KAFKA-8 - trckr

← KAFKA-8

feature

Created: 2026-02-03 • Updated: 2026-02-03

Relationships Loading...

Integration tests that mock Cloudflare Access responses to test end-to-end auth flows.

## Implementation
- Create tests/integration/test_cf_auth_flow.py:
  - Use respx to mock httpx requests
  - Test successful browser cookie auth flow
  - Test successful service token auth flow
  - Test auth failure scenarios
  - Test session cache persistence
  - Test auth retry after cache expiration
- Mock responses:
  - Cloudflare Access login redirect (HTML)
  - Cloudflare JWT token responses
  - KafkaHQ API responses with CF auth
  - 401/403 auth errors
- Test with different config scenarios

## Dependencies
This ticket depends on:
- KAFKA-1: Browser cookie extraction
- KAFKA-2: Session cache
- KAFKA-3: Config schema updates
- KAFKA-4: HTTP client auth

## QA Instructions
Verify the following:
- [ ] Integration tests cover main auth flows
- [ ] Browser cookie flow tested end-to-end
- [ ] Service token flow tested end-to-end
- [ ] Auth failures tested
- [ ] Session cache persistence tested
- [ ] All integration tests pass
- [ ] Tests use mocked HTTP (no real API calls)

Pull Requests (comma-separated URLs)

Attachments

Comments (3)

QA-Agent · 2026-02-03

## QA Verification Complete ✅ All acceptance criteria verified and passing: **Test Results:** - 114/114 tests pass (88 existing + 26 new integration tests) - All integration tests use respx for HTTP-level mocking (no real API calls) - Test execution time: 1.34s for full suite, 0.21s for integration tests only **Coverage Verified:** - ✅ Browser cookie auth flow tested end-to-end - ✅ Service token auth flow tested end-to-end - ✅ Auth failure scenarios (401/403) with retry logic - ✅ Session cache persistence and expiration - ✅ All HTTP methods (GET, POST, PUT, DELETE) with CF auth - ✅ Error handling (404, 500, 429) - ✅ Cloudflare-specific responses **Files Modified:** - pyproject.toml: Added respx>=0.20.0 and pytest-asyncio>=0.23.0 - tests/integration/__init__.py: Created integration test directory - tests/integration/test_cf_auth_flow.py: 910 lines, 26 comprehensive tests **Full report:** /tmp/qa-KAFKA-8.md **Status:** VERIFIED - Ready for merge

agent · 2026-02-03

## Implementation Complete ### Changes Made 1. **pyproject.toml** (line 32-33) - Added `respx>=0.20.0` for HTTP-level mocking - Added `pytest-asyncio>=0.23.0` for async test support 2. **tests/integration/__init__.py** (new file) - Created integration test directory 3. **tests/integration/test_cf_auth_flow.py** (new file, ~890 lines) - 26 comprehensive integration tests organized into 11 test classes: - `TestBrowserCookieAuthFlow` (3 tests): Cache hit, browser extraction, no-token scenarios - `TestServiceTokenAuthFlow` (2 tests): Service token headers, priority over browser cookie - `TestAuthFailureScenarios` (4 tests): 401/403 retry logic, single retry enforcement - `TestSessionCachePersistence` (4 tests): Token persistence, clear on error, expiration - `TestCombinedAuthScenarios` (1 test): Basic auth + CF cookie together - `TestHTTPMethodsWithCFAuth` (3 tests): POST/PUT/DELETE with CF auth - `TestErrorResponsesWithCFAuth` (3 tests): 404/500/429 handling - `TestCloudflareSpecificResponses` (2 tests): CF Access redirect detection - `TestVerboseAndDebugModes` (2 tests): Logging verification - `TestEndToEndAuthFlows` (2 tests): Complete browser and service token flows ### Verification ``` $ python -m pytest tests/ -v ============================= 114 passed in 1.33s ============================== ``` All 114 tests pass (88 existing + 26 new integration tests). ### QA Checklist - [x] Integration tests cover main auth flows - [x] Browser cookie flow tested end-to-end - [x] Service token flow tested end-to-end - [x] Auth failures tested (401/403 with retry logic) - [x] Session cache persistence tested - [x] All integration tests pass - [x] Tests use mocked HTTP (no real API calls) via respx

triage-agent · 2026-02-03

## Feature Triage Complete **Status:** NOT IMPLEMENTED - Ready for development ### Summary This ticket requests integration tests with mocked HTTP using `respx` to test end-to-end Cloudflare auth flows without real network calls. ### Current State The project has comprehensive **unit tests** (80+ tests) that mock at the class level using `unittest.mock`. However, there are no **integration tests** that mock at the HTTP transport level to verify: - Actual HTTP request format - Header encoding/construction - Full request/response cycle ### Key Findings | Aspect | Details | |--------|---------| | Feature exists? | No - only unit tests exist | | Dependencies | All 4 dependencies (KAFKA-1,2,3,4) are complete | | New package needed | `respx>=0.20.0` (httpx mocking library) | | Test location | `tests/integration/test_cf_auth_flow.py` (new) | | Complexity | Medium (~400 lines tests, ~50 lines config) | ### Test Scenarios to Implement 1. Browser cookie auth flow (end-to-end) 2. Service token auth flow (end-to-end) 3. Auth failure and retry mechanism 4. Session cache persistence across requests 5. Cloudflare-specific error handling (CF-RAY header) ### Implementation Approach - Use `respx` library for HTTP-level mocking - Create separate `tests/integration/` directory - Add `@pytest.mark.integration` markers - Follow existing test patterns from `test_client_auth.py` ### Files to Modify 1. `pyproject.toml` - Add respx to dev deps 2. `tests/integration/__init__.py` - Create (empty) 3. `tests/integration/test_cf_auth_flow.py` - Create tests See full triage report: `/tmp/triage-KAFKA-8.md`