gmakstutis/openrag
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

more logging

Browse source
This commit is contained in:
phact 2025-10-07 14:36:43 -04:00
parent a63530e022
commit 54ca7a52a7
3 changed files with 35 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
Makefile
View file

@ -211,8 +211,15 @@ test-ci:
for i in $$(seq 1 60); do \ for i in $$(seq 1 60); do \
docker exec openrag-backend curl -s http://localhost:8000/.well-known/openid-configuration >/dev/null 2>&1 && break || sleep 2; \ docker exec openrag-backend curl -s http://localhost:8000/.well-known/openid-configuration >/dev/null 2>&1 && break || sleep 2; \
done; \ done; \
echo "Checking key files..."; \
ls -la keys/; \
echo "Public key fingerprint (host):"; \
ssh-keygen -l -f keys/public_key.pem 2>/dev/null || openssl rsa -pubin -in keys/public_key.pem -text -noout | head -5; \
echo "Public key fingerprint (container):"; \
docker exec openrag-backend sh -c "ls -la /app/keys/ && openssl rsa -pubin -in /app/keys/public_key.pem -text -noout | head -5"; \
echo "Generating test JWT token..."; \ echo "Generating test JWT token..."; \
TEST_TOKEN=$$(uv run python -c "from src.session_manager import SessionManager, AnonymousUser; sm = SessionManager('test'); print(sm.create_jwt_token(AnonymousUser()))"); \ TEST_TOKEN=$$(uv run python -c "from src.session_manager import SessionManager, AnonymousUser; sm = SessionManager('test'); print(sm.create_jwt_token(AnonymousUser()))"); \
echo "Test token (first 100 chars): $${TEST_TOKEN:0:100}..."; \
echo "Waiting for OpenSearch with JWT auth to work..."; \ echo "Waiting for OpenSearch with JWT auth to work..."; \
JWT_AUTH_READY=false; \ JWT_AUTH_READY=false; \
for i in $$(seq 1 60); do \ for i in $$(seq 1 60); do \

4
tests/conftest.py
View file

@ -45,7 +45,9 @@ def session_manager():
"""Session manager for testing.""" """Session manager for testing."""
# Generate RSA keys before creating SessionManager # Generate RSA keys before creating SessionManager
generate_jwt_keys() generate_jwt_keys()
return SessionManager("test-secret-key") sm = SessionManager("test-secret-key")
print(f"[DEBUG] SessionManager created with keys: private={sm.private_key_path}, public={sm.public_key_path}")
return sm
@pytest.fixture @pytest.fixture

25
tests/integration/test_api_endpoints.py
View file

@ -13,11 +13,32 @@ async def wait_for_service_ready(client: httpx.AsyncClient, timeout_s: float = 3
- GET /auth/me should return 200 immediately (confirms app is up). - GET /auth/me should return 200 immediately (confirms app is up).
- POST /search with query "*" avoids embeddings and checks OpenSearch/index readiness. - POST /search with query "*" avoids embeddings and checks OpenSearch/index readiness.
""" """
# First test OpenSearch JWT directly
from src.session_manager import SessionManager, AnonymousUser
import os
sm = SessionManager("test")
test_token = sm.create_jwt_token(AnonymousUser())
print(f"[DEBUG] Generated test JWT token (first 50 chars): {test_token[:50]}...")
print(f"[DEBUG] Using key paths: private={sm.private_key_path}, public={sm.public_key_path}")
# Test OpenSearch JWT auth directly
opensearch_url = f"https://{os.getenv('OPENSEARCH_HOST', 'localhost')}:{os.getenv('OPENSEARCH_PORT', '9200')}"
async with httpx.AsyncClient(verify=False) as os_client:
r_os = await os_client.post(
f"{opensearch_url}/documents/_search",
headers={"Authorization": f"Bearer {test_token}"},
json={"query": {"match_all": {}}, "size": 0}
)
print(f"[DEBUG] Direct OpenSearch JWT test: status={r_os.status_code}, body={r_os.text[:300]}")
if r_os.status_code == 401:
print(f"[DEBUG] OpenSearch rejected JWT! This means OIDC config is not working.")
deadline = asyncio.get_event_loop().time() + timeout_s deadline = asyncio.get_event_loop().time() + timeout_s
last_err = None last_err = None
while asyncio.get_event_loop().time() < deadline: while asyncio.get_event_loop().time() < deadline:
try: try:
r1 = await client.get("/auth/me") r1 = await client.get("/auth/me")
print(f"[DEBUG] /auth/me status={r1.status_code}, body={r1.text[:200]}")
if r1.status_code in (401, 403): if r1.status_code in (401, 403):
raise AssertionError(f"/auth/me returned {r1.status_code}: {r1.text}") raise AssertionError(f"/auth/me returned {r1.status_code}: {r1.text}")
if r1.status_code != 200: if r1.status_code != 200:
@ -25,15 +46,19 @@ async def wait_for_service_ready(client: httpx.AsyncClient, timeout_s: float = 3
continue continue
# match_all readiness probe; no embeddings # match_all readiness probe; no embeddings
r2 = await client.post("/search", json={"query": "*", "limit": 0}) r2 = await client.post("/search", json={"query": "*", "limit": 0})
print(f"[DEBUG] /search status={r2.status_code}, body={r2.text[:200]}")
if r2.status_code in (401, 403): if r2.status_code in (401, 403):
print(f"[DEBUG] Search failed with auth error. Response: {r2.text}")
raise AssertionError(f"/search returned {r2.status_code}: {r2.text}") raise AssertionError(f"/search returned {r2.status_code}: {r2.text}")
if r2.status_code == 200: if r2.status_code == 200:
print("[DEBUG] Service ready!")
return return
last_err = r2.text last_err = r2.text
except AssertionError: except AssertionError:
raise raise
except Exception as e: except Exception as e:
last_err = str(e) last_err = str(e)
print(f"[DEBUG] Exception during readiness check: {e}")
await asyncio.sleep(0.5) await asyncio.sleep(0.5)
raise AssertionError(f"Service not ready in time: {last_err}") raise AssertionError(f"Service not ready in time: {last_err}")