Skip to content

CCM-16073 - Integration test fixes#152

Merged
mjewildnhs merged 16 commits intofeature/CCM-16073from
feature/CCM-16073-it-fix
Apr 22, 2026
Merged

CCM-16073 - Integration test fixes#152
mjewildnhs merged 16 commits intofeature/CCM-16073from
feature/CCM-16073-it-fix

Conversation

@mjewildnhs
Copy link
Copy Markdown
Contributor

@mjewildnhs mjewildnhs commented Apr 17, 2026
edited
Loading

Description

  • Use https on the ALB for mTLS an non-mTLS calls to the mock webhook
  • Various logging improvements on the http lambda
  • Bring integration tests and helper scripts inline with CCM-16073 changes
  • Load CA cert in http lambda test env even when mtls is disabled
  • Minor redis key fix

Context

Type of changes

  • Refactoring (non-breaking change)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would change existing functionality)
  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I am familiar with the contributing guidelines
  • I have followed the code style of the project
  • I have added tests to cover my changes
  • I have updated the documentation accordingly
  • This PR is a result of pair or mob programming

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

  • I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

@mjewildnhs mjewildnhs changed the base branch from main to feature/CCM-16073 April 17, 2026 16:10
@mjewildnhs mjewildnhs force-pushed the feature/CCM-16073-it-fix branch from 4db73f6 to 1e2a358 Compare April 17, 2026 16:10
@mjewildnhs mjewildnhs marked this pull request as ready for review April 17, 2026 16:36
@mjewildnhs mjewildnhs requested a review from a team as a code owner April 17, 2026 16:36
@mjewildnhs mjewildnhs requested a review from a team as a code owner April 20, 2026 09:18
@mjewildnhs mjewildnhs force-pushed the feature/CCM-16073-it-fix branch 3 times, most recently from 170225a to 9ddff02 Compare April 21, 2026 12:43
@mjewildnhs mjewildnhs requested a review from cgitim April 21, 2026 13:29
cgitim
cgitim requested changes Apr 21, 2026
View reviewed changes
Comment thread tests/integration/README.md Outdated
mjewildnhs added 16 commits April 22, 2026 09:17
@mjewildnhs
ALB/webhook uses https for mTLS and non mTLS - remove http endpoint
2e9ec0b
@mjewildnhs
Log thrown errors in http-client-lambda
f631e74
@mjewildnhs
Update int test debug script
13f3686
@mjewildnhs
Update SQS to webhook int tests to use correct queues
aba3b67
@mjewildnhs
Update debug int script README
0c96e9d
@mjewildnhs
Fix redis script error and better logging for redis errors
d5ca963
@mjewildnhs
Log status code of perm failures
2513be8
@mjewildnhs
fix: load test CA for server trust when mtls is disabled
653f037 
In test environments, the mock webhook ALB uses a server certificate
signed by a locally-generated test CA. Previously, the CA was only
loaded into the TLS agent when mtls.enabled was true (needed for
client certificate auth). Targets with mtls.enabled: false used
Node's default trust store, which does not include the test CA,
causing every delivery attempt to fail with SELF_SIGNED_CERT_IN_CHAIN.

Fix by loading the CA whenever MTLS_TEST_CA_S3_KEY is set, regardless
of mtls.enabled. The client key and cert are still only applied when
mtls.enabled is true. MTLS_TEST_CA_S3_KEY is not set in production,
so non-mTLS targets in production are unaffected.
@mjewildnhs
fix: set ERROR_CODE and ERROR_MESSAGE on DLQ messages for permanent d…
1cab78a 
…elivery failures

AWS API Destinations previously set these SQS message attributes automatically.
After the migration to the https-client lambda, they were no longer being set.

- Read the response body for 4xx responses (previously discarded with res.resume())
  so the error message can be included in the DLQ message attributes
- Set ERROR_CODE=HTTP_CLIENT_ERROR for 4xx webhook rejections, or the TLS error
  code (e.g. CERT_HAS_EXPIRED) for connection-level failures
- Set ERROR_MESSAGE to the message field from the JSON response body, falling
  back to the raw body if not valid JSON
- Extended sendToDlq to accept and forward MessageAttributes to SQS
@mjewildnhs
Fix redrive IT dlq names
32863b0
@mjewildnhs
Fix metric IT dlq names
2ca0dad
@mjewildnhs
Fix alarm test
1688a52
@mjewildnhs
Bump test coverage
96cf296
@mjewildnhs
Fix redis client IAM / connectivity issues + logging improvements
b169833
@mjewildnhs
fixup! fix: set ERROR_CODE and ERROR_MESSAGE on DLQ messages for perm…
2b05cfb 
…anent delivery failures
@mjewildnhs
Feedback: fix int test readme prerequisites section
d63aba2
@mjewildnhs mjewildnhs force-pushed the feature/CCM-16073-it-fix branch from bb57b12 to d63aba2 Compare April 22, 2026 08:25
@mjewildnhs mjewildnhs merged commit d61f693 into feature/CCM-16073 Apr 22, 2026
25 checks passed
@mjewildnhs mjewildnhs deleted the feature/CCM-16073-it-fix branch April 22, 2026 08:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sidnhs sidnhs sidnhs approved these changes

@cgitim cgitim cgitim approved these changes

@rhyscoxnhs rhyscoxnhs rhyscoxnhs approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mjewildnhs @sidnhs @cgitim @rhyscoxnhs