
  • tr_1234 as an identifier of a test run.
  • rec_0001 as an identifier of a test record.

Running and configuration of FAST node comprises the following steps:

  1. Deployment of the Docker Container with the FAST Node.
  2. Obtaining a Test Run.

Deployment of the Docker Container with the FAST Node

Grant Access to Wallarm API Servers

It is crucial for the proper operation for the FAST node to have access to the us1.api.wallarm.com or us1.api.wallarm.com Wallarm API servers via the HTTPS protocol (TCP/443).

Make sure that your firewall does not restrict the Docker host from accessing the Wallarm API servers.

Some configuration is required prior to running the Docker container with the FAST node. To configure the node, place the token into the container using the WALLARM_API_TOKEN environment variable. Additionally, you could use the ALLOWED_HOSTS variable if you need to limit the number of requests to be recorded.

To pass the environment variables to the container, place the variables in a text file and specify the path to the file using the --env-file parameter of the docker run command (see the instructions in the “Quick Start” guide).

Run a container with the FAST node by executing the following command:

docker run \ 
--rm \
--name <name> \
--env-file=<environment variables file> \
-p <target port>:8080 \
wallarm/fast

This guide assumes that the container runs only once for the given CI/CD job and is removed when the job ends. Therefore, the --rm parameter was added to the command listed above.

Please refer to the “Quick Start” guide for a detailed description of the command’s parameters.

Example.

This example assumes that the FAST node uses the token_Qwe12345 token and is set up to record all the incoming baseline requests which have example.local as a substring of the Host header’s value.

The content of a file with environment variables is shown in the following example:

fast.cfg
WALLARM_API_TOKEN=token_Qwe12345
ALLOWED_HOSTS=example.local

The command below runs the Docker container named fast-poc-demo with the following behavior:

  • The container is removed after its job is done.
  • The environment variables are passed to the container using the fast.cfg file.
  • The container’s 8080 port is published to the Docker host’s 9090 port.
docker run --rm --name fast-poc-demo --env-file=fast.cfg -p 9090:8080  wallarm/fast

If the FAST node deployment is successful, the container’s console and log file will contain the following informational messages:

[info] Node connected to Wallarm Cloud
[info] Waiting for TestRun to check…

Now the FAST node is listening on the Docker host’s IP address, and the port you specified earlier with the -p parameter of the docker run command.

Obtaining a Test Run

You need either to create a test run or copy one. The choice depends on the test run creation scenario that is suitable to you.

Acquiring a Test Policy Identifier

If you plan to employ your own test policy, then create one and get the policy’s identifier. Later, pass the identifier to the policy_id parameter when doing an API call to create or copy the test run.

Otherwise, if you choose to use the default test policy, then the policy_id parameter should be omitted from the API call.

Example of Test Policy

The “Quick Start” guide contains step-by-step instructions on how to create a sample test policy.

Creating a Test Run

When a test run is created, a new test record is created as well.

This method of test run creation should be used if it is required to test a target application along with recording of baseline requests.

How to Create a Test Run

This process is described in detail here.

The FAST node needs a certain amount of time to pass after the creation of the test run in order to record requests.

Make sure that the FAST node is ready to record requests before you send any requests to the target application using the test tool.

To do so, periodically check the test run status by issuing the following API call:

GET

Do One-Time Check of Test Run State

https://us1.api.wallarm.com/v1/test_run/test_run_id
API call: GET /v1/test_run/test_run_id
Authorization: Required Authorization is provided by the token
HTTP header with the token: X-WallarmAPI-Token Serves to pass the token’s value to the API server
Parameters: test_run_id (required) The identifier of the test run whose state is to be obtained



Example of a request:

curl --request GET \
  --url https://us1.api.wallarm.com/v1/test_run/tr_1234 \
  --header 'Host: us1.api.wallarm.com' \
  --header 'X-WallarmAPI-Token: token_Qwe12345'

Example of a response:

{
  "status": 200,
  "body": {
    "id": tr_1234,
    "name": "demo-testrun",
    ...
    "ready_for_recording": true,
    ...
  }
}

If the request to the API server is successful, you will be presented with the server’s response. This response provides useful information, including the state of the recording process (the ready_for_recording parameter’s value).

If the parameter’s value is true, then the FAST node is ready to record and you can fire up your test tool to start sending requests to the target application.

Otherwise, repeatedly issue the same API call until the node is ready.

Copying a Test Run

When a test run is being copied, an existing test record is reused.

This way of test run creation is to be used if it is required to test a target application using already recorded baseline requests.

How to Copy a Test Run

This process is described in detail here.

Provided that a test run's has been successfully created, the FAST node begins testing immediately. There is no need to take any additional actions.

The Next Steps

The testing process can take a lot of time to complete. Use information from this document to determine if security testing with FAST has finished.

You could refer back to the “Deployment via API” or the “CI/CD Workflow with FAST” documents if necessary.

results matching ""

    No results matching ""