Add testActionPassAuth to facilitate testing with trivial auth mocks #251
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
amory-coursera
commented
May 14, 2018
| @@ -88,7 +88,8 @@ class MacroImpls(val c: blackbox.Context) { | |||
| * @tparam Resource The resource type that we are specializing. | |||
There was a problem hiding this comment.
Changes to this file from pre-compile scalafmt application. Please ignore.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Years ago, it was common practice to write resource-level unit tests for Coursera APIs - there are 555 usages of the existing
testActionmethod in our codebase. As authorization logic became more complicated, teams increasingly moved away from resource testing because it was cumbersome to mock or fake auths.The irony here is that
testActionitself requires the caller define a RestContext with authorization data, and tests only execute the authorizer's test-onlycheckmethod. Needing to define a fully functional authorizer for testing is silly, because the bulk of its machinery won't even be exercised within atestActionexecution.This revision adds a new test method that skips the
checkstep oftestAction. This makes it possible to construct test resources with trivial authorizers - e.g.mock[<AuthorizerType]. While we don't add very many new resource-level tests, the option to switch totestActionPassAuthwhen refactoring tests for legacy code will make it much easier to migrate authorizer definitions for legacy code.