test(auth): add functional test for jwtaccess cache segregation#8646
Open
westarle wants to merge 1 commit into
Open
test(auth): add functional test for jwtaccess cache segregation#8646westarle wants to merge 1 commit into
westarle wants to merge 1 commit into
Conversation
Add cache segregation test to functionally verify JWTAccess isolates token caches correctly by scopes and URLs. TAG=agy CONV=4aafb1cc-33ea-453d-968d-7e69305c0b3a
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request adds a new test case to verify cache isolation by scopes and URLs when retrieving request headers. However, the test contains several critical issues that will cause it to fail at runtime, including missing await keywords for asynchronous calls, incorrect usage of .get() on a plain object, and a typo in the test URLs. A code suggestion has been provided to resolve these issues.
Comment on lines
+225
to
+251
| const testUri1 = 'http:/example.com/service1'; | ||
| const testUri2 = 'http:/example.com/service2'; | ||
|
|
||
| // 1. Different scopes for the same URL should return different tokens | ||
| const headersScope1 = client.getRequestHeaders(testUri1, undefined, 'scope1'); | ||
| const tokenScope1 = headersScope1.get('authorization'); | ||
| assert(tokenScope1); | ||
|
|
||
| const headersScope2 = client.getRequestHeaders(testUri1, undefined, 'scope2'); | ||
| const tokenScope2 = headersScope2.get('authorization'); | ||
| assert(tokenScope2); | ||
| assert.notStrictEqual(tokenScope1, tokenScope2); | ||
|
|
||
| // 2. Different URLs (without scopes) should return different tokens (different audience) | ||
| const headersUrl1 = client.getRequestHeaders(testUri1); | ||
| const tokenUrl1 = headersUrl1.get('authorization'); | ||
| assert(tokenUrl1); | ||
|
|
||
| const headersUrl2 = client.getRequestHeaders(testUri2); | ||
| const tokenUrl2 = headersUrl2.get('authorization'); | ||
| assert(tokenUrl2); | ||
| assert.notStrictEqual(tokenUrl1, tokenUrl2); | ||
|
|
||
| // 3. Verify cache hit works for the exact same parameters | ||
| const headersScope1Cached = client.getRequestHeaders(testUri1, undefined, 'scope1'); | ||
| const tokenScope1Cached = headersScope1Cached.get('authorization'); | ||
| assert.strictEqual(tokenScope1, tokenScope1Cached); |
Contributor
There was a problem hiding this comment.
There are multiple critical issues in this test that will cause it to fail at runtime:
- Missing
await:getRequestHeadersis an asynchronous method returning aPromise<Headers>. It must be awaited to resolve the headers. - Invalid
.get()call: The returnedHeadersis a plain object ({[key: string]: string}), not aMapor aHeadersclass instance. Calling.get('authorization')will throw aTypeError. Instead, access theAuthorizationproperty directly. - URL Typo: The test URLs are missing a slash (
http:/instead ofhttp://).
const testUri1 = 'http://example.com/service1';
const testUri2 = 'http://example.com/service2';
// 1. Different scopes for the same URL should return different tokens
const headersScope1 = await client.getRequestHeaders(testUri1, undefined, 'scope1');
const tokenScope1 = headersScope1.Authorization;
assert(tokenScope1);
const headersScope2 = await client.getRequestHeaders(testUri1, undefined, 'scope2');
const tokenScope2 = headersScope2.Authorization;
assert(tokenScope2);
assert.notStrictEqual(tokenScope1, tokenScope2);
// 2. Different URLs (without scopes) should return different tokens (different audience)
const headersUrl1 = await client.getRequestHeaders(testUri1);
const tokenUrl1 = headersUrl1.Authorization;
assert(tokenUrl1);
const headersUrl2 = await client.getRequestHeaders(testUri2);
const tokenUrl2 = headersUrl2.Authorization;
assert(tokenUrl2);
assert.notStrictEqual(tokenUrl1, tokenUrl2);
// 3. Verify cache hit works for the exact same parameters
const headersScope1Cached = await client.getRequestHeaders(testUri1, undefined, 'scope1');
const tokenScope1Cached = headersScope1Cached.Authorization;
assert.strictEqual(tokenScope1, tokenScope1Cached);
Contributor
There was a problem hiding this comment.
- It looks like there are multiple
getRequestHeadersmethods that are Promises . . . but the JWTAccess one is not. The test looks correct.
-
Again, I think Gemini is wrong here. The data returned is a Headers object, which does have a
getmethod: -
This is fair, but clearly a nit.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add cache segregation test to functionally verify JWTAccess isolates token caches correctly by scopes and URLs.