Copilot commented on code in PR #5049: URL: https://github.com/apache/texera/pull/5049#discussion_r3271309342
########## workflow-compiling-service/src/test/scala/org/apache/texera/service/WorkflowCompilingServiceRunSpec.scala: ########## @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.texera.service + +import io.dropwizard.auth.{AuthDynamicFeature, AuthValueFactoryProvider} +import io.dropwizard.core.setup.Environment +import io.dropwizard.jersey.setup.JerseyEnvironment +import io.dropwizard.jetty.MutableServletContextHandler +import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature +import org.mockito.Mockito.{mock, verify, when} +import org.scalatest.flatspec.AnyFlatSpec +import org.scalatest.matchers.should.Matchers + +class WorkflowCompilingServiceRunSpec extends AnyFlatSpec with Matchers { + + // Verifies that the @RolesAllowed annotations on resource methods are actually + // enforced by Jersey, which requires RolesAllowedDynamicFeature, AuthDynamicFeature, + // and AuthValueFactoryProvider.Binder to be registered on the Jersey environment. + "WorkflowCompilingService.run" should "register auth + RolesAllowedDynamicFeature on the Jersey environment" in { + val jersey = mock(classOf[JerseyEnvironment]) + val context = mock(classOf[MutableServletContextHandler]) + val env = mock(classOf[Environment]) + when(env.jersey).thenReturn(jersey) + when(env.getApplicationContext).thenReturn(context) + + val service = new WorkflowCompilingService + // run() may throw if SqlServer/StorageConfig or other side effects fail + // under mocks. Auth + RolesAllowedDynamicFeature registrations happen + // before any such failure, so the verifications below remain valid. + try { + service.run(mock(classOf[WorkflowCompilingServiceConfiguration]), env) + } catch { + case _: Throwable => // expected under mocks + } + + verify(jersey).register(classOf[RolesAllowedDynamicFeature]) + verify(jersey).register(org.mockito.ArgumentMatchers.any(classOf[AuthDynamicFeature])) + verify(jersey).register( + org.mockito.ArgumentMatchers.any(classOf[AuthValueFactoryProvider.Binder[_]]) Review Comment: This spec calls `service.run(...)`, but `WorkflowCompilingService.run` executes `SqlServer.initConnection(...)` before the Jersey registrations being verified. That means the test may attempt a real DB connection (or hang/fail) before reaching `jersey.register(...)`, making the test brittle/non-deterministic. Consider refactoring the service to extract Jersey registration into a side-effect-free method (or moving DB init after registration) so the test can execute without touching external systems. ########## computing-unit-managing-service/src/test/scala/org/apache/texera/service/ComputingUnitManagingServiceRunSpec.scala: ########## @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.texera.service + +import io.dropwizard.auth.{AuthDynamicFeature, AuthValueFactoryProvider} +import io.dropwizard.core.setup.Environment +import io.dropwizard.jersey.setup.JerseyEnvironment +import io.dropwizard.jetty.MutableServletContextHandler +import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature +import org.mockito.Mockito.{mock, verify, when} +import org.scalatest.flatspec.AnyFlatSpec +import org.scalatest.matchers.should.Matchers + +class ComputingUnitManagingServiceRunSpec extends AnyFlatSpec with Matchers { + + // Verifies that the @RolesAllowed annotations on resource methods are actually + // enforced by Jersey, which requires RolesAllowedDynamicFeature, AuthDynamicFeature, + // and AuthValueFactoryProvider.Binder to be registered on the Jersey environment. + "ComputingUnitManagingService.run" should "register auth + RolesAllowedDynamicFeature on the Jersey environment" in { + val jersey = mock(classOf[JerseyEnvironment]) + val context = mock(classOf[MutableServletContextHandler]) + val env = mock(classOf[Environment]) + when(env.jersey).thenReturn(jersey) + when(env.getApplicationContext).thenReturn(context) + + val service = new ComputingUnitManagingService + // run() may throw if SqlServer/StorageConfig or other side effects fail + // under mocks. Auth + RolesAllowedDynamicFeature registrations happen + // before any such failure, so the verifications below remain valid. + try { + service.run(mock(classOf[ComputingUnitManagingServiceConfiguration]), env) + } catch { + case _: Throwable => // expected under mocks + } Review Comment: This spec calls `service.run(...)`, but `ComputingUnitManagingService.run` invokes `SqlServer.initConnection(...)` at the very beginning. That can cause the test to attempt a real DB connection (or hang/fail) before any of the Jersey registrations are executed, so the verifications may never be reached. Refactor to isolate Jersey registration from DB init (e.g., extract a method or reorder init) so the test can run deterministically without external side effects. ########## computing-unit-managing-service/src/main/scala/org/apache/texera/service/ComputingUnitManagingService.scala: ########## @@ -70,6 +71,9 @@ class ComputingUnitManagingService extends Application[ComputingUnitManagingServ new io.dropwizard.auth.AuthValueFactoryProvider.Binder(classOf[SessionUser]) ) + // Enforce @RolesAllowed annotations on resource methods + environment.jersey.register(classOf[RolesAllowedDynamicFeature]) + Review Comment: `SqlServer.initConnection(...)` runs before the Jersey registrations (including `RolesAllowedDynamicFeature`). This makes it hard to unit-test registration behavior without hitting a real DB, and it can also delay failing fast on missing Jersey config until after a potentially slow DB attempt. Consider moving DB init after the Jersey setup or extracting Jersey registration into a separate method to improve testability and startup robustness. ########## workflow-compiling-service/src/main/scala/org/apache/texera/service/WorkflowCompilingService.scala: ########## @@ -61,6 +64,17 @@ class WorkflowCompilingService extends Application[WorkflowCompilingServiceConfi environment.jersey.register(classOf[HealthCheckResource]) + // Register JWT authentication filter + environment.jersey.register(new AuthDynamicFeature(classOf[JwtAuthFilter])) + + // Enable @Auth annotation for injecting SessionUser + environment.jersey.register( + new io.dropwizard.auth.AuthValueFactoryProvider.Binder(classOf[SessionUser]) + ) + + // Enforce @RolesAllowed annotations on resource methods + environment.jersey.register(classOf[RolesAllowedDynamicFeature]) + Review Comment: The auth / `RolesAllowedDynamicFeature` registrations happen after `SqlServer.initConnection(...)` (earlier in `run`). As a result, tests that call `run` under mocks can block on DB init before any of these `environment.jersey.register(...)` calls execute. To keep startup testable and avoid accidental external connections during unit tests, consider moving `SqlServer.initConnection` below the Jersey registrations or extracting the registration logic into a separate method that can be tested in isolation. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
