Testing against remote services
You can run the same ALFA policy tests, that you execute in your editor, against a remote authorization service, such as Access Decision Service (ADS), from either your local machine or a build server like Jenkins or Azure DevOps.
Creating a remote test target task
To test a remote ADS instance, create a new test target task in your build.gradle file.
task test_ProdEnvironment(type: Test) {
group "verification"
environment "ALFA_TEST_REMOTE_URL", "http://abac.acme.com:8081/authorize"
environment "ALFA_TEST_REMOTE_USER", "pdp-user"
environment "ALFA_TEST_REMOTE_PASSWORD", "secret"
environment "ALFA_TEST_REMOTE_HEADER_FILE", "headers.json"
}
HTTP headers can be added for the remote connection to ADS. See Extra headers.
Since the remote service runs a predefined main policy, only system tests will execute against the remote ADS instance. Ensure that the main policy for your authorization domain is specified in the alfa block within your build.gradle file. Any tests that do not target this policy, as well as any attribute connector tests, will be ignored.
alfa {
mainpolicy "acme.Main"
}
When you execute the Gradle task, it will run all tests that either:
- have no main policy specified
- are configured to run with the main policy defined in the
alfablock above.
[user@machine project]# ./gradlew test_ProdEnvironment
com.myorg.alfa.MyAttributeconnectorTest > shouldGetRoleConsultantForCecilia SKIPPED
com.myorg.alfa.MyAttributeconnectorTest > shouldGetRoleManagerForMartin SKIPPED
com.myorg.alfa.MyConsultantPolicyUnitTest > shouldPermitIfUserAndResourceAreInSameLocation SKIPPED
com.myorg.alfa.MyConsultantPolicyUnitTest > shouldNotPermitIfUserAndResourceAreInDifferentLocation SKIPPED
com.myorg.alfa.MySystemTest > shouldGiveCeciliaAccessToResource1 PASSED
com.myorg.alfa.MySystemTest > shouldGiveMartinAccessToResource1 PASSED
com.myorg.alfa.MySystemTest > shouldNotGiveCeciliaAccessToResource2 PASSED
Environment variables
The following variables are available for controlling remote test execution:
| Environment variable | Description | Example |
|---|---|---|
ALFA_TEST_REMOTE_URL | The URL to a XACML Rest Profile Version 1.1Opens in a new tab service. | http://127.0.0.1:8081/authorize |
ALFA_TEST_REMOTE_USER | The username for authentication. | pdp-user |
ALFA_TEST_REMOTE_PASSWORD | The password for authentication. | secret |
ALFA_TEST_REMOTE_HEADER_FILE | A local JSON file with extra headers. | See Extra headers below. |
Extra headers
If the test client needs to include additional headers in requests to the external service (for example, when an API gateway is present), you can define these headers in a separate JSON file. Specify the file's location using the ALFA_TEST_REMOTE_HEADER_FILE environment variable. This file supports Variable substitution, allowing you to externalize configuration.
{
"Target-Environment": "PROD",
"Secret-Header": "${SECRET_VALUE}"
}