Skip to content

[TESTING][FUNCTIONALITY]: Admin API manual test plan (CRUD operations, bulk actions, filtering) #2429

Closed
Bug
Closed
[TESTING][FUNCTIONALITY]: Admin API manual test plan (CRUD operations, bulk actions, filtering)#2429
Bug
Assignees
bogdanmariusc10
Labels
SHOULDP2: Important but not vital; high-value items that are not crucial for the immediate releaseenhancementNew feature or requestmanual-testingManual testing / test planning issuestestingTesting (unit, e2e, manual, automated, etc)
Milestone
Release 1.0.0-RC2
@crivetimihai

Description

@crivetimihai
crivetimihai
opened on Jan 25, 2026

🔧 [TESTING][FUNCTIONALITY]: Admin API Manual Test Plan

Goal

Produce a comprehensive manual test plan for Admin API including CRUD operations, bulk actions, filtering, pagination, and authorization.

Why Now?

The Admin API powers programmatic management:

  1. Automation: Scripts and tools need API access
  2. Consistency: API must match UI functionality
  3. Security: Proper authorization enforcement
  4. Performance: Bulk operations for efficiency

📖 User Stories

US-1: Admin - API Access

As an administrator
I want programmatic API access
So that I can automate management tasks

Acceptance Criteria:

Feature: Admin API Access

  Scenario: Authenticated access
    Given valid admin credentials
    When I call admin endpoints
    Then I should receive correct responses

  Scenario: Unauthorized access
    Given invalid or missing credentials
    When I call admin endpoints
    Then I should receive 401/403 errors

🏗 Architecture

┌─────────────────────────────────────────────────────────────────────────────┐
│                           ADMIN API ENDPOINTS                                │
└─────────────────────────────────────────────────────────────────────────────┘

    /api/admin/
    ├── /gateways          # Gateway management
    ├── /servers           # Virtual server management
    ├── /users             # User management
    ├── /teams             # Team management
    ├── /tokens            # Token management
    ├── /plugins           # Plugin configuration
    ├── /settings          # System settings
    └── /metrics           # System metrics

📋 Test Environment Setup

export GATEWAY_URL="http://localhost:8000"
export MCPGATEWAY_ADMIN_API_ENABLED=true
export TOKEN=$(python -m mcpgateway.utils.create_jwt_token \
  --username admin@example.com --secret "$JWT_SECRET")

🧪 Manual Test Cases

Section 1: CRUD Operations

Case Scenario Method Endpoint Validation
AC-01 List all GET /api/admin/gateways Array returned
AC-02 Get single GET /api/admin/gateways/{id} Object returned
AC-03 Create POST /api/admin/gateways 201 Created
AC-04 Update PUT /api/admin/gateways/{id} 200 OK
AC-05 Delete DELETE /api/admin/gateways/{id} 204 No Content
AC-01: List All Entities

Steps:

# Step 1: List all gateways
curl -s "$GATEWAY_URL/api/admin/gateways" \
  -H "Authorization: Bearer $TOKEN" | jq .

# Step 2: Verify pagination info
curl -s "$GATEWAY_URL/api/admin/gateways" \
  -H "Authorization: Bearer $TOKEN" | jq '.total, .page, .limit'

Expected Result:

  • Array of gateways
  • Pagination metadata included

Section 2: Bulk Operations

Case Scenario Entities Expected Validation
BK-01 Bulk create Multiple All created IDs returned
BK-02 Bulk delete Multiple All deleted 204
BK-03 Bulk update Multiple All updated Status OK
BK-02: Bulk Delete

Steps:

# Step 1: Create test entities
for i in 1 2 3; do
  curl -s -X POST "$GATEWAY_URL/api/admin/gateways" \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d "{\"name\": \"bulk-test-$i\", \"url\": \"http://localhost:900$i\"}" | jq -r '.id'
done

# Step 2: Get IDs
IDS=$(curl -s "$GATEWAY_URL/api/admin/gateways?name=bulk-test" \
  -H "Authorization: Bearer $TOKEN" | jq -r '.items[].id' | tr '\n' ',' | sed 's/,$//')

# Step 3: Bulk delete
curl -s -X DELETE "$GATEWAY_URL/api/admin/gateways/bulk" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d "{\"ids\": [\"$IDS\"]}"

Expected Result:

  • All specified entities deleted
  • 204 No Content response

Section 3: Filtering & Search

Case Scenario Parameter Expected Validation
FL-01 Filter by status ?status=online Filtered Only matching
FL-02 Search by name ?q=test Searched Matches found
FL-03 Sort ?sort=name Sorted Order correct
FL-01: Filter by Status

Steps:

# Step 1: Filter by online status
curl -s "$GATEWAY_URL/api/admin/gateways?status=online" \
  -H "Authorization: Bearer $TOKEN" | jq '.items[] | {name, status}'

# Step 2: Verify all are online
STATUSES=$(curl -s "$GATEWAY_URL/api/admin/gateways?status=online" \
  -H "Authorization: Bearer $TOKEN" | jq -r '.items[].status' | sort -u)

echo "$STATUSES" | grep -v online && echo "FAIL" || echo "PASS"

Expected Result:

  • Only entities with matching status
  • No other statuses included

📊 Test Matrix

Test Case CRUD Bulk Filtering Auth
AC-01
AC-02
AC-03
AC-04
AC-05
BK-01
BK-02
BK-03
FL-01
FL-02
FL-03

✅ Success Criteria

  • All 11 test cases pass
  • CRUD operations work correctly
  • Bulk operations are efficient
  • Filtering and search work
  • Authorization is enforced

🔗 Related Files

  • mcpgateway/routers/admin.py
  • mcpgateway/services/

🔗 Related Issues

Metadata

Metadata

Assignees

Labels

SHOULDP2: Important but not vital; high-value items that are not crucial for the immediate releaseenhancementNew feature or requestmanual-testingManual testing / test planning issuestestingTesting (unit, e2e, manual, automated, etc)

Type

Bug

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions