Add property based testing to auth API using schemathesis

Signed-off-by: Rodney Osodo <[email protected]>
absmach · Feb 21, 2024 · 28c4b00 · 28c4b00
1 parent e40bfb6
commit 28c4b00
Show file tree

Hide file tree

Showing 13 changed files with 161 additions and 256 deletions.
diff --git a/.github/workflows/api-tests.yml b/.github/workflows/api-tests.yml
@@ -49,6 +49,7 @@ env:
   USERS_URL: http://localhost:9002
   THINGS_URL: http://localhost:9000
   INVITATIONS_URL: http://localhost:9020
+  AUTH_URL: http://localhost:8189
 
 jobs:
   api-test:
@@ -166,6 +167,16 @@ jobs:
           report: false
           args: '--header "Authorization: Bearer ${{ env.USER_TOKEN }}" --contrib-unique-data --contrib-openapi-formats-uuid --hypothesis-suppress-health-check=filter_too_much --stateful=links'
 
+      - name: Run Auth API tests
+        if: steps.changes.outputs.auth == 'true'
+        uses: schemathesis/action@v1
+        with:
+          schema: api/openapi/auth.yml
+          base-url: ${{ env.AUTH_URL }}
+          checks: all
+          report: false
+          args: '--header "Authorization: Bearer ${{ env.USER_TOKEN }}" --contrib-unique-data --contrib-openapi-formats-uuid --hypothesis-suppress-health-check=filter_too_much --stateful=links'
+
       - name: Stop containers
         if: always()
         run: make run down args="-v"
diff --git a/Makefile b/Makefile
@@ -153,6 +153,7 @@ endef
 test_api_users: TEST_API_URL := http://localhost:9002
 test_api_things: TEST_API_URL := http://localhost:9000
 test_api_invitations: TEST_API_URL := http://localhost:9020
+test_api_auth: TEST_API_URL := http://localhost:8189
 
 $(TEST_API):
 	$(call test_api_service,$(@),$(TEST_API_URL))

diff --git a/api/openapi/auth.yml b/api/openapi/auth.yml
@@ -74,6 +74,8 @@ paths:
       responses:
         "200":
           $ref: "#/components/responses/DomainsPageRes"
+        "400":
+          description: Failed due to malformed query parameters.          
         "401":
           description: Missing or invalid access token provided.
         "404":
@@ -99,6 +101,8 @@ paths:
           $ref: "#/components/responses/DomainRes"
         "401":
           description: Missing or invalid access token provided.
+        "403":
+          description: Failed to perform authorization over the entity.          
         "404":
           description: A non-existent entity request.
         "422":
@@ -133,26 +137,7 @@ paths:
           description: Missing or invalid content type.
         "500":
           $ref: "#/components/responses/ServiceError"
-    delete:
-      summary: Delete domain for a domain with the given id.
-      description: |
-        Delete domain removes a domain with the given id from repo
-        and removes all the things, channels, assigned users, policies related to this domain.
-      tags:
-        - Domains
-      parameters:
-        - $ref: "#/components/parameters/DomainID"
-      security:
-        - bearerAuth: []
-      responses:
-        "204":
-          description: Domain deleted.
-        "401":
-          description: Missing or invalid access token provided.
-        "403":
-          description: Unauthorized access to domain id.
-        "500":
-          $ref: "#/components/responses/ServiceError"
+
   /domains/{domainID}/permissions:
     get:
       summary: Retrieves user permissions on domain.
@@ -319,6 +304,7 @@ paths:
           $ref: "#/components/responses/ServiceError"
   /keys:
     post:
+      operationId: issueKey
       tags:
         - Keys
       summary: Issue API key
@@ -341,6 +327,7 @@ paths:
 
   /keys/{keyID}:
     get:
+      operationId: getKey
       summary: Gets API key details.
       description: |
         Gets API key details for the given key.
@@ -355,10 +342,13 @@ paths:
           description: Failed due to malformed query parameters.
         "401":
           description: Missing or invalid access token provided.
+        "404":
+          description: A non-existent entity request.
         "500":
           $ref: "#/components/responses/ServiceError"
 
     delete:
+      operationId: revokeKey
       summary: Revoke API key
       description: |
         Revoke API key identified by the given ID.
@@ -371,11 +361,14 @@ paths:
           description: Key revoked.
         "401":
           description: Missing or invalid access token provided.
+        "404":
+          description: A non-existent entity request.
         "500":
           $ref: "#/components/responses/ServiceError"
 
   /policies:
     post:
+      operationId: addPolicies
       summary: Creates new policies.
       description: |
         Creates new policies. Only admin can use this endpoint. Therefore, you need an authentication token for the admin.
@@ -393,6 +386,8 @@ paths:
           description: Missing or invalid access token provided.
         "403":
           description: Unauthorized access token provided.
+        "404":
+          description: A non-existent entity request.
         "409":
           description: Failed due to using an existing email address.
         "415":
@@ -402,6 +397,7 @@ paths:
 
   /policies/delete:
     post:
+      operationId: deletePolicies
       summary: Deletes policies.
       description: |
         Deletes policies. Only admin can use this endpoint. Therefore, you need an authentication token for the admin.
@@ -415,6 +411,8 @@ paths:
           description: Policies deleted.
         "400":
           description: Failed due to malformed JSON.
+        "404":
+          description: A non-existent entity request.
         "409":
           description: Failed due to using an existing email address.
         "415":
@@ -441,7 +439,7 @@ paths:
         - bearerAuth: []
       responses:
         "200":
-          $ref: "users.yml#/components/responses/UserPageRes"
+          $ref: "#/components/responses/DomainsPageRes"
         "400":
           description: Failed due to malformed query parameters.
         "401":
@@ -569,7 +567,7 @@ components:
           example: 10
           description: Maximum number of items to return in one page.
       required:
-        - domain
+        - domains
         - total
         - offset
     DomainUpdate:
@@ -867,11 +865,16 @@ components:
         application/json:
           schema:
             $ref: "#/components/schemas/Key"
+      links:
+        revoke:
+          operationId: revokeKey
+          parameters:
+            keyID: $response.body#/id
 
     HealthRes:
       description: Service Health Check.
       content:
-        application/json:
+        application/health+json:
           schema:
             $ref: "./schemas/HealthInfo.yml"
 

diff --git a/auth/api/http/domains/endpoint.go b/auth/api/http/domains/endpoint.go
@@ -29,7 +29,7 @@ func createDomainEndpoint(svc auth.Service) endpoint.Endpoint {
 			return nil, err
 		}
 
-		return createDomainRes{Data: domain}, nil
+		return createDomainRes{domain}, nil
 	}
 }
 
@@ -44,7 +44,7 @@ func retrieveDomainEndpoint(svc auth.Service) endpoint.Endpoint {
 		if err != nil {
 			return nil, err
 		}
-		return retrieveDomainRes{Data: domain}, nil
+		return retrieveDomainRes{domain}, nil
 	}
 }
 
@@ -85,7 +85,7 @@ func updateDomainEndpoint(svc auth.Service) endpoint.Endpoint {
 			return nil, err
 		}
 
-		return updateDomainRes{Data: domain}, nil
+		return updateDomainRes{domain}, nil
 	}
 }
 
@@ -111,7 +111,7 @@ func listDomainsEndpoint(svc auth.Service) endpoint.Endpoint {
 		if err != nil {
 			return nil, err
 		}
-		return listDomainsRes{Data: dp}, nil
+		return listDomainsRes{dp}, nil
 	}
 }
 
@@ -219,6 +219,6 @@ func listUserDomainsEndpoint(svc auth.Service) endpoint.Endpoint {
 		if err != nil {
 			return nil, err
 		}
-		return listUserDomainsRes{Data: dp}, nil
+		return listUserDomainsRes{dp}, nil
 	}
 }
diff --git a/auth/api/http/domains/endpoint_test.go b/auth/api/http/domains/endpoint_test.go
@@ -241,9 +241,7 @@ func TestListDomains(t *testing.T) {
 			token:  validToken,
 			status: http.StatusOK,
 			listDomainsRequest: auth.DomainsPage{
-				Page: auth.Page{
-					Total: 1,
-				},
+				Total:   1,
 				Domains: []auth.Domain{domain},
 			},
 			err: nil,
@@ -265,9 +263,7 @@ func TestListDomains(t *testing.T) {
 			desc:  "list domains  with offset",
 			token: validToken,
 			listDomainsRequest: auth.DomainsPage{
-				Page: auth.Page{
-					Total: 1,
-				},
+				Total:   1,
 				Domains: []auth.Domain{domain},
 			},
 			query:  "offset=1",
@@ -285,9 +281,7 @@ func TestListDomains(t *testing.T) {
 			desc:  "list domains  with limit",
 			token: validToken,
 			listDomainsRequest: auth.DomainsPage{
-				Page: auth.Page{
-					Total: 1,
-				},
+				Total:   1,
 				Domains: []auth.Domain{domain},
 			},
 			query:  "limit=1",
@@ -305,9 +299,7 @@ func TestListDomains(t *testing.T) {
 			desc:  "list domains  with name",
 			token: validToken,
 			listDomainsRequest: auth.DomainsPage{
-				Page: auth.Page{
-					Total: 1,
-				},
+				Total:   1,
 				Domains: []auth.Domain{domain},
 			},
 			query:  "name=domainname",
@@ -332,9 +324,7 @@ func TestListDomains(t *testing.T) {
 			desc:  "list domains  with status",
 			token: validToken,
 			listDomainsRequest: auth.DomainsPage{
-				Page: auth.Page{
-					Total: 1,
-				},
+				Total:   1,
 				Domains: []auth.Domain{domain},
 			},
 			query:  "status=enabled",
@@ -359,9 +349,7 @@ func TestListDomains(t *testing.T) {
 			desc:  "list domains  with tags",
 			token: validToken,
 			listDomainsRequest: auth.DomainsPage{
-				Page: auth.Page{
-					Total: 1,
-				},
+				Total:   1,
 				Domains: []auth.Domain{domain},
 			},
 			query:  "tag=tag1,tag2",
@@ -386,9 +374,7 @@ func TestListDomains(t *testing.T) {
 			desc:  "list domains  with metadata",
 			token: validToken,
 			listDomainsRequest: auth.DomainsPage{
-				Page: auth.Page{
-					Total: 1,
-				},
+				Total:   1,
 				Domains: []auth.Domain{domain},
 			},
 			query:  "metadata=%7B%22domain%22%3A%20%22example.com%22%7D&",
@@ -413,9 +399,7 @@ func TestListDomains(t *testing.T) {
 			desc:  "list domains  with permissions",
 			token: validToken,
 			listDomainsRequest: auth.DomainsPage{
-				Page: auth.Page{
-					Total: 1,
-				},
+				Total:   1,
 				Domains: []auth.Domain{domain},
 			},
 			query:  "permission=view",
@@ -440,9 +424,7 @@ func TestListDomains(t *testing.T) {
 			desc:  "list domains  with order",
 			token: validToken,
 			listDomainsRequest: auth.DomainsPage{
-				Page: auth.Page{
-					Total: 1,
-				},
+				Total:   1,
 				Domains: []auth.Domain{domain},
 			},
 			query:  "order=name",
@@ -466,9 +448,7 @@ func TestListDomains(t *testing.T) {
 			desc:  "list domains  with dir",
 			token: validToken,
 			listDomainsRequest: auth.DomainsPage{
-				Page: auth.Page{
-					Total: 1,
-				},
+				Total:   1,
 				Domains: []auth.Domain{domain},
 			},
 			query:  "dir=asc",
@@ -1231,9 +1211,7 @@ func TestListDomainsByUserID(t *testing.T) {
 			token:  validToken,
 			status: http.StatusOK,
 			listDomainsRequest: auth.DomainsPage{
-				Page: auth.Page{
-					Total: 1,
-				},
+				Total:   1,
 				Domains: []auth.Domain{domain},
 			},
 			userID: validID,
@@ -1264,9 +1242,7 @@ func TestListDomainsByUserID(t *testing.T) {
 			desc:  "list domains by user id with offset",
 			token: validToken,
 			listDomainsRequest: auth.DomainsPage{
-				Page: auth.Page{
-					Total: 1,
-				},
+				Total:   1,
 				Domains: []auth.Domain{domain},
 			},
 			query:  "offset=1",
@@ -1285,9 +1261,7 @@ func TestListDomainsByUserID(t *testing.T) {
 			desc:  "list domains by user id with limit",
 			token: validToken,
 			listDomainsRequest: auth.DomainsPage{
-				Page: auth.Page{
-					Total: 1,
-				},
+				Total:   1,
 				Domains: []auth.Domain{domain},
 			},
 			query:  "limit=1",