UNOMI-884: Platform polish audit (Phase 2 PR 3)#786
Merged
Conversation
…llback Closes the test-coverage gap from the prior commit's invalid-tenant fallback fix: adds JUnit/Mockito test deps to cdp-graphql-api-impl and covers the JAAS-authenticated branches of GraphQLServletSecurityValidator (invalid tenant header, valid tenant header, missing Authorization header). Also documents why the fallback explicitly sets systemContext() instead of leaving the thread-local context untouched.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Mega-PR 3 (L + M + N + O + P) §2 audit: master is already ahead on nearly all scoped paths via earlier merges (#760 UNOMI-884, #762 UNOMI-904, #773 UNOMI-883, #768 UNOMI-920, #781 UNOMI-948, #774 past-event). Blind checkout from
unomi-3-devwould regress V2 auth, condition validation,rangeQuerynull handling, and past-event null guards.One residual fix ported from
unomi-3-dev(UNOMI-680 tenant handling):GraphQLServletSecurityValidator: when JAAS auth succeeds butX-Unomi-Tenant-Idis invalid, fall back toExecutionContext.systemContext()instead of leaving a potentially wrong tenant context.Audit — intentionally skipped (master wins)
AuthenticationFilter,V2ThirdPartyConfigService,DefaultRestAuthenticationConfigOpenSearchPersistenceServiceImpl, past-event query builders, dispatchersGraphQLSchemaProvider,GraphQLSchemaUpdaterNumericValueTypeValidator,ComparisonOperatorValueTypeValidator,ConditionValidationServiceImplAbstractNumericValueTypeValidator+ #773api/**modeltoString(),YamlUtils, testsTest plan
mvn -pl graphql/cxs-impl compileX-Unomi-Tenant-Id→ system context, no cross-tenant leakage