Merge pull request #147 from bcgov/util/iyOavXXy

SSO Siteminder Tests

.github/workflows/siteminder-tests.yml

@@ -0,0 +1,80 @@
+name: Run Siteminder Tests to Validate SAML Payload
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: 'Environment under test'
+        required: true
+        default: 'prod'
+        type: choice
+        options: ['prod']
+      cluster:
+        description: 'OCP'
+        required: true
+        default: 'gold'
+        type: choice
+        options: ['silver', 'gold']
+jobs:
+  matrix-prep:
+    name: Generate matrix
+    runs-on: ubuntu-20.04
+    outputs:
+      datacenters: ${{ steps.set-matrix.outputs.datacenters }}
+      hostname: ${{ steps.set-matrix.outputs.hostname }}
+    steps:
+      - name: Fetch environment specific parameters
+        id: set-matrix
+        run: |
+          datacenters=$(echo "${{ secrets.SITEMINDER_TESTS_DATACENTERS }}" | jq '."${{ github.event.inputs.environment }}".datacenters')
+          hostname=$(echo "${{ secrets.SITEMINDER_TESTS_DATACENTERS }}" | jq '."${{ github.event.inputs.environment }}".hostname')
+          echo ::set-output name=datacenters::{\"include\":$(echo $datacenters)}
+          echo ::set-output name=hostname::$(echo $hostname)
+
+  run-siteminder-tests:
+    runs-on: ubuntu-20.04
+    needs: matrix-prep
+    strategy:
+      matrix: ${{ fromJson(needs.matrix-prep.outputs.datacenters) }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+      - name: Set up docker buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Cache docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-test-cache
+          key: ${{ runner.os }}-buildx-test-${{ github.sha }}
+          restore-keys: ${{ runner.os }}-buildx-test-
+      - name: Build docker image
+        uses: docker/build-push-action@v3
+        with:
+          context: ./siteminder-tests
+          push: false
+          load: true
+          tags: siteminder-tests
+          file: Dockerfile
+          cache-from: type=local,src=/tmp/.buildx-test-cache
+          cache-to: type=local,dest=/tmp/.buildx-test-cache-new
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-test-cache
+          mv /tmp/.buildx-test-cache-new /tmp/.buildx-test-cache
+      - name: Run siteminder tests
+        run: |
+          cd ${{ github.workspace }}/siteminder-tests
+          echo "${{ secrets.SITEMINDER_TESTS_ENV }}" | base64 --decode > .env
+          docker run --rm -e ENVIRONMENT=${{ github.event.inputs.environment }} \
+                          -e CLUSTER=${{ github.event.inputs.cluster }} \
+                          -v $(pwd)/results:/app/results \
+                          --add-host=${{ needs.matrix-prep.outputs.hostname }}:${{ matrix.ip }} \
+                          siteminder-tests
+      - name: Upload test results
+        uses: actions/upload-artifact@v2
+        with:
+          name: ${{ github.event.inputs.cluster }}-${{ github.event.inputs.environment }}-${{ matrix.name }}-results
+          path: ${{ github.workspace }}/siteminder-tests/results

.gitignore

@@ -46,3 +46,7 @@ override.tf.json
 terraform.rc
 
 docker/keycloak/extensions/services/target
+
+screen_shots
+saml_trace
+results

siteminder-tests/.dockerignore

@@ -0,0 +1,6 @@
+results
+screen_shots
+node_modules
+.prettierrc
+.eslintrc
+.dockerignore

siteminder-tests/.env.example

@@ -0,0 +1,72 @@
+# IDIR - Environment Agnostic
+IDIR_USERNAME=
+IDIR_PASSWORD=
+IDIR_USER_IDENTIFIER=
+IDIR_DISPLAYNAME=
+IDIR_LASTNAME=
+IDIR_FIRSTNAME=
+IDIR_EMAIL=
+
+# BCEID Basic
+## Dev
+DEV_BCEID_BASIC_DISPLAYNAME=
+DEV_BCEID_BASIC_EMAIL=
+DEV_BCEID_BASIC_USERNAME=
+DEV_BCEID_BASIC_PASSWORD=
+DEV_BCEID_BASIC_USER_IDENTIFIER=
+
+## Test
+TEST_BCEID_BASIC_DISPLAYNAME=
+TEST_BCEID_BASIC_EMAIL=
+TEST_BCEID_BASIC_USERNAME=
+TEST_BCEID_BASIC_PASSWORD=
+TEST_BCEID_BASIC_USER_IDENTIFIER=
+
+## Prod
+PROD_BCEID_BASIC_DISPLAYNAME=
+PROD_BCEID_BASIC_EMAIL=
+PROD_BCEID_BASIC_USERNAME=
+PROD_BCEID_BASIC_PASSWORD=
+PROD_BCEID_BASIC_USER_IDENTIFIER=
+
+# BCEID Business
+## Dev
+DEV_BCEID_BUSINESS_DISPLAYNAME=
+DEV_BCEID_BUSINESS_USERNAME=
+DEV_BCEID_BUSINESS_EMAIL=
+DEV_BCEID_BUSINESS_PASSWORD=
+DEV_BCEID_BUSINESS_USER_IDENTIFIER=
+DEV_BCEID_BUSINESS_GUID=
+DEV_BCEID_BUSINESS_LEGALNAME=
+
+## Test
+TEST_BCEID_BUSINESS_DISPLAYNAME=
+TEST_BCEID_BUSINESS_USERNAME=
+TEST_BCEID_BUSINESS_EMAIL=
+TEST_BCEID_BUSINESS_PASSWORD=
+TEST_BCEID_BUSINESS_USER_IDENTIFIER=
+TEST_BCEID_BUSINESS_GUID=
+TEST_BCEID_BUSINESS_LEGALNAME=
+
+## Prod
+PROD_BCEID_BUSINESS_DISPLAYNAME=
+PROD_BCEID_BUSINESS_USERNAME=
+PROD_BCEID_BUSINESS_EMAIL=
+PROD_BCEID_BUSINESS_PASSWORD=
+PROD_BCEID_BUSINESS_USER_IDENTIFIER=
+PROD_BCEID_BUSINESS_GUID=
+PROD_BCEID_BUSINESS_LEGALNAME=
+
+# Silver
+SILVER_IDIR_REALM=
+SILVER_BCEID_REALM=
+SILVER_BCEID_BASIC_REALM=
+SILVER_BCEID_BUSINESS_REALM=
+SILVER_BCEID_BOTH_REALM=
+
+# Gold
+GOLD_IDIR_REALM=
+GOLD_BCEID_REALM=
+GOLD_BCEID_BASIC_REALM=
+GOLD_BCEID_BUSINESS_REALM=
+GOLD_BCEID_BOTH_REALM=

siteminder-tests/.eslintrc.yml

@@ -0,0 +1,8 @@
+env:
+  browser: true
+  commonjs: true
+  es2021: true
+extends: eslint:recommended
+parserOptions:
+  ecmaVersion: latest
+rules: {}

siteminder-tests/.mocharc.js

@@ -0,0 +1,8 @@
+'use strict';
+
+module.exports = {
+  timeout: 20000,
+  diff: false,
+  reporter: 'mochawesome',
+  'reporter-option': ['reportDir=results', 'reportFilename=siteminder-test', 'html=false'],
+};

siteminder-tests/.prettierignore

@@ -0,0 +1 @@
+node_modules

siteminder-tests/.prettierrc

@@ -0,0 +1,11 @@
+{
+  "singleQuote": true,
+  "printWidth": 120,
+  "tabWidth": 2,
+  "useTabs": false,
+  "semi": true,
+  "quoteProps": "as-needed",
+  "trailingComma": "all",
+  "bracketSpacing": true,
+  "arrowParens": "always"
+}

siteminder-tests/.tool-versions

@@ -0,0 +1,3 @@
+nodejs 16.14.0
+yarn 1.22.4
+python 3.8.6

siteminder-tests/Dockerfile

@@ -0,0 +1,17 @@
+FROM node:16.14.2-slim
+
+RUN apt-get update && apt-get install curl gnupg -y \
+    && curl --location --silent https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
+    && sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' \
+    && apt-get update \
+    && apt-get install google-chrome-stable -y --no-install-recommends \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY . /app/
+
+WORKDIR /app
+
+RUN yarn install
+
+ENTRYPOINT [ "yarn" ]
+CMD [ "test:html" ]

siteminder-tests/README.md

@@ -0,0 +1,110 @@
+# SSO Siteminder Tests
+
+- This repository consists of automated tests that are run using puppeteer headless browser against consumer URLs. These tests are used to validate the payload attributes returned by the identity provider SAML
+- The identity provider has hosted the service on two data centers. In order to validate the data returned from two different data centers, the tests are being run twice, i.e. by adding one host record targetting a data center at a time
+- The tests will generate results report for each run against the data center
+
+## Requirements
+
+### Secrets
+
+**Note**: The below secrets are used by `siteminder-tests.yml` workflow to run the tests. Make sure these secrets are available as github action secrets before running the github action. These secrets are also stored under a secret `siteminder-tests` at `eb75ad-tools` namespace of gold cluster
+
+- `SITEMINDER_TESTS_DATACENTERS` stores a json payload in below format
+
+  ```json
+  {\"<ENVIRONMENT>\":{\"datacenters\":[{\"name\":\"<DATACENTER>\",\"ip\":\"<DATACENTER-IP>\"},{\"name\":\"<DATACENTER>\",\"ip\":\"<DATACENTER-IP>\"}],\"hostname\":\"<HOSTNAME>\"}}
+  ```
+
+- `SITEMINDER_TESTS_ENV` stores all the key-value pairs from `.env.example`
+
+### Tools
+
+- The required tools can be installed using [asdf](https://asdf-vm.com/guide/getting-started.html)
+
+- After installation, just follow below steps to setup or update the `shims`
+
+  ```sh
+  cat .tool-versions | cut -f 1 -d ' ' | xargs -n 1 asdf plugin-add || true
+  asdf plugin-update --all
+  asdf install
+  asdf reshim
+  ```
+
+- `puppeteer`: To run it in linux, the following dependencies need to be installed
+
+  ```sh
+  sudo apt-get update
+
+  sudo apt-get install gconf-service libasound2 libatk1.0-0 libatk-bridge2.0-0 libc6 libcairo2 \
+  libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 \
+  libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 \
+  libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 \
+  libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation \
+  libappindicator1 libnss3 lsb-release xdg-utils wget
+  ```
+
+**Note**: Below steps is only for developers and contributors
+
+- Install [pre-commit](https://pre-commit.com/#install) to validate the source code using pre-commit hooks
+
+- Install [gitlint](https://jorisroovers.com/gitlint/) to lint git commit messages
+
+- Both tools can be installed using `requirements.txt` as shown below
+
+  ```sh
+  pip install -r requirements.txt
+
+  # setup up git hook scripts
+  pre-commit install
+
+  # run against all the files
+  pre-commit run --all-files
+  ```
+
+- Install [gitlint](https://jorisroovers.com/gitlint/) to validate
+
+## Installation
+
+### Locally
+
+#### `yarn install`
+
+Install the dependencies
+
+#### `yarn test`
+
+Executes all the tests and generates screenshots under `results/assets`
+
+#### `yarn test:html`
+
+Executes all the tests and generates screenshots and html report under `results` directory
+
+### Docker
+
+- Create `.env`
+  - from `.env.example` and fill all the values or
+  - from a secret [`siteminder-tests`](https://console.apps.gold.devops.gov.bc.ca/k8s/ns/eb75ad-tools/secrets/siteminder-tests/)
+
+- Run the docker container from `siteminder-tests` directory
+
+  ```sh
+  export ENVIRONMENT=<dev/test/prod>
+  export CLUSTER=<silver/gold>
+
+  docker run --rm -e ENVIRONMENT=$ENVIRONMENT -e CLUSTER=$CLUSTER -v $(pwd)/results:/app/results $(docker build -q .)
+  ```
+
+### Docker Compose
+
+- Create `.env`
+  - from `.env.example` and fill all the values or
+  - from a secret [`siteminder-tests`](https://console.apps.gold.devops.gov.bc.ca/k8s/ns/eb75ad-tools/secrets/siteminder-tests/)
+
+#### `docker-compose up`
+
+- Run the docker compose and optionally add flag `-d` to run it in the background
+
+### `docker-compose down`
+
+- Stop and remove the containers

siteminder-tests/config.js

@@ -0,0 +1,53 @@
+require('dotenv').config();
+
+const process = require('process');
+
+const environment = process.env.ENVIRONMENT.toUpperCase() || 'DEV';
+
+const cluster = process.env.CLUSTER.toUpperCase() || 'SILVER';
+
+const fetchEnvParam = (param) => {
+  return eval(`process.env.${environment}_${param}`);
+};
+
+module.exports = {
+  fetchSsoUrl: function (provider) {
+    let realm = eval(`process.env.${cluster}_${provider}_REALM`);
+
+    if (cluster === 'SILVER') {
+      return `https://${
+        process.env.ENVIRONMENT === 'prod' ? '' : process.env.ENVIRONMENT + '.'
+      }oidc.gov.bc.ca/auth/admin/${realm}/console/`;
+    } else {
+      return `https://${
+        process.env.ENVIRONMENT === 'prod' ? '' : process.env.ENVIRONMENT + '.'
+      }loginproxy.gov.bc.ca/auth/admin/${realm}/console/`;
+    }
+  },
+  idir_config: {
+    username: process.env.IDIR_USERNAME,
+    password: process.env.IDIR_PASSWORD,
+    user_identifier: process.env.IDIR_USER_IDENTIFIER,
+    display_name: process.env.IDIR_DISPLAYNAME,
+    email: process.env.IDIR_EMAIL,
+    firstname: process.env.IDIR_FIRSTNAME,
+    lastname: process.env.IDIR_LASTNAME,
+  },
+  bceid_basic_config: {
+    username: fetchEnvParam('BCEID_BASIC_USERNAME'),
+    password: fetchEnvParam('BCEID_BASIC_PASSWORD'),
+    user_identifier: fetchEnvParam('BCEID_BASIC_USER_IDENTIFIER'),
+    display_name: fetchEnvParam('BCEID_BASIC_DISPLAYNAME'),
+    email: fetchEnvParam('BCEID_BASIC_EMAIL'),
+  },
+
+  bceid_business_config: {
+    username: fetchEnvParam('BCEID_BUSINESS_USERNAME'),
+    password: fetchEnvParam('BCEID_BUSINESS_PASSWORD'),
+    user_identifier: fetchEnvParam('BCEID_BUSINESS_USER_IDENTIFIER'),
+    display_name: fetchEnvParam('BCEID_BUSINESS_DISPLAYNAME'),
+    email: fetchEnvParam('BCEID_BUSINESS_EMAIL'),
+    guid: fetchEnvParam('BCEID_BUSINESS_GUID'),
+    legalname: fetchEnvParam('BCEID_BUSINESS_LEGALNAME'),
+  },
+};