From fc4fc03606afb361fcb347978da3cfe1edf8cc97 Mon Sep 17 00:00:00 2001 From: Derek Higgins Date: Fri, 5 Dec 2025 20:01:29 +0000 Subject: [PATCH] chore: Small Auth CI refactor (#4322) In preperation for ABAC addition (next PR) ``` fix(ci): allow run_dir variable expansion in YAML heredoc Remove single quotes from EOF delimiter to allow $run_dir to be expanded by bash when creating the configuration file. Previously the literal string "$run_dir" was being written to the YAML instead of the actual temp directory path. drwxr-xr-x 3 runner runner 4096 Dec 5 12:56 $run_dir ``` ``` test(ci): add test_endpoint helper function to auth tests Add reusable test_endpoint function to integration-auth-tests workflow for consistent API testing: ``` --------- Signed-off-by: Derek Higgins --- .github/workflows/integration-auth-tests.yml | 53 ++++++++++++-------- 1 file changed, 33 insertions(+), 20 deletions(-) diff --git a/.github/workflows/integration-auth-tests.yml b/.github/workflows/integration-auth-tests.yml index 626eb245b..28781c680 100644 --- a/.github/workflows/integration-auth-tests.yml +++ b/.github/workflows/integration-auth-tests.yml @@ -72,7 +72,7 @@ jobs: if: ${{ matrix.auth-provider == 'oauth2_token' }} run: | run_dir=$(mktemp -d) - cat <<'EOF' > $run_dir/run.yaml + cat < $run_dir/run.yaml version: '2' image_name: kube apis: [] @@ -137,27 +137,40 @@ jobs: - name: Test auth run: | + # Function to test API endpoint with authentication + # Usage: test_endpoint [output_file] + test_endpoint() { + local curl_args="$1" + local user_token_file=$2 + local expected_status=$3 + local output_file=${4:-/dev/null} + + local status + local extra_curl_args=(-s -L -o "$output_file" -w "%{http_code}") + + if [ "$user_token_file" != "none" ]; then + extra_curl_args+=(-H "Authorization: Bearer $(cat $user_token_file)") + fi + + set -x + status=$(curl $curl_args "${extra_curl_args[@]}") + set +x + + if [ "$status" = "$expected_status" ]; then + echo " ✓ Status: $status (expected $expected_status)" + return 0 + else + echo " ✗ Status: $status (expected $expected_status)" + exit 1 + fi + } + echo "Testing /v1/version without token (should succeed)..." - if curl -s -L -o /dev/null -w "%{http_code}" http://127.0.0.1:8321/v1/version | grep -q "200"; then - echo "/v1/version accessible without token (200)" - else - echo "/v1/version returned non-200 status without token" - exit 1 - fi + test_endpoint "http://127.0.0.1:8321/v1/version" "none" "200" || exit 1 echo "Testing /v1/providers without token (should fail with 401)..." - if curl -s -L -o /dev/null -w "%{http_code}" http://127.0.0.1:8321/v1/providers | grep -q "401"; then - echo "/v1/providers blocked without token (401)" - else - echo "/v1/providers did not return 401 without token" - exit 1 - fi + test_endpoint "http://127.0.0.1:8321/v1/providers" "none" "401" || exit 1 echo "Testing /v1/providers with valid token (should succeed)..." - curl -s -L -H "Authorization: Bearer $(cat llama-stack-auth-token)" http://127.0.0.1:8321/v1/providers | jq - if [ $? -eq 0 ]; then - echo "/v1/providers accessible with valid token" - else - echo "/v1/providers failed with valid token" - exit 1 - fi + test_endpoint "http://127.0.0.1:8321/v1/providers" "llama-stack-auth-token" "200" "providers.json" || exit 1 + cat providers.json | jq . > /dev/null && echo " ✓ Valid JSON response"