pdyba / lambdalizator Goto Github PK

Currently test client is implicitly authorized by fake event json (even if auth flags are set to False). This behaviour should be unified and refined.

Isn't body a string in events coming from AWS? Rather a question, not to adjust right now but maybe we should consider it in the future 🤔

Originally posted by @redlickigrzegorz in #37 (comment)

We use mapping mostly in brokers where one class is responsible for handling multiple different types of requests/events e.g.:

• LambdaBroker: Mapping[str, Callable[[dict], LambdaResponse]]
• EventBroker: Mapping[str, List[Callable[[Event], None]]]

The idea is to create a custom type for functions that are compatible with the above brokers or even for the whole mapping itself. Thanks to that we won't have to implement it from scratch everywhere where it is used/needed 🙂

One of the examples where it could be done is EventAPI:

    def set_source(self, source: str) -> None:
        self._source = source

    def set_resources(self, resources: List[str]) -> None:
        self._resources = resources

    def set_bus_name(self, bus_name: str) -> None:
        self._bus_name = bus_name

That one is interesting:
> Argument "headers" to "Event" has incompatible type "Message"; expected "Optional[Dict[Any, Any]]"
It looks like the typing annotation defined lower is wrong 🤷‍♀️ Let's keep that but maybe additional comment would be beneficial.

Originally posted by @redlickigrzegorz in #37 (comment)

There are a couple of comments that were not resolved in the past, so, I have gathered all of them in one place:

You should remove this line, because you overwrite full access by non access 😉

Originally posted by @redlickigrzegorz in #47 (comment)

In general, you don't have to mock it. You can check the singleton if all data are inside 😉

Originally posted by @redlickigrzegorz in #47 (comment)

Maybe jwt_standard_claims? This name would say more than the partial payload 😉

Originally posted by @redlickigrzegorz in #47 (comment)

I am not sure if the User should contain these values - it is only a part of the token 🤔

Originally posted by @redlickigrzegorz in #47 (comment)

As we already get known, this is not that good value for this key. It would be good to fix that in the upcoming versions.

Originally posted by @redlickigrzegorz in #47 (comment)

The above two tests are wrongly named, you expect missing iss but the name is saying about exp 😉

Originally posted by @redlickigrzegorz in #47 (comment)

I think this formatting could be easily improved manually 😉 Especially that this comment is not needed at all.

Originally posted by @redlickigrzegorz in #47 (comment)

That's the thought standing behind my previous comment, we shouldn't create tests that can pass for different reasons. The environment should be prepared the way which represents the edge case which we want to test 😉

Here, no matter if you have "deny": {ALL: ALL} or just "deny": {} this test will pass, so we can modify the code and this check won't point potential problems.

Originally posted by @redlickigrzegorz in #47 (comment)

This test does not confirm inheritance 😕 You should pass the Authorization header which does not have access to the handler method and thanks to inheritance it will get it anyway because it is declared in the guest authorization.

Originally posted by @redlickigrzegorz in #47 (comment)

This line checks the correctness of the environment variable, so, I think it should be implemented directly in the parser: ConfigParser.load_jwt_keys() 😉

Originally posted by @redlickigrzegorz in #70 (comment)

This line should be outside the if statement:

event_api.register(event)
event_api.send()  # one sent event
event_api.send()  # no events to send, the list should be cleared

Originally posted by @redlickigrzegorz in #50 (comment)

By default, CORS_ORIGIN is equal to the empty list: /lbz/_cfg.py#L9.

But the only place that uses this configuration value assumes that there is always at least one item present:
/lbz/resource.py#L155

    def __init__(
        ...
        self._resp_headers = {
            ALLOW_ORIGIN_HEADER: self._get_allowed_origins(origins or CORS_ORIGIN.value),
            ...
        }

    def _get_allowed_origins(self, origins: List[str]) -> str:
        ...
        return origins[0]

The same code before v0.5.16 put a single element on this list, that's why this line "worked" without errors before:
/lbz/resource.py#L162

    def __init__(
        ...
        self._resp_headers = {
            ALLOW_ORIGIN_HEADER: self._get_allowed_origins(
                origins or env.get("CORS_ORIGIN", "").split(",")
            ),
            ...
        }

This problem shows also incompleteness of the unit tests - they need to be improved during fixing this bug 😉

The suggestion would be to not do things like this at all, at least not in the pull request which is responsible for adding types 🙂 We can improve this part of the code (including the naming convention) in the near future if really needed.

Originally posted by @redlickigrzegorz in #37 (comment)

To avoid doing such things in the future, I would remove the default values of message/status_code declared in this Exception class 😉

Originally posted by @redlickigrzegorz in #95 (comment)