Implemented integration tests

Author: Pavan-Rana

tests/integration/concurrency_test.go

@@ -1 +1,95 @@
-// tests/integration/concurrency_test.go
+//go:build integration
+
+// Run with: go test -tags=integration -v ./tests/integration/...
+// Requires: live Redis at REDIS_ADDR and service running at SERVICE_ADDR
+
+package integration_test
+
+import (
+	"context"
+	"net/http"
+	"os"
+	"sync"
+	"sync/atomic"
+	"testing"
+	"time"
+)
+
+func serviceAddr() string {
+	if a := os.Getenv("SERVICE_ADDR"); a != "" {
+		return a
+	}
+	return "http://localhost:8080"
+}
+
+// TestConcurrentLimit fires limit+50 goroutines simultaneously against a single API key
+// and asserts that no more than `limit` requests were allowed.
+//
+// This is the primary correctness proof for the distributed atomic decision.
+// If the Lua script is not atomic, multiple replicas can race and over-admit.
+func TestConcurrentLimit(t *testing.T) {
+	const limit = 100
+	const total = limit + 50
+
+	var wg sync.WaitGroup
+	var allowed atomic.Int64
+	client := &http.Client{Timeout: 5 * time.Second}
+
+	for i := 0; i < total; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			req, _ := http.NewRequestWithContext(context.Background(), http.MethodPost,
+				serviceAddr()+"/check", nil)
+			req.Header.Set("X-API-KEY", "test-concurrent-key")
+
+			resp, err := client.Do(req)
+			if err != nil {
+				t.Logf("Request error: %v", err)
+				return
+			}
+			defer resp.Body.Close()
+
+			if resp.StatusCode == http.StatusOK {
+				allowed.Add(1)
+			}
+		}()
+	}
+
+	wg.Wait()
+
+	got := int(allowed.Load())
+	if got > limit {
+		t.Errorf("Over-admitted: allowed %d requests, limit was %d - Lua atomicity may be broken", got, limit)
+	}
+	t.Logf("Result: %d/%d requests allowed (limit: %d)", got, total, limit)
+}
+
+func TestWindowBoundary(t *testing.T) {
+	t.Skip("This test is timing-sensitive and may be flaky; run manually if needed")
+}
+
+// TestMultiKeyIsolation verifies that limits for one key do not affect another.
+func TestMultiKeyIsolation(t *testing.T) {
+	client := &http.Client{Timeout: 5 * time.Second}
+
+	doRequest := func(key string) int {
+		req, _ := http.NewRequestWithContext(context.Background(), http.MethodPost,
+			serviceAddr()+"/check", nil)
+		req.Header.Set("X-API-KEY", key)
+		resp, err := client.Do(req)
+		if err != nil {
+			t.Fatalf("Request failed for key %s: %v", key, err)
+		}
+		defer resp.Body.Close()
+		return resp.StatusCode
+	}
+
+	// Both keys should start fresh
+	if status := doRequest("isolation-key-a"); status != http.StatusOK {
+		t.Errorf("Key-a first request: expected 200, got %d", status)
+	}
+	if status := doRequest("isolation-key-b"); status != http.StatusOK {
+		t.Errorf("Key-b first request: expected 200, got %d", status)
+	}
+}

tests/integration/correctness_test.go

@@ -1 +1,91 @@
-// tests/integration/correctness_test.go
+//go:build integration
+
+package integration_test
+
+import (
+	"context"
+	"net/http"
+	"testing"
+	"time"
+)
+
+func TestExactLimitBoundary(t *testing.T) {
+	const limit = 100
+	client := &http.Client{Timeout: 5 * time.Second}
+	apiKey := "test-boundary-sequential"
+
+	for i := 1; i <= limit; i++ {
+		req, _ := http.NewRequestWithContext(context.Background(), http.MethodPost,
+			serviceAddr()+"/check", nil)
+		req.Header.Set("X-API-Key", apiKey)
+
+		resp, err := client.Do(req)
+		if err != nil {
+			t.Fatalf("request %d failed: %v", i, err)
+		}
+		resp.Body.Close()
+
+		if resp.StatusCode != http.StatusOK {
+			t.Fatalf("request %d/%d: expected 200, got %d", i, limit, resp.StatusCode)
+		}
+	}
+
+	// (limit+1)th should be rejected
+	req, _ := http.NewRequestWithContext(context.Background(), http.MethodPost,
+		serviceAddr()+"/check", nil)
+	req.Header.Set("X-API-Key", apiKey)
+	resp, err := client.Do(req)
+	if err != nil {
+		t.Fatalf("over-limit request failed: %v", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusTooManyRequests {
+		t.Errorf("over-limit request: expected 429, got %d", resp.StatusCode)
+	}
+}
+
+func TestBurstExhaustion(t *testing.T) {
+	const limit = 100
+	const burst = 200
+	client := &http.Client{Timeout: 2 * time.Second}
+	apiKey := "test-burst-key"
+
+	allowed := 0
+	for i := 0; i < burst; i++ {
+		req, _ := http.NewRequestWithContext(context.Background(), http.MethodPost,
+			serviceAddr()+"/check", nil)
+		req.Header.Set("X-API-Key", apiKey)
+
+		resp, err := client.Do(req)
+		if err != nil {
+			continue
+		}
+		resp.Body.Close()
+
+		if resp.StatusCode == http.StatusOK {
+			allowed++
+		}
+	}
+
+	if allowed > limit {
+		t.Errorf("burst admitted %d requests, limit is %d", allowed, limit)
+	}
+	t.Logf("burst result: %d/%d allowed (limit: %d)", allowed, burst, limit)
+}
+
+func TestMissingAPIKey(t *testing.T) {
+	client := &http.Client{Timeout: 5 * time.Second}
+	req, _ := http.NewRequestWithContext(context.Background(), http.MethodPost,
+		serviceAddr()+"/check", nil)
+
+	resp, err := client.Do(req)
+	if err != nil {
+		t.Fatalf("request failed: %v", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusBadRequest {
+		t.Errorf("expected 400 for missing key, got %d", resp.StatusCode)
+	}
+}

tests/integration/failure_test.go

@@ -1 +1,82 @@
-// tests/integration/failure_test.go
+//go:build integration
+
+package integration_test
+
+import (
+	"context"
+	"net/http"
+	"testing"
+	"time"
+)
+
+// TestFailOpen verifies the service allows requests when Redis is unavailable.
+// Fail-open behaviour is a deliberate design choice - documented in docs/tradeoffs.md.
+//
+// To run manually:
+//  1. Stop Redis: docker stop <redis-container>
+//  2. Run: go test -tags=integration -run TestFailOpen -v ./tests/integration/...
+//  3. Expect: 200 OK with X-Rate-Limit-Status: fail-open
+//  4. Restart Redis and verify normal operation resumes
+func TestFailOpen(t *testing.T) {
+	t.Skip("Run manually: stop Redis first, then unskip and run")
+
+	client := &http.Client{Timeout: 5 * time.Second}
+	req, _ := http.NewRequestWithContext(context.Background(), http.MethodPost,
+		serviceAddr()+"/check", nil)
+	req.Header.Set("X-API-Key", "fail-open-test")
+
+	resp, err := client.Do(req)
+	if err != nil {
+		t.Fatalf("Request failed: %v", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		t.Errorf("Fail-open: expected 200, got %d", resp.StatusCode)
+	}
+}
+
+// TestHealthAfterRedisRestart verifies the service recovers and resumes
+// correct rate-limit decisions after Redis restarts.
+//
+// To run manually:
+//  1. Restart Redis: docker restart <redis-container>
+//  2. Run this test immediately after
+func TestHealthAfterRedisRestart(t *testing.T) {
+	t.Skip("Run manually after restarting Redis")
+
+	client := &http.Client{Timeout: 10 * time.Second}
+
+	// Poll until the service is healthy again (up to 30s)
+	deadline := time.Now().Add(30 * time.Second)
+	for time.Now().Before(deadline) {
+		req, _ := http.NewRequestWithContext(context.Background(), http.MethodPost,
+			serviceAddr()+"/check", nil)
+		req.Header.Set("X-API-Key", "recovery-test")
+
+		resp, err := client.Do(req)
+		if err == nil && resp.StatusCode == http.StatusOK {
+			resp.Body.Close()
+			t.Log("Service recovered successfully")
+			return
+		}
+		if resp != nil {
+			resp.Body.Close()
+		}
+		time.Sleep(500 * time.Millisecond)
+	}
+
+	t.Error("Service did not recover within 30s after Redis restart")
+}
+
+// TestRollingDeployment documents the manual procedure for verifying
+// zero dropped requests during a Kubernetes rolling update.
+//
+// Procedure:
+//  1. Start a background load test: k6 run tests/load/k6_ramp.js
+//  2. In a second terminal: kubectl rollout restart deployment/rate-limiter
+//  3. Observe k6 output — http_req_failed rate should remain < 0.1%
+//  4. Verify p99 latency spike stays under 50ms during rollover
+func TestRollingDeployment(t *testing.T) {
+	t.Skip("Manual test - see procedure in comment above")
+}

tests/integration/multi_replica_test.go

@@ -1 +1,77 @@
-// tests/integration/multi_replica_test.go
+package integration_test
+
+import (
+	"context"
+	"sync"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/Pavan-Rana/rate-limiter/internal/limiter"
+	"github.com/Pavan-Rana/rate-limiter/internal/store"
+)
+
+type testConfig struct {
+	policy limiter.Policy
+}
+
+func (c *testConfig) PolicyFor(apiKey string) (limiter.Policy, bool) {
+	return c.policy, true
+}
+
+func (c *testConfig) GetDefault() limiter.Policy {
+	return c.policy
+}
+
+func TestMultiReplica_GlobalLimitEnforced(t *testing.T) {
+	ctx := context.Background()
+	redisAddr := "localhost:6379"
+	apiKey := "test-key"
+
+	policy := limiter.Policy{
+		Limit:  50,
+		Window: time.Second,
+	}
+
+	cfg := &testConfig{policy: policy}
+	const replicas = 4
+	const totalRequests = 200
+	limiters := make([]*limiter.Limiter, replicas)
+	for i := 0; i < replicas; i++ {
+		store, err := store.NewRedisStore(redisAddr)
+		if err != nil {
+			t.Fatalf("failed to create redis store: %v", err)
+		}
+		limiters[i] = limiter.New(store, cfg)
+	}
+
+	var allowed int64
+	var wg sync.WaitGroup
+	start := make(chan struct{})
+
+	for i := 0; i < totalRequests; i++ {
+		wg.Add(1)
+
+		go func(i int) {
+			defer wg.Done()
+			<-start
+			l := limiters[i%replicas]
+
+			ok, err := l.AllowRequest(ctx, apiKey)
+			if err != nil {
+				t.Logf("store error: %v", err)
+			}
+			if ok {
+				atomic.AddInt64(&allowed, 1)
+			}
+		}(i)
+	}
+
+	close(start)
+	wg.Wait()
+
+	if allowed > int64(policy.Limit) {
+		t.Fatalf("global limit violated: allowed=%d > limit=%d", allowed, policy.Limit)
+	}
+	t.Logf("allowed=%d (limit=%d)", allowed, policy.Limit)
+}