[
https://issues.apache.org/jira/browse/KNOX-3300?focusedWorklogId=1015916&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1015916
]
ASF GitHub Bot logged work on KNOX-3300:
----------------------------------------
Author: ASF GitHub Bot
Created on: 16/Apr/26 10:43
Start Date: 16/Apr/26 10:43
Worklog Time Spent: 10m
Work Description: Raghav-Mah3shwari opened a new pull request, #1202:
URL: https://github.com/apache/knox/pull/1202
What changes were proposed in this pull request?
This pull request adds Python HTTP integration tests under
.github/workflows/tests that run against a live Knox Gateway (and LDAP) in
Docker Compose as part of CI.
Coverage includes:
- Health topology: ping (GET/POST), metrics (with/without pretty),
gateway-status, registry section shapes, HSTS / Cache-Control where applicable,
unknown topology 404.
- KnoxLDAP topology: KNOX-AUTH-SERVICE preauth/extauthz (401/404/200 cases,
LDAP group headers), KNOXTOKEN JWKS and token v1/v2, JWT-shaped access_token.
- RemoteAuth topology: pre (GET/POST, guest/admin, bad credentials, missing
credentials error path), extauthz including ignore.additional.path behavior.
- Global config: HSTS on a 404 path 1.
- Supporting CI/build/compose updates (if included in the same PR) wire the
tests image, optional test bind-mount compose override, and workflow steps to
build Knox and run pytest with JUnit output
How was this patch tested?
Built the workflow Knox image and ran the compose stack, then executed the
integration test container (same flow as .github/workflows/tests/README.md).
Command (from the repo root, paths as in the README):
`docker compose -f ./.github/workflows/compose/docker-compose.yml up --build
--exit-code-from tests tests`
Confirmed pytest collects and passes the new cases together with existing
workflow tests (health ping, LDAP auth service, configs, remote auth, etc.).
Integration Tests
Yes. New/updated tests live under .github/workflows/tests:
Issue Time Tracking
-------------------
Worklog Id: (was: 1015916)
Remaining Estimate: 47h 50m (was: 48h)
Time Spent: 10m
> Add Python workflow integration tests for Health API, KnoxLDAP auth,
> KNOXTOKEN, RemoteAuth, and global HSTS
> -----------------------------------------------------------------------------------------------------------
>
> Key: KNOX-3300
> URL: https://issues.apache.org/jira/browse/KNOX-3300
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxCLI
> Reporter: Raghav Maheshwari
> Priority: Major
> Original Estimate: 48h
> Time Spent: 10m
> Remaining Estimate: 47h 50m
>
> Add HTTP integration tests under {{.github/workflows/tests/}} that run
> against the gateway in CI. Tests use {{unittest}} + {{{}pytest{}}},
> {{requests}} (via {{{}common_utils{}}}), and assert behavior through status
> codes, headers, and JSON only.
> h3. Scope (by file / area)
> {{test_health.py}}
> * Health topology — ping: GET/POST {{/gateway/health/v1/ping}} (200, body
> {{{}OK{}}}), {{{}text/plain{}}}, HSTS, Cache-Control (no-cache / no-store).
> * Metrics: {{/gateway/health/v1/metrics}} with and without {{{}pretty{}}};
> JSON shape; core top-level keys (timers, histograms, counters, gauges,
> version, meters); version string; section types
> (timers/histograms/counters/gauges/meters as dicts).
> * Gateway status: {{/gateway/health/v1/gateway-status}} (OK/PENDING, plain
> text, HSTS, cache headers).
> * Routing: unknown topology → 404.
> {{test_knoxauth_preauth_and_paths.py}}
> * KnoxLDAP {{{}auth/api/v1/pre{}}}: unauthenticated and bad credentials →
> 401; POST/GET with guest; GET with admin and LDAP-mapped group headers
> ({{{}longGroupName*{}}}).
> * KnoxLDAP {{{}auth/api/v1/extauthz{}}}: extra path segment → 404 (path not
> ignored).
> {{test_knox_auth_service_and_LDAP.py}}
> * Extauthz guest/admin actor and admin group headers.
> * KNOXTOKEN under knoxldap: JWKS (JSON + {{{}keys{}}}), token v1/v2 with
> guest (access_token, JWT-like shape), v1/v2 without auth → 401.
> * Extauthz without credentials → 401.
> {{test_remote_auth.py}}
> * RemoteAuth {{{}gateway/remoteauth/auth/api/v1/pre{}}}: guest 200 and
> X-Knox-Actor-ID; admin and group headers; bad credentials → 401; POST pre
> with guest → 200; no Authorization → 500 (error path).
> {{test_remoteauth_extauthz_additional_path.py}}
> * RemoteAuth extauthz: guest 200; extra path segments ignored (including
> deep path); admin actor + groups; bad creds → 401; no creds → 500.
> {{test_knox_configs.py}}
> * Global HSTS on 404 for a non-existent gateway path (with Basic auth on the
> request).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
