cloud-gov · markdboyd · Nov 21, 2024 · Nov 21, 2024 · Dec 20, 2024 · Dec 20, 2024
@@ -0,0 +1,5 @@
+# You must set values for these properties for the tests to succeed
+CF_SYSTEM_DOMAIN=
+CF_USERNAME=
+CF_PASSWORD=
+TOTP_SEED=
@@ -1,2 +1,5 @@
-venv
+.env
 __pycache__
+.pytest_cache
+test-results
+venv
@@ -17,3 +17,12 @@ properties:
         redirect-uri: https://CHANGEME/login
         autoapprove: true
 ```
+
+## e2e tests with Playwright
+
+This code includes e2e tests for logging into OpenSearch that use Python Playwright. To run these tests:
+
+```shell
+cp .env-sample .env # Update values in .env afterwards
+./scripts/e2e-local.sh
+```
@@ -237,14 +237,15 @@ jobs:
       trigger: true
     - get: tests-timer
       trigger: true
-    - get: general-task
+    - get: playwright-python
   - task: smoke-tests-login
-    image: general-task
+    image: playwright-python
     file: deploy-logs-opensearch-config/ci/smoke-tests-login.yml
     params:
-      CF_USERNAME: ((cf-username-development))
-      CF_PASSWORD: ((cf-password-development))
+      CF_USERNAME: ((cf-test-username-development))
+      CF_PASSWORD: ((cf-test-user-password-development))
       CF_SYSTEM_DOMAIN: ((cf-system-domain-development))
+      TOTP_SEED: ((cf-test-user-totp-seed-development))
   on_failure:
     put: slack
     params:
@@ -434,14 +435,15 @@ jobs:
       trigger: true
     - get: tests-timer
       trigger: true
-    - get: general-task
+    - get: playwright-python
   - task: smoke-tests-login
-    image: general-task
+    image: playwright-python
     file: deploy-logs-opensearch-config/ci/smoke-tests-login.yml
     params:
-      CF_USERNAME: ((cf-username-staging))
-      CF_PASSWORD: ((cf-password-staging))
+      CF_USERNAME: ((cf-test-username-staging))
+      CF_PASSWORD: ((cf-test-user-password-staging))
       CF_SYSTEM_DOMAIN: ((cf-system-domain-staging))
+      TOTP_SEED: ((cf-test-user-totp-seed-staging))
   on_failure:
     put: slack
     params:
@@ -666,14 +668,15 @@ jobs:
       trigger: true    
     - get: tests-timer
       trigger: true
-    - get: general-task
+    - get: playwright-python
   - task: smoke-tests-login
-    image: general-task
+    image: playwright-python
     file: deploy-logs-opensearch-config/ci/smoke-tests-login.yml
     params:
-      CF_USERNAME: ((cf-username-production))
-      CF_PASSWORD: ((cf-password-production))
+      CF_USERNAME: ((cf-test-username-production))
+      CF_PASSWORD: ((cf-test-user-password-production))
       CF_SYSTEM_DOMAIN: ((cf-system-domain-production))
+      TOTP_SEED: ((cf-test-user-totp-seed-production))
   on_failure:
     put: slack
     params:
@@ -790,7 +793,7 @@ resources:
   type: git
   source:
     commit_verification_keys: ((cloud-gov-pgp-keys))
-    uri: https://github.com/cloud-gov/cg-deploy-opensearch.git
+    uri: https://github.com/cloud-gov/deploy-logs-opensearch.git
     branch: main
 
 - name: opensearch-stemcell-jammy
@@ -851,6 +854,15 @@ resources:
     aws_region: us-gov-west-1
     tag: latest
 
+- name: playwright-python
+  type: registry-image
+  source:
+    aws_access_key_id: ((ecr_aws_key))
+    aws_secret_access_key: ((ecr_aws_secret))
+    repository: playwright-python
+    aws_region: us-gov-west-1
+    tag: latest    
+
 resource_types:
 - name: registry-image
   type: registry-image

@@ -0,0 +1,4 @@
+pytest
+playwright
+pytest-playwright
+pyotp
@@ -8,5 +8,5 @@ run:
   args:
   - -exc
   - |
-    pip install requests
-    python deploy-logs-opensearch-config/ci/smoke-tests-login.py
+    cd deploy-logs-opensearch-config
+    ./scripts/e2e.sh
@@ -0,0 +1,68 @@
+#!/usr/bin/env python
+
+import os
+import logging
+import re
+import pyotp
+
+logging.basicConfig(level=logging.DEBUG)
+
+AUTH_PROXY_URL = "https://logs.{}".format(os.environ["CF_SYSTEM_DOMAIN"])
+UAA_BASE_URL = "https://login.{}".format(os.environ["CF_SYSTEM_DOMAIN"])
+
+
+def log_in(user, page, start_at):
+    # go to auth proxy
+    page.goto(start_at)
+
+    # accept the monitoring notice
+    agree_continue_button = page.get_by_text("AGREE AND CONTINUE")
+    agree_continue_button.wait_for()
+    agree_continue_button.click()
+
+    # select the cloud.gov IdP
+    cloud_gov_idp_button = page.get_by_role("link", name="cloud.gov")
+    cloud_gov_idp_button.wait_for()
+    cloud_gov_idp_button.click()
+
+    username_field = page.get_by_label("Email address")
+    password_field = page.get_by_label("Password")
+    username_field.wait_for()
+    password_field.wait_for()
+    username_field.fill(user.username)
+    password_field.fill(user.password)
+
+    login_button = page.get_by_text("Login")
+    login_button.wait_for()
+    login_button.click()
+
+    totp_field = page.locator("css=input[id='j_tokenNumber']")
+    totp_field.wait_for()
+    totp_field.fill(user.totp.now())
+
+    login_button = page.get_by_text("Login")
+    login_button.wait_for()
+    login_button.click()
+
+    # wait for OAuth authorize page or auth proxy page
+    page.wait_for_url(re.compile(f"({AUTH_PROXY_URL}|{UAA_BASE_URL})"))
+
+    # if OAuth authorize page, then authorize the application
+    if "/authorize?" in page.url:
+        # first time using this app with this user
+        authorize_button = page.get_by_text("Authorize")
+        authorize_button.wait_for()
+        authorize_button.click()
+
+
+class User:
+    def __init__(self):
+        self.username = os.environ["CF_USERNAME"]
+        self.password = os.environ["CF_PASSWORD"]
+        totp_seed = os.environ["TOTP_SEED"]
+        self.totp = pyotp.TOTP(totp_seed)
+
+
+def test_user_login(page):
+    user = User()
+    log_in(user, page, AUTH_PROXY_URL)
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+set -o allexport
+source ".env"
+set +o allexport
+
+dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+
+"$dir"/e2e.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+python -m venv venv
+source venv/bin/activate
+pip install -r ci/requirements.txt
+playwright install firefox
+python -m pytest ci --browser firefox --tracing retain-on-failure