[abacus] End-to-end test coverage for secured Abacus

Saravanakumar A. Srinivasan

Now that we have secured Abacus using OAuth bearer access token based authentication (See [1] for more details), we need to have an end-end test coverage that tests Abacus with security enabled at Travis.

Looking for adding this test as a variation of one of our existing end-to-end tests and/or all of our integration tests by just simply adding security environment variables before starting Abacus and the tests.

Since our integration tests are starting a part of Abacus processing steps inside the test, it would be simpler to cover at integration tests, however, integration tests do not flow to the next processing step in the pipeline, thus we will not be able to test the flow from one processing step to another.

Whereas Performance Test and Demo Client expect a running Abacus, so any variations require all of them to be started with same set of environment variables to complete a meaningful test. One of the options could be to have an npm script/command that would run this variation as one step and have them integrated with our continuous integration build at Travis.

Adding a security variation to Demo Client would raise the entry bar for anybody trying to get familiar with Abacus. So I am moving towards having an npm script to 1. set security environment variables,  2. start Abacus, 3. run Performance Test with OAuth bearer token, and 4. stop Abacus.  

That would leave us with Demo Client and all integration tests to run only on an unsecured Abacus environment and the Performance Test could be run with either secured or unsecured Abacus. 

Any opinions/comments/thoughts?

Saravanakumar Srinivasan (Assk)

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.