test: enable auth providers for nightly jobs (redhat-developer#1923)

* enable auth providers for nightly jobs

* enable auth providers for nightly jobs

* enable auth providers for nightly jobs

* enable auth providers for nightly jobs

* enable auth providers for nightly jobs

* fix error

* fix error

* fix error

* fixes

* fix helm delete

* fix login timeout

* fix timeouts

* fix timeouts

* fix timeouts

* fix timeouts

* fix timeouts

* fix timeouts

* fix timeouts

* fix timeouts

* fix timeouts

* fix timeouts

* fix timeouts

* fix timeouts

* fix timeouts

* fix timeouts

* fix timeouts

* fix timeouts

* fix timeouts

* fix timeouts

* fix gh test

* add config for nightly job

* fix lint errors

* fix lint errors

Author: albarbaro

.ibm/pipelines/env_variables.sh

@@ -107,4 +107,33 @@ GKE_SERVICE_ACCOUNT_NAME=$(cat /tmp/secrets/GKE_SERVICE_ACCOUNT_NAME)
 GKE_CERT_NAME=$(cat /tmp/secrets/GKE_CERT_NAME)
 GOOGLE_CLOUD_PROJECT=$(cat /tmp/secrets/GOOGLE_CLOUD_PROJECT)
 
+# authentication providers variables
+RHSSO76_ADMIN_USERNAME=$(cat /tmp/secrets/RHSSO76_ADMIN_USERNAME)
+RHSSO76_ADMIN_PASSWORD=$(cat /tmp/secrets/RHSSO76_ADMIN_PASSWORD)
+RHSSO76_DEFAULT_PASSWORD=$(cat /tmp/secrets/RHSSO76_DEFAULT_PASSWORD)
+RHSSO76_URL=$(cat /tmp/secrets/RHSSO76_URL)
+RHSSO76_CLIENT_SECRET=$(cat /tmp/secrets/RHSSO76_CLIENT_SECRET)
+RHSSO76_CLIENT_ID="myclient"
+AUTH_PROVIDERS_REALM_NAME="authProviders"
+
+AZURE_LOGIN_USERNAME=$(cat /tmp/secrets/AZURE_LOGIN_USERNAME)
+AZURE_LOGIN_PASSWORD=$(cat /tmp/secrets/AZURE_LOGIN_PASSWORD)
+AUTH_PROVIDERS_AZURE_CLIENT_ID=$(cat /tmp/secrets/AUTH_PROVIDERS_AZURE_CLIENT_ID)
+AUTH_PROVIDERS_AZURE_CLIENT_SECRET=$(cat /tmp/secrets/AUTH_PROVIDERS_AZURE_CLIENT_SECRET)
+AUTH_PROVIDERS_AZURE_TENANT_ID=$(cat /tmp/secrets/AUTH_PROVIDERS_AZURE_TENANT_ID)
+
+AUTH_PROVIDERS_GH_ORG_NAME="rhdhqeauthorg"
+AUTH_ORG_APP_ID=$(cat /tmp/secrets/AUTH_ORG_APP_ID)
+AUTH_ORG_CLIENT_ID=$(cat /tmp/secrets/AUTH_ORG_CLIENT_ID)
+AUTH_ORG_CLIENT_SECRET=$(cat /tmp/secrets/AUTH_ORG_CLIENT_SECRET)
+AUTH_ORG1_PRIVATE_KEY=$(cat /tmp/secrets/AUTH_ORG1_PRIVATE_KEY)
+AUTH_ORG_PK=$(cat /tmp/secrets/AUTH_ORG_PK)
+AUTH_ORG_WEBHOOK_SECRET=$(cat /tmp/secrets/AUTH_ORG_WEBHOOK_SECRET)
+GH_USER_PASSWORD=$(cat /tmp/secrets/GH_USER_PASSWORD)
+
+AUTH_PROVIDERS_RELEASE="rhdh-auth-providers"
+AUTH_PROVIDERS_NAMESPACE="showcase-auth-providers"
+STATIC_API_TOKEN="somecicdtoken"
+AUTH_PROVIDERS_CHART="rhdh-chart/backstage"
+
 set +a  # Stop automatically exporting variables

.ibm/pipelines/openshift-ci-tests.sh

@@ -282,7 +282,11 @@ run_tests() {
   cp -a /tmp/backstage-showcase/e2e-tests/${JUNIT_RESULTS} "${ARTIFACT_DIR}/${project}/${JUNIT_RESULTS}"
 
   if [ -d "/tmp/backstage-showcase/e2e-tests/screenshots" ]; then
-      cp -a /tmp/backstage-showcase/e2e-tests/screenshots/* "${ARTIFACT_DIR}/${project}/attachments/screenshots/"
+    cp -a /tmp/backstage-showcase/e2e-tests/screenshots/* "${ARTIFACT_DIR}/${project}/attachments/screenshots/"
+  fi
+
+  if [ -d "/tmp/backstage-showcase/e2e-tests/auth-providers-logs" ]; then
+    cp -a /tmp/backstage-showcase/e2e-tests/auth-providers-logs/* "${ARTIFACT_DIR}/${project}/"
   fi
 
   ansi2html <"/tmp/${LOGFILE}" >"/tmp/${LOGFILE}.html"
@@ -487,6 +491,8 @@ main() {
     initiate_rbac_gke_deployment
     check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC_K8S}"
     delete_namespace "${NAME_SPACE_RBAC_K8S}"
+  elif [[ "$JOB_NAME" == *auth-providers* ]]; then
+    run_tests "${AUTH_PROVIDERS_RELEASE}" "${AUTH_PROVIDERS_NAMESPACE}"
   else
     initiate_deployments
     check_and_test "${RELEASE_NAME}" "${NAME_SPACE}"

.ibm/pipelines/value_files/values_showcase-auth-provider-diff-rhbk.yaml

@@ -0,0 +1,24 @@
+upstream:
+  backstage:
+    appConfig:
+      auth:
+        providers:
+          oidc:
+            production:
+              metadataUrl: ${RHBK_METADATA_URL}
+              clientId: ${RHBK_CLIENT_ID}
+              clientSecret: ${RHBK_CLIENT_SECRET}
+              prompt: auto 
+              callbackUrl: ${RHBK_CALLBACK_URL}
+      catalog:
+        providers:
+          keycloakOrg:
+            default:
+              baseUrl: ${RHBK_URL}
+              loginRealm: ${AUTH_PROVIDERS_REALM_NAME}
+              realm: ${AUTH_PROVIDERS_REALM_NAME}
+              clientId: ${RHBK_CLIENT_ID}
+              clientSecret: ${RHBK_CLIENT_SECRET}
+              schedule:
+                frequency: { minutes: 1 }
+                timeout: { minutes: 1 }

.ibm/pipelines/value_files/values_showcase-auth-providers.yaml

@@ -65,7 +65,7 @@ upstream:
               githubUrl: https://github.com
               orgs: ['${AUTH_PROVIDERS_GH_ORG_NAME}']
               schedule:
-                initialDelay: { seconds: 10 }
+                initialDelay: { seconds: 0 }
                 frequency: { minutes: 1 }
                 timeout: { minutes: 1 }
           microsoftGraphOrg:
@@ -105,12 +105,19 @@ upstream:
               - name: user:default/qeadmin_rhdhtesting.onmicrosoft.com
               - name: user:default/rhsso_admin
               - name: user:default/rhdhqeauthadmin
+      backend:
+        auth:
+          externalAccess:
+            - type: static
+              options:
+                token: "somecicdtoken"
+                subject: e2e-tests-ci
     extraEnvVarsSecrets:
       - rhdh-secrets
     image:
       registry: quay.io
       repository: rhdh/rhdh-hub-rhel9
-      tag: '1.3'
+      tag: 'next'
     readinessProbe:
       failureThreshold: 3
       httpGet:

e2e-tests/playwright.config.ts

@@ -67,10 +67,7 @@ export default defineConfig({
     },
     {
       name: "showcase-auth-providers",
-      use: {
-        ...devices["Desktop Chrome"],
-        viewport: { width: 1920, height: 1080 },
-      },
+      ...useCommonDeviceAndViewportConfig,
       testMatch: ["**/playwright/e2e/authProviders/*.spec.ts"],
       testIgnore: [
         "**/playwright/e2e/authProviders/setup-environment.spec.ts",
@@ -79,7 +76,7 @@ export default defineConfig({
       ],
       dependencies: ["showcase-auth-providers-setup-environment"],
       teardown: "showcase-auth-providers-clear-environment",
-      retries: 2,
+      retries: 1,
     },
     {
       name: "showcase-auth-providers-setup-environment",

e2e-tests/playwright/e2e/authProviders/basic-authentication.spec.ts

@@ -2,6 +2,8 @@ import { test, Page, expect } from "@playwright/test";
 import { Common, setupBrowser } from "../../utils/common";
 import { UIhelper } from "../../utils/ui-helper";
 import * as constants from "../../utils/authenticationProviders/constants";
+import { dumpAllPodsLogs, dumpRHDHUsersAndGroups } from "../../utils/helper";
+import { APIHelper } from "../../utils/api-helper";
 import { LOGGER } from "../../utils/logger";
 import { HelmActions } from "../../utils/helm";
 
@@ -39,16 +41,16 @@ test.describe("Standard authentication providers: Basic authentication", () => {
       constants.QUAY_REPO,
       constants.TAG_NAME,
       [
-        "--set upstream.backstage.appConfig.auth.providers=null",
+        "--set upstream.backstage.appConfig.auth.providers.guest.dangerouslyAllowOutsideDevelopment=false",
         "--set upstream.backstage.appConfig.auth.environment=development",
         "--set upstream.backstage.appConfig.catalog.providers=null",
+        "--set upstream.backstage.appConfig.permission.enabled=false",
       ],
     );
 
     // Guest login should work
     await common.loginAsGuest();
-    await uiHelper.openSidebar("Settings");
-    await uiHelper.verifyHeading("Guest");
+    await page.goto("/");
     await uiHelper.openSidebar("Settings");
     await common.signOut();
   });
@@ -77,6 +79,7 @@ test.describe("Standard authentication providers: Basic authentication", () => {
         "--set upstream.backstage.appConfig.auth.environment=development",
         "--set upstream.backstage.appConfig.signInPage=microsoft",
         "--set upstream.backstage.appConfig.catalog.providers=null",
+        "--set upstream.backstage.appConfig.permission.enabled=false",
       ],
     );
 
@@ -112,6 +115,7 @@ test.describe("Standard authentication providers: Basic authentication", () => {
         "--set upstream.backstage.appConfig.signInPage=microsoft",
         "--set upstream.backstage.appConfig.dangerouslyAllowSignInWithoutUserInCatalog=true",
         "--set upstream.backstage.appConfig.catalog.providers=null",
+        "--set upstream.backstage.appConfig.permission.enabled=false",
       ],
     );
 
@@ -124,10 +128,10 @@ test.describe("Standard authentication providers: Basic authentication", () => {
     await uiHelper.verifyParagraph(constants.AZURE_LOGIN_USERNAME);
 
     // check no entities are in the catalog
-    await page.goto("/catalog?filters[kind]=user&filters[user]=all");
-    await uiHelper.verifyHeading("My Org Catalog");
-    await uiHelper.searchInputPlaceholder(constants.AZURE_LOGIN_FIRSTNAME);
-    await uiHelper.verifyRowsInTable(["No records to display"]);
+    const api = new APIHelper();
+    api.UseStaticToken(constants.STATIC_API_TOKEN);
+    const catalogUsers = await api.getAllCatalogUsersFromAPI();
+    expect(catalogUsers.totalItems).toBe(0);
     await uiHelper.openSidebar("Settings");
     await common.signOut();
   });
@@ -154,6 +158,7 @@ test.describe("Standard authentication providers: Basic authentication", () => {
         "--set upstream.backstage.appConfig.signInPage=microsoft",
         "--set upstream.backstage.appConfig.dangerouslyAllowSignInWithoutUserInCatalog=true",
         "--set upstream.backstage.appConfig.catalog.providers=null",
+        "--set upstream.backstage.appConfig.permission.enabled=false",
       ],
     );
 
@@ -162,7 +167,15 @@ test.describe("Standard authentication providers: Basic authentication", () => {
     const singInMethods = await page
       .locator("div[class^='MuiCardHeader-root']")
       .allInnerTexts();
-    console.log(singInMethods);
     expect(singInMethods).not.toContain("Guest");
   });
+
+  test.afterEach(async () => {
+    if (test.info().status !== test.info().expectedStatus) {
+      const prefix = `${test.info().testId}_${test.info().retry}`;
+      LOGGER.info(`Dumping logs with prefix ${prefix}`);
+      await dumpAllPodsLogs(prefix, constants.LOGS_FOLDER);
+      await dumpRHDHUsersAndGroups(prefix, constants.LOGS_FOLDER);
+    }
+  });
 });