134c8b3c6b
Three root causes fixed:
1. DeviceCucumberIT — duplicate step class removed from bdd.device; moved
to dedicated devicebdd package with its own TestSetup and glue scanning,
preventing duplicate-step conflicts with IoT suites.
2. DeviceNavigationSteps — ?-in-Cucumber-expression treated as optional-char
quantifier. Changed GET /devices?capability=, ?deviceClass=, ?protocol=
patterns to anchored regex (^…$) with (.+) capture so literal ? matches.
3. IotProfileCucumberIT iotReady=true — CanonicalQueryFilter was silently
redirecting ?iotReady=true to the canonical URL (which omitted iotReady).
RestAssured followed the 302 and the server never saw the parameter.
Fix: add iotReady to QueryNormalisationService.canonicalForReplacements
with normaliseIotReady ("true" → "true", else absent).
ServiceResource now reads iotReady via UriInfo (bypasses JAX-RS @QueryParam
which is downstream of the filter rewrite). RegistryService uses primitive
boolean + INNER JOIN iot_profiles when iotReady=true.
Co-Authored-By: Mira Rehfeld <noreply@anthropic.com>
62 lines
3.7 KiB
Gherkin
62 lines
3.7 KiB
Gherkin
Feature: Sandbox service isolation from production
|
|
|
|
Background:
|
|
Given a sandbox named "isolation-test" exists
|
|
And a production service "ProdService" with endpoint "https://prod.example.com" is registered
|
|
|
|
Scenario: Service registered in sandbox does not appear in production list
|
|
Given a sandbox service with endpoint "https://sandbox.example.com" and capability "test.cap" is registered in "isolation-test"
|
|
When GET /services is called with capability "test.cap" without authentication
|
|
Then the response code is 200
|
|
And "https://sandbox.example.com" is not in the endpoint list
|
|
|
|
Scenario: Production service does not appear in sandbox service list
|
|
Given a sandbox service with endpoint "https://sandbox.example.com" and capability "test.cap" is registered in "isolation-test"
|
|
When the sandbox service list for "isolation-test" is requested
|
|
Then the response code is 200
|
|
And "https://prod.example.com" is not in the endpoint list
|
|
|
|
Scenario: Service registration in sandbox requires the sandbox API key
|
|
When a service is registered in sandbox "isolation-test" without an API key
|
|
Then the response code is 401
|
|
|
|
Scenario: Service registration in sandbox with wrong key returns 401
|
|
When a service is registered in sandbox "isolation-test" with API key "apix_sb_wrongkey"
|
|
Then the response code is 401
|
|
|
|
Scenario: Sandbox search is isolated from production results
|
|
Given a sandbox service with endpoint "https://sb-search.example.com" and capability "search.cap" is registered in "isolation-test"
|
|
When sandbox "isolation-test" services are searched by capability "search.cap"
|
|
Then the response code is 200
|
|
And "https://sb-search.example.com" is in the endpoint list
|
|
|
|
Scenario: Sandbox search does not return production services
|
|
Given a production service "ProdSearchService" with endpoint "https://prod-search.example.com" is registered
|
|
When sandbox "isolation-test" services are searched by capability "device.telemetry"
|
|
Then the response code is 200
|
|
And "https://prod-search.example.com" is not in the endpoint list
|
|
|
|
Scenario: Sandbox services can be registered with extension properties and queried by them
|
|
Given a sandbox service with endpoint "https://ext-eu.example.com" capability "data.processing" and extension "region:eu" is registered in "isolation-test"
|
|
And a sandbox service with endpoint "https://ext-us.example.com" capability "data.processing" and extension "region:us" is registered in "isolation-test"
|
|
When sandbox "isolation-test" services are searched by capability "data.processing" and property "region:eu"
|
|
Then the response code is 200
|
|
And "https://ext-eu.example.com" is in the endpoint list
|
|
And "https://ext-us.example.com" is not in the endpoint list
|
|
|
|
Scenario: GET /services with sandbox key scopes results to sandbox only
|
|
Given a sandbox service with endpoint "https://keyed-sb.example.com" and capability "keyed.cap" is registered in "isolation-test"
|
|
When GET /services is called with capability "keyed.cap" and the sandbox key for "isolation-test"
|
|
Then the response code is 200
|
|
And "https://keyed-sb.example.com" is in the endpoint list
|
|
|
|
Scenario: GET /services with sandbox key does not return production services
|
|
When GET /services is called with capability "device.telemetry" and the sandbox key for "isolation-test"
|
|
Then the response code is 200
|
|
And "https://prod.example.com" is not in the endpoint list
|
|
|
|
Scenario: GET /services with invalid sandbox key falls back to production
|
|
When GET /services is called with capability "device.telemetry" and API key "apix_sb_000invalid"
|
|
Then the response code is 200
|
|
And "https://prod.example.com" is in the endpoint list
|