From 2ab9d9cfc567144f6d1a3f528c5b23e1cd398eef Mon Sep 17 00:00:00 2001 From: Kerry Kimbrough Date: Sat, 10 Jul 2021 13:04:51 -0500 Subject: [PATCH] Release 3.7.0 (#196) --- README.md | 4 +-- ReleaseNotes.md | 16 +++++++++++ pom.xml | 2 +- tcases-ant/pom.xml | 2 +- tcases-cli/pom.xml | 2 +- tcases-io/pom.xml | 2 +- tcases-lib/pom.xml | 2 +- tcases-maven-plugin/pom.xml | 2 +- tcases-moco/pom.xml | 2 +- tcases-openapi/README.md | 10 +++++-- tcases-openapi/Request-Test-Definition.md | 34 +++++++++++++++++++++++ tcases-openapi/Running-Api-Test-Cases.md | 34 ++++++++++++++++++++++- tcases-openapi/pom.xml | 4 +-- tcases-rest-assured/pom.xml | 2 +- tcases-shell/pom.xml | 2 +- 15 files changed, 104 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 93784e13..84172efd 100644 --- a/README.md +++ b/README.md @@ -5,10 +5,10 @@ ## What's New? ## - * The latest version ([Tcases 3.6.3](ReleaseNotes.md#363)) is now available at the Maven Central Repository. + * The latest version ([Tcases 3.7.0](ReleaseNotes.md#370)) is now available at the Maven Central Repository. See [*How To Download Tcases*](HowToDownload.md) for download instructions. - * Tcases 3.6.3 provides improvements to Tcases for OpenAPI. See the [release notes](ReleaseNotes.md#363) for details. + * Tcases 3.7.0 provides improvements to Tcases for OpenAPI. See the [release notes](ReleaseNotes.md#370) for details. * Having trouble with Tcases? Check out [these tips](./Troubleshooting-FAQs.md). diff --git a/ReleaseNotes.md b/ReleaseNotes.md index 00ce42a8..eb15deaa 100644 --- a/ReleaseNotes.md +++ b/ReleaseNotes.md @@ -1,5 +1,21 @@ # Release Notes # +## 3.7.0 ## + +This release provides the following improvements to Tcases for OpenAPI. + + * **Generated tests support request authorization** [[115](https://github.com/Cornutum/tcases/issues/115)] + + Tcases for OpenAPI now handles information in OpenAPI definitions about the [security + schemes](https://spec.openapis.org/oas/v3.0.2#security-scheme-object) required by API requests. Some types of security + schemes are not yet supported -- see [*OpenAPI tips*](tcases-openapi/README.md#openapi-tips) for details. + + Because security requirements are now included in generated input models and request test definitions, the + `RestAssuredTestCaseWriter` can create tests that apply the required authorization credentials to request invocations. Note + that values for authorization credentials do not appear in the OpenAPI definition and must be injected at runtime when + generated tests execute. See [*Define credentials for request authorization*](tcases-openapi/Running-Api-Test-Cases.md#define-credentials-for-request-authorization) + for details. + ## 3.6.3 ## This release provides the following improvements to Tcases for OpenAPI. diff --git a/pom.xml b/pom.xml index 814ba211..33731ebf 100644 --- a/pom.xml +++ b/pom.xml @@ -7,7 +7,7 @@ org.cornutum.tcases tcases pom - 3.7.0-SNAPSHOT + 3.7.0 Tcases Generates test cases from system input space models diff --git a/tcases-ant/pom.xml b/tcases-ant/pom.xml index faef74fc..9178fe27 100644 --- a/tcases-ant/pom.xml +++ b/tcases-ant/pom.xml @@ -7,7 +7,7 @@ org.cornutum.tcases tcases - 3.7.0-SNAPSHOT + 3.7.0 tcases-ant diff --git a/tcases-cli/pom.xml b/tcases-cli/pom.xml index d675c2c0..e43cf4df 100644 --- a/tcases-cli/pom.xml +++ b/tcases-cli/pom.xml @@ -7,7 +7,7 @@ org.cornutum.tcases tcases - 3.7.0-SNAPSHOT + 3.7.0 tcases-cli diff --git a/tcases-io/pom.xml b/tcases-io/pom.xml index 78aa61f8..678d24d9 100644 --- a/tcases-io/pom.xml +++ b/tcases-io/pom.xml @@ -7,7 +7,7 @@ org.cornutum.tcases tcases - 3.7.0-SNAPSHOT + 3.7.0 tcases-io diff --git a/tcases-lib/pom.xml b/tcases-lib/pom.xml index 9d119313..3b57da11 100755 --- a/tcases-lib/pom.xml +++ b/tcases-lib/pom.xml @@ -7,7 +7,7 @@ org.cornutum.tcases tcases - 3.7.0-SNAPSHOT + 3.7.0 tcases-lib diff --git a/tcases-maven-plugin/pom.xml b/tcases-maven-plugin/pom.xml index c8abd19f..61686179 100755 --- a/tcases-maven-plugin/pom.xml +++ b/tcases-maven-plugin/pom.xml @@ -7,7 +7,7 @@ org.cornutum.tcases tcases - 3.7.0-SNAPSHOT + 3.7.0 tcases-maven-plugin diff --git a/tcases-moco/pom.xml b/tcases-moco/pom.xml index b72dc488..44e393d9 100644 --- a/tcases-moco/pom.xml +++ b/tcases-moco/pom.xml @@ -7,7 +7,7 @@ org.cornutum.tcases tcases - 3.7.0-SNAPSHOT + 3.7.0 tcases-moco diff --git a/tcases-openapi/README.md b/tcases-openapi/README.md index 2c1d5208..5e02d6d2 100644 --- a/tcases-openapi/README.md +++ b/tcases-openapi/README.md @@ -166,7 +166,7 @@ execute all API requests against an actual API server, applying a comprehensive the expected responses. Bam! Job done! But is this even possible? Yes, it is -- mostly. -For details, see [*Running API Test Cases*](Running-Api-Test-Cases.md). +For details, see [*Running API Test Cases*](Running-Api-Test-Cases.md#running-api-test-cases). ## Why Tcases for OpenAPI? ## @@ -438,7 +438,13 @@ for Tcases for OpenAPI. To use Tcases for OpenAPI effectively, there are some things to keep in mind when you're building your OpenAPI definition. - 1. **Use Version 3.** Tcases for OpenAPI is based on the specification for [OpenAPI Version 3.0.2](https://swagger.io/specification/). Earlier Version 2.X specs are not supported. + 1. **Use Version 3.** Tcases for OpenAPI is based on the specification for [OpenAPI Version 3.0.2](https://spec.openapis.org/oas/v3.0.2). Earlier Version 2.X specs are not supported. + + 1. **Some security schemes not supported.** Tcases for OpenAPI currently supports the following request [security schemes](https://spec.openapis.org/oas/v3.0.2#security-scheme-object) -- other schemes are ignored. + + * API key + * HTTP Basic authentication + * HTTP Bearer authentication 1. **Avoid type-ambiguous schemas.** A schema that does not define a `type` keyword can validate multiple types of instances. But Tcases for OpenAPI expects you to be more explicit about which instance types are valid. Here's how to do that. diff --git a/tcases-openapi/Request-Test-Definition.md b/tcases-openapi/Request-Test-Definition.md index e74277ee..38c61b09 100644 --- a/tcases-openapi/Request-Test-Definition.md +++ b/tcases-openapi/Request-Test-Definition.md @@ -29,7 +29,9 @@ A `RequestCase` object defines the inputs for a test case that invokes a specifi | version | string | | The version of the OpenAPI definition that defines this request | | parameters | \[[`ParamData`](#paramdata)\] | | The parameter values for this request | | body | [`MessageData`](#messagedata) | | The body value for this request | +| auth |\[[`AuthDef`](#authDef)\] | | The authentication inputs required to authorize this request | | invalidInput | string | | If defined, a failure response is expected for this request and this string describes the invalid input | +| authFailure | boolean | | If true, an authorization failure is expected for this request | ## `ParamData` ## @@ -62,3 +64,35 @@ A `DataValue` object specifies the type, format, and value of a request input da | type | string | :registered: | The type of this data value | | value | JSON value | :registered: | The JSON representation of this data value | | format | string | | The format of this data value | + +## `AuthDef` ## + +An `AuthDef` object describes a required authentication input: one of [`ApiKeyDef`](#apiKeyDef), [`HttpBasicDef`](#httpBasicDef), or [`HttpBearerDef`](#httpBearerDef). + +## `ApiKeyDef` ## + +An `ApiKeyDef` object specifies that an API key is required to authorize the request. + +| Field | Type | | Description | +| --- | --- | --- | --- | +| type | string | :registered: | "apiKey" | +| location | string | :registered: | The location of the key value | +| name | string | :registered: | The name of this key value | + +## `HttpBasicDef` ## + +An `HttpBasicDef` object specifies that an HTTP Basic authorization header is required. + +| Field | Type | | Description | +| --- | --- | --- | --- | +| type | string | :registered: | "http" | +| scheme | string | :registered: | "basic" | + +## `HttpBearerDef` ## + +An `HttpBearerDef` object specifies that an HTTP Bearer authorization header is required. + +| Field | Type | | Description | +| --- | --- | --- | --- | +| type | string | :registered: | "http" | +| scheme | string | :registered: | "bearer" | diff --git a/tcases-openapi/Running-Api-Test-Cases.md b/tcases-openapi/Running-Api-Test-Cases.md index 5b033565..b51f2579 100644 --- a/tcases-openapi/Running-Api-Test-Cases.md +++ b/tcases-openapi/Running-Api-Test-Cases.md @@ -13,7 +13,8 @@ - [Example: Create tests from examples](#example-create-tests-from-examples) - [Understanding the TestWriter API](#understanding-the-testwriter-api) - [Running generated tests](#running-generated-tests) - - [Override the default API server](#override-the-default-api-server) + - [Override the default API server](#override-the-default-api-server) + - [Define credentials for request authorization](#define-credentials-for-request-authorization) - [Generating request inputs](#generating-request-inputs) - [Instead of input descriptions...](#instead-of-input-descriptions) - [Get actual input values...](#get-actual-input-values) @@ -343,6 +344,37 @@ be defined in the `mvn` command. This setting overrides any API server specified mvn test -Dtest=SwaggerPetstoreTest -DtcasesApiServer=http://localhost ``` +### Define credentials for request authorization ### + +Execution of API requests may be subject to security requirements specified in the OpenAPI definition. To satisfy such requirements, you +must define the necessary authorization credentials when you run the tests. + +For Java tests, authorization credentials are defined using Java system properties. These settings can +be defined in the `java` command that you run, either directly or via your IDE. Similarly, if you run tests using Maven, these settings can +be defined in the `mvn` command. + +Depending on the security scheme, different settings are required. The following security schemes are supported. + + * API key + + ``` + # Run the 'SwaggerPetstoreTest', using an API key to authenticate test requests. + mvn test -Dtest=SwaggerPetstoreTest -DtcasesApiKey=F81D4FAE-7DEC-11D0-A765-00A0C91E6BF6 + ``` + + * HTTP Basic authentication + + ``` + # Run the 'SwaggerPetstoreTest', using a user id and password to authenticate test requests. + mvn test -Dtest=SwaggerPetstoreTest -DtcasesApiUser=myUserId -DtcasesApiPassword=myLittleSecret + ``` + + * HTTP Bearer authentication + + ``` + # Run the 'SwaggerPetstoreTest', using a bearer token to authenticate test requests. + mvn test -Dtest=SwaggerPetstoreTest -DtcasesApiBearer=eyJ0eXAi.eyJtZXNz.-yIVBD5b + ``` ## Generating request inputs ## diff --git a/tcases-openapi/pom.xml b/tcases-openapi/pom.xml index 65b71e29..d2ad15f2 100644 --- a/tcases-openapi/pom.xml +++ b/tcases-openapi/pom.xml @@ -7,7 +7,7 @@ org.cornutum.tcases tcases - 3.7.0-SNAPSHOT + 3.7.0 tcases-openapi @@ -63,7 +63,7 @@ UTF-8 ${maven.build.timestamp} yyyy-MM-dd - 3.5.0 + 3.7.0 diff --git a/tcases-rest-assured/pom.xml b/tcases-rest-assured/pom.xml index f3d1147a..a681ca7e 100644 --- a/tcases-rest-assured/pom.xml +++ b/tcases-rest-assured/pom.xml @@ -7,7 +7,7 @@ org.cornutum.tcases tcases - 3.7.0-SNAPSHOT + 3.7.0 tcases-rest-assured diff --git a/tcases-shell/pom.xml b/tcases-shell/pom.xml index ab827772..06a0c276 100755 --- a/tcases-shell/pom.xml +++ b/tcases-shell/pom.xml @@ -7,7 +7,7 @@ org.cornutum.tcases tcases - 3.7.0-SNAPSHOT + 3.7.0 tcases-shell