Split api-proxy auth tests into focused provider-aligned modules#5353
Conversation
There was a problem hiding this comment.
Pull request overview
Refactors the api-proxy auth test suite by splitting the former monolithic server.auth.test.js into smaller, provider-aligned test modules to make auth coverage easier to navigate and evolve alongside the corresponding source areas.
Changes:
- Removed
containers/api-proxy/server.auth.test.jsafter relocating its describe blocks into focused test files. - Added provider-aligned Copilot and Anthropic auth test modules (BYOK, enterprise/GHES/GHEC, and OIDC flows).
- Added a small shared “auth utils” test module for proxy header stripping and Copilot body-transform normalization.
Show a summary per file
| File | Description |
|---|---|
| containers/api-proxy/server.auth.test.js | Removed the previous monolithic auth test file after splitting coverage into smaller modules. |
| containers/api-proxy/server.auth-utils.test.js | Centralizes shared auth utility tests (header stripping + tool-call type normalization). |
| containers/api-proxy/copilot-auth.test.js | Focused tests for Copilot auth helpers (token resolution, bearer stripping, GHES detection, error message). |
| containers/api-proxy/copilot-byok.test.js | Focused tests for Copilot BYOK parsing and header/body injection behavior. |
| containers/api-proxy/copilot-adapter-enterprise.test.js | Focused tests for Copilot enterprise auth formatting and Azure OIDC behavior. |
| containers/api-proxy/anthropic-adapter-auth.test.js | Focused tests for Anthropic OIDC auth header behavior. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 6/6 changed files
- Comments generated: 2
| const fakeReq = { url: '/v1/chat/completions', method: 'POST', headers: {} }; | ||
| const fakeModelsReq = { url: '/models', method: 'GET', headers: {} }; | ||
|
|
||
| it('injects Authorization: ****** for BYOK inference request', () => { |
| describe('createCopilotAdapter — Azure OIDC (Entra) getAuthHeaders', () => { | ||
| const fakeReq = { url: '/v1/chat/completions', method: 'POST', headers: {} }; | ||
|
|
||
| it('exposes an Azure OIDC provider when AWF_AUTH_TYPE=github-oidc + AWF_AUTH_PROVIDER=azure', () => { | ||
| const adapter = createCopilotAdapter({ |
|
@copilot address review feedback |
- copilot-byok.test.js: rename test from 'injects Authorization: ******' to 'injects Authorization: ****** from BYOK key' so the name accurately reflects the concrete ****** the assertion checks - docs/auth-matrix.md: update Azure OIDC row to point to copilot-adapter-enterprise.test.js:129+ (the new home of those tests) instead of the deleted server.auth.test.js:749+
Done in the latest commit:
|
|
✅ Copilot review passed with no inline comments. @copilot Add the |
|
🔌 Smoke Services — All services reachable! ✅ |
|
✅ Smoke Claude passed |
|
🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅ |
|
❌ Smoke Copilot BYOK AOAI (api-key) reports failed. AOAI BYOK (api-key) mode investigation needed... |
|
📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅ |
|
✅ Build Test Suite completed successfully! |
|
✅ Smoke Copilot BYOK AOAI (Entra) completed. Copilot AOAI BYOK (Entra) mode operational. 🔓 |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded. |
|
✅ Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓 |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
✅ Smoke Gemini completed. All facets verified. 💎 Testing safeoutputs |
✅ Coverage Check PassedOverall Coverage
📁 Per-file Coverage Changes (1 files)
Coverage comparison generated by |
Smoke Test: Claude Engine Validation
Overall result: PASS
|
|
Smoke Test: Copilot PAT Auth — PASS ✅
Auth mode: PAT (COPILOT_GITHUB_TOKEN)
|
Smoke Test: Copilot BYOK (Direct) ✅ PASS
Running in direct BYOK mode with COPILOT_PROVIDER_API_KEY forwarded to sidecar.
|
🤖 Smoke Test Results — PASS
PR: Split api-proxy auth tests into focused provider-aligned modules Overall: PASS ✅
|
|
Smoke Test Results:
Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) authenticated via Microsoft Entra Overall: PASS
|
|
Smoke test Merged PRs:
✅ GitHub page title contains GitHub Overall: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "registry.npmjs.org"See Network Configuration for more information.
|
Chroot Runtime Version Comparison
Result: ❌ Not all versions match — Go versions are aligned, but Python and Node.js differ between host and chroot environments.
|
Smoke Test: API Proxy OpenTelemetry Tracing
All scenarios pass. OTEL tracing integration is fully functional.
|
🏗️ Build Test Suite Results
Overall: 8/8 ecosystems passed — ✅ PASS
|
Smoke Test Results
Overall: FAIL
|
Smoke Test: Gemini Engine Validation
Overall status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
containers/api-proxy/server.auth.test.jshad grown into a 986-line cross-cutting bundle covering auth helpers, BYOK parsing/injection, Copilot enterprise auth, and Anthropic OIDC behavior. This change breaks that file into smaller modules that map directly to the source areas they exercise.Test module split
server.auth-utils.test.jscopilot-auth.test.jscopilot-byok.test.jscopilot-adapter-enterprise.test.jsanthropic-adapter-auth.test.jsScope preservation
server.auth.test.jsafter relocating its describe blocksResulting layout