Hi Imesh, I modified the mock iaas component to pass the payload string to the mock instance. Also added a new API method to mock iaas API to return the payload string. In the test case, it will retrieve the access token from the payload and call the metadata service with it in the Authorization header.
The test case will deploy two applications and try to access metadata values of one app using the access key of another app. This will assert the application level isolation. It will also try to access metadata with an empty access token, which should fail. There is a concurrency test as well, in which the test case will create 3 clients and all of them will try to write data to same set of keys. These clients are assigned to a fixed thread pool (created via an executor service). Once all clients have completed their jobs, the test will assert whether all values were written to that set of keys. Obviously it will not guarantee whether concurrency is 100% handled but it will give some level of assurance. Thanks. On Sun, Nov 8, 2015 at 12:01 AM, Imesh Gunaratne <im...@apache.org> wrote: > Great work Akila!! How do we test the access token verification? > > Thanks > > > On Friday, November 6, 2015, Akila Ravihansa Perera <raviha...@wso2.com> > wrote: > >> Adding missing link >> >> [1] https://issues.apache.org/jira/browse/STRATOS-1607 >> >> On Fri, Nov 6, 2015 at 9:58 PM, Akila Ravihansa Perera < >> raviha...@wso2.com> wrote: >> >>> Hi, >>> >>> I've written a set of test cases for Stratos metadata service API which >>> covers the following scenarios; >>> >>> >>> - Adding application level properties. >>> - Adding cluster level properties. >>> - Removing application properties >>> - Removing cluster properties >>> - Add properties concurrently through multiple clients and verify >>> all values are added properly >>> - Undeploy an application and verify properties added for that app >>> are removed >>> - Verify access token is validated. API should not return anything >>> if the token is not valid >>> - Verify application level isolation. API should not return >>> properties for a particular app if it is accessed by passing another >>> app's >>> access token >>> >>> >>> I've created a JIRA [1] to track this. It is already committed on >>> stratos-4.1.x branch. This will ensure the stability of metadata API >>> when doing future releases. >>> >>> Thanks. >>> >>> -- >>> Akila Ravihansa Perera >>> WSO2 Inc.; http://wso2.com/ >>> >>> Blog: http://ravihansa3000.blogspot.com >>> >> >> >> >> -- >> Akila Ravihansa Perera >> WSO2 Inc.; http://wso2.com/ >> >> Blog: http://ravihansa3000.blogspot.com >> > > > -- > Imesh Gunaratne > > Senior Technical Lead, WSO2 > Committer & PMC Member, Apache Stratos > > -- Akila Ravihansa Perera WSO2 Inc.; http://wso2.com/ Blog: http://ravihansa3000.blogspot.com
