From a19504cb641ac9783169ccd160bafcc591eb8a7e Mon Sep 17 00:00:00 2001 From: Arthur Tonial Date: Fri, 12 Jun 2026 13:25:50 -0300 Subject: [PATCH 1/8] feat(destination): add BDD step for configured subscriber tenant --- tests/destination/integration/test_destination_bdd.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/destination/integration/test_destination_bdd.py b/tests/destination/integration/test_destination_bdd.py index a8e24890..1d1ad138 100644 --- a/tests/destination/integration/test_destination_bdd.py +++ b/tests/destination/integration/test_destination_bdd.py @@ -264,6 +264,15 @@ def use_tenant(context, tenant): context.tenant = tenant +@given("I use the configured subscriber tenant") +def use_configured_subscriber_tenant(context): + """Set the tenant from the TENANT_SUBDOMAIN environment variable.""" + tenant = os.environ.get("TENANT_SUBDOMAIN") + if not tenant: + pytest.skip("TENANT_SUBDOMAIN environment variable not set") + context.tenant = tenant + + # ==================== DESTINATION WHEN STEPS ==================== @when("I create the destination at instance level") From bdde7931a33006443be0bc0a6b74f30e620ca43d Mon Sep 17 00:00:00 2001 From: Arthur Tonial Date: Fri, 12 Jun 2026 13:29:09 -0300 Subject: [PATCH 2/8] docs: reorganize integration test env vars alphabetically --- .env_integration_tests.example | 64 +++++++++++---------- docs/INTEGRATION_TESTS.md | 102 ++++++++++++++++----------------- 2 files changed, 86 insertions(+), 80 deletions(-) diff --git a/.env_integration_tests.example b/.env_integration_tests.example index 5d034969..ba8d1bb6 100644 --- a/.env_integration_tests.example +++ b/.env_integration_tests.example @@ -1,47 +1,53 @@ CLOUD_SDK_OTEL_DISABLED=true -CLOUD_SDK_CFG_AUDITLOG_DEFAULT_URL=https://your-auditlog-api-url-here -CLOUD_SDK_CFG_AUDITLOG_DEFAULT_UAA='{"url":"https://your-auth-url","clientid":"your-client-id","clientsecret":"your-client-secret"}' - -CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_HOST=your-objectstore-host-here -CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_ACCESS_KEY_ID=your-access-key-id-here -CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_SECRET_ACCESS_KEY=your-secret-access-key-here -CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_BUCKET=your-bucket-name-here - -CLOUD_SDK_CFG_DESTINATION_DEFAULT_CLIENTID=your-destination-client-id-here -CLOUD_SDK_CFG_DESTINATION_DEFAULT_CLIENTSECRET=your-destination-client-secret-here -CLOUD_SDK_CFG_DESTINATION_DEFAULT_URL=https://your-destination-auth-url-here -CLOUD_SDK_CFG_DESTINATION_DEFAULT_URI=https://your-destination-configuration-uri-here -CLOUD_SDK_CFG_DESTINATION_DEFAULT_IDENTITYZONE=your-identity-zone-here - -CLOUD_SDK_CFG_DATA_ANONYMIZATION_DEFAULT_URL=https://your-data-anonymization-api-url-here -CLOUD_SDK_CFG_DATA_ANONYMIZATION_DEFAULT_CERT=your-base64-encoded-client-certificate-pem -CLOUD_SDK_CFG_DATA_ANONYMIZATION_DEFAULT_KEY=your-base64-encoded-client-private-key-pem -# Alternative to inline base64 cert/key values: -# CLOUD_SDK_CFG_DATA_ANONYMIZATION_DEFAULT_DESTINATION_NAME=your-client-certificate-destination-name - -CLOUD_SDK_CFG_SDM_DEFAULT_URI=https://your-sdm-api-uri-here -CLOUD_SDK_CFG_SDM_DEFAULT_UAA='{"url":"https://your-auth-url","clientid":"your-client-id","clientsecret":"your-client-secret","identityzone":"your-identity-zone"}' - -CLOUD_SDK_CFG_HANA_AGENT_MEMORY_DEFAULT_APPLICATION_URL=https://your-agent-memory-api-url-here -CLOUD_SDK_CFG_HANA_AGENT_MEMORY_DEFAULT_UAA='{"url":"https://your-auth-url","clientid":"your-client-id","clientsecret":"your-client-secret"}' - -# ADMS (Advanced Document Management Service) — integration tests against -# a deployed ADM instance. Tests are skipped when any of these are missing. +# ADMS CLOUD_SDK_CFG_ADMS_DEFAULT_CLIENTID=your-adms-client-id-here CLOUD_SDK_CFG_ADMS_DEFAULT_CLIENTSECRET=your-adms-client-secret-here CLOUD_SDK_CFG_ADMS_DEFAULT_URL=https://your-tenant.accounts.ondemand.com CLOUD_SDK_CFG_ADMS_DEFAULT_URI=https://your-adm-host.cfapps.eu20.hana.ondemand.com CLOUD_SDK_CFG_ADMS_DEFAULT_RESOURCE=urn:sap:identity:application:provider:name:your-adm-app-name +# AGENT GATEWAY APPFND_CONHOS_LANDSCAPE=your-landscape-here TENANT_SUBDOMAIN=your-tenant-subdomain-here AGW_USER_TOKEN=your-user-jwt-here -# AI Core — required for Traceloop/LangGraph integration tests +# AGENT MEMORY +CLOUD_SDK_CFG_HANA_AGENT_MEMORY_DEFAULT_APPLICATION_URL=https://your-agent-memory-api-url-here +CLOUD_SDK_CFG_HANA_AGENT_MEMORY_DEFAULT_UAA='{"url":"https://your-auth-url","clientid":"your-client-id","clientsecret":"your-client-secret"}' + +# AI CORE (required for Traceloop/LangGraph integration tests) AICORE_CLIENT_ID=your-aicore-client-id-here AICORE_CLIENT_SECRET=your-aicore-client-secret-here AICORE_AUTH_URL=https://your-aicore-auth-url-here/oauth/token AICORE_BASE_URL=https://your-aicore-api-url-here/v2 AICORE_RESOURCE_GROUP=default AICORE_MODEL=anthropic--claude-3-5-haiku + +# AUDITLOG +CLOUD_SDK_CFG_AUDITLOG_DEFAULT_URL=https://your-auditlog-api-url-here +CLOUD_SDK_CFG_AUDITLOG_DEFAULT_UAA='{"url":"https://your-auth-url","clientid":"your-client-id","clientsecret":"your-client-secret"}' + +# DATA ANONYMIZATION +CLOUD_SDK_CFG_DATA_ANONYMIZATION_DEFAULT_URL=https://your-data-anonymization-api-url-here +CLOUD_SDK_CFG_DATA_ANONYMIZATION_DEFAULT_CERT=your-base64-encoded-client-certificate-pem +CLOUD_SDK_CFG_DATA_ANONYMIZATION_DEFAULT_KEY=your-base64-encoded-client-private-key-pem +# Alternative to inline base64 cert/key values: +# CLOUD_SDK_CFG_DATA_ANONYMIZATION_DEFAULT_DESTINATION_NAME=your-client-certificate-destination-name + +# DESTINATION +CLOUD_SDK_CFG_DESTINATION_DEFAULT_CLIENTID=your-destination-client-id-here +CLOUD_SDK_CFG_DESTINATION_DEFAULT_CLIENTSECRET=your-destination-client-secret-here +CLOUD_SDK_CFG_DESTINATION_DEFAULT_URL=https://your-destination-auth-url-here +CLOUD_SDK_CFG_DESTINATION_DEFAULT_URI=https://your-destination-configuration-uri-here +CLOUD_SDK_CFG_DESTINATION_DEFAULT_IDENTITYZONE=your-identity-zone-here + +# DMS +CLOUD_SDK_CFG_SDM_DEFAULT_URI=https://your-sdm-api-uri-here +CLOUD_SDK_CFG_SDM_DEFAULT_UAA='{"url":"https://your-auth-url","clientid":"your-client-id","clientsecret":"your-client-secret","identityzone":"your-identity-zone"}' + +# OBJECT STORE +CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_HOST=your-objectstore-host-here +CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_ACCESS_KEY_ID=your-access-key-id-here +CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_SECRET_ACCESS_KEY=your-secret-access-key-here +CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_BUCKET=your-bucket-name-here diff --git a/docs/INTEGRATION_TESTS.md b/docs/INTEGRATION_TESTS.md index a5ca3c77..f00ebd03 100644 --- a/docs/INTEGRATION_TESTS.md +++ b/docs/INTEGRATION_TESTS.md @@ -26,42 +26,42 @@ uv sync --all-extras Integration tests require specific environment variables to be configured. These are managed through the `.env_integration_tests` file in the project root. -### ObjectStore Integration Tests - -For ObjectStore integration tests, configure the following variables in `.env_integration_tests`: - -```bash -# ObjectStore Configuration -CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_HOST=your-host-here -CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_ACCESS_KEY_ID=your-access-key-id-here -CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_SECRET_ACCESS_KEY=your-secret-access-key-kere -CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_BUCKET=your-bucket-here -CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_SSL_ENABLED=false -``` - -### AuditLog Integration Tests +### ADMS Integration Tests -For AuditLog integration tests, configure the following variables in `.env_integration_tests`: +For ADMS (Advanced Document Management Service) integration tests, configure the following variables in `.env_integration_tests`: ```bash -# AuditLog Configuration -CLOUD_SDK_CFG_AUDITLOG_DEFAULT_URL=https://your-auditlog-api-url-here -CLOUD_SDK_CFG_AUDITLOG_DEFAULT_UAA='{"url":"https://your-auth-url","clientid":"your-client-id","clientsecret":"your-client-secret"}' +# ADMS Configuration +CLOUD_SDK_CFG_ADMS_DEFAULT_URL=https://your-tenant.accounts.ondemand.com +CLOUD_SDK_CFG_ADMS_DEFAULT_URI=https://your-adm-instance.cfapps.eu20.hana.ondemand.com +CLOUD_SDK_CFG_ADMS_DEFAULT_CLIENTID=your-ias-client-id +CLOUD_SDK_CFG_ADMS_DEFAULT_CLIENTSECRET=your-ias-client-secret +CLOUD_SDK_CFG_ADMS_DEFAULT_RESOURCE=urn:sap:identity:application:provider:name:your-app ``` -**Note**: AuditLog integration tests are cloud-only and require real SAP Audit Log Service credentials. The secret resolver automatically loads configuration from `/etc/secrets/appfnd` or environment variables - no manual configuration parsing needed in test code. +`CLOUD_SDK_CFG_ADMS_DEFAULT_URI` points the tests at the target ADM service. The other `CLOUD_SDK_CFG_ADMS_DEFAULT_*` variables hold the IAS service-binding credentials used by the SDK to fetch Bearer tokens. Tests are skipped automatically when any of these are missing. -### Destination Integration Tests +### Agent Gateway Integration Tests -For Destination integration tests, configure the following variables in `.env_integration_tests`: +Agent Gateway integration tests use the LoB agent flow via the Destination Service. Configure the following variables in `.env_integration_tests`: ```bash -# Destination Configuration +# Destination Service (required by the LoB agent flow) CLOUD_SDK_CFG_DESTINATION_DEFAULT_CLIENTID=your-destination-client-id-here CLOUD_SDK_CFG_DESTINATION_DEFAULT_CLIENTSECRET=your-destination-client-secret-here CLOUD_SDK_CFG_DESTINATION_DEFAULT_URL=https://your-destination-auth-url-here CLOUD_SDK_CFG_DESTINATION_DEFAULT_URI=https://your-destination-configuration-uri-here CLOUD_SDK_CFG_DESTINATION_DEFAULT_IDENTITYZONE=your-identity-zone-here + +# Landscape suffix used to resolve the IAS destination name +APPFND_CONHOS_LANDSCAPE=your-landscape-here + +# Tenant subdomain for multi-tenant lookup +TENANT_SUBDOMAIN=your-tenant-subdomain-here + +# User JWT for token exchange scenarios (get_user_auth) +# If not set, user auth scenarios are automatically skipped +AGW_USER_TOKEN=your-user-jwt-here ``` ### Agent Memory Integration Tests @@ -74,6 +74,18 @@ CLOUD_SDK_CFG_HANA_AGENT_MEMORY_DEFAULT_APPLICATION_URL=https://your-agent-memor CLOUD_SDK_CFG_HANA_AGENT_MEMORY_DEFAULT_UAA='{"url":"https://your-auth-url","clientid":"your-client-id","clientsecret":"your-client-secret"}' ``` +### AuditLog Integration Tests + +For AuditLog integration tests, configure the following variables in `.env_integration_tests`: + +```bash +# AuditLog Configuration +CLOUD_SDK_CFG_AUDITLOG_DEFAULT_URL=https://your-auditlog-api-url-here +CLOUD_SDK_CFG_AUDITLOG_DEFAULT_UAA='{"url":"https://your-auth-url","clientid":"your-client-id","clientsecret":"your-client-secret"}' +``` + +**Note**: AuditLog integration tests are cloud-only and require real SAP Audit Log Service credentials. The secret resolver automatically loads configuration from `/etc/secrets/appfnd` or environment variables - no manual configuration parsing needed in test code. + ### Data Anonymization Integration Tests For Data Anonymization integration tests, configure the following variables in `.env_integration_tests`: @@ -96,42 +108,30 @@ CLOUD_SDK_CFG_DATA_ANONYMIZATION_DEFAULT_DESTINATION_NAME=your-client-certificat The destination must be configured with `ClientCertificateAuthentication` and reference a certificate bundle containing the client certificate and private key. -### ADMS Integration Tests - -For ADMS (Advanced Document Management Service) integration tests, configure the following variables in `.env_integration_tests`: - -```bash -# ADMS Configuration -CLOUD_SDK_CFG_ADMS_DEFAULT_URL=https://your-tenant.accounts.ondemand.com -CLOUD_SDK_CFG_ADMS_DEFAULT_URI=https://your-adm-instance.cfapps.eu20.hana.ondemand.com -CLOUD_SDK_CFG_ADMS_DEFAULT_CLIENTID=your-ias-client-id -CLOUD_SDK_CFG_ADMS_DEFAULT_CLIENTSECRET=your-ias-client-secret -CLOUD_SDK_CFG_ADMS_DEFAULT_RESOURCE=urn:sap:identity:application:provider:name:your-app -``` - -`CLOUD_SDK_CFG_ADMS_DEFAULT_URI` points the tests at the target ADM service. The other `CLOUD_SDK_CFG_ADMS_DEFAULT_*` variables hold the IAS service-binding credentials used by the SDK to fetch Bearer tokens. Tests are skipped automatically when any of these are missing. - -### Agent Gateway Integration Tests +### Destination Integration Tests -Agent Gateway integration tests use the LoB agent flow via the Destination Service. Configure the following variables in `.env_integration_tests`: +For Destination integration tests, configure the following variables in `.env_integration_tests`: ```bash -# Destination Service (required by the LoB agent flow) +# Destination Configuration CLOUD_SDK_CFG_DESTINATION_DEFAULT_CLIENTID=your-destination-client-id-here CLOUD_SDK_CFG_DESTINATION_DEFAULT_CLIENTSECRET=your-destination-client-secret-here CLOUD_SDK_CFG_DESTINATION_DEFAULT_URL=https://your-destination-auth-url-here CLOUD_SDK_CFG_DESTINATION_DEFAULT_URI=https://your-destination-configuration-uri-here CLOUD_SDK_CFG_DESTINATION_DEFAULT_IDENTITYZONE=your-identity-zone-here +``` -# Landscape suffix used to resolve the IAS destination name -APPFND_CONHOS_LANDSCAPE=your-landscape-here +### ObjectStore Integration Tests -# Tenant subdomain for multi-tenant lookup -TENANT_SUBDOMAIN=your-tenant-subdomain-here +For ObjectStore integration tests, configure the following variables in `.env_integration_tests`: -# User JWT for token exchange scenarios (get_user_auth) -# If not set, user auth scenarios are automatically skipped -AGW_USER_TOKEN=your-user-jwt-here +```bash +# ObjectStore Configuration +CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_HOST=your-host-here +CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_ACCESS_KEY_ID=your-access-key-id-here +CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_SECRET_ACCESS_KEY=your-secret-access-key-kere +CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_BUCKET=your-bucket-here +CLOUD_SDK_CFG_OBJECTSTORE_DEFAULT_SSL_ENABLED=false ``` ## Running Integration Tests @@ -141,13 +141,13 @@ AGW_USER_TOKEN=your-user-jwt-here uv run pytest tests/ -m integration -v # Run specific module integration tests +uv run pytest tests/adms/integration/ -v +uv run pytest tests/agentgateway/integration/ -v +uv run pytest tests/agent_memory/integration/ -v uv run pytest tests/core/integration/auditlog -v uv run pytest tests/core/integration/data_anonymization -v -uv run pytest tests/objectstore/integration/ -v uv run pytest tests/destination/integration/ -v -uv run pytest tests/agent_memory/integration/ -v -uv run pytest tests/adms/integration/ -v -uv run pytest tests/agentgateway/integration/ -v +uv run pytest tests/objectstore/integration/ -v ``` ### BDD Scenarios From 67fa8122e1915265fe020064f14d1f0860100327 Mon Sep 17 00:00:00 2001 From: Arthur Tonial Date: Fri, 12 Jun 2026 13:29:33 -0300 Subject: [PATCH 3/8] test: uncomment and enable integration tests --- .../integration/certificate.feature | 294 +++++++++--------- .../integration/destination.feature | 285 +++++++++-------- .../destination/integration/fragment.feature | 273 ++++++++-------- 3 files changed, 444 insertions(+), 408 deletions(-) diff --git a/tests/destination/integration/certificate.feature b/tests/destination/integration/certificate.feature index 59f69c14..9f97b16f 100644 --- a/tests/destination/integration/certificate.feature +++ b/tests/destination/integration/certificate.feature @@ -50,107 +50,109 @@ Feature: Destination Service Integration - Certificates When I get subaccount certificate "non-existent-cert.pem" with "PROVIDER_ONLY" access strategy Then the certificate should not be found - # Scenario: Get certificate using subscriber first strategy - # Given I use tenant "1776453780" - # And I have a certificate named "subscriber-dest-test.pem" - # And the certificate has type "PEM" - # And the certificate has valid PEM content - # When I create the certificate at subaccount level for subscriber - # Then the certificate creation should be successful - # When I get subaccount certificate "subscriber-dest-test.pem" with "SUBSCRIBER_FIRST" access strategy - # Then the certificate should be retrieved successfully - - # Scenario: Get certificate using subscriber only strategy - # Given I use tenant "1776453780" - # And I have a certificate named "subscriber-dest-test.pem" - # And the certificate has type "PEM" - # And the certificate has valid PEM content - # When I create the certificate at subaccount level for subscriber - # Then the certificate creation should be successful - # When I get subaccount certificate "subscriber-dest-test.pem" with "SUBSCRIBER_ONLY" access strategy - # Then the certificate should be retrieved successfully - - # Scenario: Get certificate using provider first strategy - # Given I use tenant "1776453780" - # And I have a certificate named "subscriber-dest-test.pem" - # And the certificate has type "PEM" - # And the certificate has valid PEM content - # When I create the certificate at subaccount level for subscriber - # Then the certificate creation should be successful - # When I get subaccount certificate "subscriber-dest-test.pem" with "PROVIDER_FIRST" access strategy - # Then the certificate should be retrieved successfully - - # Scenario: Get certificate using provider only strategy - # Given I use tenant "1776453780" - # And I have a certificate named "subscriber-dest-test.pem" - # And the certificate has type "PEM" - # And the certificate has valid PEM content - # When I create the certificate at subaccount level for subscriber - # Then the certificate creation should be successful - # When I get subaccount certificate "subscriber-dest-test.pem" with "PROVIDER_ONLY" access strategy - # Then the certificate should not be found - - # Scenario: Create and list instance certificates - # Given I have multiple subaccount certificates: - # | name | type | - # | test-cert-list-1.pem | PEM | - # | test-cert-list-2.pem | PEM | - # And I use tenant "1776453780" - # When I create all instance certificates - # Then all certificate creations should be successful - # When I list instance certificates - # Then the certificate list should contain at least 2 certificates - # And the certificate "test-cert-list-1.pem" should be in the list - # And the certificate "test-cert-list-2.pem" should be in the list - # And I clean up all subaccount certificates - - # Scenario: Create and list subaccount certificates (provider access) - # Given I have multiple subaccount certificates: - # | name | type | - # | test-cert-list-1.pem | PEM | - # | test-cert-list-2.pem | PEM | - # And I use tenant "1776453780" - # When I create all subaccount certificates - # Then all certificate creations should be successful - # When I list subaccount certificates with "PROVIDER_FIRST" access strategy - # Then the certificate list should contain at least 2 certificates - # And the certificate "test-cert-list-1.pem" should be in the list - # And the certificate "test-cert-list-2.pem" should be in the list - # When I list subaccount certificates with "PROVIDER_ONLY" access strategy - # Then the certificate list should contain at least 2 certificates - # And the certificate "test-cert-list-1.pem" should be in the list - # And the certificate "test-cert-list-2.pem" should be in the list - # And I clean up all subaccount certificates - - # Scenario: List certificates using subscriber first strategy - # Given I use tenant "1776453780" - # And I have a certificate named "subscriber-dest-test.pem" - # And the certificate has type "PEM" - # And the certificate has valid PEM content - # When I create the certificate at subaccount level for subscriber - # Then the certificate creation should be successful - # When I list subaccount certificates with "SUBSCRIBER_FIRST" access strategy - # Then the certificate "subscriber-dest-test.pem" should be in the list - - # Scenario: List certificates using subscriber only strategy - # Given I use tenant "1776453780" - # And I have a certificate named "subscriber-dest-test.pem" - # And the certificate has type "PEM" - # And the certificate has valid PEM content - # When I create the certificate at subaccount level for subscriber - # Then the certificate creation should be successful - # When I list subaccount certificates with "SUBSCRIBER_ONLY" access strategy - # Then the certificate "subscriber-dest-test.pem" should be in the list - - # Scenario: List certificates using provider first strategy - # Given I use tenant "1776453780" - # When I list subaccount certificates with "PROVIDER_FIRST" access strategy - # Then the certificate list should be retrieved successfully - - # Scenario: List certificates using provider only strategy - # Given I use tenant "1776453780" - # When I list subaccount certificates with "PROVIDER_ONLY" access strategy - # Then the certificate "subscriber-dest-test.pem" should not be in the list + Scenario: Get certificate using subscriber first strategy + Given I use the configured subscriber tenant + And I have a certificate named "test-cert-sub-get.pem" + And the certificate has type "PEM" + And the certificate has valid PEM content + When I create the certificate at subaccount level for subscriber + Then the certificate creation should be successful + When I get subaccount certificate "test-cert-sub-get.pem" with "SUBSCRIBER_FIRST" access strategy + Then the certificate should be retrieved successfully + + Scenario: Get certificate using subscriber only strategy + Given I use the configured subscriber tenant + And I have a certificate named "test-cert-sub-get.pem" + And the certificate has type "PEM" + And the certificate has valid PEM content + When I create the certificate at subaccount level for subscriber + Then the certificate creation should be successful + When I get subaccount certificate "test-cert-sub-get.pem" with "SUBSCRIBER_ONLY" access strategy + Then the certificate should be retrieved successfully + + Scenario: Get certificate using provider first strategy + Given I use the configured subscriber tenant + And I have a certificate named "test-cert-sub-get.pem" + And the certificate has type "PEM" + And the certificate has valid PEM content + When I create the certificate at subaccount level for subscriber + Then the certificate creation should be successful + When I get subaccount certificate "test-cert-sub-get.pem" with "PROVIDER_FIRST" access strategy + Then the certificate should be retrieved successfully + + Scenario: Get certificate using provider only strategy + Given I use the configured subscriber tenant + And I have a certificate named "test-cert-sub-get.pem" + And the certificate has type "PEM" + And the certificate has valid PEM content + When I create the certificate at subaccount level for subscriber + Then the certificate creation should be successful + When I get subaccount certificate "test-cert-sub-get.pem" with "PROVIDER_ONLY" access strategy + Then the certificate should not be found + + Scenario: Create and list instance certificates + Given I have multiple subaccount certificates: + | name | type | + | test-cert-list-1.pem | PEM | + | test-cert-list-2.pem | PEM | + When I create all instance certificates + Then all certificate creations should be successful + When I list instance certificates + Then the certificate list should contain at least 2 certificates + And the certificate "test-cert-list-1.pem" should be in the list + And the certificate "test-cert-list-2.pem" should be in the list + And I clean up all subaccount certificates + + Scenario: Create and list subaccount certificates (provider access) + Given I have multiple subaccount certificates: + | name | type | + | test-cert-list-1.pem | PEM | + | test-cert-list-2.pem | PEM | + When I create all subaccount certificates + Then all certificate creations should be successful + When I list subaccount certificates with "PROVIDER_FIRST" access strategy + Then the certificate list should contain at least 2 certificates + And the certificate "test-cert-list-1.pem" should be in the list + And the certificate "test-cert-list-2.pem" should be in the list + When I list subaccount certificates with "PROVIDER_ONLY" access strategy + Then the certificate list should contain at least 2 certificates + And the certificate "test-cert-list-1.pem" should be in the list + And the certificate "test-cert-list-2.pem" should be in the list + And I clean up all subaccount certificates + + Scenario: List certificates using subscriber first strategy + Given I use the configured subscriber tenant + And I have a certificate named "test-cert-sub-list.pem" + And the certificate has type "PEM" + And the certificate has valid PEM content + When I create the certificate at subaccount level for subscriber + Then the certificate creation should be successful + When I list subaccount certificates with "SUBSCRIBER_FIRST" access strategy + Then the certificate "test-cert-sub-list.pem" should be in the list + + Scenario: List certificates using subscriber only strategy + Given I use the configured subscriber tenant + And I have a certificate named "test-cert-sub-list.pem" + And the certificate has type "PEM" + And the certificate has valid PEM content + When I create the certificate at subaccount level for subscriber + Then the certificate creation should be successful + When I list subaccount certificates with "SUBSCRIBER_ONLY" access strategy + Then the certificate "test-cert-sub-list.pem" should be in the list + + Scenario: List certificates using provider first strategy + When I list subaccount certificates with "PROVIDER_FIRST" access strategy + Then the certificate list should be retrieved successfully + + Scenario: List certificates using provider only strategy + Given I use the configured subscriber tenant + And I have a certificate named "test-cert-sub-list.pem" + And the certificate has type "PEM" + And the certificate has valid PEM content + When I create the certificate at subaccount level for subscriber + Then the certificate creation should be successful + When I list subaccount certificates with "PROVIDER_ONLY" access strategy + Then the certificate "test-cert-sub-list.pem" should not be in the list Scenario: Manage labels for subaccount certificate Given I have a certificate named "test-cert-labels.pem" @@ -183,48 +185,48 @@ Feature: Destination Service Integration - Certificates # ==================== SUBSCRIBER WRITE SCENARIOS ==================== - # Scenario: Create certificate at subaccount level for subscriber - # Given I use tenant "1776453780" - # And I have a certificate named "test-cert-sub-write.pem" - # And the certificate has type "PEM" - # And the certificate has valid PEM content - # When I create the certificate at subaccount level for subscriber - # Then the certificate creation should be successful - # When I get subaccount certificate "test-cert-sub-write.pem" with "SUBSCRIBER_ONLY" access strategy - # Then the certificate should be retrieved successfully - # And the certificate type should be "PEM" - - # Scenario: Update certificate at subaccount level for subscriber - # Given I use tenant "1776453780" - # And I have a certificate named "test-cert-sub-update.pem" - # And the certificate has type "PEM" - # And the certificate has valid PEM content - # When I create the certificate at subaccount level for subscriber - # Then the certificate creation should be successful - # When I update the certificate content - # And I update the certificate at subaccount level for subscriber - # Then the certificate update should be successful - # When I get subaccount certificate "test-cert-sub-update.pem" with "SUBSCRIBER_ONLY" access strategy - # Then the certificate should have updated content - - # Scenario: Delete certificate at subaccount level for subscriber - # Given I use tenant "1776453780" - # And I have a certificate named "test-cert-sub-delete.pem" - # And the certificate has type "PEM" - # And the certificate has valid PEM content - # When I create the certificate at subaccount level for subscriber - # Then the certificate creation should be successful - # When I delete the subaccount certificate "test-cert-sub-delete.pem" for subscriber - # Then the certificate deletion should be successful - # When I get subaccount certificate "test-cert-sub-delete.pem" with "SUBSCRIBER_ONLY" access strategy - # Then the certificate should not be found - - # Scenario: Subscriber certificate not visible in provider-only context - # Given I use tenant "1776453780" - # And I have a certificate named "test-cert-sub-isolation.pem" - # And the certificate has type "PEM" - # And the certificate has valid PEM content - # When I create the certificate at subaccount level for subscriber - # Then the certificate creation should be successful - # When I get subaccount certificate "test-cert-sub-isolation.pem" with "PROVIDER_ONLY" access strategy - # Then the certificate should not be found + Scenario: Create certificate at subaccount level for subscriber + Given I use the configured subscriber tenant + And I have a certificate named "test-cert-sub-write.pem" + And the certificate has type "PEM" + And the certificate has valid PEM content + When I create the certificate at subaccount level for subscriber + Then the certificate creation should be successful + When I get subaccount certificate "test-cert-sub-write.pem" with "SUBSCRIBER_ONLY" access strategy + Then the certificate should be retrieved successfully + And the certificate type should be "PEM" + + Scenario: Update certificate at subaccount level for subscriber + Given I use the configured subscriber tenant + And I have a certificate named "test-cert-sub-update.pem" + And the certificate has type "PEM" + And the certificate has valid PEM content + When I create the certificate at subaccount level for subscriber + Then the certificate creation should be successful + When I update the certificate content + And I update the certificate at subaccount level for subscriber + Then the certificate update should be successful + When I get subaccount certificate "test-cert-sub-update.pem" with "SUBSCRIBER_ONLY" access strategy + Then the certificate should have updated content + + Scenario: Delete certificate at subaccount level for subscriber + Given I use the configured subscriber tenant + And I have a certificate named "test-cert-sub-delete.pem" + And the certificate has type "PEM" + And the certificate has valid PEM content + When I create the certificate at subaccount level for subscriber + Then the certificate creation should be successful + When I delete the subaccount certificate "test-cert-sub-delete.pem" for subscriber + Then the certificate deletion should be successful + When I get subaccount certificate "test-cert-sub-delete.pem" with "SUBSCRIBER_ONLY" access strategy + Then the certificate should not be found + + Scenario: Subscriber certificate not visible in provider-only context + Given I use the configured subscriber tenant + And I have a certificate named "test-cert-sub-isolation.pem" + And the certificate has type "PEM" + And the certificate has valid PEM content + When I create the certificate at subaccount level for subscriber + Then the certificate creation should be successful + When I get subaccount certificate "test-cert-sub-isolation.pem" with "PROVIDER_ONLY" access strategy + Then the certificate should not be found diff --git a/tests/destination/integration/destination.feature b/tests/destination/integration/destination.feature index 45cbb3ef..3d1f2924 100644 --- a/tests/destination/integration/destination.feature +++ b/tests/destination/integration/destination.feature @@ -72,25 +72,45 @@ Feature: Destination Service Integration When I get subaccount destination "non-existent-destination" with "PROVIDER_ONLY" access strategy Then the destination should not be found - # Scenario: Get destination using subscriber first strategy - # Given I use tenant "1776453780" - # When I get subaccount destination "subscriber-dest-test" with "SUBSCRIBER_FIRST" access strategy - # Then the destination should be retrieved successfully - - # Scenario: Get destination using subscriber only strategy - # Given I use tenant "1776453780" - # When I get subaccount destination "subscriber-dest-test" with "SUBSCRIBER_ONLY" access strategy - # Then the destination should be retrieved successfully - - # Scenario: Get destination using provider first strategy - # Given I use tenant "1776453780" - # When I get subaccount destination "subscriber-dest-test" with "PROVIDER_FIRST" access strategy - # Then the destination should be retrieved successfully - - # Scenario: Get destination using provider only strategy - # Given I use tenant "1776453780" - # When I get subaccount destination "subscriber-dest-test" with "PROVIDER_ONLY" access strategy - # Then the destination should not be found + Scenario: Get destination using subscriber first strategy + Given I use the configured subscriber tenant + And I have a destination named "test-dest-sub-get" of type "HTTP" + And the destination has URL "https://subscriber-get.example.com" + And the destination has authentication "NoAuthentication" + When I create the destination at subaccount level for subscriber + Then the destination creation should be successful + When I get subaccount destination "test-dest-sub-get" with "SUBSCRIBER_FIRST" access strategy + Then the destination should be retrieved successfully + + Scenario: Get destination using subscriber only strategy + Given I use the configured subscriber tenant + And I have a destination named "test-dest-sub-get" of type "HTTP" + And the destination has URL "https://subscriber-get.example.com" + And the destination has authentication "NoAuthentication" + When I create the destination at subaccount level for subscriber + Then the destination creation should be successful + When I get subaccount destination "test-dest-sub-get" with "SUBSCRIBER_ONLY" access strategy + Then the destination should be retrieved successfully + + Scenario: Get destination using provider first strategy + Given I use the configured subscriber tenant + And I have a destination named "test-dest-sub-get" of type "HTTP" + And the destination has URL "https://subscriber-get.example.com" + And the destination has authentication "NoAuthentication" + When I create the destination at subaccount level for subscriber + Then the destination creation should be successful + When I get subaccount destination "test-dest-sub-get" with "PROVIDER_FIRST" access strategy + Then the destination should be retrieved successfully + + Scenario: Get destination using provider only strategy + Given I use the configured subscriber tenant + And I have a destination named "test-dest-sub-get" of type "HTTP" + And the destination has URL "https://subscriber-get.example.com" + And the destination has authentication "NoAuthentication" + When I create the destination at subaccount level for subscriber + Then the destination creation should be successful + When I get subaccount destination "test-dest-sub-get" with "PROVIDER_ONLY" access strategy + Then the destination should not be found Scenario: Create and list instance destinations Given I have multiple instance destinations: @@ -107,37 +127,36 @@ Feature: Destination Service Integration And the destination "test-list-inst-3" should be in the list And I clean up all instance destinations - # Scenario: List instance destinations with tenant (subscriber context) - # Given I have multiple instance destinations: - # | name | type | url | - # | test-list-inst-ten-1 | HTTP | https://api1.example.com | - # | test-list-inst-ten-2 | HTTP | https://api2.example.com | - # And I use tenant "1776453780" - # When I create all instance destinations - # Then all destination creations should be successful - # When I list instance destinations with tenant - # Then the list should contain at least 2 destinations - # And the destination "test-list-inst-ten-1" should be in the list - # And the destination "test-list-inst-ten-2" should be in the list - # And I clean up all instance destinations - - # Scenario: Create and list subaccount destinations (provider access) - # Given I have multiple subaccount destinations: - # | name | type | url | - # | test-list-sub-1 | HTTP | https://sub1.example.com | - # | test-list-sub-2 | HTTP | https://sub2.example.com | - # And I use tenant "1776453780" - # When I create all subaccount destinations - # Then all destination creations should be successful - # When I list subaccount destinations with "PROVIDER_FIRST" access strategy - # Then the list should contain at least 2 destinations - # And the destination "test-list-sub-1" should be in the list - # And the destination "test-list-sub-2" should be in the list - # When I list subaccount destinations with "PROVIDER_ONLY" access strategy - # Then the list should contain at least 2 destinations - # And the destination "test-list-sub-1" should be in the list - # And the destination "test-list-sub-2" should be in the list - # And I clean up all subaccount destinations + Scenario: List instance destinations with tenant (subscriber context) + Given I use the configured subscriber tenant + And I have multiple instance destinations: + | name | type | url | + | test-list-inst-ten-1 | HTTP | https://api1.example.com | + | test-list-inst-ten-2 | HTTP | https://api2.example.com | + When I create all instance destinations + Then all destination creations should be successful + When I list instance destinations with tenant + Then the list should contain at least 2 destinations + And the destination "test-list-inst-ten-1" should be in the list + And the destination "test-list-inst-ten-2" should be in the list + And I clean up all instance destinations + + Scenario: Create and list subaccount destinations (provider access) + Given I have multiple subaccount destinations: + | name | type | url | + | test-list-sub-1 | HTTP | https://sub1.example.com | + | test-list-sub-2 | HTTP | https://sub2.example.com | + When I create all subaccount destinations + Then all destination creations should be successful + When I list subaccount destinations with "PROVIDER_FIRST" access strategy + Then the list should contain at least 2 destinations + And the destination "test-list-sub-1" should be in the list + And the destination "test-list-sub-2" should be in the list + When I list subaccount destinations with "PROVIDER_ONLY" access strategy + Then the list should contain at least 2 destinations + And the destination "test-list-sub-1" should be in the list + And the destination "test-list-sub-2" should be in the list + And I clean up all subaccount destinations Scenario: List destinations with name filter Given I have multiple instance destinations: @@ -154,25 +173,39 @@ Feature: Destination Service Integration And the destination "other-destination" should not be in the list And I clean up all instance destinations - # Scenario: List destinations using subscriber first strategy - # Given I use tenant "1776453780" - # When I list subaccount destinations with "SUBSCRIBER_FIRST" access strategy - # Then the destination "subscriber-dest-test" should be in the list + Scenario: List destinations using subscriber first strategy + Given I use the configured subscriber tenant + And I have a destination named "test-dest-sub-list" of type "HTTP" + And the destination has URL "https://subscriber-list.example.com" + And the destination has authentication "NoAuthentication" + When I create the destination at subaccount level for subscriber + Then the destination creation should be successful + When I list subaccount destinations with "SUBSCRIBER_FIRST" access strategy + Then the destination "test-dest-sub-list" should be in the list - # Scenario: List destinations using subscriber only strategy - # Given I use tenant "1776453780" - # When I list subaccount destinations with "SUBSCRIBER_ONLY" access strategy - # Then the destination "subscriber-dest-test" should be in the list + Scenario: List destinations using subscriber only strategy + Given I use the configured subscriber tenant + And I have a destination named "test-dest-sub-list" of type "HTTP" + And the destination has URL "https://subscriber-list.example.com" + And the destination has authentication "NoAuthentication" + When I create the destination at subaccount level for subscriber + Then the destination creation should be successful + When I list subaccount destinations with "SUBSCRIBER_ONLY" access strategy + Then the destination "test-dest-sub-list" should be in the list - # Scenario: List destinations using provider first strategy - # Given I use tenant "1776453780" - # When I list subaccount destinations with "PROVIDER_FIRST" access strategy - # Then the destination list should be retrieved successfully + Scenario: List destinations using provider first strategy + When I list subaccount destinations with "PROVIDER_FIRST" access strategy + Then the destination list should be retrieved successfully - # Scenario: List destinations using provider only strategy - # Given I use tenant "1776453780" - # When I list subaccount destinations with "PROVIDER_ONLY" access strategy - # Then the destination "subscriber-dest-test" should not be in the list + Scenario: List destinations using provider only strategy + Given I use the configured subscriber tenant + And I have a destination named "test-dest-sub-list" of type "HTTP" + And the destination has URL "https://subscriber-list.example.com" + And the destination has authentication "NoAuthentication" + When I create the destination at subaccount level for subscriber + Then the destination creation should be successful + When I list subaccount destinations with "PROVIDER_ONLY" access strategy + Then the destination "test-dest-sub-list" should not be in the list Scenario: List destinations with network failure Given the destination service is configured with an unreachable endpoint @@ -211,21 +244,21 @@ Feature: Destination Service Integration And the destination should have property "CustomHeader2" with value "HeaderValue2" And I clean up the subaccount destination "test-custom-props" - # Scenario: Consume destination with v2 API - with both fragment and tenant - # Given I have a destination named "test-v2-full-options" of type "HTTP" - # And the destination has URL "https://multi-tenant-api.example.com" - # And the destination has authentication "NoAuthentication" - # And I have a fragment named "test-v2-full-fragment" - # And the fragment has property "CustomProperty" with value "FragmentValue" - # And I use tenant "1776453780" - # When I create the destination at instance level - # And I create the fragment at instance level - # Then the destination creation should be successful - # And the fragment creation should be successful - # When I consume the destination "test-v2-full-options" with fragment "test-v2-full-fragment" and tenant context - # Then the destination should be consumed successfully - # And I clean up the instance destination "test-v2-full-options" - # And I clean up the instance fragment "test-v2-full-fragment" + Scenario: Consume destination with v2 API - with both fragment and tenant + Given I use the configured subscriber tenant + And I have a destination named "test-v2-full-options" of type "HTTP" + And the destination has URL "https://multi-tenant-api.example.com" + And the destination has authentication "NoAuthentication" + And I have a fragment named "test-v2-full-fragment" + And the fragment has property "CustomProperty" with value "FragmentValue" + When I create the destination at instance level + And I create the fragment at instance level + Then the destination creation should be successful + And the fragment creation should be successful + When I consume the destination "test-v2-full-options" with fragment "test-v2-full-fragment" and tenant context + Then the destination should be consumed successfully + And I clean up the instance destination "test-v2-full-options" + And I clean up the instance fragment "test-v2-full-fragment" Scenario: DestinationHttpClient sends an authenticated request using token fetched from BTP Given I have a destination named "sdk-test-http-client" of type "HTTP" @@ -271,48 +304,48 @@ Feature: Destination Service Integration # ==================== SUBSCRIBER WRITE SCENARIOS ==================== - # Scenario: Create destination at subaccount level for subscriber - # Given I use tenant "1776453780" - # And I have a destination named "test-dest-sub-write" of type "HTTP" - # And the destination has URL "https://subscriber-write.example.com" - # And the destination has authentication "NoAuthentication" - # When I create the destination at subaccount level for subscriber - # Then the destination creation should be successful - # When I get subaccount destination "test-dest-sub-write" with "SUBSCRIBER_ONLY" access strategy - # Then the destination should be retrieved successfully - # And the destination URL should be "https://subscriber-write.example.com" - - # Scenario: Update destination at subaccount level for subscriber - # Given I use tenant "1776453780" - # And I have a destination named "test-dest-sub-update" of type "HTTP" - # And the destination has URL "https://subscriber-original.example.com" - # And the destination has authentication "NoAuthentication" - # When I create the destination at subaccount level for subscriber - # Then the destination creation should be successful - # When I update the destination URL to "https://subscriber-updated.example.com" - # And I update the destination at subaccount level for subscriber - # Then the destination update should be successful - # When I get subaccount destination "test-dest-sub-update" with "SUBSCRIBER_ONLY" access strategy - # Then the destination URL should be "https://subscriber-updated.example.com" - - # Scenario: Delete destination at subaccount level for subscriber - # Given I use tenant "1776453780" - # And I have a destination named "test-dest-sub-delete" of type "HTTP" - # And the destination has URL "https://subscriber-delete.example.com" - # And the destination has authentication "NoAuthentication" - # When I create the destination at subaccount level for subscriber - # Then the destination creation should be successful - # When I delete the subaccount destination "test-dest-sub-delete" for subscriber - # Then the destination deletion should be successful - # When I get subaccount destination "test-dest-sub-delete" with "SUBSCRIBER_ONLY" access strategy - # Then the destination should not be found - - # Scenario: Subscriber destination not visible in provider-only context - # Given I use tenant "1776453780" - # And I have a destination named "test-dest-sub-isolation" of type "HTTP" - # And the destination has URL "https://subscriber-isolation.example.com" - # And the destination has authentication "NoAuthentication" - # When I create the destination at subaccount level for subscriber - # Then the destination creation should be successful - # When I get subaccount destination "test-dest-sub-isolation" with "PROVIDER_ONLY" access strategy - # Then the destination should not be found + Scenario: Create destination at subaccount level for subscriber + Given I use the configured subscriber tenant + And I have a destination named "test-dest-sub-write" of type "HTTP" + And the destination has URL "https://subscriber-write.example.com" + And the destination has authentication "NoAuthentication" + When I create the destination at subaccount level for subscriber + Then the destination creation should be successful + When I get subaccount destination "test-dest-sub-write" with "SUBSCRIBER_ONLY" access strategy + Then the destination should be retrieved successfully + And the destination URL should be "https://subscriber-write.example.com" + + Scenario: Update destination at subaccount level for subscriber + Given I use the configured subscriber tenant + And I have a destination named "test-dest-sub-update" of type "HTTP" + And the destination has URL "https://subscriber-original.example.com" + And the destination has authentication "NoAuthentication" + When I create the destination at subaccount level for subscriber + Then the destination creation should be successful + When I update the destination URL to "https://subscriber-updated.example.com" + And I update the destination at subaccount level for subscriber + Then the destination update should be successful + When I get subaccount destination "test-dest-sub-update" with "SUBSCRIBER_ONLY" access strategy + Then the destination URL should be "https://subscriber-updated.example.com" + + Scenario: Delete destination at subaccount level for subscriber + Given I use the configured subscriber tenant + And I have a destination named "test-dest-sub-delete" of type "HTTP" + And the destination has URL "https://subscriber-delete.example.com" + And the destination has authentication "NoAuthentication" + When I create the destination at subaccount level for subscriber + Then the destination creation should be successful + When I delete the subaccount destination "test-dest-sub-delete" for subscriber + Then the destination deletion should be successful + When I get subaccount destination "test-dest-sub-delete" with "SUBSCRIBER_ONLY" access strategy + Then the destination should not be found + + Scenario: Subscriber destination not visible in provider-only context + Given I use the configured subscriber tenant + And I have a destination named "test-dest-sub-isolation" of type "HTTP" + And the destination has URL "https://subscriber-isolation.example.com" + And the destination has authentication "NoAuthentication" + When I create the destination at subaccount level for subscriber + Then the destination creation should be successful + When I get subaccount destination "test-dest-sub-isolation" with "PROVIDER_ONLY" access strategy + Then the destination should not be found diff --git a/tests/destination/integration/fragment.feature b/tests/destination/integration/fragment.feature index 4a57bb18..10aa9b8b 100644 --- a/tests/destination/integration/fragment.feature +++ b/tests/destination/integration/fragment.feature @@ -48,101 +48,102 @@ Feature: Destination Service Integration - Fragments When I get subaccount fragment "non-existent-fragment" with "PROVIDER_ONLY" access strategy Then the fragment should not be found - # Scenario: Get fragment using subscriber first strategy - # Given I use tenant "1776453780" - # And I have a fragment named "fragment-dest-test" - # And the fragment has property "URL" with value "https://subscriber-fragment.example.com" - # When I create the fragment at subaccount level for subscriber - # Then the fragment creation should be successful - # When I get subaccount fragment "fragment-dest-test" with "SUBSCRIBER_FIRST" access strategy - # Then the fragment should be retrieved successfully - - # Scenario: Get fragment using subscriber only strategy - # Given I use tenant "1776453780" - # And I have a fragment named "fragment-dest-test" - # And the fragment has property "URL" with value "https://subscriber-fragment.example.com" - # When I create the fragment at subaccount level for subscriber - # Then the fragment creation should be successful - # When I get subaccount fragment "fragment-dest-test" with "SUBSCRIBER_ONLY" access strategy - # Then the fragment should be retrieved successfully - - # Scenario: Get fragment using provider first strategy - # Given I use tenant "1776453780" - # And I have a fragment named "fragment-dest-test" - # And the fragment has property "URL" with value "https://subscriber-fragment.example.com" - # When I create the fragment at subaccount level for subscriber - # Then the fragment creation should be successful - # When I get subaccount fragment "fragment-dest-test" with "PROVIDER_FIRST" access strategy - # Then the fragment should be retrieved successfully - - # Scenario: Get fragment using provider only strategy - # Given I use tenant "1776453780" - # And I have a fragment named "fragment-dest-test" - # And the fragment has property "URL" with value "https://subscriber-fragment.example.com" - # When I create the fragment at subaccount level for subscriber - # Then the fragment creation should be successful - # When I get subaccount fragment "fragment-dest-test" with "PROVIDER_ONLY" access strategy - # Then the fragment should not be found - - # Scenario: Create and list instance fragments - # Given I have multiple subaccount fragments: - # | name | property1 | value1 | - # | test-frag-list-1 | prop1 | val1 | - # | test-frag-list-2 | prop2 | val2 | - # And I use tenant "1776453780" - # When I create all instance fragments - # Then all fragment creations should be successful - # When I list instance fragments - # Then the fragment list should contain at least 2 fragments - # And the fragment "test-frag-list-1" should be in the list - # And the fragment "test-frag-list-2" should be in the list - # And I clean up all subaccount fragments - - # Scenario: Create and list subaccount fragments (provider access) - # Given I have multiple subaccount fragments: - # | name | property1 | value1 | - # | test-frag-list-1 | prop1 | val1 | - # | test-frag-list-2 | prop2 | val2 | - # And I use tenant "1776453780" - # When I create all subaccount fragments - # Then all fragment creations should be successful - # When I list subaccount fragments with "PROVIDER_FIRST" access strategy - # Then the fragment list should contain at least 2 fragments - # And the fragment "test-frag-list-1" should be in the list - # And the fragment "test-frag-list-2" should be in the list - # When I list subaccount fragments with "PROVIDER_ONLY" access strategy - # Then the fragment list should contain at least 2 fragments - # And the fragment "test-frag-list-1" should be in the list - # And the fragment "test-frag-list-2" should be in the list - # And I clean up all subaccount fragments - - # Scenario: List fragments using subscriber first strategy - # Given I use tenant "1776453780" - # And I have a fragment named "fragment-dest-test" - # And the fragment has property "URL" with value "https://subscriber-fragment.example.com" - # When I create the fragment at subaccount level for subscriber - # Then the fragment creation should be successful - # When I list subaccount fragments with "SUBSCRIBER_FIRST" access strategy - # Then the fragment "fragment-dest-test" should be in the list - - # Scenario: List fragments using subscriber only strategy - # Given I use tenant "1776453780" - # And I have a fragment named "fragment-dest-test" - # And the fragment has property "URL" with value "https://subscriber-fragment.example.com" - # When I create the fragment at subaccount level for subscriber - # Then the fragment creation should be successful - # When I list subaccount fragments with "SUBSCRIBER_ONLY" access strategy - # Then the fragment "fragment-dest-test" should be in the list - - # Scenario: List fragments using provider first strategy - # Given I use tenant "1776453780" - # When I list subaccount fragments with "PROVIDER_FIRST" access strategy - # Then the fragment list should be retrieved successfully - - # Scenario: List fragments using provider only strategy - # Given I use tenant "1776453780" - # When I list subaccount fragments with "PROVIDER_ONLY" access strategy - # Then the fragment "fragment-dest-test" should not be in the list + Scenario: Get fragment using subscriber first strategy + Given I use the configured subscriber tenant + And I have a fragment named "test-frag-sub-get" + And the fragment has property "URL" with value "https://subscriber-fragment.example.com" + When I create the fragment at subaccount level for subscriber + Then the fragment creation should be successful + When I get subaccount fragment "test-frag-sub-get" with "SUBSCRIBER_FIRST" access strategy + Then the fragment should be retrieved successfully + + Scenario: Get fragment using subscriber only strategy + Given I use the configured subscriber tenant + And I have a fragment named "test-frag-sub-get" + And the fragment has property "URL" with value "https://subscriber-fragment.example.com" + When I create the fragment at subaccount level for subscriber + Then the fragment creation should be successful + When I get subaccount fragment "test-frag-sub-get" with "SUBSCRIBER_ONLY" access strategy + Then the fragment should be retrieved successfully + + Scenario: Get fragment using provider first strategy + Given I use the configured subscriber tenant + And I have a fragment named "test-frag-sub-get" + And the fragment has property "URL" with value "https://subscriber-fragment.example.com" + When I create the fragment at subaccount level for subscriber + Then the fragment creation should be successful + When I get subaccount fragment "test-frag-sub-get" with "PROVIDER_FIRST" access strategy + Then the fragment should be retrieved successfully + + Scenario: Get fragment using provider only strategy + Given I use the configured subscriber tenant + And I have a fragment named "test-frag-sub-get" + And the fragment has property "URL" with value "https://subscriber-fragment.example.com" + When I create the fragment at subaccount level for subscriber + Then the fragment creation should be successful + When I get subaccount fragment "test-frag-sub-get" with "PROVIDER_ONLY" access strategy + Then the fragment should not be found + + Scenario: Create and list instance fragments + Given I have multiple subaccount fragments: + | name | property1 | value1 | + | test-frag-list-1 | prop1 | val1 | + | test-frag-list-2 | prop2 | val2 | + When I create all instance fragments + Then all fragment creations should be successful + When I list instance fragments + Then the fragment list should contain at least 2 fragments + And the fragment "test-frag-list-1" should be in the list + And the fragment "test-frag-list-2" should be in the list + And I clean up all subaccount fragments + + Scenario: Create and list subaccount fragments (provider access) + Given I have multiple subaccount fragments: + | name | property1 | value1 | + | test-frag-list-1 | prop1 | val1 | + | test-frag-list-2 | prop2 | val2 | + When I create all subaccount fragments + Then all fragment creations should be successful + When I list subaccount fragments with "PROVIDER_FIRST" access strategy + Then the fragment list should contain at least 2 fragments + And the fragment "test-frag-list-1" should be in the list + And the fragment "test-frag-list-2" should be in the list + When I list subaccount fragments with "PROVIDER_ONLY" access strategy + Then the fragment list should contain at least 2 fragments + And the fragment "test-frag-list-1" should be in the list + And the fragment "test-frag-list-2" should be in the list + And I clean up all subaccount fragments + + Scenario: List fragments using subscriber first strategy + Given I use the configured subscriber tenant + And I have a fragment named "test-frag-sub-list" + And the fragment has property "URL" with value "https://subscriber-fragment.example.com" + When I create the fragment at subaccount level for subscriber + Then the fragment creation should be successful + When I list subaccount fragments with "SUBSCRIBER_FIRST" access strategy + Then the fragment "test-frag-sub-list" should be in the list + + Scenario: List fragments using subscriber only strategy + Given I use the configured subscriber tenant + And I have a fragment named "test-frag-sub-list" + And the fragment has property "URL" with value "https://subscriber-fragment.example.com" + When I create the fragment at subaccount level for subscriber + Then the fragment creation should be successful + When I list subaccount fragments with "SUBSCRIBER_ONLY" access strategy + Then the fragment "test-frag-sub-list" should be in the list + + Scenario: List fragments using provider first strategy + When I list subaccount fragments with "PROVIDER_FIRST" access strategy + Then the fragment list should be retrieved successfully + + Scenario: List fragments using provider only strategy + Given I use the configured subscriber tenant + And I have a fragment named "test-frag-sub-list" + And the fragment has property "URL" with value "https://subscriber-fragment.example.com" + When I create the fragment at subaccount level for subscriber + Then the fragment creation should be successful + When I list subaccount fragments with "PROVIDER_ONLY" access strategy + Then the fragment "test-frag-sub-list" should not be in the list Scenario: Manage labels for subaccount fragment Given I have a fragment named "test-fragment-labels" @@ -173,44 +174,44 @@ Feature: Destination Service Integration - Fragments # ==================== SUBSCRIBER WRITE SCENARIOS ==================== - # Scenario: Create fragment at subaccount level for subscriber - # Given I use tenant "1776453780" - # And I have a fragment named "test-frag-sub-write" - # And the fragment has property "URL" with value "https://subscriber-write.example.com" - # When I create the fragment at subaccount level for subscriber - # Then the fragment creation should be successful - # When I get subaccount fragment "test-frag-sub-write" with "SUBSCRIBER_ONLY" access strategy - # Then the fragment should be retrieved successfully - # And the fragment should have property "URL" with value "https://subscriber-write.example.com" - - # Scenario: Update fragment at subaccount level for subscriber - # Given I use tenant "1776453780" - # And I have a fragment named "test-frag-sub-update" - # And the fragment has property "URL" with value "https://subscriber-original.example.com" - # When I create the fragment at subaccount level for subscriber - # Then the fragment creation should be successful - # When I update the fragment property "URL" to "https://subscriber-updated.example.com" - # And I update the fragment at subaccount level for subscriber - # Then the fragment update should be successful - # When I get subaccount fragment "test-frag-sub-update" with "SUBSCRIBER_ONLY" access strategy - # Then the fragment should have property "URL" with value "https://subscriber-updated.example.com" - - # Scenario: Delete fragment at subaccount level for subscriber - # Given I use tenant "1776453780" - # And I have a fragment named "test-frag-sub-delete" - # And the fragment has property "URL" with value "https://subscriber-delete.example.com" - # When I create the fragment at subaccount level for subscriber - # Then the fragment creation should be successful - # When I delete the subaccount fragment "test-frag-sub-delete" for subscriber - # Then the fragment deletion should be successful - # When I get subaccount fragment "test-frag-sub-delete" with "SUBSCRIBER_ONLY" access strategy - # Then the fragment should not be found - - # Scenario: Subscriber fragment not visible in provider-only context - # Given I use tenant "1776453780" - # And I have a fragment named "test-frag-sub-isolation" - # And the fragment has property "URL" with value "https://subscriber-isolation.example.com" - # When I create the fragment at subaccount level for subscriber - # Then the fragment creation should be successful - # When I get subaccount fragment "test-frag-sub-isolation" with "PROVIDER_ONLY" access strategy - # Then the fragment should not be found + Scenario: Create fragment at subaccount level for subscriber + Given I use the configured subscriber tenant + And I have a fragment named "test-frag-sub-write" + And the fragment has property "URL" with value "https://subscriber-write.example.com" + When I create the fragment at subaccount level for subscriber + Then the fragment creation should be successful + When I get subaccount fragment "test-frag-sub-write" with "SUBSCRIBER_ONLY" access strategy + Then the fragment should be retrieved successfully + And the fragment should have property "URL" with value "https://subscriber-write.example.com" + + Scenario: Update fragment at subaccount level for subscriber + Given I use the configured subscriber tenant + And I have a fragment named "test-frag-sub-update" + And the fragment has property "URL" with value "https://subscriber-original.example.com" + When I create the fragment at subaccount level for subscriber + Then the fragment creation should be successful + When I update the fragment property "URL" to "https://subscriber-updated.example.com" + And I update the fragment at subaccount level for subscriber + Then the fragment update should be successful + When I get subaccount fragment "test-frag-sub-update" with "SUBSCRIBER_ONLY" access strategy + Then the fragment should have property "URL" with value "https://subscriber-updated.example.com" + + Scenario: Delete fragment at subaccount level for subscriber + Given I use the configured subscriber tenant + And I have a fragment named "test-frag-sub-delete" + And the fragment has property "URL" with value "https://subscriber-delete.example.com" + When I create the fragment at subaccount level for subscriber + Then the fragment creation should be successful + When I delete the subaccount fragment "test-frag-sub-delete" for subscriber + Then the fragment deletion should be successful + When I get subaccount fragment "test-frag-sub-delete" with "SUBSCRIBER_ONLY" access strategy + Then the fragment should not be found + + Scenario: Subscriber fragment not visible in provider-only context + Given I use the configured subscriber tenant + And I have a fragment named "test-frag-sub-isolation" + And the fragment has property "URL" with value "https://subscriber-isolation.example.com" + When I create the fragment at subaccount level for subscriber + Then the fragment creation should be successful + When I get subaccount fragment "test-frag-sub-isolation" with "PROVIDER_ONLY" access strategy + Then the fragment should not be found From 14208e8e1053e1d7e8a30cbfa1ba4b795bd9b75e Mon Sep 17 00:00:00 2001 From: Arthur Tonial Date: Tue, 16 Jun 2026 23:42:57 -0300 Subject: [PATCH 4/8] test(destination): fix integration scenarios requiring subscriber tenant for PROVIDER_FIRST --- tests/destination/integration/certificate.feature | 4 +++- tests/destination/integration/destination.feature | 15 ++++----------- tests/destination/integration/fragment.feature | 4 +++- 3 files changed, 10 insertions(+), 13 deletions(-) diff --git a/tests/destination/integration/certificate.feature b/tests/destination/integration/certificate.feature index 9f97b16f..8f1b1d0b 100644 --- a/tests/destination/integration/certificate.feature +++ b/tests/destination/integration/certificate.feature @@ -104,7 +104,8 @@ Feature: Destination Service Integration - Certificates And I clean up all subaccount certificates Scenario: Create and list subaccount certificates (provider access) - Given I have multiple subaccount certificates: + Given I use the configured subscriber tenant + And I have multiple subaccount certificates: | name | type | | test-cert-list-1.pem | PEM | | test-cert-list-2.pem | PEM | @@ -141,6 +142,7 @@ Feature: Destination Service Integration - Certificates Then the certificate "test-cert-sub-list.pem" should be in the list Scenario: List certificates using provider first strategy + Given I use the configured subscriber tenant When I list subaccount certificates with "PROVIDER_FIRST" access strategy Then the certificate list should be retrieved successfully diff --git a/tests/destination/integration/destination.feature b/tests/destination/integration/destination.feature index 3d1f2924..7eabf759 100644 --- a/tests/destination/integration/destination.feature +++ b/tests/destination/integration/destination.feature @@ -129,20 +129,12 @@ Feature: Destination Service Integration Scenario: List instance destinations with tenant (subscriber context) Given I use the configured subscriber tenant - And I have multiple instance destinations: - | name | type | url | - | test-list-inst-ten-1 | HTTP | https://api1.example.com | - | test-list-inst-ten-2 | HTTP | https://api2.example.com | - When I create all instance destinations - Then all destination creations should be successful When I list instance destinations with tenant - Then the list should contain at least 2 destinations - And the destination "test-list-inst-ten-1" should be in the list - And the destination "test-list-inst-ten-2" should be in the list - And I clean up all instance destinations + Then the destination list should be retrieved successfully Scenario: Create and list subaccount destinations (provider access) - Given I have multiple subaccount destinations: + Given I use the configured subscriber tenant + And I have multiple subaccount destinations: | name | type | url | | test-list-sub-1 | HTTP | https://sub1.example.com | | test-list-sub-2 | HTTP | https://sub2.example.com | @@ -194,6 +186,7 @@ Feature: Destination Service Integration Then the destination "test-dest-sub-list" should be in the list Scenario: List destinations using provider first strategy + Given I use the configured subscriber tenant When I list subaccount destinations with "PROVIDER_FIRST" access strategy Then the destination list should be retrieved successfully diff --git a/tests/destination/integration/fragment.feature b/tests/destination/integration/fragment.feature index 10aa9b8b..36773922 100644 --- a/tests/destination/integration/fragment.feature +++ b/tests/destination/integration/fragment.feature @@ -98,7 +98,8 @@ Feature: Destination Service Integration - Fragments And I clean up all subaccount fragments Scenario: Create and list subaccount fragments (provider access) - Given I have multiple subaccount fragments: + Given I use the configured subscriber tenant + And I have multiple subaccount fragments: | name | property1 | value1 | | test-frag-list-1 | prop1 | val1 | | test-frag-list-2 | prop2 | val2 | @@ -133,6 +134,7 @@ Feature: Destination Service Integration - Fragments Then the fragment "test-frag-sub-list" should be in the list Scenario: List fragments using provider first strategy + Given I use the configured subscriber tenant When I list subaccount fragments with "PROVIDER_FIRST" access strategy Then the fragment list should be retrieved successfully From 9dac92e6de845749f1fbf7897dc9a30196b163dd Mon Sep 17 00:00:00 2001 From: Arthur Tonial Date: Tue, 16 Jun 2026 23:59:09 -0300 Subject: [PATCH 5/8] fix(destination): align tenant subdomain env var with CLOUD_SDK_CFG naming convention --- .env_integration_tests.example | 1 + docs/INTEGRATION_TESTS.md | 5 +++++ tests/destination/integration/test_destination_bdd.py | 6 +++--- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.env_integration_tests.example b/.env_integration_tests.example index 756091f0..75477186 100644 --- a/.env_integration_tests.example +++ b/.env_integration_tests.example @@ -41,6 +41,7 @@ CLOUD_SDK_CFG_DESTINATION_DEFAULT_CLIENTSECRET=your-destination-client-secret-he CLOUD_SDK_CFG_DESTINATION_DEFAULT_URL=https://your-destination-auth-url-here CLOUD_SDK_CFG_DESTINATION_DEFAULT_URI=https://your-destination-configuration-uri-here CLOUD_SDK_CFG_DESTINATION_DEFAULT_IDENTITYZONE=your-identity-zone-here +CLOUD_SDK_CFG_DESTINATION_DEFAULT_TENANT_SUBDOMAIN=your-subscriber-tenant-subdomain-here # DMS CLOUD_SDK_CFG_SDM_DEFAULT_URI=https://your-sdm-api-uri-here diff --git a/docs/INTEGRATION_TESTS.md b/docs/INTEGRATION_TESTS.md index 8029d115..006ede7c 100644 --- a/docs/INTEGRATION_TESTS.md +++ b/docs/INTEGRATION_TESTS.md @@ -119,6 +119,11 @@ CLOUD_SDK_CFG_DESTINATION_DEFAULT_CLIENTSECRET=your-destination-client-secret-he CLOUD_SDK_CFG_DESTINATION_DEFAULT_URL=https://your-destination-auth-url-here CLOUD_SDK_CFG_DESTINATION_DEFAULT_URI=https://your-destination-configuration-uri-here CLOUD_SDK_CFG_DESTINATION_DEFAULT_IDENTITYZONE=your-identity-zone-here + +# Optional: subscriber tenant subdomain for multi-tenant scenarios +# When set, scenarios using SUBSCRIBER_FIRST, SUBSCRIBER_ONLY, and PROVIDER_FIRST are executed. +# When not set, those scenarios are automatically skipped. +CLOUD_SDK_CFG_DESTINATION_DEFAULT_TENANT_SUBDOMAIN=your-subscriber-tenant-subdomain-here ``` ### DMS Integration Tests diff --git a/tests/destination/integration/test_destination_bdd.py b/tests/destination/integration/test_destination_bdd.py index 1d1ad138..8c3ad93e 100644 --- a/tests/destination/integration/test_destination_bdd.py +++ b/tests/destination/integration/test_destination_bdd.py @@ -266,10 +266,10 @@ def use_tenant(context, tenant): @given("I use the configured subscriber tenant") def use_configured_subscriber_tenant(context): - """Set the tenant from the TENANT_SUBDOMAIN environment variable.""" - tenant = os.environ.get("TENANT_SUBDOMAIN") + """Set the tenant from the CLOUD_SDK_CFG_DESTINATION_DEFAULT_TENANT_SUBDOMAIN environment variable.""" + tenant = os.environ.get("CLOUD_SDK_CFG_DESTINATION_DEFAULT_TENANT_SUBDOMAIN") if not tenant: - pytest.skip("TENANT_SUBDOMAIN environment variable not set") + pytest.skip("CLOUD_SDK_CFG_DESTINATION_DEFAULT_TENANT_SUBDOMAIN environment variable not set") context.tenant = tenant From a3a3c3ef9c88ada5210378194545724bc1225af3 Mon Sep 17 00:00:00 2001 From: Arthur Tonial Date: Wed, 17 Jun 2026 08:38:20 -0300 Subject: [PATCH 6/8] chore: remove unused method --- tests/destination/integration/test_destination_bdd.py | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tests/destination/integration/test_destination_bdd.py b/tests/destination/integration/test_destination_bdd.py index 8c3ad93e..f957e905 100644 --- a/tests/destination/integration/test_destination_bdd.py +++ b/tests/destination/integration/test_destination_bdd.py @@ -258,12 +258,6 @@ def destination_service_auth_failure(context): context.use_auth_failure_client = True -@given(parsers.parse('I use tenant "{tenant}"')) -def use_tenant(context, tenant): - """Set the tenant to use for subscriber access.""" - context.tenant = tenant - - @given("I use the configured subscriber tenant") def use_configured_subscriber_tenant(context): """Set the tenant from the CLOUD_SDK_CFG_DESTINATION_DEFAULT_TENANT_SUBDOMAIN environment variable.""" From 5a93916a464627b6feb18c6ebb0310aa519997e2 Mon Sep 17 00:00:00 2001 From: Arthur Tonial Date: Wed, 17 Jun 2026 08:38:38 -0300 Subject: [PATCH 7/8] test: simplify integration test --- tests/destination/integration/certificate.feature | 5 ----- 1 file changed, 5 deletions(-) diff --git a/tests/destination/integration/certificate.feature b/tests/destination/integration/certificate.feature index 8f1b1d0b..c629cd54 100644 --- a/tests/destination/integration/certificate.feature +++ b/tests/destination/integration/certificate.feature @@ -148,11 +148,6 @@ Feature: Destination Service Integration - Certificates Scenario: List certificates using provider only strategy Given I use the configured subscriber tenant - And I have a certificate named "test-cert-sub-list.pem" - And the certificate has type "PEM" - And the certificate has valid PEM content - When I create the certificate at subaccount level for subscriber - Then the certificate creation should be successful When I list subaccount certificates with "PROVIDER_ONLY" access strategy Then the certificate "test-cert-sub-list.pem" should not be in the list From 9b12dc11d62e108988869f664aa893d9a0367906 Mon Sep 17 00:00:00 2001 From: Arthur Tonial Date: Wed, 17 Jun 2026 09:51:12 -0300 Subject: [PATCH 8/8] refactor(agw): standardize user token environment variable name --- .env_integration_tests.example | 2 +- docs/INTEGRATION_TESTS.md | 2 +- tests/agentgateway/integration/test_agw_bdd.py | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.env_integration_tests.example b/.env_integration_tests.example index 75477186..4d596947 100644 --- a/.env_integration_tests.example +++ b/.env_integration_tests.example @@ -10,7 +10,7 @@ CLOUD_SDK_CFG_ADMS_DEFAULT_RESOURCE=urn:sap:identity:application:provider:name:y # AGENT GATEWAY CLOUD_SDK_CFG_AGW_DEFAULT_LANDSCAPE=your-landscape-here CLOUD_SDK_CFG_AGW_DEFAULT_TENANT_SUBDOMAIN=your-tenant-subdomain-here -AGW_USER_TOKEN=your-user-jwt-here +CLOUD_SDK_CFG_AGW_DEFAULT_USER_TOKEN=your-user-jwt-here # AGENT MEMORY CLOUD_SDK_CFG_HANA_AGENT_MEMORY_DEFAULT_APPLICATION_URL=https://your-agent-memory-api-url-here diff --git a/docs/INTEGRATION_TESTS.md b/docs/INTEGRATION_TESTS.md index 006ede7c..8885736f 100644 --- a/docs/INTEGRATION_TESTS.md +++ b/docs/INTEGRATION_TESTS.md @@ -61,7 +61,7 @@ CLOUD_SDK_CFG_AGW_DEFAULT_TENANT_SUBDOMAIN=your-tenant-subdomain-here # User JWT for token exchange scenarios (get_user_auth) # If not set, user auth scenarios are automatically skipped -AGW_USER_TOKEN=your-user-jwt-here +CLOUD_SDK_CFG_AGW_DEFAULT_USER_TOKEN=your-user-jwt-here ``` ### Agent Memory Integration Tests diff --git a/tests/agentgateway/integration/test_agw_bdd.py b/tests/agentgateway/integration/test_agw_bdd.py index 46c84d0d..555d6e94 100644 --- a/tests/agentgateway/integration/test_agw_bdd.py +++ b/tests/agentgateway/integration/test_agw_bdd.py @@ -4,12 +4,12 @@ CLOUD_SDK_CFG_AGW_DEFAULT_TENANT_SUBDOMAIN= \\ CLOUD_SDK_CFG_AGW_DEFAULT_LANDSCAPE= \\ + CLOUD_SDK_CFG_AGW_DEFAULT_USER_TOKEN= \\ CLOUD_SDK_CFG_DESTINATION_DEFAULT_CLIENTID=... \\ CLOUD_SDK_CFG_DESTINATION_DEFAULT_CLIENTSECRET=... \\ CLOUD_SDK_CFG_DESTINATION_DEFAULT_URL=... \\ CLOUD_SDK_CFG_DESTINATION_DEFAULT_URI=... \\ CLOUD_SDK_CFG_DESTINATION_DEFAULT_IDENTITYZONE=... \\ - AGW_USER_TOKEN= \\ pytest tests/agentgateway/integration/ -v """ @@ -72,9 +72,9 @@ def agent_gateway_client_available(agw_client: AgentGatewayClient): @given("I have a valid user token") def have_valid_user_token(context: ScenarioContext): """Load user token from environment variable.""" - token = os.environ.get("AGW_USER_TOKEN", "") + token = os.environ.get("CLOUD_SDK_CFG_AGW_DEFAULT_USER_TOKEN", "") if not token: - pytest.skip("AGW_USER_TOKEN is not set — skipping user auth scenario") + pytest.skip("CLOUD_SDK_CFG_AGW_DEFAULT_USER_TOKEN is not set — skipping user auth scenario") context.user_token = token