Added verification of tasks/thinexecutions in DataflowOAuthIT. #5817
Conversation
| log.debug("Response is {}", response); | ||
| ok = !JsonPath.parse(response).read("$._links.self.href", String.class).isEmpty(); | ||
|
|
||
| // TODO add checks for new endpoints to check security |
There was a problem hiding this comment.
This does add coverage for the thin/executions endpoint but what is the expectation for newly added endpoints? How will we know to abide by this comment?
The issue that we ran into was that PRO was out of sync w/ OSS endpoint mappings. This does not fill that gap.
I would recommend removing this comment.
There was a problem hiding this comment.
This test is executed as part of ci-it-security.
The Pro will be covered by the endpoint test running in CF ATs.
There was a problem hiding this comment.
The Pro will be covered by the endpoint test running in CF ATs.
Which endpoint test? The point of https://github.com/pivotal/scdf-pro/issues/192 is to find out issues prior to CF ATs (in the PRO tests).
...src/test/java/org/springframework/cloud/dataflow/integration/test/oauth/DataflowOAuthIT.java
Outdated
Show resolved
Hide resolved
| response = cmdResult.getStdout(); | ||
| log.debug("Response is {}", response); | ||
| ok = !JsonPath.parse(response).read("$._links.self.href", String.class).isEmpty(); | ||
| // TODO add checks for new endpoints to check security |
There was a problem hiding this comment.
I don't think this test is the place to add endpoints to. I still would like to remove this comment.
| String api = "tasks/executions"; | ||
| if (VersionUtils.isDataFlowServerVersionGreaterThanOrEqualToRequiredVersion( | ||
| VersionUtils.getThreePartVersion(version), "2.11.3")) { | ||
| api = "tasks/thinexecutions"; |
There was a problem hiding this comment.
I'm not sure why we are testing this endpoint in the DataflowOauthIT test. It seems like it should be in a different test. WDYT?
There was a problem hiding this comment.
Checking some basic security on endpoints. As we add endpoints we can add basic checks to ensure the endpoint security is properly configured.
No description provided.