[jira] [Created] (KNOX-3300) Add Python workflow integration tests for Health API, KnoxLDAP auth, KNOXTOKEN, RemoteAuth, and global HSTS

Thu, 16 Apr 2026 03:39:05 -0700 

Raghav Maheshwari created KNOX-3300:
---------------------------------------

             Summary: Add Python workflow integration tests for Health API, 
KnoxLDAP auth, KNOXTOKEN, RemoteAuth, and global HSTS
                 Key: KNOX-3300
                 URL: https://issues.apache.org/jira/browse/KNOX-3300
             Project: Apache Knox
          Issue Type: Improvement
          Components: KnoxCLI
            Reporter: Raghav Maheshwari


Add HTTP integration tests under {{.github/workflows/tests/}} that run against 
the gateway in CI. Tests use {{unittest}} + {{{}pytest{}}}, {{requests}} (via 
{{{}common_utils{}}}), and assert behavior through status codes, headers, and 
JSON only.
h3. Scope (by file / area)

{{test_health.py}}
 * Health topology — ping: GET/POST {{/gateway/health/v1/ping}} (200, body 
{{{}OK{}}}), {{{}text/plain{}}}, HSTS, Cache-Control (no-cache / no-store).
 * Metrics: {{/gateway/health/v1/metrics}} with and without {{{}pretty{}}}; 
JSON shape; core top-level keys (timers, histograms, counters, gauges, version, 
meters); version string; section types 
(timers/histograms/counters/gauges/meters as dicts).
 * Gateway status: {{/gateway/health/v1/gateway-status}} (OK/PENDING, plain 
text, HSTS, cache headers).
 * Routing: unknown topology → 404.

{{test_knoxauth_preauth_and_paths.py}}
 * KnoxLDAP {{{}auth/api/v1/pre{}}}: unauthenticated and bad credentials → 401; 
POST/GET with guest; GET with admin and LDAP-mapped group headers 
({{{}longGroupName*{}}}).
 * KnoxLDAP {{{}auth/api/v1/extauthz{}}}: extra path segment → 404 (path not 
ignored).

{{test_knox_auth_service_and_LDAP.py}}
 * Extauthz guest/admin actor and admin group headers.
 * KNOXTOKEN under knoxldap: JWKS (JSON + {{{}keys{}}}), token v1/v2 with guest 
(access_token, JWT-like shape), v1/v2 without auth → 401.
 * Extauthz without credentials → 401.

{{test_remote_auth.py}}
 * RemoteAuth {{{}gateway/remoteauth/auth/api/v1/pre{}}}: guest 200 and 
X-Knox-Actor-ID; admin and group headers; bad credentials → 401; POST pre with 
guest → 200; no Authorization → 500 (error path).

{{test_remoteauth_extauthz_additional_path.py}}
 * RemoteAuth extauthz: guest 200; extra path segments ignored (including deep 
path); admin actor + groups; bad creds → 401; no creds → 500.

{{test_knox_configs.py}}
 * Global HSTS on 404 for a non-existent gateway path (with Basic auth on the 
request).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to