Skip to content

E2E: expand default_application_auth_strategy scenario to cover update and removal lifecycle#700

Draft
Copilot wants to merge 3 commits intomainfrom
copilot/expand-default-app-auth-strategy-scenario
Draft

E2E: expand default_application_auth_strategy scenario to cover update and removal lifecycle#700
Copilot wants to merge 3 commits intomainfrom
copilot/expand-default-app-auth-strategy-scenario

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 30, 2026
edited
Loading

The existing scenario only covered CREATE + idempotency for default_application_auth_strategy_id, leaving UPDATE, REMOVE, and sync-DELETE paths completely untested — including the !ref cross-resource reference resolution in the portal planner.

New e2e scenario steps

  • 002get portal after initial apply; asserts default_application_auth_strategy_id is a 36-char UUID
  • 003 — UPDATE: switch to a second auth strategy via !ref apikey-app-auth-strategy-2#id; plan/apply/get-portal + idempotency
  • 004 — REMOVE: omit default_application_auth_strategy_id from portal YAML; plan shows UPDATE, apply clears the field, get-portal asserts null + idempotency
  • 005 — SYNC-DELETE: overlay both strategy files with empty lists; asserts DELETE for both, then verifies 0 changes on re-plan

New fixtures: testdata/app-auth-strategy-2.yaml and overlay dirs 003–005.

Implementation: clear default_application_auth_strategy_id (previously unsupported)

Step 004 required a new capability — the SDK's UpdatePortal struct uses omitempty, so it cannot express explicit JSON null. Two changes make this work:

Planner (portal_planner.go): when desired.DefaultApplicationAuthStrategyID == nil but current portal has it set, plan an UPDATE with the sentinel value ClearDefaultAuthStrategyID = "$clear-default-auth-strategy".

Executor (portal_operations.go): when the sentinel is detected, skip setting the SDK field and after the UpdatePortal call, invoke ClearPortalDefaultAuthStrategyID.

New PortalAPI method (helpers/portals.go): bypasses the SDK and sends a raw PATCH:

type patchPayload struct {
    DefaultApplicationAuthStrategyID *string `json:"default_application_auth_strategy_id"`
}
body, _ := json.Marshal(patchPayload{DefaultApplicationAuthStrategyID: nil})
// → {"default_application_auth_strategy_id": null}

PortalAPIImpl now stores BaseURL and BearerToken (populated via KonnectSDK from the existing factory) to construct the authenticated raw request.

All four PortalAPI mock implementations updated accordingly.

Copilot AI linked an issue Mar 30, 2026 that may be closed by this pull request
[e2e-scan] Test: Expand default_application_auth_strategy scenario to cover update and removal lifecycle #697
Open
7 tasks
Copilot AI and others added 2 commits March 30, 2026 16:59
@rspurgeon
feat: expand default_application_auth_strategy scenario with update/r…
9b71713 
…emove/sync-delete steps

- Add steps 002-005 to the e2e scenario to cover get portal verification,
  update to a second auth strategy, removal of the auth strategy link, and
  sync-delete lifecycle
- Add testdata/app-auth-strategy-2.yaml (second key-auth strategy)
- Add overlay directories for steps 003, 004, and 005
- Implement ClearPortalDefaultAuthStrategyID in PortalAPI to send explicit
  JSON null via raw PATCH (SDK omitempty cannot express null)
- Add ClearDefaultAuthStrategyID sentinel in portal planner so absent
  default_application_auth_strategy_id in desired config triggers an UPDATE
- Wire the new clear method through state.Client and executor
- Update all PortalAPI mocks with the new method

Agent-Logs-Url: https://github.com/Kong/kongctl/sessions/eaad5a86-d450-4127-babc-55f449daa1cc

Co-authored-by: rspurgeon <10521262+rspurgeon@users.noreply.github.com>
@rspurgeon
fix: address code review - improve http client timeout and executor c…
26d3cdf 
…omment clarity

Agent-Logs-Url: https://github.com/Kong/kongctl/sessions/eaad5a86-d450-4127-babc-55f449daa1cc

Co-authored-by: rspurgeon <10521262+rspurgeon@users.noreply.github.com>
Copilot AI changed the title [WIP] Expand default_application_auth_strategy scenario for update and removal feat(e2e): expand default_application_auth_strategy scenario to cover update and removal lifecycle Mar 30, 2026
Copilot AI requested a review from rspurgeon March 30, 2026 17:02
Copilot AI temporarily deployed to kongctl-acceptance-4 March 30, 2026 18:49 Inactive
Copilot AI had a problem deploying to kongctl-acceptance-3 March 30, 2026 18:49 Failure
Copilot AI had a problem deploying to kongctl-acceptance-2 March 30, 2026 18:49 Failure
Copilot AI had a problem deploying to kongctl-acceptance March 30, 2026 18:49 Failure
Copilot AI temporarily deployed to kongctl-acceptance-5 March 30, 2026 18:49 Inactive
@rspurgeon rspurgeon changed the title feat(e2e): expand default_application_auth_strategy scenario to cover update and removal lifecycle E2E: expand default_application_auth_strategy scenario to cover update and removal lifecycle Apr 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rspurgeon rspurgeon Awaiting requested review from rspurgeon

At least 1 approving review is required to merge this pull request.

Assignees

@rspurgeon rspurgeon

Copilot code review Copilot

Labels

do-not-merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[e2e-scan] Test: Expand default_application_auth_strategy scenario to cover update and removal lifecycle

2 participants

@rspurgeon