Fix storage integration tests when dynamic policies are used
AWS reported broken integration tests and outdated documentation:
After enabling OPA on storage, I ran into a few issues while running the integration tests.
The instructions outlined here are outdated: https://community.opengroup.org/osdu/platform/system/storage/-/blob/master/docs/tutorial/PolicyService-Integration.md. The variable name should be: opa.opaEndpoint I noticed that the OPA URL isn’t being passed to the OPA Service using the @ConfigurationProperties annotation. I don’t know if other CSP’s are having the same issue, but I replaced with @value to get this working for AWS; @ConfigurationProperties seems unnecessary since it’s not used for the other properties. I have an MR for this here: osdu/platform/system/storage!425 (diffs). Can you approve this change if it’s OK with you? Additionally, I am still receiving 3 failing integration tests on Storage. After some investigation, I believe the errors are coming from the OPA validation; mostly due to incorrect HTTP codes being returned. Can you confirm? The failing tests are:
should_returnErrorCode400_when_anInvalidChildLegalTagProvided(org.opengroup.osdu.storage.legal.TestPopulateLegalInfoFromParentRecords) java.lang.AssertionError: expected:<400> but was:<401>
should_deleteIncompliantLegaltagAndInvalidateRecordsAndNotIngestAgain_whenIncompliantMessageSentToEndpoint(org.opengroup.osdu.storage.PubsubEndpoint.TestPubsubEndpoint) java.lang.AssertionError: expected:<400> but was:<201>
should_receiveHttp403_when_userIsNotAuthorizedToUpdateARecord(org.opengroup.osdu.storage.records.TestRecordAccessAuthorization)
java.lang.AssertionError: expected:<403> but was:<401>