adnanhemani commented on code in PR #2747: URL: https://github.com/apache/polaris/pull/2747#discussion_r2400165712
########## runtime/service/src/test/java/org/apache/polaris/service/context/RealmContextFilterTest.java: ########## @@ -0,0 +1,108 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.polaris.service.context; + +import static io.restassured.RestAssured.given; +import static org.hamcrest.CoreMatchers.is; + +import io.quarkus.test.common.http.TestHTTPEndpoint; +import io.quarkus.test.junit.QuarkusTest; +import io.quarkus.test.junit.QuarkusTestProfile; +import io.quarkus.test.junit.TestProfile; +import io.restassured.http.ContentType; +import io.restassured.specification.RequestSpecification; +import jakarta.ws.rs.core.Response; +import java.util.Map; +import org.apache.polaris.service.catalog.api.IcebergRestOAuth2Api; +import org.junit.jupiter.api.Test; + +@QuarkusTest +@TestHTTPEndpoint(IcebergRestOAuth2Api.class) +@TestProfile(RealmContextFilterTest.Profile.class) +@SuppressWarnings("UastIncorrectHttpHeaderInspection") +class RealmContextFilterTest { + + public static class Profile implements QuarkusTestProfile { + @Override + public Map<String, String> getConfigOverrides() { + return Map.of( + "polaris.realm-context.header-name", + REALM_HEADER, + "polaris.realm-context.realms", + "realm1,realm2", + "polaris.bootstrap.credentials", + "realm1,client1,secret1;realm2,client2,secret2"); + } + } + + private static final String REALM_HEADER = "test-header-r123"; + + @Test + public void testInvalidRealmHeaderValue() { + givenTokenRequest("client1", "secret1") + .header(REALM_HEADER, "INVALID") + .when() + .post() + .then() + .statusCode(Response.Status.NOT_FOUND.getStatusCode()) + .body("error.message", is("Missing or invalid realm")) + .body("error.type", is("MissingOrInvalidRealm")) + .body("error.code", is(Response.Status.NOT_FOUND.getStatusCode())); + } + + @Test + public void testNoRealmHeader() { + givenTokenRequest("client2", "secret2") + .header("irrelevant-header", "fake-realm") + .when() + .post() + .then() + .statusCode(Response.Status.UNAUTHORIZED.getStatusCode()); + } + + @Test + public void testDefaultRealm() { + givenTokenRequest("client1", "secret1") Review Comment: What's the difference between this test and the one above it? Per what I'm seeing, it's the exact same request for different users who both have correct credentials as per L51. I don't see the `require-header` variable changing between the two so I'm confused whether this is testing the default header properly or not, as the test names suggest? And if the default header was triggering the `IllegalArgumentException`, wouldn't that be a `400 Bad Request` error code rather than `Unauthorized`? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
