-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #147 from bcgov/util/iyOavXXy
SSO Siteminder Tests
- Loading branch information
Showing
18 changed files
with
3,033 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
name: Run Siteminder Tests to Validate SAML Payload | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
environment: | ||
description: 'Environment under test' | ||
required: true | ||
default: 'prod' | ||
type: choice | ||
options: ['prod'] | ||
cluster: | ||
description: 'OCP' | ||
required: true | ||
default: 'gold' | ||
type: choice | ||
options: ['silver', 'gold'] | ||
jobs: | ||
matrix-prep: | ||
name: Generate matrix | ||
runs-on: ubuntu-20.04 | ||
outputs: | ||
datacenters: ${{ steps.set-matrix.outputs.datacenters }} | ||
hostname: ${{ steps.set-matrix.outputs.hostname }} | ||
steps: | ||
- name: Fetch environment specific parameters | ||
id: set-matrix | ||
run: | | ||
datacenters=$(echo "${{ secrets.SITEMINDER_TESTS_DATACENTERS }}" | jq '."${{ github.event.inputs.environment }}".datacenters') | ||
hostname=$(echo "${{ secrets.SITEMINDER_TESTS_DATACENTERS }}" | jq '."${{ github.event.inputs.environment }}".hostname') | ||
echo ::set-output name=datacenters::{\"include\":$(echo $datacenters)} | ||
echo ::set-output name=hostname::$(echo $hostname) | ||
run-siteminder-tests: | ||
runs-on: ubuntu-20.04 | ||
needs: matrix-prep | ||
strategy: | ||
matrix: ${{ fromJson(needs.matrix-prep.outputs.datacenters) }} | ||
steps: | ||
- name: Check out repository | ||
uses: actions/checkout@v3 | ||
- uses: actions/setup-node@v3 | ||
with: | ||
node-version: 16 | ||
- name: Set up docker buildx | ||
uses: docker/setup-buildx-action@v2 | ||
- name: Cache docker layers | ||
uses: actions/cache@v2 | ||
with: | ||
path: /tmp/.buildx-test-cache | ||
key: ${{ runner.os }}-buildx-test-${{ github.sha }} | ||
restore-keys: ${{ runner.os }}-buildx-test- | ||
- name: Build docker image | ||
uses: docker/build-push-action@v3 | ||
with: | ||
context: ./siteminder-tests | ||
push: false | ||
load: true | ||
tags: siteminder-tests | ||
file: Dockerfile | ||
cache-from: type=local,src=/tmp/.buildx-test-cache | ||
cache-to: type=local,dest=/tmp/.buildx-test-cache-new | ||
- name: Move cache | ||
run: | | ||
rm -rf /tmp/.buildx-test-cache | ||
mv /tmp/.buildx-test-cache-new /tmp/.buildx-test-cache | ||
- name: Run siteminder tests | ||
run: | | ||
cd ${{ github.workspace }}/siteminder-tests | ||
echo "${{ secrets.SITEMINDER_TESTS_ENV }}" | base64 --decode > .env | ||
docker run --rm -e ENVIRONMENT=${{ github.event.inputs.environment }} \ | ||
-e CLUSTER=${{ github.event.inputs.cluster }} \ | ||
-v $(pwd)/results:/app/results \ | ||
--add-host=${{ needs.matrix-prep.outputs.hostname }}:${{ matrix.ip }} \ | ||
siteminder-tests | ||
- name: Upload test results | ||
uses: actions/upload-artifact@v2 | ||
with: | ||
name: ${{ github.event.inputs.cluster }}-${{ github.event.inputs.environment }}-${{ matrix.name }}-results | ||
path: ${{ github.workspace }}/siteminder-tests/results |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -46,3 +46,7 @@ override.tf.json | |
terraform.rc | ||
|
||
docker/keycloak/extensions/services/target | ||
|
||
screen_shots | ||
saml_trace | ||
results |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
results | ||
screen_shots | ||
node_modules | ||
.prettierrc | ||
.eslintrc | ||
.dockerignore |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
# IDIR - Environment Agnostic | ||
IDIR_USERNAME= | ||
IDIR_PASSWORD= | ||
IDIR_USER_IDENTIFIER= | ||
IDIR_DISPLAYNAME= | ||
IDIR_LASTNAME= | ||
IDIR_FIRSTNAME= | ||
IDIR_EMAIL= | ||
|
||
# BCEID Basic | ||
## Dev | ||
DEV_BCEID_BASIC_DISPLAYNAME= | ||
DEV_BCEID_BASIC_EMAIL= | ||
DEV_BCEID_BASIC_USERNAME= | ||
DEV_BCEID_BASIC_PASSWORD= | ||
DEV_BCEID_BASIC_USER_IDENTIFIER= | ||
|
||
## Test | ||
TEST_BCEID_BASIC_DISPLAYNAME= | ||
TEST_BCEID_BASIC_EMAIL= | ||
TEST_BCEID_BASIC_USERNAME= | ||
TEST_BCEID_BASIC_PASSWORD= | ||
TEST_BCEID_BASIC_USER_IDENTIFIER= | ||
|
||
## Prod | ||
PROD_BCEID_BASIC_DISPLAYNAME= | ||
PROD_BCEID_BASIC_EMAIL= | ||
PROD_BCEID_BASIC_USERNAME= | ||
PROD_BCEID_BASIC_PASSWORD= | ||
PROD_BCEID_BASIC_USER_IDENTIFIER= | ||
|
||
# BCEID Business | ||
## Dev | ||
DEV_BCEID_BUSINESS_DISPLAYNAME= | ||
DEV_BCEID_BUSINESS_USERNAME= | ||
DEV_BCEID_BUSINESS_EMAIL= | ||
DEV_BCEID_BUSINESS_PASSWORD= | ||
DEV_BCEID_BUSINESS_USER_IDENTIFIER= | ||
DEV_BCEID_BUSINESS_GUID= | ||
DEV_BCEID_BUSINESS_LEGALNAME= | ||
|
||
## Test | ||
TEST_BCEID_BUSINESS_DISPLAYNAME= | ||
TEST_BCEID_BUSINESS_USERNAME= | ||
TEST_BCEID_BUSINESS_EMAIL= | ||
TEST_BCEID_BUSINESS_PASSWORD= | ||
TEST_BCEID_BUSINESS_USER_IDENTIFIER= | ||
TEST_BCEID_BUSINESS_GUID= | ||
TEST_BCEID_BUSINESS_LEGALNAME= | ||
|
||
## Prod | ||
PROD_BCEID_BUSINESS_DISPLAYNAME= | ||
PROD_BCEID_BUSINESS_USERNAME= | ||
PROD_BCEID_BUSINESS_EMAIL= | ||
PROD_BCEID_BUSINESS_PASSWORD= | ||
PROD_BCEID_BUSINESS_USER_IDENTIFIER= | ||
PROD_BCEID_BUSINESS_GUID= | ||
PROD_BCEID_BUSINESS_LEGALNAME= | ||
|
||
# Silver | ||
SILVER_IDIR_REALM= | ||
SILVER_BCEID_REALM= | ||
SILVER_BCEID_BASIC_REALM= | ||
SILVER_BCEID_BUSINESS_REALM= | ||
SILVER_BCEID_BOTH_REALM= | ||
|
||
# Gold | ||
GOLD_IDIR_REALM= | ||
GOLD_BCEID_REALM= | ||
GOLD_BCEID_BASIC_REALM= | ||
GOLD_BCEID_BUSINESS_REALM= | ||
GOLD_BCEID_BOTH_REALM= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
env: | ||
browser: true | ||
commonjs: true | ||
es2021: true | ||
extends: eslint:recommended | ||
parserOptions: | ||
ecmaVersion: latest | ||
rules: {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
'use strict'; | ||
|
||
module.exports = { | ||
timeout: 20000, | ||
diff: false, | ||
reporter: 'mochawesome', | ||
'reporter-option': ['reportDir=results', 'reportFilename=siteminder-test', 'html=false'], | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
node_modules |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
{ | ||
"singleQuote": true, | ||
"printWidth": 120, | ||
"tabWidth": 2, | ||
"useTabs": false, | ||
"semi": true, | ||
"quoteProps": "as-needed", | ||
"trailingComma": "all", | ||
"bracketSpacing": true, | ||
"arrowParens": "always" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
nodejs 16.14.0 | ||
yarn 1.22.4 | ||
python 3.8.6 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
FROM node:16.14.2-slim | ||
|
||
RUN apt-get update && apt-get install curl gnupg -y \ | ||
&& curl --location --silent https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \ | ||
&& sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' \ | ||
&& apt-get update \ | ||
&& apt-get install google-chrome-stable -y --no-install-recommends \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
COPY . /app/ | ||
|
||
WORKDIR /app | ||
|
||
RUN yarn install | ||
|
||
ENTRYPOINT [ "yarn" ] | ||
CMD [ "test:html" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
# SSO Siteminder Tests | ||
|
||
- This repository consists of automated tests that are run using puppeteer headless browser against consumer URLs. These tests are used to validate the payload attributes returned by the identity provider SAML | ||
- The identity provider has hosted the service on two data centers. In order to validate the data returned from two different data centers, the tests are being run twice, i.e. by adding one host record targetting a data center at a time | ||
- The tests will generate results report for each run against the data center | ||
|
||
## Requirements | ||
|
||
### Secrets | ||
|
||
**Note**: The below secrets are used by `siteminder-tests.yml` workflow to run the tests. Make sure these secrets are available as github action secrets before running the github action. These secrets are also stored under a secret `siteminder-tests` at `eb75ad-tools` namespace of gold cluster | ||
|
||
- `SITEMINDER_TESTS_DATACENTERS` stores a json payload in below format | ||
|
||
```json | ||
{\"<ENVIRONMENT>\":{\"datacenters\":[{\"name\":\"<DATACENTER>\",\"ip\":\"<DATACENTER-IP>\"},{\"name\":\"<DATACENTER>\",\"ip\":\"<DATACENTER-IP>\"}],\"hostname\":\"<HOSTNAME>\"}} | ||
``` | ||
|
||
- `SITEMINDER_TESTS_ENV` stores all the key-value pairs from `.env.example` | ||
|
||
### Tools | ||
|
||
- The required tools can be installed using [asdf](https://asdf-vm.com/guide/getting-started.html) | ||
|
||
- After installation, just follow below steps to setup or update the `shims` | ||
|
||
```sh | ||
cat .tool-versions | cut -f 1 -d ' ' | xargs -n 1 asdf plugin-add || true | ||
asdf plugin-update --all | ||
asdf install | ||
asdf reshim | ||
``` | ||
|
||
- `puppeteer`: To run it in linux, the following dependencies need to be installed | ||
|
||
```sh | ||
sudo apt-get update | ||
|
||
sudo apt-get install gconf-service libasound2 libatk1.0-0 libatk-bridge2.0-0 libc6 libcairo2 \ | ||
libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 \ | ||
libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 \ | ||
libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 \ | ||
libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation \ | ||
libappindicator1 libnss3 lsb-release xdg-utils wget | ||
``` | ||
|
||
**Note**: Below steps is only for developers and contributors | ||
|
||
- Install [pre-commit](https://pre-commit.com/#install) to validate the source code using pre-commit hooks | ||
|
||
- Install [gitlint](https://jorisroovers.com/gitlint/) to lint git commit messages | ||
|
||
- Both tools can be installed using `requirements.txt` as shown below | ||
|
||
```sh | ||
pip install -r requirements.txt | ||
|
||
# setup up git hook scripts | ||
pre-commit install | ||
|
||
# run against all the files | ||
pre-commit run --all-files | ||
``` | ||
|
||
- Install [gitlint](https://jorisroovers.com/gitlint/) to validate | ||
|
||
## Installation | ||
|
||
### Locally | ||
|
||
#### `yarn install` | ||
|
||
Install the dependencies | ||
|
||
#### `yarn test` | ||
|
||
Executes all the tests and generates screenshots under `results/assets` | ||
|
||
#### `yarn test:html` | ||
|
||
Executes all the tests and generates screenshots and html report under `results` directory | ||
|
||
### Docker | ||
|
||
- Create `.env` | ||
- from `.env.example` and fill all the values or | ||
- from a secret [`siteminder-tests`](https://console.apps.gold.devops.gov.bc.ca/k8s/ns/eb75ad-tools/secrets/siteminder-tests/) | ||
|
||
- Run the docker container from `siteminder-tests` directory | ||
|
||
```sh | ||
export ENVIRONMENT=<dev/test/prod> | ||
export CLUSTER=<silver/gold> | ||
|
||
docker run --rm -e ENVIRONMENT=$ENVIRONMENT -e CLUSTER=$CLUSTER -v $(pwd)/results:/app/results $(docker build -q .) | ||
``` | ||
|
||
### Docker Compose | ||
|
||
- Create `.env` | ||
- from `.env.example` and fill all the values or | ||
- from a secret [`siteminder-tests`](https://console.apps.gold.devops.gov.bc.ca/k8s/ns/eb75ad-tools/secrets/siteminder-tests/) | ||
|
||
#### `docker-compose up` | ||
|
||
- Run the docker compose and optionally add flag `-d` to run it in the background | ||
|
||
### `docker-compose down` | ||
|
||
- Stop and remove the containers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
require('dotenv').config(); | ||
|
||
const process = require('process'); | ||
|
||
const environment = process.env.ENVIRONMENT.toUpperCase() || 'DEV'; | ||
|
||
const cluster = process.env.CLUSTER.toUpperCase() || 'SILVER'; | ||
|
||
const fetchEnvParam = (param) => { | ||
return eval(`process.env.${environment}_${param}`); | ||
}; | ||
|
||
module.exports = { | ||
fetchSsoUrl: function (provider) { | ||
let realm = eval(`process.env.${cluster}_${provider}_REALM`); | ||
|
||
if (cluster === 'SILVER') { | ||
return `https://${ | ||
process.env.ENVIRONMENT === 'prod' ? '' : process.env.ENVIRONMENT + '.' | ||
}oidc.gov.bc.ca/auth/admin/${realm}/console/`; | ||
} else { | ||
return `https://${ | ||
process.env.ENVIRONMENT === 'prod' ? '' : process.env.ENVIRONMENT + '.' | ||
}loginproxy.gov.bc.ca/auth/admin/${realm}/console/`; | ||
} | ||
}, | ||
idir_config: { | ||
username: process.env.IDIR_USERNAME, | ||
password: process.env.IDIR_PASSWORD, | ||
user_identifier: process.env.IDIR_USER_IDENTIFIER, | ||
display_name: process.env.IDIR_DISPLAYNAME, | ||
email: process.env.IDIR_EMAIL, | ||
firstname: process.env.IDIR_FIRSTNAME, | ||
lastname: process.env.IDIR_LASTNAME, | ||
}, | ||
bceid_basic_config: { | ||
username: fetchEnvParam('BCEID_BASIC_USERNAME'), | ||
password: fetchEnvParam('BCEID_BASIC_PASSWORD'), | ||
user_identifier: fetchEnvParam('BCEID_BASIC_USER_IDENTIFIER'), | ||
display_name: fetchEnvParam('BCEID_BASIC_DISPLAYNAME'), | ||
email: fetchEnvParam('BCEID_BASIC_EMAIL'), | ||
}, | ||
|
||
bceid_business_config: { | ||
username: fetchEnvParam('BCEID_BUSINESS_USERNAME'), | ||
password: fetchEnvParam('BCEID_BUSINESS_PASSWORD'), | ||
user_identifier: fetchEnvParam('BCEID_BUSINESS_USER_IDENTIFIER'), | ||
display_name: fetchEnvParam('BCEID_BUSINESS_DISPLAYNAME'), | ||
email: fetchEnvParam('BCEID_BUSINESS_EMAIL'), | ||
guid: fetchEnvParam('BCEID_BUSINESS_GUID'), | ||
legalname: fetchEnvParam('BCEID_BUSINESS_LEGALNAME'), | ||
}, | ||
}; |
Oops, something went wrong.