Closed nirmalchandra closed 5 years ago
Hello @tghani93, Do you still want us to look at it?
@authorjapps - thank you for your help so far. Just one more question: security. Could you point me to some resources / documentation where I can read about library (zerocode's) security?
TIA
Just trying to understand -
Are you looking for how Zerocode supports/invokes secured APIs e.g. Https
/ OAuth2
/ SAML / Kafka
etc?
or anything else in general ?
If you could be specific, then we can try to answer...
Yes secure APIs as you mentioned and in general as well :) I am planning on doing a blog about Zerocode also, so wanted to obtain a deeper understanding as well.
And please excuse my ignorance & naivety, how does Zerocode compares to: https://www.testcontainers.org/ The reason I am asking is as above that I an trying to push zerocode as first preference and would like an expert opinion. TIA
Yes secure APIs as you mentioned and in general as well :) I am planning on doing a blog about Zerocode also, so wanted to obtain a deeper understanding as well.
That sounds cool. 👍
For Oauth2 one of our contributor(and user) has shared a very short and precise blog in the DZone Security Zone. I am tagging him(@santhoshTpixler ) here in case you need more details on this.
For Corporate Proxy configuration, you can follow the README section here
SAML/JWT are very straight forward - working examples are here - HelloWorld repo
If tokens are dynamic, it's still easy to inject them into header in runtime.
If you use OpenAM or RedHat SSO or Simple Basic Auth
Zerocode's Http Client supports Http and Https connections anyways.
See example here - in HelloWorld
@Override
public CloseableHttpClient createHttpClient() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException {
LOGGER.info("###Used SSL Enabled Http Client for http/https/TLS connections");
// Add your own security flavour and return the client,
// then all test-cases will start using this client.
// That's it really!
return HttpClients.custom()
.setSSLContext(sslContext)
.setSSLHostnameVerifier(new NoopHostnameVerifier())
.setDefaultCookieStore(cookieStore)
.build();
}
Then it's very simple and straight forward to use like below-
Just annotate your test class or suite class.
@UseHttpClient(CustomHttpClient.class)
In similar fashion, you can inject any custom headers you need. Explained here e.g.
@Override
public Map<String, Object> amendRequestHeaders(Map<String, Object> headers) {
// ----------------------------------------------------
// Add your custom headers here(if any).
// e.g. Your auth tokens, client_id or client_secret etc
// ----------------------------------------------------
if (headers != null) {
addCustomHeaders(headers);
} else {
headers = new HashMap<>();
addCustomHeaders(headers);
}
return headers;
}
And please excuse my ignorance & naivety, how does Zerocode compares to: https://www.testcontainers.org/ The reason I am asking is as above that I an trying to push zerocode as first preference and would like an expert opinion. TIA
Sorry mate for the delay. These two are very different tools for different purposes not worth comparing.
testcontainers.org >>Mostly for anything ... that can run in a Docker container.
Zerocode is for
in a declarative way reducing the hassles to zero for Developers/Testers.
But on the feature-comparison front- We are in the process of collecting the feedback/data from our customers to capture why they are migrating from their existing tools to Zerocode e.g.
We will spin up a Wiki page or a Google doc once that's ready. That might throw some light on this line.
But our advise will be choose a tool/lib/framework
Hope this helps!
Also we are excited to see your blog when it's ready ❗️
and wish you good luck 🙏
@authorjapps , very grateful for your responses and pointers. Will have keep you posted on the blog! :)
@authorjapps, just letting you know that I will be recycling some of your awesome pointers above in the blog!! :)
Sounds cool mate. 👍 Please try to keep the blog precise/short, easily understandable for first timers as well as experience developer/testers :-) Good luck!
Created from #220
2. When testing in real environment, there will be multiple messages flowing through the brokers/topics. How can zerocode validate/asset a specific response? Ans: Use Json Path to look for a perticular message or a record key or value. Very easy! e.g.
When you have consume multiple records from a topic, that means you receive an array of records as the response. Then you can assert this way explained in the readme-file.
Where is this JSON path is applied ? In JUNIT or within Zerocode JSON config ?
For example, my test below keeps on failing. In the log, instead of just consuming the messages with the ids I have specified below. It consumes the whole array of 10 messages.