On Sat, Nov 7, 2015 at 1:56 PM, Akila Ravihansa Perera <raviha...@wso2.com> wrote:
> > I modified the mock iaas component to pass the payload string to the mock > instance. Also added a new API method to mock iaas API to return the > payload string. In the test case, it will retrieve the access token from > the payload and call the metadata service with it in the Authorization > header. > +1 A good thinking! > > The test case will deploy two applications and try to access metadata > values of one app using the access key of another app. This will assert the > application level isolation. It will also try to access metadata with an > empty access token, which should fail. > > There is a concurrency test as well, in which the test case will create 3 > clients and all of them will try to write data to same set of keys. These > clients are assigned to a fixed thread pool (created via an executor > service). Once all clients have completed their jobs, the test will assert > whether all values were written to that set of keys. Obviously it will not > guarantee whether concurrency is 100% handled but it will give some level > of assurance. > > This is very useful! Great work! > Thanks. > > On Sun, Nov 8, 2015 at 12:01 AM, Imesh Gunaratne <im...@apache.org> wrote: > >> Great work Akila!! How do we test the access token verification? >> >> Thanks >> >> >> On Friday, November 6, 2015, Akila Ravihansa Perera <raviha...@wso2.com> >> wrote: >> >>> Adding missing link >>> >>> [1] https://issues.apache.org/jira/browse/STRATOS-1607 >>> >>> On Fri, Nov 6, 2015 at 9:58 PM, Akila Ravihansa Perera < >>> raviha...@wso2.com> wrote: >>> >>>> Hi, >>>> >>>> I've written a set of test cases for Stratos metadata service API which >>>> covers the following scenarios; >>>> >>>> >>>> - Adding application level properties. >>>> - Adding cluster level properties. >>>> - Removing application properties >>>> - Removing cluster properties >>>> - Add properties concurrently through multiple clients and verify >>>> all values are added properly >>>> - Undeploy an application and verify properties added for that app >>>> are removed >>>> - Verify access token is validated. API should not return anything >>>> if the token is not valid >>>> - Verify application level isolation. API should not return >>>> properties for a particular app if it is accessed by passing another >>>> app's >>>> access token >>>> >>>> >>>> I've created a JIRA [1] to track this. It is already committed on >>>> stratos-4.1.x branch. This will ensure the stability of metadata API >>>> when doing future releases. >>>> >>>> Thanks. >>>> >>>> -- >>>> Akila Ravihansa Perera >>>> WSO2 Inc.; http://wso2.com/ >>>> >>>> Blog: http://ravihansa3000.blogspot.com >>>> >>> >>> >>> >>> -- >>> Akila Ravihansa Perera >>> WSO2 Inc.; http://wso2.com/ >>> >>> Blog: http://ravihansa3000.blogspot.com >>> >> >> >> -- >> Imesh Gunaratne >> >> Senior Technical Lead, WSO2 >> Committer & PMC Member, Apache Stratos >> >> > > > -- > Akila Ravihansa Perera > WSO2 Inc.; http://wso2.com/ > > Blog: http://ravihansa3000.blogspot.com > -- Imesh Gunaratne Senior Technical Lead, WSO2 Committer & PMC Member, Apache Stratos
