[
https://issues.apache.org/jira/browse/KNOX-3293?focusedWorklogId=1013833&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1013833
]
ASF GitHub Bot logged work on KNOX-3293:
----------------------------------------
Author: ASF GitHub Bot
Created on: 07/Apr/26 17:39
Start Date: 07/Apr/26 17:39
Worklog Time Spent: 10m
Work Description: Raghav-Mah3shwari opened a new pull request, #1194:
URL: https://github.com/apache/knox/pull/1194
What changes were proposed in this pull request?
This PR adds integration tests under .github/workflows/tests that run
against the Knox gateway in the workflow Docker Compose stack:
test_health.py — test_health_metrics_returns_json checks that GET
/gateway/health/v1/metrics?pretty=true returns 200, a JSON Content-Type, and a
parseable JSON object body.
test_knoxauth_preauth_and_paths.py — Covers KnoxLDAP preauth (401 without
credentials / bad credentials; POST with valid credentials) and extauthz
behavior when an additional path segment is not ignored (expects 404 vs
treating it like the base extauthz URL).
test_remoteauth_extauthz_additional_path.py — Covers RemoteAuth extauthz:
success with valid Basic auth and X-Knox-Actor-ID, additional path ignored when
configured, 401 for bad credentials, and current behavior (500) when the
Authorization header is missing.
How was this patch tested?
Built the workflow Knox image and ran the compose stack, then executed the
integration test container (same flow as .github/workflows/tests/README.md).
Command (from the repo root, paths as in the README):
docker compose -f ./.github/workflows/compose/docker-compose.yml up --build
--exit-code-from tests tests
Confirmed pytest collects and passes the new cases together with existing
workflow tests (health ping, LDAP auth service, configs, remote auth, etc.).
Integration Tests
Yes. New/updated tests live under .github/workflows/tests:
Issue Time Tracking
-------------------
Worklog Id: (was: 1013833)
Remaining Estimate: 23h 50m (was: 24h)
Time Spent: 10m
> Add integration tests: health metrics JSON, KnoxLDAP preauth/extauthz paths,
> RemoteAuth extauthz
> ------------------------------------------------------------------------------------------------
>
> Key: KNOX-3293
> URL: https://issues.apache.org/jira/browse/KNOX-3293
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxShell
> Reporter: Raghav Maheshwari
> Priority: Major
> Original Estimate: 24h
> Time Spent: 10m
> Remaining Estimate: 23h 50m
>
> New/extended pytest coverage under {{.github/workflows/tests/}} for the
> Docker Compose–driven Knox stack (health, {{{}knoxldap{}}}, {{remoteauth}}
> topologies).
> {{test_health.py}}
> * {{test_health_metrics_returns_json}} — {{GET
> /gateway/health/v1/metrics?pretty=true}} returns 200, response is JSON
> ({{{}Content-Type{}}} and parseable body as an object).
> {{test_knoxauth_preauth_and_paths.py}} (KnoxLDAP)
> * {{test_preauth_requires_auth}} — preauth without credentials → 401.
> * {{test_preauth_bad_credentials_unauthorized}} — invalid Basic auth → 401.
> * {{test_preauth_post_supported}} — POST to preauth with valid credentials
> works.
> * {{test_extauthz_additional_path_not_ignored_in_knoxldap}} — extra path
> under extauthz is not treated as the base resource (404 vs success).
> {{test_remoteauth_extauthz_additional_path.py}} (RemoteAuth)
> * {{test_extauthz_success}} — valid Basic auth → 200 and expected
> {{{}X-Knox-Actor-ID{}}}.
> * {{test_extauthz_additional_path_is_ignored}} — with
> ignore-additional-path, extra segments still succeed.
> * {{test_extauthz_bad_credentials_unauthorized}} — bad credentials → 401.
> * {{test_extauthz_missing_credentials_server_error}} — no {{Authorization}}
> header → 500 (current behavior).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
