OCDP/ocdp-go
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
7f238a3168efa28d3b6254e4d0291f117c565986
ocdp-go/docs/bugs-user-b.md
Ivan087 7f238a3168 refactor: full-stack restructure with multi-tenancy, workspace management, and K8s diagnostics 
- Add Workspace domain (entity, repository, service, handler, DTO)
- Add multi-tenant K8s client with tenant binding and quota management
- Add K8s diagnostics client (instance diagnostics)
- Add authorization middleware (authz package)
- Restructure frontend to feature-based architecture (features/)
- Add User Management page in configuration
- Add AccessDenied page and route guards
- Refactor shared components (form inputs, layout, UI)
- Update Tailwind config for new design system
- Add comprehensive documentation (docs/, tasks/, plans)
- Improve cluster service with better kubeconfig handling
- Add tests for crypto, config, helm client, tenant binding
2026-05-12 16:15:14 +08:00

4.8 KiB
Raw Blame History

Bug Report: test-user-b QA Test

Tester: test-user-b (user role) Date: 2026-05-11 Environment: http://10.6.80.114:18080

Bug 1: Repository Tags Endpoint Returns 404

Endpoint: GET /api/v1/registries/{registryId}/repositories/{repository}/tags Status Code: 404 Response Body: 404 page not found (plain text, not JSON)

Expected: Should return a list of tags for the chart/artifact. Actual: The dedicated tags endpoint is not implemented or routes incorrectly. The artifacts endpoint (/repositories/{repository}/artifacts) does work and returns tag info.

Severity: Medium — tags are still discoverable via artifacts endpoint but the dedicated tags API is broken.

Bug 2: DELETE Instance Returns Empty Response Body

Endpoint: DELETE /api/v1/clusters/{clusterId}/instances/{instanceId} Status Code: 200 Response Body: (empty — no content at all)

Expected: Should return a confirmation JSON body (e.g., {"message": "Instance deletion initiated", "id": "..."}) or at minimum a 202 Accepted with status details.

Actual: Returns a completely empty body. The instance does transition to pending-delete state, but the API consumer receives no feedback.

Severity: Medium — operation works but API consumer gets no confirmation.

Bug 3: Cluster Stats Endpoint Returns 404

Endpoint: GET /api/v1/clusters/{clusterId}/stats Status Code: 404 Response Body: 404 page not found (plain text)

Expected: Should return cluster resource statistics (CPU, memory, pod counts, etc.) or a proper JSON error if not implemented.

Actual: Endpoint is not implemented — returns a raw 404 with no JSON error structure.

Severity: Low — but given the user has monitoring:clusters:view permission, this is a missing feature.

Bug 4: Kubeconfig Endpoint Returns 404

Endpoint: GET /api/v1/clusters/{clusterId}/kubeconfig Status Code: 404 Response Body: 404 page not found (plain text)

Expected: Should return a kubeconfig file content or JSON error. User has kubeconfig:issue:own permission.

Actual: Endpoint is not implemented.

Severity: Low — the permission exists but the endpoint does nothing.

Bug 5: Monitoring Metrics Endpoint Returns 404

Endpoint: GET /api/v1/monitoring/clusters/{clusterId}/metrics Status Code: 404 Response Body: 404 page not found (plain text)

Expected: Monitoring metrics data. User has monitoring:clusters:view permission.

Actual: Endpoint not found.

Severity: Low — monitoring permissions exist but backend endpoints missing.

Bug 6: Inconsistent API Response Format (Array vs Object Wrapper)

Clusters and Registries return bare arrays:

[
    { "id": "...", "name": "k3s", ... }
]

Instances returns an object wrapper:

{
    "instances": [
        { "id": "...", "name": "test-nginx-b", ... }
    ],
    "total": 1
}

Expected: Consistent response format across all list endpoints. Either all return bare arrays or all use the { "items": [...], "total": N } wrapper pattern.

Severity: Low — API consistency issue. Makes client code harder to write generically.

Bug 7: auth/me Returns Empty Token Fields

Endpoint: GET /api/v1/auth/me Response includes empty/unpopulated fields:

{
    "accessToken": "",
    "refreshToken": "",
    ...
}

Expected: Either remove these fields from the /auth/me response (they are only meaningful in login/refresh responses) or populate them with valid values.

Actual: Emptry string values for both token fields create confusion about whether they should be present.

Severity: Low — cosmetic issue, but suggests the DTO is reusing the login response struct without clearing token fields.

Summary

# Bug Severity Category
1 Tags endpoint 404 Medium Missing Implementation
2 DELETE returns empty body Medium API Response Quality
3 Cluster stats endpoint 404 Low Missing Implementation
4 Kubeconfig endpoint 404 Low Missing Implementation
5 Monitoring metrics endpoint 404 Low Missing Implementation
6 Inconsistent list response format Low API Consistency
7 auth/me returns empty tokens Low API Response Quality

Passed Tests:

  • Login/authentication ✓
  • Auth/me user info ✓
  • Cluster listing ✓
  • Cluster health check ✓
  • Registry listing ✓
  • Repository browsing (artifacts) ✓
  • Instance deployment (nginx chart) ✓
  • Instance status tracking (pending-install → deployed) ✓
  • Instance deletion (async, transitions to pending-delete then removed) ✓
  • Error handling for invalid repository ✓
  • Error handling for missing required fields ✓
  • Auth rejects invalid tokens ✓
  • Auth rejects missing tokens ✓
  • Instance cleanup confirmed ✓