molecule-ai/molecule-core
35
0
Fork 2
Code Issues 16 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity

fix(e2e): use per-workspace tokens for register + heartbeat + discover

Browse Source 
AdminAuth (admin token) gates workspace CRUD operations.
WorkspaceAuth (per-workspace token) gates register, heartbeat, discover.
The test now mints a workspace-specific token via test-token endpoint
for each workspace before calling register.
This commit is contained in:
Hongming Wang 2026-04-16 06:22:16 -07:00
parent 8a070f0077
commit 1c00be1d09
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
tests/e2e/test_api.sh
View File

@ -86,16 +86,20 @@ R=$(acurl "$BASE/workspaces/$ECHO_ID")
check "GET /workspaces/:id" '"name":"Echo Agent"' "$R"
check "GET /workspaces/:id (agent_card null)" '"agent_card":null' "$R"
# Test 7: Register echo — use acurl because the workspace may already
# have a token from the provisioner's auto-registration (C18 re-register
# protection requires bearer when tokens exist).
R=$(acurl -X POST "$BASE/registry/register" -H "Content-Type: application/json" \
# Test 7: Register echo — use workspace-specific token (from test-token
# endpoint), not the admin token. C18 requires a token issued TO THIS
# workspace, not just any valid token.
ECHO_WS_TOKEN=$(curl -s "$BASE/admin/workspaces/$ECHO_ID/test-token" | python3 -c "import sys,json; print(json.load(sys.stdin).get('auth_token',''))" 2>/dev/null || echo "")
R=$(curl -s -X POST "$BASE/registry/register" -H "Content-Type: application/json" \
${ECHO_WS_TOKEN:+-H "Authorization: Bearer $ECHO_WS_TOKEN"} \
-d "{\"id\":\"$ECHO_ID\",\"url\":\"http://localhost:8001\",\"agent_card\":{\"name\":\"Echo Agent\",\"skills\":[{\"id\":\"echo\",\"name\":\"Echo\"}]}}")
check "POST /registry/register (echo)" '"status":"registered"' "$R"
ECHO_TOKEN=$(echo "$R" | e2e_extract_token)
# Test 8: Register summarizer
R=$(acurl -X POST "$BASE/registry/register" -H "Content-Type: application/json" \
# Test 8: Register summarizer — same pattern: workspace-specific token
SUM_WS_TOKEN=$(curl -s "$BASE/admin/workspaces/$SUM_ID/test-token" | python3 -c "import sys,json; print(json.load(sys.stdin).get('auth_token',''))" 2>/dev/null || echo "")
R=$(curl -s -X POST "$BASE/registry/register" -H "Content-Type: application/json" \
${SUM_WS_TOKEN:+-H "Authorization: Bearer $SUM_WS_TOKEN"} \
-d "{\"id\":\"$SUM_ID\",\"url\":\"http://localhost:8002\",\"agent_card\":{\"name\":\"Summarizer\",\"skills\":[{\"id\":\"summarize\",\"name\":\"Summarize\"}]}}")
check "POST /registry/register (summarizer)" '"status":"registered"' "$R"
SUM_TOKEN=$(echo "$R" | e2e_extract_token)
@ -168,7 +172,8 @@ curl -s -X POST "$BASE/registry/heartbeat" -H "Content-Type: application/json" -
-d "{\"workspace_id\":\"$ECHO_ID\",\"error_rate\":0.0,\"sample_error\":\"\",\"active_tasks\":0,\"uptime_seconds\":180}" > /dev/null
# Re-register to force online status in case liveness expired
acurl -X POST "$BASE/registry/register" -H "Content-Type: application/json" \
curl -s -X POST "$BASE/registry/register" -H "Content-Type: application/json" \
-H "Authorization: Bearer $ECHO_TOKEN" \
-d "{\"id\":\"$ECHO_ID\",\"url\":\"http://localhost:8001\",\"agent_card\":{\"name\":\"Echo Agent v2\",\"skills\":[{\"id\":\"echo\",\"name\":\"Echo\"},{\"id\":\"repeat\",\"name\":\"Repeat\"}]}}" > /dev/null
# Now send high error rate to trigger degraded