github.com/redhat-appstudio/e2e-tests@v0.0.0-20230619105049-9a422b2094d7/tests/spi/token-upload-rest-endpoint.go (about) 1 package spi 2 3 import ( 4 "fmt" 5 "time" 6 7 "github.com/redhat-appstudio/e2e-tests/pkg/constants" 8 "github.com/redhat-appstudio/e2e-tests/pkg/utils" 9 "github.com/redhat-appstudio/service-provider-integration-operator/api/v1beta1" 10 11 . "github.com/onsi/ginkgo/v2" 12 . "github.com/onsi/gomega" 13 "github.com/redhat-appstudio/e2e-tests/pkg/framework" 14 ) 15 16 /* 17 * Component: spi 18 * Description: SVPI-398 - Token upload rest endpoint and SVPI-404 - Check access to GitHub repository 19 * Note: To avoid code repetition, SVPI-404 was integrated with SVPI-398 20 21 * Test Scenario 1: Token upload rest endpoint [public repository] 22 * Test Scenario 2: Token upload rest endpoint [private repository] 23 * For more details, check AccessCheckTests in var.go 24 25 * Flow of each test: 26 * 1º - creates SPITokenBinding 27 * 2º - checks access to GitHub repository before token upload 28 * 3º - uploads token 29 * 4º - checks access to GitHub repository after token upload 30 */ 31 32 var _ = framework.SPISuiteDescribe(Label("spi-suite", "token-upload-rest-endpoint"), func() { 33 34 defer GinkgoRecover() 35 36 var fw *framework.Framework 37 var err error 38 var namespace string 39 40 for _, test := range AccessCheckTests { 41 test := test 42 43 Describe("SVPI-398 - Token upload rest endpoint: "+test.TestName, Ordered, func() { 44 BeforeAll(func() { 45 // Initialize the tests controllers 46 fw, err = framework.NewFramework(utils.GetGeneratedNamespace("spi-demos")) 47 Expect(err).NotTo(HaveOccurred()) 48 namespace = fw.UserNamespace 49 Expect(namespace).NotTo(BeEmpty()) 50 51 // collect SPI ResourceQuota metrics (temporary) 52 err := fw.AsKubeAdmin.CommonController.GetResourceQuotaInfo("token-upload-rest-endpoint", namespace, "appstudio-crds-spi") 53 Expect(err).NotTo(HaveOccurred()) 54 }) 55 56 // Clean up after running these tests and before the next tests block: can't have multiple AccessTokens in Injected phase 57 AfterAll(func() { 58 // collect SPI ResourceQuota metrics (temporary) 59 err := fw.AsKubeAdmin.CommonController.GetResourceQuotaInfo("token-upload-rest-endpoint", namespace, "appstudio-crds-spi") 60 Expect(err).NotTo(HaveOccurred()) 61 62 if !CurrentSpecReport().Failed() { 63 Expect(fw.AsKubeAdmin.SPIController.DeleteAllBindingTokensInASpecificNamespace(namespace)).To(Succeed()) 64 Expect(fw.AsKubeAdmin.SPIController.DeleteAllAccessTokensInASpecificNamespace(namespace)).To(Succeed()) 65 Expect(fw.AsKubeAdmin.SPIController.DeleteAllAccessTokenDataInASpecificNamespace(namespace)).To(Succeed()) 66 Expect(fw.AsKubeAdmin.SPIController.DeleteAllAccessChecksInASpecificNamespace(namespace)).To(Succeed()) 67 } 68 }) 69 70 var SPITokenBinding *v1beta1.SPIAccessTokenBinding 71 It("creates SPITokenBinding", func() { 72 SPITokenBinding, err = fw.AsKubeDeveloper.SPIController.CreateSPIAccessTokenBinding(SPITokenBindingName, namespace, test.RepoURL, "", "kubernetes.io/basic-auth") 73 Expect(err).NotTo(HaveOccurred()) 74 75 SPITokenBinding, err = fw.AsKubeDeveloper.SPIController.GetSPIAccessTokenBinding(SPITokenBinding.Name, namespace) 76 Expect(err).NotTo(HaveOccurred()) 77 }) 78 79 var SPIAccessCheck *v1beta1.SPIAccessCheck 80 Describe("SVPI-404 - Check access to GitHub repository before token upload", func() { 81 It("creates SPIAccessCheck", func() { 82 SPIAccessCheck, err = fw.AsKubeDeveloper.SPIController.CreateSPIAccessCheck(SPIAccessCheckPrefixName, namespace, test.RepoURL) 83 Expect(err).NotTo(HaveOccurred()) 84 85 SPIAccessCheck, err = fw.AsKubeDeveloper.SPIController.GetSPIAccessCheck(SPIAccessCheck.Name, namespace) 86 Expect(err).NotTo(HaveOccurred()) 87 }) 88 89 It("checks if repository is accessible", func() { 90 Eventually(func() bool { 91 SPIAccessCheck, err = fw.AsKubeDeveloper.SPIController.GetSPIAccessCheck(SPIAccessCheck.Name, namespace) 92 Expect(err).NotTo(HaveOccurred()) 93 94 // at this stage, before token upload, accessibility should be unknown (in case of private repo) or public (in case of public repo) 95 return SPIAccessCheck.Status.Accessibility == v1beta1.SPIAccessCheckAccessibilityUnknown || 96 SPIAccessCheck.Status.Accessibility == v1beta1.SPIAccessCheckAccessibilityPublic 97 }, 1*time.Minute, 5*time.Second).Should(BeTrue(), fmt.Sprintf("SPIAccessCheck '%s' has wrong info", SPIAccessCheck.Name)) 98 99 if test.Accessibility == v1beta1.SPIAccessCheckAccessibilityPublic { 100 // if public, the repository should be accessible 101 Expect(SPIAccessCheck.Status.Accessible).To(Equal(true)) 102 Expect(SPIAccessCheck.Status.Accessibility).To(Equal(test.Accessibility)) 103 } else { 104 // if private, the repository should not be accessible since the token was not upload yet 105 Expect(SPIAccessCheck.Status.Accessible).To(Equal(false)) 106 Expect(SPIAccessCheck.Status.Accessibility).To(Equal(v1beta1.SPIAccessCheckAccessibilityUnknown)) 107 } 108 109 Expect(SPIAccessCheck.Status.Type).To(Equal(test.RepoType)) 110 Expect(SPIAccessCheck.Status.ServiceProvider).To(Equal(test.ServiceProvider)) 111 }) 112 }) 113 114 // start of upload token 115 It("SPITokenBinding to be in AwaitingTokenData phase", func() { 116 // wait SPITokenBinding to be in AwaitingTokenData phase before trying to upload a token 117 Eventually(func() bool { 118 SPITokenBinding, err = fw.AsKubeDeveloper.SPIController.GetSPIAccessTokenBinding(SPITokenBinding.Name, namespace) 119 Expect(err).NotTo(HaveOccurred()) 120 121 return (SPITokenBinding.Status.Phase == v1beta1.SPIAccessTokenBindingPhaseAwaitingTokenData) 122 }, 1*time.Minute, 5*time.Second).Should(BeTrue(), "SPIAccessTokenBinding is not in AwaitingTokenData phase") 123 }) 124 125 It("uploads username and token using rest endpoint", func() { 126 // the UploadUrl in SPITokenBinding should be available before uploading the token 127 Eventually(func() bool { 128 SPITokenBinding, err = fw.AsKubeDeveloper.SPIController.GetSPIAccessTokenBinding(SPITokenBinding.Name, namespace) 129 Expect(err).NotTo(HaveOccurred()) 130 131 return SPITokenBinding.Status.UploadUrl != "" 132 }, 1*time.Minute, 10*time.Second).Should(BeTrue(), "uploadUrl not set") 133 Expect(err).NotTo(HaveOccurred()) 134 135 // linked accessToken token should exist 136 linkedAccessTokenName := SPITokenBinding.Status.LinkedAccessTokenName 137 Expect(linkedAccessTokenName).NotTo(BeEmpty()) 138 139 // get the url to manually upload the token 140 uploadURL := SPITokenBinding.Status.UploadUrl 141 Expect(uploadURL).NotTo(BeEmpty()) 142 143 // Get the token for the current openshift user 144 bearerToken, err := utils.GetOpenshiftToken() 145 Expect(err).NotTo(HaveOccurred()) 146 147 // build and upload the payload using the uploadURL. it should return 204 148 oauthCredentials := `{"access_token":"` + utils.GetEnv(constants.GITHUB_TOKEN_ENV, "") + `"}` 149 statusCode, err := fw.AsKubeDeveloper.SPIController.UploadWithRestEndpoint(uploadURL, oauthCredentials, bearerToken) 150 Expect(err).NotTo(HaveOccurred()) 151 Expect(statusCode).Should(Equal(204)) 152 }) 153 154 It("SPITokenBinding to be in Injected phase", func() { 155 Eventually(func() bool { 156 SPITokenBinding, err = fw.AsKubeDeveloper.SPIController.GetSPIAccessTokenBinding(SPITokenBinding.Name, namespace) 157 Expect(err).NotTo(HaveOccurred()) 158 return SPITokenBinding.Status.Phase == v1beta1.SPIAccessTokenBindingPhaseInjected 159 }, 1*time.Minute, 5*time.Second).Should(BeTrue(), "SPIAccessTokenBinding is not in Injected phase") 160 }) 161 162 It("SPIAccessToken exists and is in Read phase", func() { 163 Eventually(func() bool { 164 SPIAccessToken, err := fw.AsKubeDeveloper.SPIController.GetSPIAccessToken(SPITokenBinding.Status.LinkedAccessTokenName, namespace) 165 166 if err != nil { 167 return false 168 } 169 170 return (SPIAccessToken.Status.Phase == v1beta1.SPIAccessTokenPhaseReady) 171 }, 1*time.Minute, 5*time.Second).Should(BeTrue(), "SPIAccessToken should be in ready phase") 172 }) 173 // end of upload token 174 175 Describe("SVPI-404 - Check access to GitHub repository after token upload", func() { 176 It("creates SPIAccessCheck", func() { 177 SPIAccessCheck, err = fw.AsKubeDeveloper.SPIController.CreateSPIAccessCheck(SPIAccessCheckPrefixName, namespace, test.RepoURL) 178 Expect(err).NotTo(HaveOccurred()) 179 180 SPIAccessCheck, err = fw.AsKubeDeveloper.SPIController.GetSPIAccessCheck(SPIAccessCheck.Name, namespace) 181 Expect(err).NotTo(HaveOccurred()) 182 }) 183 184 It("checks if repository is accessible", func() { 185 Eventually(func() bool { 186 SPIAccessCheck, err = fw.AsKubeDeveloper.SPIController.GetSPIAccessCheck(SPIAccessCheck.Name, namespace) 187 Expect(err).NotTo(HaveOccurred()) 188 189 // both public and private repositories should be accessible, since the token was already uploaded 190 return SPIAccessCheck.Status.Accessible 191 }, 1*time.Minute, 5*time.Second).Should(BeTrue(), fmt.Sprintf("repository '%s' is not accessible", test.RepoURL)) 192 193 Expect(SPIAccessCheck.Status.Accessibility).To(Equal(test.Accessibility)) 194 Expect(SPIAccessCheck.Status.Type).To(Equal(test.RepoType)) 195 Expect(SPIAccessCheck.Status.ServiceProvider).To(Equal(test.ServiceProvider)) 196 }) 197 }) 198 }) 199 } 200 })