The Command Manager plugin is interacting with an HTTP RESTful API in the Wazuh Server. We need to mock this service to develop and test our code, avoiding setting up a complete Wazuh Server.
As for now, the Command Manager interacts with the Management API (M_API) in two ways:
POST /security/user/authenticate, to log in to the API and obtain a JWT token.
POST /orders/, to send the pending orders.
We need to mock these 2 endpoints to test our code under different behaviors, success and failure, to properly handle them.
The @wazuh/devel-dashboard team has been using Imposter as a mock server for quite some time now. We'll also use this tool as we are already familiar with it, and has proven to fit our needs.
Imposter allows different deployment methods that can be useful for us:
imposter-cli: easy and straightforward to set up and use.
Docker: most portable solution.
JAR: the way to go to include it in our development and testing environment. Requires most effort.
Imposter can be configured to load an OpenAPI spec file and to respond to whatever we need on each endpoint call. The most recent spec for the Management API is here.
Imposter responds to POST /security/user/authenticate providing a valid JWT token.
Imposter responds to POST /orders/, with a valid JSON reply, as specified in the spec.
Imposter loads the specified OpenAPI spec file. We may need to change often, for example, to test changes that are under development on a particular Git branch.
Plan
[ ] Include Imposter to our tooling.
[ ] Create an appropriate user manual for this tool.
[ ] Include Imposter to the Command Manager test dependencies for automatic testing.
Description
The Command Manager plugin is interacting with an HTTP RESTful API in the Wazuh Server. We need to mock this service to develop and test our code, avoiding setting up a complete Wazuh Server.
As for now, the Command Manager interacts with the Management API (
M_API
) in two ways:POST /security/user/authenticate
, to log in to the API and obtain a JWT token.POST /orders/
, to send the pending orders.We need to mock these 2 endpoints to test our code under different behaviors, success and failure, to properly handle them.
The @wazuh/devel-dashboard team has been using Imposter as a mock server for quite some time now. We'll also use this tool as we are already familiar with it, and has proven to fit our needs.
Imposter allows different deployment methods that can be useful for us:
Imposter can be configured to load an OpenAPI spec file and to respond to whatever we need on each endpoint call. The most recent spec for the Management API is here.
https://github.com/wazuh/wazuh/blob/enhancement/25599-server-orders-distribution/api/api/spec/spec.yaml
Functional requirements
POST /security/user/authenticate
providing a valid JWT token.POST /orders/
, with a valid JSON reply, as specified in the spec.Plan