Add integration tests with authentication enabled

.github/workflows/tests.yaml

@@ -65,11 +65,15 @@ jobs:
   tests-v4:
     name: Tests v4
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        auth_integration: [ "auth_enabled", "auth_disabled" ]
     env:
       EXTERNAL_WEAVIATE_RUNNING: false
       AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
       OKTA_CLIENT_SECRET: ${{ secrets.OKTA_CLIENT_SECRET }}
       WCS_DUMMY_CI_PW: ${{ secrets.WCS_DUMMY_CI_PW }}
+      INTEGRATION_TESTS_AUTH: ${{ matrix.auth_integration }}
     steps:
       - uses: actions/checkout@v3
       - name: Login to Docker Hub

v4/test/auth/auth_test.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	"github.com/semi-technologies/weaviate-go-client/v4/test/testsuit"
 	"log"
 	"os"
 	"strings"
@@ -14,14 +15,6 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-const (
-	NoAuthPort     = 8080
-	AzurePort      = 8081
-	OktaPort       = 8082
-	WCSPort        = 8083
-	NoWeaviatePort = 8888
-)
-
 const OktaScope = "some_scope"
 
 func TestAuth_clientCredential(t *testing.T) {
@@ -31,9 +24,9 @@ func TestAuth_clientCredential(t *testing.T) {
 		scope  []string
 		port   int
 	}{
-		{name: "Okta", envVar: "OKTA_CLIENT_SECRET", scope: []string{OktaScope}, port: OktaPort},
-		{name: "Azure", envVar: "AZURE_CLIENT_SECRET", scope: []string{"4706508f-30c2-469b-8b12-ad272b3de864/.default"}, port: AzurePort},
-		{name: "Azure (hardcoded scope)", envVar: "AZURE_CLIENT_SECRET", scope: nil, port: AzurePort},
+		{name: "Okta", envVar: "OKTA_CLIENT_SECRET", scope: []string{OktaScope}, port: testsuit.OktaPort},
+		{name: "Azure", envVar: "AZURE_CLIENT_SECRET", scope: []string{"4706508f-30c2-469b-8b12-ad272b3de864/.default"}, port: testsuit.AzurePort},
+		{name: "Azure (hardcoded scope)", envVar: "AZURE_CLIENT_SECRET", scope: nil, port: testsuit.AzurePort},
 	}
 
 	for _, tc := range tests {
@@ -69,7 +62,7 @@ func TestAuth_clientCredential_WrongParameters(t *testing.T) {
 	for _, tc := range tests {
 		t.Run(t.Name(), func(t *testing.T) {
 			clientCredentialConf := auth.ClientCredentials{ClientSecret: tc.secret, Scopes: tc.scope}
-			cfg, err := weaviate.NewConfig("localhost:"+fmt.Sprint(OktaPort), "http", clientCredentialConf, nil)
+			cfg, err := weaviate.NewConfig("localhost:"+fmt.Sprint(testsuit.OktaPort), "http", clientCredentialConf, nil)
 			assert.Nil(t, err)
 			client := weaviate.New(*cfg)
 			AuthErr := client.Schema().AllDeleter().Do(context.TODO())
@@ -85,7 +78,7 @@ func TestAuth_UserPW_WCS(t *testing.T) {
 	}
 
 	clientCredentialConf := auth.ResourceOwnerPasswordFlow{Username: "ms_2d0e007e7136de11d5f29fce7a53dae219a51458@existiert.net", Password: wcsPw}
-	cfg, err := weaviate.NewConfig("localhost:"+fmt.Sprint(WCSPort), "http", clientCredentialConf, nil)
+	cfg, err := weaviate.NewConfig("localhost:"+fmt.Sprint(testsuit.WCSPort), "http", clientCredentialConf, nil)
 	assert.Nil(t, err)
 	client := weaviate.New(*cfg)
 	AuthErr := client.Schema().AllDeleter().Do(context.TODO())
@@ -94,12 +87,12 @@ func TestAuth_UserPW_WCS(t *testing.T) {
 
 func TestAuth_UserPW_wrongPW(t *testing.T) {
 	clientCredentialConf := auth.ResourceOwnerPasswordFlow{Username: "SomeUsername", Password: "IamWrong"}
-	_, err := weaviate.NewConfig("localhost:"+fmt.Sprint(WCSPort), "http", clientCredentialConf, nil)
+	_, err := weaviate.NewConfig("localhost:"+fmt.Sprint(testsuit.WCSPort), "http", clientCredentialConf, nil)
 	assert.NotNil(t, err)
 }
 
 func TestNoAuthOnWeaviateWithoutAuth(t *testing.T) {
-	cfg, err := weaviate.NewConfig("localhost:"+fmt.Sprint(NoAuthPort), "http", nil, nil)
+	cfg, err := weaviate.NewConfig("localhost:"+fmt.Sprint(testsuit.NoAuthPort), "http", nil, nil)
 	assert.Nil(t, err)
 	client := weaviate.New(*cfg)
 
@@ -108,7 +101,7 @@ func TestNoAuthOnWeaviateWithoutAuth(t *testing.T) {
 }
 
 func TestNoAuthOnWeaviateWithAuth(t *testing.T) {
-	cfg, err := weaviate.NewConfig("localhost:"+fmt.Sprint(WCSPort), "http", nil, nil)
+	cfg, err := weaviate.NewConfig("localhost:"+fmt.Sprint(testsuit.WCSPort), "http", nil, nil)
 	assert.Nil(t, err)
 	client := weaviate.New(*cfg)
 
@@ -137,7 +130,7 @@ func TestAuthOnWeaviateWithoutAuth(t *testing.T) {
 				log.SetOutput(os.Stderr)
 			}()
 
-			cfg, err := weaviate.NewConfig("localhost:"+fmt.Sprint(NoAuthPort), "http", tc.authConfig, nil)
+			cfg, err := weaviate.NewConfig("localhost:"+fmt.Sprint(testsuit.NoAuthPort), "http", tc.authConfig, nil)
 			assert.Nil(t, err)
 			assert.True(t, strings.Contains(buf.String(), "The client was configured to use authentication"))
 
@@ -149,6 +142,6 @@ func TestAuthOnWeaviateWithoutAuth(t *testing.T) {
 }
 
 func TestAuthNoWeaviateOnPort(t *testing.T) {
-	_, err := weaviate.NewConfig("localhost:"+fmt.Sprint(NoWeaviatePort), "http", auth.ResourceOwnerPasswordFlow{Username: "SomeUsername", Password: "IamWrong"}, nil)
+	_, err := weaviate.NewConfig("localhost:"+fmt.Sprint(testsuit.NoWeaviatePort), "http", auth.ResourceOwnerPasswordFlow{Username: "SomeUsername", Password: "IamWrong"}, nil)
 	assert.NotNil(t, err)
 }

v4/test/docker-compose-wcs.yaml

@@ -16,6 +16,7 @@ services:
     restart: on-failure:0
     environment:
       PERSISTENCE_DATA_PATH: '/var/lib/weaviate'
+
       AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: 'false'
       AUTHENTICATION_OIDC_ENABLED: 'true'
       AUTHENTICATION_OIDC_CLIENT_ID: 'wcs'
@@ -25,4 +26,23 @@ services:
       AUTHORIZATION_ADMINLIST_ENABLED: 'true'
       AUTHORIZATION_ADMINLIST_USERS: 'ms_2d0e007e7136de11d5f29fce7a53dae219a51458@existiert.net'
       AUTHENTICATION_OIDC_SCOPES: 'openid,email'
+
+      DEFAULT_VECTORIZER_MODULE: text2vec-contextionary
+      CONTEXTIONARY_URL: contextionary:9999
+      ENABLE_MODULES: text2vec-contextionary,backup-filesystem
+      BACKUP_FILESYSTEM_PATH: "/tmp/backups"
+      CLUSTER_GOSSIP_BIND_PORT: "7100"
+      CLUSTER_DATA_BIND_PORT: "7101"
+
+  contextionary:
+    image: semitechnologies/contextionary:en0.16.0-v1.1.0
+    ports:
+      - "9999:9999"
+    environment:
+      OCCURRENCE_WEIGHT_LINEAR_FACTOR: 0.75
+      EXTENSIONS_STORAGE_MODE: weaviate
+      EXTENSIONS_STORAGE_ORIGIN: http://weaviate:8080
+      NEIGHBOR_OCCURRENCE_IGNORE_PERCENTILE: 5
+      ENABLE_COMPOUND_SPLITTING: 'false'
+
 ...

v4/test/testsuit/generics.go

@@ -3,7 +3,9 @@ package testsuit
 import (
 	"context"
 	"fmt"
+	"github.com/semi-technologies/weaviate-go-client/v4/weaviate/auth"
 	"net/http"
+	"os"
 	"testing"
 
 	"github.com/go-openapi/strfmt"
@@ -12,6 +14,14 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
+const (
+	NoAuthPort     = 8080
+	AzurePort      = 8081
+	OktaPort       = 8082
+	WCSPort        = 8083
+	NoWeaviatePort = 8888
+)
+
 // CreateWeaviateTestSchemaFood creates a class for each semantic type (Pizza and Soup)
 // and adds some primitive properties (name and description)
 func CreateWeaviateTestSchemaFood(t *testing.T, client *weaviate.Client) {
@@ -123,12 +133,24 @@ func CleanUpWeaviate(t *testing.T, client *weaviate.Client) {
 
 // CreateTestClient running on local host 8080
 func CreateTestClient(port int, connectionClient *http.Client) *weaviate.Client {
-	cfg := weaviate.Config{
-		Host:             "localhost:" + fmt.Sprint(port),
-		Scheme:           "http",
-		ConnectionClient: connectionClient,
+	integrationTestsWithAuth := os.Getenv("INTEGRATION_TESTS_AUTH")
+	var cfg *weaviate.Config
+	wcsPw := os.Getenv("WCS_DUMMY_CI_PW")
+	if connectionClient == nil && integrationTestsWithAuth == "auth_enabled" && wcsPw != "" {
+		clientCredentialConf := auth.ResourceOwnerPasswordFlow{Username: "ms_2d0e007e7136de11d5f29fce7a53dae219a51458@existiert.net", Password: wcsPw}
+		var err error
+		cfg, err = weaviate.NewConfig("localhost:"+fmt.Sprint(WCSPort), "http", clientCredentialConf, nil)
+		if err != nil {
+			cfg = &weaviate.Config{Host: "localhost:" + fmt.Sprint(port), Scheme: "http"}
+		}
+	} else {
+		cfg = &weaviate.Config{
+			Host:             "localhost:" + fmt.Sprint(port),
+			Scheme:           "http",
+			ConnectionClient: connectionClient,
+		}
 	}
-	client := weaviate.New(cfg)
+	client := weaviate.New(*cfg)
 	return client
 }