IS-10 create tests on Node/Registry while no matching public keys found for given token

[lo-simon]

Suggest steps on how to implement tests to verify node/registry behavior, while no matching public keys found for the given token.

1. in the initial test-suite, add a mock auth server e.g. auth.mocks.testsuite.nmos.tv:5009 to DNS A records.
2. generate new keys and certificate for the mock auth server.
3. start the mock auth server with the newly generated cert and private key on port 5009.
4. generate mock auth server token.
5. do_test_authorization with mock auth server token and expected result to be 503/401.
6. wait 503 retry time, maximum up to 5 sec (it should be long enough for the under testing node to fetch the public keys from mock auth server)
7. do_test_authorization with mock auth server token and expected result to be 200.
8. shut down mock auth server.
9. test can be repeated without rebooting the node.

Andrew response:

Is the mock auth server something which is custom written as part of the testing tool (much like the mock registry)? Also, does the 503 come from the Node (device under test)? If so, whilst a Node may respond with that code, it would also be a valid behaviour to be able to respond immediately (having noticed the DNS-SD advertisement). On the face of it I think it could work, but I'd also urge caution to make sure this doesn't cause conflicts with an auth server which has been intentionally started on the network

Simon response:

The mock auth server is a custom written version similar to the mock registry, the only purpose is serving its public keys (jwks_uri), server metadata (well-known endpoint), and generate tokens. The node could also respond immediately 401 and 503. DNS zone file will only be holding the mock auth server name lookup, the A record, but not an advertisement of mock auth server.