Currently, integration tests cover only kcp, while interactions with Keycloak and OpenFGA are validated solely through unit tests. This leaves important integration paths untested.
This ticket proposes extending integration tests to include Keycloak and OpenFGA, allowing us to validate a broader set of operator functionality in a more realistic environment.
To run these dependencies during tests, I propose one of the following tools:
Introducing these components into integration tests will enable coverage of the following scenarios:
- APIExportPolicy reconciliation flow — verify that written tuples are correct and their clean up works as expected.
- Organization onboarding flow — ensure that the OpenFGA store is created and required tuples are added.
- Account creation flow — validate that all necessary tuples are written when a new account is created.
- APIExport binding flow — confirm that required types are added to the authorization model when a provider’s APIExport is bound.
Currently, integration tests cover only kcp, while interactions with Keycloak and OpenFGA are validated solely through unit tests. This leaves important integration paths untested.
This ticket proposes extending integration tests to include Keycloak and OpenFGA, allowing us to validate a broader set of operator functionality in a more realistic environment.
To run these dependencies during tests, I propose one of the following tools:
Introducing these components into integration tests will enable coverage of the following scenarios: