Gabriella Lotz has posted comments on this change. ( http://gerrit.cloudera.org:8080/23045 )
Change subject: Add REST API integration tests ...................................................................... Patch Set 11: (2 comments) http://gerrit.cloudera.org:8080/#/c/23045/10//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/23045/10//COMMIT_MSG@9 PS10, Line 9: Additions to master_authz-itest.cc > Right -- my point was exactly about the integration-level coverage: what we Oh, okay now it makes sense. The test scenarios were selected to demonstrate realistic REST API usage patterns in an authorization-enabled environment. These tests focus on proving that the REST API correctly integrates with the authorization system for common operations like table creation, deletion, and listing across multiple users. The multi-user scenarios specifically validate that the HTTP authentication and principal mapping work correctly in practice. Also the REST API path involves several additional layers that aren't exercised by RPC client tests: HTTP request parsing, JSON serialization/deserialization, SPNEGO authentication negotiation over HTTP, and Kerberos principal-to-username mapping in the HTTP context. These create a different integration surface that could potentially fail even when the underlying authorization logic works correctly through RPC channels. While these tests don't cover every possible authorization scenario, they do cover everything needed to validate that the REST API authorization integration works as intended. http://gerrit.cloudera.org:8080/#/c/23045/10/src/kudu/integration-tests/master_authz-itest.cc File src/kudu/integration-tests/master_authz-itest.cc: http://gerrit.cloudera.org:8080/#/c/23045/10/src/kudu/integration-tests/master_authz-itest.cc@1055 PS10, Line 1055: ::testing::Values(kRanger), > > The parameterization is required by the test infrastructure. You're right. The parameterization is indeed a legacy remnant from when multiple authorization providers were supported. Looking at the current codebase, only Ranger is used, so the parameterization doesn't serve a functional purpose. I kept the parameterization for consistency with the existing MasterAuthzITest pattern in the same file, but you're correct that it's not technically required. The tests should work equally well as TEST_F. -- To view, visit http://gerrit.cloudera.org:8080/23045 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ifd3ff0dfd67cbc2b5ed0454372dd2bcea71e2ba3 Gerrit-Change-Number: 23045 Gerrit-PatchSet: 11 Gerrit-Owner: Gabriella Lotz <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Gabriella Lotz <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Marton Greber <[email protected]> Gerrit-Reviewer: Zoltan Chovan <[email protected]> Gerrit-Comment-Date: Fri, 22 Aug 2025 11:42:01 +0000 Gerrit-HasComments: Yes
