+1 to your proposal. That'll also help us test the performance impacts of
enabling that security.

- Jean-Sebastien

On Sat, Oct 10, 2015 at 8:38 PM, Saravanakumar A Srinivasan <
sasrin(a)us.ibm.com> wrote:

Now that we have secured Abacus using OAuth bearer access token based
authentication (See [1] for more details), we need to have an end-end test
coverage that tests Abacus with security enabled at Travis.

Looking for adding this test as a variation of one of our existing
end-to-end tests and/or all of our integration tests by just simply adding
security environment variables before starting Abacus and the tests.

Since our integration tests are starting a part of Abacus processing steps
inside the test, it would be simpler to cover at integration tests,
however, integration tests do not flow to the next processing step in the
pipeline, thus we will not be able to test the flow from one processing
step to another.

Whereas Performance Test and Demo Client expect a running Abacus, so any
variations require all of them to be started with same set of environment
variables to complete a meaningful test. One of the options could be to
have an npm script/command that would run this variation as one step and
have them integrated with our continuous integration build at Travis.

Adding a security variation to Demo Client would raise the entry bar for
anybody trying to get familiar with Abacus. So I am moving towards having
an npm script to 1. set security environment variables, 2. start Abacus,
3. run Performance Test with OAuth bearer token, and 4. stop Abacus.

That would leave us with Demo Client and all integration tests to run only
on an unsecured Abacus environment and the Performance Test could be run
with either secured or unsecured Abacus.

Any opinions/comments/thoughts?

[1] https://github.com/cloudfoundry-incubator/cf-abacus/issues/35


Thanks,
Saravanakumar Srinivasan (Assk)