github.com/redhat-appstudio/e2e-tests@v0.0.0-20240520140907-9709f6f59323/tests/spi/token-upload-rest-endpoint.go (about) 1 package spi 2 3 import ( 4 "fmt" 5 "time" 6 7 "github.com/redhat-appstudio/e2e-tests/pkg/constants" 8 "github.com/redhat-appstudio/e2e-tests/pkg/utils" 9 "github.com/redhat-appstudio/service-provider-integration-operator/api/v1beta1" 10 11 . "github.com/onsi/ginkgo/v2" 12 . "github.com/onsi/gomega" 13 "github.com/redhat-appstudio/e2e-tests/pkg/framework" 14 ) 15 16 /* 17 * Component: spi 18 * Description: SVPI-398 - Token upload rest endpoint and SVPI-404 - Check access to GitHub repository 19 * Note: To avoid code repetition, SVPI-404 was integrated with SVPI-398 20 21 * Test Scenario 1: Token upload rest endpoint [public repository] 22 * Test Scenario 2: Token upload rest endpoint [private repository] 23 * For more details, check AccessCheckTests in var.go 24 25 * Flow of each test: 26 * 1º - creates SPITokenBinding 27 * 2º - checks access to GitHub repository before token upload 28 * 3º - uploads token 29 * 4º - checks access to GitHub repository after token upload 30 */ 31 32 var _ = framework.SPISuiteDescribe(Label("spi-suite", "token-upload-rest-endpoint"), func() { 33 34 defer GinkgoRecover() 35 36 var fw *framework.Framework 37 var err error 38 var namespace string 39 AfterEach(framework.ReportFailure(&fw)) 40 41 for _, test := range AccessCheckTests { 42 test := test 43 44 Describe("SVPI-398 - Token upload rest endpoint: "+test.TestName, Ordered, func() { 45 BeforeAll(func() { 46 // Initialize the tests controllers 47 fw, err = framework.NewFramework(utils.GetGeneratedNamespace("spi-demos")) 48 Expect(err).NotTo(HaveOccurred()) 49 namespace = fw.UserNamespace 50 Expect(namespace).NotTo(BeEmpty()) 51 52 // collect SPI ResourceQuota metrics (temporary) 53 err := fw.AsKubeAdmin.CommonController.GetResourceQuotaInfo("token-upload-rest-endpoint", namespace, "appstudio-crds-spi") 54 Expect(err).NotTo(HaveOccurred()) 55 }) 56 57 // Clean up after running these tests and before the next tests block: can't have multiple AccessTokens in Injected phase 58 AfterAll(func() { 59 // collect SPI ResourceQuota metrics (temporary) 60 err := fw.AsKubeAdmin.CommonController.GetResourceQuotaInfo("token-upload-rest-endpoint", namespace, "appstudio-crds-spi") 61 Expect(err).NotTo(HaveOccurred()) 62 63 if !CurrentSpecReport().Failed() { 64 Expect(fw.AsKubeAdmin.SPIController.DeleteAllBindingTokensInASpecificNamespace(namespace)).To(Succeed()) 65 Expect(fw.AsKubeAdmin.SPIController.DeleteAllAccessTokensInASpecificNamespace(namespace)).To(Succeed()) 66 Expect(fw.AsKubeAdmin.SPIController.DeleteAllAccessTokenDataInASpecificNamespace(namespace)).To(Succeed()) 67 Expect(fw.AsKubeAdmin.SPIController.DeleteAllAccessChecksInASpecificNamespace(namespace)).To(Succeed()) 68 } 69 }) 70 71 var SPITokenBinding *v1beta1.SPIAccessTokenBinding 72 It("creates SPITokenBinding", func() { 73 SPITokenBinding, err = fw.AsKubeDeveloper.SPIController.CreateSPIAccessTokenBinding(SPITokenBindingName, namespace, test.RepoURL, "", "kubernetes.io/basic-auth") 74 Expect(err).NotTo(HaveOccurred()) 75 76 SPITokenBinding, err = fw.AsKubeDeveloper.SPIController.GetSPIAccessTokenBinding(SPITokenBinding.Name, namespace) 77 Expect(err).NotTo(HaveOccurred()) 78 }) 79 80 var SPIAccessCheck *v1beta1.SPIAccessCheck 81 var SPIAccessToken *v1beta1.SPIAccessToken 82 83 Describe("SVPI-404 - Check access to GitHub repository before token upload", func() { 84 It("creates SPIAccessCheck", func() { 85 SPIAccessCheck, err = fw.AsKubeDeveloper.SPIController.CreateSPIAccessCheck(SPIAccessCheckPrefixName, namespace, test.RepoURL) 86 Expect(err).NotTo(HaveOccurred()) 87 88 SPIAccessCheck, err = fw.AsKubeDeveloper.SPIController.GetSPIAccessCheck(SPIAccessCheck.Name, namespace) 89 Expect(err).NotTo(HaveOccurred()) 90 }) 91 92 It("checks if repository is accessible", func() { 93 Eventually(func() v1beta1.SPIAccessCheckAccessibility { 94 SPIAccessCheck, err = fw.AsKubeDeveloper.SPIController.GetSPIAccessCheck(SPIAccessCheck.Name, namespace) 95 Expect(err).NotTo(HaveOccurred()) 96 // at this stage, before token upload, accessibility should be unknown (in case of private repo) or public (in case of public repo) 97 return SPIAccessCheck.Status.Accessibility 98 }, 1*time.Minute, 5*time.Second).Should(Or(Equal(v1beta1.SPIAccessCheckAccessibilityUnknown), Equal(v1beta1.SPIAccessCheckAccessibilityPublic)), 99 fmt.Sprintf("SPIAccessCheck %s/%s has wrong info in '.Status.Accessibility' field", SPIAccessCheck.GetNamespace(), SPIAccessCheck.GetName())) 100 101 if test.Accessibility == v1beta1.SPIAccessCheckAccessibilityPublic { 102 // if public, the repository should be accessible 103 Expect(SPIAccessCheck.Status.Accessible).To(BeTrue()) 104 Expect(SPIAccessCheck.Status.Accessibility).To(Equal(test.Accessibility)) 105 } else { 106 // if private, the repository should not be accessible since the token was not upload yet 107 Expect(SPIAccessCheck.Status.Accessible).To(BeFalse()) 108 Expect(SPIAccessCheck.Status.Accessibility).To(Equal(v1beta1.SPIAccessCheckAccessibilityUnknown)) 109 } 110 111 Expect(SPIAccessCheck.Status.Type).To(Equal(test.RepoType)) 112 Expect(SPIAccessCheck.Status.ServiceProvider).To(Equal(test.ServiceProvider)) 113 }) 114 }) 115 116 // start of upload token 117 It("SPITokenBinding to be in AwaitingTokenData phase", func() { 118 // wait SPITokenBinding to be in AwaitingTokenData phase before trying to upload a token 119 Eventually(func() v1beta1.SPIAccessTokenBindingPhase { 120 SPITokenBinding, err = fw.AsKubeDeveloper.SPIController.GetSPIAccessTokenBinding(SPITokenBinding.Name, namespace) 121 Expect(err).NotTo(HaveOccurred()) 122 123 return SPITokenBinding.Status.Phase 124 }, 1*time.Minute, 5*time.Second).Should(Equal(v1beta1.SPIAccessTokenBindingPhaseAwaitingTokenData), fmt.Sprintf("SPIAccessTokenBinding %s/%s is not in %s phase", SPITokenBinding.GetNamespace(), SPITokenBinding.GetName(), v1beta1.SPIAccessTokenBindingPhaseAwaitingTokenData)) 125 }) 126 127 It("uploads username and token using rest endpoint", func() { 128 // the UploadUrl in SPITokenBinding should be available before uploading the token 129 Eventually(func() string { 130 SPITokenBinding, err = fw.AsKubeDeveloper.SPIController.GetSPIAccessTokenBinding(SPITokenBinding.Name, namespace) 131 Expect(err).NotTo(HaveOccurred()) 132 133 return SPITokenBinding.Status.UploadUrl 134 }, 1*time.Minute, 10*time.Second).ShouldNot(BeEmpty(), fmt.Sprintf(".Status.TokenUploadUrl field in SPIFileContentRequest %s/%s is empty", SPITokenBinding.GetNamespace(), SPITokenBinding.GetName())) 135 Expect(err).NotTo(HaveOccurred()) 136 137 // linked accessToken token should exist 138 linkedAccessTokenName := SPITokenBinding.Status.LinkedAccessTokenName 139 Expect(linkedAccessTokenName).NotTo(BeEmpty()) 140 141 // get the url to manually upload the token 142 uploadURL := SPITokenBinding.Status.UploadUrl 143 144 // Get the token for the current openshift user 145 bearerToken, err := utils.GetOpenshiftToken() 146 Expect(err).NotTo(HaveOccurred()) 147 148 // build and upload the payload using the uploadURL. it should return 204 149 oauthCredentials := `{"access_token":"` + utils.GetEnv(constants.GITHUB_TOKEN_ENV, "") + `"}` 150 statusCode, err := fw.AsKubeDeveloper.SPIController.UploadWithRestEndpoint(uploadURL, oauthCredentials, bearerToken) 151 Expect(err).NotTo(HaveOccurred()) 152 Expect(statusCode).Should(Equal(204)) 153 }) 154 155 It("SPITokenBinding to be in Injected phase", func() { 156 Eventually(func() v1beta1.SPIAccessTokenBindingPhase { 157 SPITokenBinding, err = fw.AsKubeDeveloper.SPIController.GetSPIAccessTokenBinding(SPITokenBinding.Name, namespace) 158 Expect(err).NotTo(HaveOccurred()) 159 return SPITokenBinding.Status.Phase 160 }, 1*time.Minute, 5*time.Second).Should(Equal(v1beta1.SPIAccessTokenBindingPhaseInjected), fmt.Sprintf("SPIAccessTokenBinding %s/%s is not in %s phase", SPITokenBinding.GetNamespace(), SPITokenBinding.GetName(), v1beta1.SPIAccessTokenBindingPhaseInjected)) 161 }) 162 163 It("SPIAccessToken exists and is in Ready phase", func() { 164 Eventually(func() (v1beta1.SPIAccessTokenPhase, error) { 165 SPIAccessToken, err = fw.AsKubeDeveloper.SPIController.GetSPIAccessToken(SPITokenBinding.Status.LinkedAccessTokenName, namespace) 166 if err != nil { 167 return "", err 168 } 169 return SPIAccessToken.Status.Phase, nil 170 }, 2*time.Minute, 5*time.Second).Should(Equal(v1beta1.SPIAccessTokenPhaseReady), fmt.Sprintf("SPIAccessToken for SPITokenBinding %s/%s should be in %s phase", SPITokenBinding.GetNamespace(), SPITokenBinding.GetName(), v1beta1.SPIAccessTokenPhaseReady)) 171 }) 172 // end of upload token 173 174 Describe("SVPI-404 - Check access to GitHub repository after token upload", func() { 175 It("creates SPIAccessCheck", func() { 176 SPIAccessCheck, err = fw.AsKubeDeveloper.SPIController.CreateSPIAccessCheck(SPIAccessCheckPrefixName, namespace, test.RepoURL) 177 Expect(err).NotTo(HaveOccurred()) 178 179 SPIAccessCheck, err = fw.AsKubeDeveloper.SPIController.GetSPIAccessCheck(SPIAccessCheck.Name, namespace) 180 Expect(err).NotTo(HaveOccurred()) 181 }) 182 183 It("checks if repository is accessible", func() { 184 Eventually(func() bool { 185 SPIAccessCheck, err = fw.AsKubeDeveloper.SPIController.GetSPIAccessCheck(SPIAccessCheck.Name, namespace) 186 Expect(err).NotTo(HaveOccurred()) 187 188 // both public and private repositories should be accessible, since the token was already uploaded 189 return SPIAccessCheck.Status.Accessible 190 }, 1*time.Minute, 5*time.Second).Should(BeTrue(), fmt.Sprintf("repository '%s' is not accessible", test.RepoURL)) 191 192 Expect(SPIAccessCheck.Status.Accessibility).To(Equal(test.Accessibility)) 193 Expect(SPIAccessCheck.Status.Type).To(Equal(test.RepoType)) 194 Expect(SPIAccessCheck.Status.ServiceProvider).To(Equal(test.ServiceProvider)) 195 }) 196 }) 197 }) 198 } 199 })