Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign uptests & API keys #40
tests & API keys #40
Comments
This comment has been minimized.
This comment has been minimized.
@wibeasley my first thought is that you could create a one-off user for every run on the demo site like this: curl -d @user-add.json -H "Content-type:application/json" "$SERVER_URL/api/builtin-users?password=$NEWUSER_PASSWORD&key=$BUILTIN_USERS_KEY" That's from http://guides.dataverse.org/en/4.18.1/api/native-api.html#create-a-builtin-user I just tested it on the demo server and it worked with these environment variables: export SERVER_URL=https://demo.dataverse.org export NEWUSER_PASSWORD=password1 export BUILTIN_USERS_KEY=burrito You'd have to vary the JSON you send each time to avoid errors about non-unique usernames or email addresses. In the link above this is what we provide as an example:
|
This comment has been minimized.
This comment has been minimized.
Is there any chance that the real environments are not hit? You could create mocks and just make sure that the http request is being made with the right parameters. |
This comment has been minimized.
This comment has been minimized.
Oh and to be clear the JSON response you get back should include the API token, which you'd use for subsequent operations. Using jq you could grab it like this: jq '.data.apiToken' But I assume you'd want to implement all of this "create user and assign the API token to a variable" stuff in R. |
This comment has been minimized.
This comment has been minimized.
During a meeting Friday, @pdurbin tentatively planned that
@tainguyenbui, right now I think the mocks might be overkill for the current goals. I do appreciate that it could isolate problems of the client from problems of the server software. But the server seems pretty stable, and might require less maintenance that whatever mock I develop. Tell me if you think I'm overlooking something important. |
This comment has been minimized.
This comment has been minimized.
Some thoughts from me (pyDataverse). I think it would be great, to have a test-instance somewhere with the latest Dataverse version, so the clients can be tested there before (or after) the release. If there is one user for all, or one for each client, I don't know. pyDataverse passes an API key if it is passed in the init of an Api() object. |
This comment has been minimized.
This comment has been minimized.
Related is the idea of setting up a beta server that runs "develop" - IQSS/dataverse.harvard.edu#20 Also, a new instance of Dataverse is spun up after every pull request is merged at https://jenkins.dataverse.org/job/IQSS-dataverse-develop/ but then it gets terminated a few hours later. Finally, https://demo.dataverse.org always runs the latest release. It's the officially blessed server for testing releases: http://guides.dataverse.org/en/4.18.1/api/getting-started.html#servers-you-can-test-with |
This comment has been minimized.
This comment has been minimized.
If I understand this correctly and the decision is made, could you publish the dataverse on demo? I don't like the idea of writing tests that will have to be re-written. |
This comment has been minimized.
This comment has been minimized.
@adam3smith I assume your question is for @wibeasley You both have my blessing to publish whatever you want on https://demo.dataverse.org , especially if you're testing dataverse-client-r! |
This comment has been minimized.
This comment has been minimized.
Yes, this is referring to https://demo.dataverse.org/dataverse/dataverse-client-r which is unpublished, sorry for the confusion. |
wibeasley commentedJan 2, 2020
•
edited
There needs to be a different approach to initiating the test suite. Right now [tests that should fail... still pass. It's because
testthat::test_check()
currently won't run if the API key isn't found as an environmental variable.I'm open to ideas as always. Currently I'm thinking:
Test only against demo.dataverse.org. (A few weeks ago @pdurbin advocated this in a phone call for several reasons, including that Dataverse's retrieval stats won't be misleading --because one article gets hundreds of hits a month just from automated tests.)
create a (demo) Dataverse account dedicated to testing. At this point, I don't think it needs to be kept secret. There's not really a need to keep it secret. It could even be set in
tests/testthat.R
.@pdurbin, will you please check my claim --especially from a security standpoint?
If the above is safe, the api key might be kept in a yaml file in the
inst/
directory.If the API key to the demo server needs to be protected,
we could save it as Travis environmental variables (ref 1 & ref 2)
it would prevent other people from testing the packages on their own machine, so we'll get fewer quality contributions from others.
@skasberger, @rliebz, @tainguyenbui, and any others, I'd appreciate any advice from your experience with pyDataverse, dataverse-client-python, and dataverse-client-javascript. I'm not experienced with your languages, but looks like pyDataverse doesn't pass an API key, while client-python posts their API key to the demo server.
(This is different from #4 & #29, which involve the battery of tests/comparisons. Not the management of API keys or how testthat is initiated.)