Forum Discussion
Hi richie
Apologies for the misunderstanding !!
Context : We are trying to build an API automation test suite for a Grid based Application where in we input certain parameters and recieve data in the form of a grid like this :
This is the application frontend it works on the basis of stored Procs that are written which are called when a particular functionality is called and drops the data for the particular parameter . This is what we do validate manually for now and we would like to automate the same hence API Automation felt like a natural step .
Q1. what is the purpose of the REST request?
A) REST Request is used to interact with the application to recieve the responses based on the request and we are looking to validate the same .
Q2. What is the purpose of the storedproc?
A) Purpose of the stored proc is to run when a related api call is called to throw the requested data .
Q3. Is the storedproc doing something to the data retrieved in the REST request?
A) No It is what is throwing the data to the frontend
Q4. Are you saying the storedproc returns a json rather than xml payload?
A) Stored proc return XML payload only . I can validate using the stored proc or json (We utilize it based on the scenario)
Q5. Can you please attach rather than embed the screenshots? I cant see whats going on with embedded screenshots.
attached
A) The Ask is to validate the data treating them as individual objects by either callind the REST request or the Stored Proc and write a custom query to get similar data and validate the same . This is the proposed approach .
Questions:
1) What i am looking for is your understanding of the design and feasibility of the same . Does it make sense in real world QA to validate in this way if yes then fine if no then please state your opinion .
2) Can you please tell me how i can implement the same in a short way that gives me a quick validation and a more logical way that would be dynamic and covers longer range
No need to apologise at all.....i just need to ensure i understand.
Firstly, just an FYI. I understand security concerns, but you dont need to scrub out the data values in the payloads unless this is live personally identifiable information. You also dont need to hide the URI (the bit of the URL after the domain/ip address/host) of the REST request. You DO need to hide the domain/ip address/hostname and you DO need to hide any authentication credentials (like username and password and the Authorization header value). From a security perspective, displaying the content of a payload makes no difference as long as there isnt any live personally identifiable info in there cos with the domain and logon credentials the rest of the info is no help to a hacker.
Likewise for your SQL step, you dont need to scrub out the data in the result set, you just need to ensure the JDBC connection string (containing the db name, and logon username and password) are scrubbed out. Data is useless unless the hacker knows where it is to try and access it.
Ok, so final two questions.
Q1. So the REST requests you mention are the calls being made (under the covers) when the user interacts with the front end to retrieve the data to populate the html form....is that correct?
Q2. The storedproc. Is this storedproc the one that fires when REST request is made? What i mean is......the user alters the query parameters on the front end (altering the query filter), the user submits the request via the front end, and the changes the user made on the front end alters the underlying REST request's query parameters and payload. The REST request goes through the DB abstraction layer which causes the storedproc to fire (and the variables of the storedproc are populated by the REST requests query parms and payload values), the storedproc retrieves the data, the jdbc converts the SQL response back into HTTP which is then passed through the abstraction layer back up to the webapp and the page reloads based on the results of the returned http request.
Is that it....is that the way it works? Does this mean that youre trying ro verify the storedproc and REST request populates the web front end correctly? Is that right?
If thats the case, then theres a couple of different ways to handle this. You could go with the basic make the rest call and verify the results using hardcoded assertions on all the fields, based on firing the storedproc, seeing the values come back and then make sure your REST steps specific field assertions' values are identical (Which is the naff way of doing it, although it gets the job done)
Or, the way id do it: id have a test JDBC test step execute the storedproc, id save off those specific field values from the JDBC response into a Properties step (for later comparison). Id have my REST step execute and i'd save off all my json attribute values in a separate Properties step (for comparison against the JDBC step's response values saved in first Properties step) id then have a groovy step which would then compare the JDBC property values in the first Properties step against the associated property values (sourced from the REST step) in the second Properties step.
The advantage of this approach over the first boring approach i mentioned is that there'd be no hardcoding of values in your assertions, so if your input data changed in your jdbc step (which would alter the response content), you wouldnt need to change anything in your assertions, cos its all parameterized.
Testcase hierarchy would look like the following:
Step1: JDBC teststep (response atrributes saved to Properties1 step)
Step2: PropertyTransfer step (transfers values from JDBC step to Properties1 step)
Step3: Properties1 step
Step4: REST step (response atrributes saved to Properties2 step)
Step5: PropertyTransfer2 (transfer values from REST step to Properties2 step)
Step6: Properties2 step
Step7: Groovy step (compares attributes in Properties1 against equivalent attributes in Properties2)
Only slightly complicated bit is that you need to add some groovy in, but its pretty straightforward groovy so the ReadyAPI! experts there will be able to do it without any problems.
You dont really need the explicit PropertyTransfer step in your test, but i tend to add them in anyway, ao people can see whats happeninf jist by looking at the test.
Ok, thats it....was that clear? Thats the way id do it. Or at least thats what my brains telling me id do, but its 12:30 on the night, so thats all i got right now.....
Cheers,
Rich
Related Content
- 3 years agoMoUddin