"unauthorized" test could print summary of requests made #832
Conversation
There was a problem hiding this comment.
Very cool. It took me a while to understand that the numbers are derived from the status codes after running the request described in the bottom right. It's a bit opaque, since that's probably the last thing most readers of a left-to-right language would see, but it's really the situation that resulted in the actual numbers. I don't think "rotating" the diagram is worth it, but maybe just putting a < or similar marker from the test case to the tail of the arrow to its left would help. I.e., a sort of "start here" marker.
| +|||----------------------- authenticated, unauthorized request | ||
| +||----------------------- unauthenticated request | ||
| +|----------------------- bad authentication: no such user | ||
| +----------------------- bad authentication: invalid syntax |
There was a problem hiding this comment.
| +----------------------- bad authentication: invalid syntax | |
| +----------------------< bad authentication: invalid syntax |
| v / \ / \ / \ / \ / \ v | ||
| HEADER: G GET PUT POST DEL TRCE G URL | ||
| EXAMPLE: 0 3111 5555 3111 5555 5555 0 /organizations | ||
| ROW |||| |
There was a problem hiding this comment.
| ROW |||| | |
| ROW ^^^^ |
| | | | | | | +-- privileged GET (expects same as above) | ||
| | | | | | | | (digit = last digit of 200-level response) | ||
| | _| _| _| _| _| | ('-' => skipped (N/A)) | ||
| v / \ / \ / \ / \ / \ v |
There was a problem hiding this comment.
| v / \ / \ / \ / \ / \ v | |
| | / \ / \ / \ / \ / \ | |
| | +----+----+----+----+----- HTTP methods tested (see below) | ||
| | | | | | | (digit = last digit of 400-level response) | ||
| | | | | | | | ||
| | | | | | | +-- privileged GET (expects same as above) |
There was a problem hiding this comment.
| | | | | | | +-- privileged GET (expects same as above) | |
| | | | | | | +-> privileged GET (expects same as above) |
| +----------------------------- privileged GET (expects 200) | ||
| | (digit = last digit of 200-level response) | ||
| | | ||
| | +----+----+----+----+----- HTTP methods tested (see below) |
There was a problem hiding this comment.
| | +----+----+----+----+----- HTTP methods tested (see below) | |
| | +----+----+----+----+----> HTTP methods tested (see below) |
| const VERIFY_HEADER: &str = r#" | ||
| SUMMARY OF REQUESTS MADE | ||
|
|
||
| +----------------------------- privileged GET (expects 200) |
There was a problem hiding this comment.
| +----------------------------- privileged GET (expects 200) | |
| +----------------------------> privileged GET (expects 200) |
There was a problem hiding this comment.
This is basically what I meant by my general comment. I added arrows hopefully showing the flow starting at the request that's made. May not be any better :)
|
@david-crespo thanks for taking a look! @bnaecker Thanks for the comments. I'm definitely interested in better ways of presenting the data in the first place, as well as better ways to explain the presentation. My main goals are to convey exactly what happened in a way that basically fits on one (potentially wide) screen. (You probably figured this already but: the reason the labels are where they are now has more to do with where there's space than left-to-right top-to-bottom reading.) I think your confusion results from parsing the ASCII arrows as describing flow, when they were only intended as labels (i.e., the text describes the thing it points to). But I like your suggestion of having the arrows reflect logical flow. I've done that in commit 8d88d69. I also tried a different approach in b4a831f. I'd be interested to know if you find this clearer. |
|
@davepacheco Yeah, I think either of the latter two options is better than the first. The third has slightly less clutter, without all the lines above the HTTP methods, but I actually think those help understand each entry. Both are good though, I'd pick whichever you like at this point. One question actually. What's the difference between the leftmost |
|
Thanks!
Good question! For most paths, before we go through the various methods, we do a privileged GET and make sure we get a 200 back and we save the response body. That's the leftmost This seemed like too much to explain in the output. |
Crucible: Add quota to agent created datasets (#835) Switch to building on heliosv2 (#830) Minor clippy cleanup (#832) Update to latest dropshot (#829) Propolis: The above crucible changes Switch to building on heliosv2 (#461) clean up cargo check/clippy errors when built with Rust 1.71 (#462) Add some VMM_DESTROY_VM polish to bhyve-api
This change causes the "unauthorized" integration test to print a summary table of all the requests it made. It's a pretty dense visual representation: it technically includes the URL path, HTTP method, and status code. Here's a text version:
It prints the numbers in green:
Note that it never prints anything other than green -- if something produces an unexpected result, the test still panics. Still, it seemed useful to have the color here to emphasize that it's what's expected, since it's hard to compute what the right status code should be for each cell in the table.
Spoiler: the catalyst is to be able to demo authz, during which I would explain the various requests made by the test.