Update API test workflow and schemas

Signed-off-by: Rodney Osodo <[email protected]>
Signed-off-by: rodneyosodo <[email protected]>
Signed-off-by: Rodney Osodo <[email protected]>

.github/workflows/api-tests.yml

@@ -7,16 +7,47 @@ on:
   push:
     branches:
       - main
+    paths:
+      - ".github/workflows/api-tests.yml"
+      - "api/**"
+      - "auth/api/http/**"
+      - "bootstrap/api**"
+      - "certs/api/**"
+      - "consumers/notifiers/api/**"
+      - "http/api/**"
+      - "invitations/api/**"
+      - "provision/api/**"
+      - "readers/api/**"
+      - "things/api/**"
+      - "twins/api/**"
+      - "users/api/**"
+
   pull_request:
     branches:
       - main
+    paths:
+      - ".github/workflows/api-tests.yml"
+      - "api/**"
+      - "auth/api/http/**"
+      - "bootstrap/api**"
+      - "certs/api/**"
+      - "consumers/notifiers/api/**"
+      - "http/api/**"
+      - "invitations/api/**"
+      - "provision/api/**"
+      - "readers/api/**"
+      - "things/api/**"
+      - "twins/api/**"
+      - "users/api/**"
 
 env:
   TOKENS_URL: http://localhost:9002/users/tokens/issue
   DOMAINS_URL: http://localhost:8189/domains
   USER_IDENTITY: [email protected]
   USER_SECRET: 12345678
   DOMAIN_NAME: demo-test
+  USERS_URL: http://localhost:9002
+  THINGS_URL: http://localhost:9000
 
 jobs:
   api-test:
@@ -44,20 +75,82 @@ jobs:
           export USER_TOKEN=$(curl -sSX POST $TOKENS_URL -H "Content-Type: application/json" -d "{\"identity\": \"$USER_IDENTITY\",\"secret\": \"$USER_SECRET\",\"domain_id\": \"$DOMAIN_ID\"}" | jq -r .access_token)
           echo "USER_TOKEN=$USER_TOKEN" >> $GITHUB_ENV
 
+      - name: Check for changes in specific paths
+        uses: dorny/paths-filter@v2
+        id: changes
+        with:
+          filters: |
+            auth:
+              - ".github/workflows/api-tests.yml"
+              - "api/openapi/auth.yml"
+              - "auth/api/http/**"
+              
+            bootstrap:
+              - ".github/workflows/api-tests.yml"
+              - "api/openapi/bootstrap.yml"
+              - "bootstrap/api/**"
+
+            certs:
+              - ".github/workflows/api-tests.yml"
+              - "api/openapi/certs.yml"
+              - "certs/api/**"
+
+            notifiers:
+              - ".github/workflows/api-tests.yml"
+              - "api/openapi/notifiers.yml"
+              - "consumers/notifiers/api/**"
+
+            http:
+              - ".github/workflows/api-tests.yml"
+              - "api/openapi/http.yml"
+              - "http/api/**"
+
+            invitations:
+              - ".github/workflows/api-tests.yml"
+              - "api/openapi/invitations.yml"
+              - "invitations/api/**"
+
+            provision:
+              - ".github/workflows/api-tests.yml"
+              - "api/openapi/provision.yml"
+              - "provision/api/**"
+
+            readers:
+              - ".github/workflows/api-tests.yml"
+              - "api/openapi/readers.yml"
+              - "readers/api/**"
+
+            things:
+              - ".github/workflows/api-tests.yml"
+              - "api/openapi/things.yml"
+              - "things/api/**"
+
+            twins:
+              - ".github/workflows/api-tests.yml"
+              - "api/openapi/twins.yml"
+              - "twins/api/**"
+
+            users:
+              - ".github/workflows/api-tests.yml"
+              - "api/openapi/users.yml"
+              - "users/api/**"
+
       - name: Run Users API tests
+        if: steps.changes.outputs.users == 'true'
         uses: schemathesis/action@v1
         with:
           schema: api/openapi/users.yml
-          base-url: http://localhost:9002
+          base-url: ${{ env.USERS_URL }}
           checks: all
           report: false
           args: '--header "Authorization: Bearer ${{ env.USER_TOKEN }}" --contrib-unique-data --contrib-openapi-formats-uuid --hypothesis-suppress-health-check=filter_too_much --stateful=links'
 
       - name: Run Things API tests
+        if: steps.changes.outputs.things == 'true'
         uses: schemathesis/action@v1
         with:
           schema: api/openapi/things.yml
-          base-url: http://localhost:9000
+          base-url: ${{ env.THINGS_URL }}
           checks: all
           report: false
           args: '--header "Authorization: Bearer ${{ env.USER_TOKEN }}" --contrib-unique-data --contrib-openapi-formats-uuid --hypothesis-suppress-health-check=filter_too_much --stateful=links'

Makefile

@@ -6,6 +6,8 @@ BUILD_DIR = build
 SERVICES = auth users things http coap ws lora influxdb-writer influxdb-reader mongodb-writer \
 	mongodb-reader cassandra-writer cassandra-reader postgres-writer postgres-reader timescale-writer timescale-reader cli \
 	bootstrap opcua twins mqtt provision certs smtp-notifier smpp-notifier invitations
+TEST_API_SERVICES = auth bootstrap certs http invitations notifiers provision readers things twins users
+TEST_API = $(addprefix test_api_,$(TEST_API_SERVICES))
 DOCKERS = $(addprefix docker_,$(SERVICES))
 DOCKERS_DEV = $(addprefix docker_dev_,$(SERVICES))
 CGO_ENABLED ?= 0
@@ -129,15 +131,30 @@ test: mocks
     done
 	go test -v --race -count 1 -tags test -coverprofile=coverage/coverage.out $$(go list ./... | grep -v 'consumers\|readers\|postgres\|internal\|opcua\|cmd')
 
-test_api:
+define test_api_service
+	$(eval svc=$(subst test_api_,,$(1)))
 	@which st > /dev/null || (echo "schemathesis not found, please install it from https://github.com/schemathesis/schemathesis#getting-started" && exit 1)
-	st run api/openapi/users.yml \
+
+	@if [ -z "$(USER_TOKEN)" ]; then \
+		echo "USER_TOKEN is not set"; \
+		echo "Please set it to a valid token"; \
+		exit 1; \
+	fi
+
+	st run api/openapi/$(svc).yml \
 	--checks all \
-	--base-url http://localhost:9002 \
+	--base-url $(2) \
 	--header "Authorization: Bearer $(USER_TOKEN)" \
 	--contrib-unique-data --contrib-openapi-formats-uuid \
 	--hypothesis-suppress-health-check=filter_too_much \
 	--stateful=links
+endef
+
+test_api_users: TEST_API_URL := http://localhost:9002
+test_api_things: TEST_API_URL := http://localhost:9000
+
+$(TEST_API):
+	$(call test_api_service,$(@),$(TEST_API_URL))
 
 proto:
 	protoc -I. --go_out=. --go_opt=paths=source_relative pkg/messaging/*.proto

api/openapi/things.yml

@@ -93,6 +93,8 @@ paths:
         "401":
           description: |
             Missing or invalid access token provided.
+        "403":
+          description: Failed to perform authorization over the entity.            
         "404":
           description: A non-existent entity request.
         "422":
@@ -112,7 +114,7 @@ paths:
       requestBody:
         $ref: "#/components/requestBodies/ThingsCreateReq"
       responses:
-        "201":
+        "200":
           $ref: "#/components/responses/ThingPageRes"
         "400":
           description: Failed due to malformed JSON.
@@ -179,6 +181,8 @@ paths:
           description: Failed to perform authorization over the entity.
         "404":
           description: Failed due to non existing thing.
+        "409":
+          description: Failed due to using an existing identity.          
         "415":
           description: Missing or invalid content type.
         "422":
@@ -534,6 +538,8 @@ paths:
           description: Failed to perform authorization over the entity.
         "404":
           description: Channel does not exist.
+        "409":
+          description: Failed due to using an existing identity.
         "415":
           description: Missing or invalid content type.
         "422":
@@ -662,7 +668,7 @@ paths:
       security:
         - bearerAuth: []
       responses:
-        "200":
+        "204":
           description: Thing unshared.
         "400":
           description: Failed due to malformed thing's ID.
@@ -722,7 +728,7 @@ paths:
       security:
         - bearerAuth: []
       responses:
-        "200":
+        "204":
           description: Thing unshared.
         "400":
           description: Failed due to malformed thing's ID.
@@ -1346,7 +1352,7 @@ components:
     ChannelsPage:
       type: object
       properties:
-        channels:
+        groups:
           type: array
           minItems: 0
           uniqueItems: true
@@ -1364,9 +1370,9 @@ components:
           example: 10
           description: Maximum number of items to return in one page.
       required:
-        - channels
+        - groups
         - total
-        - level
+        - offset
 
     PoliciesPage:
       type: object

things/api/http/endpoints_test.go

@@ -1087,7 +1087,7 @@ func TestUpdateClientSecret(t *testing.T) {
 			contentType: contentType,
 			token:       validToken,
 			status:      http.StatusBadRequest,
-			err:         apiutil.ErrBearerKey,
+			err:         apiutil.ErrMissingSecret,
 		},
 		{
 			desc: "update thing secret with invalid contentype",

things/api/http/requests_test.go

@@ -448,7 +448,7 @@ func TestUpdateClientCredentialsReqValidate(t *testing.T) {
 				id:     validID,
 				Secret: "",
 			},
-			err: apiutil.ErrBearerKey,
+			err: apiutil.ErrMissingSecret,
 		},
 	}
 	for _, c := range cases {

things/api/http/responses.go

@@ -27,8 +27,8 @@ var (
 
 type pageRes struct {
 	Limit  uint64 `json:"limit,omitempty"`
-	Offset uint64 `json:"offset,omitempty"`
-	Total  uint64 `json:"total,omitempty"`
+	Offset uint64 `json:"offset"`
+	Total  uint64 `json:"total"`
 }
 
 type createClientRes struct {

things/service.go

@@ -241,7 +241,7 @@ func (svc service) listUserThingPermission(ctx context.Context, userID, thingID
 		ObjectType:  auth.ThingType,
 	})
 	if err != nil {
-		return []string{}, err
+		return []string{}, errors.Wrap(svcerr.ErrAuthorization, err)
 	}
 	return lp.GetPermissions(), nil
 }
@@ -607,7 +607,7 @@ func (svc *service) authorize(ctx context.Context, domainID, subjType, subjKind,
 	}
 	res, err := svc.auth.Authorize(ctx, req)
 	if err != nil {
-		return "", err
+		return "", errors.Wrap(svcerr.ErrAuthorization, err)
 	}
 	if !res.GetAuthorized() {
 		return "", errors.Wrap(svcerr.ErrAuthorization, err)

users/service.go

@@ -299,7 +299,7 @@ func (svc service) ResetSecret(ctx context.Context, resetToken, secret string) e
 		return repoerr.ErrNotFound
 	}
 	if !svc.passRegex.MatchString(secret) {
-		return errors.ErrPasswordFormat
+		return svcerr.ErrPasswordFormat
 	}
 	secret, err = svc.hasher.Hash(secret)
 	if err != nil {
@@ -325,7 +325,7 @@ func (svc service) UpdateClientSecret(ctx context.Context, token, oldSecret, new
 		return mgclients.Client{}, err
 	}
 	if !svc.passRegex.MatchString(newSecret) {
-		return mgclients.Client{}, errors.ErrPasswordFormat
+		return mgclients.Client{}, svcerr.ErrPasswordFormat
 	}
 	dbClient, err := svc.clients.RetrieveByID(ctx, id)
 	if err != nil {

users/service_test.go

@@ -1183,7 +1183,7 @@ func TestUpdateClientSecret(t *testing.T) {
 			newSecret:        "weak",
 			token:            validToken,
 			identifyResponse: &magistrala.IdentityRes{UserId: client.ID},
-			err:              errors.ErrPasswordFormat,
+			err:              svcerr.ErrPasswordFormat,
 		},
 		{
 			desc:                 "update client secret with failed to retrieve client by ID",
@@ -2367,7 +2367,7 @@ func TestResetSecret(t *testing.T) {
 			newSecret:            "weak",
 			identifyResponse:     &magistrala.IdentityRes{UserId: client.ID},
 			retrieveByIDResponse: client,
-			err:                  errors.ErrPasswordFormat,
+			err:                  svcerr.ErrPasswordFormat,
 		},
 		{
 			desc:                 "reset secret with failed to update secret",