bcgov · rustyjux · Apr 24, 2024 · Sep 30, 2022 · Oct 19, 2022 · Oct 19, 2022
diff --git a/.github/workflows/aps-cypress-e2e.yaml b/.github/workflows/aps-cypress-e2e.yaml
@@ -89,6 +89,12 @@ jobs:
           name: test-results
           path: ${{ github.workspace }}/e2e/results/report
 
+      - name: Upload E2E Code Coverage Report
+        uses: actions/upload-artifact@v2
+        with:
+          name: code-coverage
+          path: ${{ github.workspace }}/e2e/coverage
+
       - name: SonarCloud Scan
         uses: sonarsource/sonarcloud-github-action@master
         with:

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -9,7 +9,7 @@ x-common-variables: &common-variables
 
 services:
   keycloak:
-    image: jboss/keycloak:15.1.1
+    image: quay.io/keycloak/keycloak:15.1.1
     container_name: keycloak
     hostname: keycloak
     depends_on:
@@ -237,5 +237,31 @@ services:
       - aps-net
     profiles:
       - testsuite
+  astra-mongo:
+    image: mongo:4.2.2
+    container_name: astra-mongo
+    ports:
+      - '27017:27017'
+    networks:
+      aps-net:
+        aliases:
+          - mongo.localtest.me
+  astra-gui:
+    build:
+      context: local/astra
+    container_name: astra-gui
+    restart: always
+    environment:
+      MONGO_PORT_27017_TCP_ADDR: astra-mongo
+    networks:
+      aps-net:
+        aliases:
+          - astra.localtest.me
+    depends_on:
+      - astra-mongo
+    links:
+      - astra-mongo:mongo
+    ports:
+      - '8094:8094'
 networks:
-  aps-net: {}
+  aps-net: {}
diff --git a/e2e/cypress.config.ts b/e2e/cypress.config.ts
@@ -27,7 +27,8 @@ export default defineConfig({
       './cypress/tests/14-*/*.ts',
       './cypress/tests/15-*/*.ts',
       './cypress/tests/16-*/*.ts',
-      './cypress/tests/17-*/*.ts'
+      './cypress/tests/17-*/*.ts',
+      './cypress/tests/18-*/*.ts'
     ]
       return config
     },

diff --git a/e2e/cypress/downloads/downloads.html b/e2e/cypress/downloads/downloads.html
diff --git a/e2e/cypress/fixtures/state/scanID.json b/e2e/cypress/fixtures/state/scanID.json
@@ -0,0 +1,4 @@
+{
+  "items": [
+  ]
+}
diff --git a/e2e/cypress/fixtures/state/scanResult.json b/e2e/cypress/fixtures/state/scanResult.json
diff --git a/e2e/cypress/support/auth-commands.ts b/e2e/cypress/support/auth-commands.ts
@@ -422,17 +422,50 @@ Cypress.Commands.add('setAuthorizationToken', (token: string) => {
 })
 
 Cypress.Commands.add('makeAPIRequest', (endPoint: string, methodType: string) => {
+
   let body = {}
-
+  let requestData: any = {}
   if (methodType.toUpperCase() === 'PUT' || methodType.toUpperCase() === 'POST') {
     body = requestBody
   }
-  return cy.request({
-    url: Cypress.env('BASE_URL') + '/' + endPoint,
-    method: methodType,
-    body: body,
+
+  requestData['appname'] = "Test1"
+  requestData['url'] = Cypress.env('BASE_URL') + '/' + endPoint
+  requestData['headers'] = headers
+  requestData['body'] = ""
+  requestData['method'] = methodType
+
+  cy.request({
+    url: 'http://astra.localtest.me:8094/scan/',
+    method: 'POST',
+    body: requestData,
     headers: headers,
     failOnStatusCode: false
+  }).then((response1) => {
+    // Second API request
+    cy.request({
+      url: Cypress.env('BASE_URL') + '/' + endPoint,
+      method: methodType,
+      body: body,
+      headers: headers,
+      failOnStatusCode: false
+    }).then((response2) => {
+      // You can also return data or use it in further tests
+      const responseData = {
+        data1: response1,
+        data2: response2,
+      };
+      // cy.addToGlobalList(response2.body.status)
+      return responseData;
+    })
+  });
+})
+
+Cypress.Commands.add('makeAPIRequestForScanResult', (scanID: string) => {
+  return cy.request({
+    url:  'http://astra.localtest.me:8094/alerts/' + scanID,
+    method: 'GET',
+    failOnStatusCode: false
   })
 })
 

diff --git a/e2e/cypress/support/global.d.ts b/e2e/cypress/support/global.d.ts
@@ -101,5 +101,11 @@ declare namespace Cypress {
     updateJsonBoby(json: any, key: string, newValue: string):Chainable<any>
 
     deleteFileInE2EFolder(fileName: string):Chainable<any>
+
+    addToGlobalList(item: any):Chainable<any>
+
+    checkAstraScanResultForVulnerability():Chainable<any>
+
+    makeAPIRequestForScanResult(scanID: string): Chainable<Cypress.Response<any>>
   }
 }
diff --git a/e2e/cypress/support/util-commands.ts b/e2e/cypress/support/util-commands.ts
@@ -170,6 +170,21 @@ Cypress.Commands.add('deleteFileInE2EFolder', (fileName: string) => {
   }
 });
 
+Cypress.Commands.add('addToGlobalList', (item) => {
+  cy.readFile('cypress/fixtures/state/scanID.json').then((fileContent) => {
+    // Initialize the list if it doesn't exist
+    const items = fileContent.items || [];
+
+    // Append the new item to the list
+    items.push(item);
+
+    // Create an object with the updated list
+    const updatedData = { items };
+
+    // Write the updated object back to the file
+    cy.writeFile('cypress/fixtures/state/scanID.json', updatedData);
+  });
+});
 
 Cypress.Commands.add('replaceWord', (originalString: string, wordToReplace: string, replacementWord: string)=> {
   // Create a regular expression with the 'g' flag for global search
@@ -180,4 +195,34 @@ Cypress.Commands.add('replaceWord', (originalString: string, wordToReplace: stri
   replacedString = originalString.replace(regex, replacementWord);
 
   return replacedString;
+})
+
+Cypress.Commands.add('checkAstraScanResultForVulnerability', () => {
+  let aggregatedData = {};
+  let existingData: any = [];
+  let flag = false
+  cy.readFile('cypress/fixtures/state/scanID.json').then((fileContent) => {
+    fileContent.items.forEach((item: string) => {
+      // Perform an action based on each item in the array
+      cy.makeAPIRequestForScanResult(item).then((response) => {
+        const newResponse = JSON.parse(JSON.stringify(response.body));
+        existingData.push(newResponse);
+      });
+    });
+  }).then(() => {
+    cy.writeFile('cypress/fixtures/state/scanResult.json', JSON.stringify(existingData))
+    for (var i = 0; i < existingData.length; i++) {
+      var jsonObject = existingData[i];
+      for (var j = 0; i < jsonObject.length; i++) {
+        if (jsonObject[j].hasOwnProperty("impact") &&
+          ["High", "Medium"].includes(jsonObject[j]["impact"])) {
+          flag = true;
+        }
+      }
+    }
+  }).then(()=>{
+    if (flag){
+      assert.fail("Some of the results have high or medium severity security vulnerabilities. Please check the result file for more details.");
+    }
+  })
 })
diff --git a/e2e/cypress/tests/01-api-key/01-create-api.cy.ts b/e2e/cypress/tests/01-api-key/01-create-api.cy.ts
@@ -102,8 +102,8 @@ it('Verify gwa gateway publish multiple config file', () => {
     cy.get('@api').then(({ organization }: any) => {
       cy.setHeaders(organization.headers)
       cy.setAuthorizationToken(userSession)
-      cy.makeAPIRequest(organization.endPoint + '/' + organization.orgName + '/' + organization.orgExpectedList.name + '/namespaces/' + nameSpace, 'PUT').then((response) => {
-        expect(response.status).to.be.equal(200)
+      cy.makeAPIRequest(organization.endPoint + '/' + organization.orgName + '/' + organization.orgExpectedList.name + '/namespaces/' + nameSpace, 'PUT').then((response:any) => {
+        expect(response.data2.status).to.be.equal(200)
       })
     })
   })

diff --git a/e2e/cypress/tests/01-api-key/09-gwa-get.ts b/e2e/cypress/tests/01-api-key/09-gwa-get.ts
@@ -53,8 +53,8 @@ describe('Verify GWA get commands', () => {
       cy.get('@api').then(({ apiDirectory }: any) => {
         cy.setHeaders(apiDirectory.headers)
         cy.setAuthorizationToken(userSession)
-        cy.makeAPIRequest(apiDirectory.endPoint + '/' + _namespace + '/directory', 'GET').then((res) => {
-          resObj = res.body[0]
+        cy.makeAPIRequest(apiDirectory.endPoint + '/' + _namespace + '/directory', 'GET').then((res:any) => {
+          resObj = res.data2.body[0]
           Cypress._.isEqual(resObj, JSON.parse(response.stdout)[0])
         })
       })

diff --git a/e2e/cypress/tests/02-client-credential-flow/03-client-cred-create-api-prod-auth-pro.cy.ts b/e2e/cypress/tests/02-client-credential-flow/03-client-cred-create-api-prod-auth-pro.cy.ts
@@ -83,8 +83,8 @@ describe('Create API, Product, and Authorization Profiles; Apply Auth Profiles t
     cy.get('@api').then(({ organization }: any) => {
       cy.setHeaders(organization.headers)
       cy.setAuthorizationToken(userSession)
-      cy.makeAPIRequest(organization.endPoint + '/' + organization.orgName + '/' + organization.orgExpectedList.name + '/namespaces/' + nameSpace, 'PUT').then((response) => {
-        expect(response.status).to.be.equal(200)
+      cy.makeAPIRequest(organization.endPoint + '/' + organization.orgName + '/' + organization.orgExpectedList.name + '/namespaces/' + nameSpace, 'PUT').then((response:any) => {
+        expect(response.data2.status).to.be.equal(200)
       })
     })
   })

diff --git a/e2e/cypress/tests/09-update-product-env/06-shared-idp.cy.ts b/e2e/cypress/tests/09-update-product-env/06-shared-idp.cy.ts
@@ -56,9 +56,9 @@ describe('Apply Shared IDP while creating Authorization Profile', () => {
 
   it('Publish the Shared IDP profile', () => {
     cy.get('@common-testdata').then(({ namespace }: any) => {
-      cy.makeAPIRequest('ds/api/v2/namespaces/' + namespace + '/issuers', 'PUT').then((response) => {
-        expect(response.status).to.be.equal(200)
-        expect(response.body.result).to.be.contain('created')
+      cy.makeAPIRequest('ds/api/v2/namespaces/' + namespace + '/issuers', 'PUT').then((response:any) => {
+        expect(response.data2.status).to.be.equal(200)
+        expect(response.data2.body.result).to.be.contain('created')
       })
     })
   })
@@ -121,8 +121,8 @@ describe('Update IDP issuer for shared IDP profile', () => {
 
   it('Put the resource and verify the success code in the response', () => {
     cy.get('@common-testdata').then(({ namespace }: any) => {
-      cy.makeAPIRequest('ds/api/v2/namespaces/' + namespace + '/issuers', 'PUT').then((response) => {
-        expect(response.status).to.be.equal(200)
+      cy.makeAPIRequest('ds/api/v2/namespaces/' + namespace + '/issuers', 'PUT').then((response:any) => {
+        expect(response.data2.status).to.be.equal(200)
       })
     })
   })

diff --git a/e2e/cypress/tests/10-clear-resources/01-create-api.cy.ts b/e2e/cypress/tests/10-clear-resources/01-create-api.cy.ts
@@ -83,8 +83,8 @@ describe('Create API Spec for Delete Resources', () => {
     cy.get('@api').then(({ organization }: any) => {
       cy.setHeaders(organization.headers)
       cy.setAuthorizationToken(userSession)
-      cy.makeAPIRequest(organization.endPoint + '/' + organization.orgName + '/' + organization.orgExpectedList.name + '/namespaces/' + namespace, 'PUT').then((response) => {
-        expect(response.status).to.be.equal(200)
+      cy.makeAPIRequest(organization.endPoint + '/' + organization.orgName + '/' + organization.orgExpectedList.name + '/namespaces/' + namespace, 'PUT').then((response:any) => {
+        expect(response.data2.status).to.be.equal(200)
       })
     })
   })

diff --git a/e2e/cypress/tests/11-activity-feed/01-activity-feed.cy.ts b/e2e/cypress/tests/11-activity-feed/01-activity-feed.cy.ts
@@ -53,9 +53,9 @@ describe('API Tests for Activity report', () => {
 
     it('Get the resource and verify the success code in the response', () => {
         cy.get('@api').then(({ namespaces }: any) => {
-            cy.makeAPIRequest(namespaces.endPoint + "/" + nameSpace + "/activity?first=100", 'GET').then((res) => {
-                expect(res.status).to.be.equal(200)
-                response = res.body
+            cy.makeAPIRequest(namespaces.endPoint + "/" + nameSpace + "/activity?first=100", 'GET').then((res:any) => {
+                expect(res.data2.status).to.be.equal(200)
+                response = res.data2.body
             })
         })
     })
@@ -80,9 +80,9 @@ describe('Generate activity response from APS V2 API', () => {
 
     it('Get the resource and verify the success code in the response', () => {
         cy.get('@api').then(({ namespaces }: any) => {
-            cy.makeAPIRequest(namespaces.endPoint + "/" + nameSpace + "/activity?first=100", 'GET').then((res) => {
-                expect(res.status).to.be.equal(200)
-                response = res.body
+            cy.makeAPIRequest(namespaces.endPoint + "/" + nameSpace + "/activity?first=100", 'GET').then((res:any) => {
+                expect(res.data2.status).to.be.equal(200)
+                response = res.data2.body
             })
         })
     })

diff --git a/e2e/cypress/tests/11-activity-feed/02-activity-feed-failure.cy.ts b/e2e/cypress/tests/11-activity-feed/02-activity-feed-failure.cy.ts
@@ -96,9 +96,9 @@ describe('Create API, Product, and Authorization Profiles; Apply Auth Profiles t
 
   it('Get the resource and verify the success code in the response', () => {
     cy.get('@api').then(({ namespaces }: any) => {
-      cy.makeAPIRequest(namespaces.endPoint + "/" + nameSpace + "/activity?first=100", 'GET').then((res) => {
-        expect(res.status).to.be.equal(200)
-        response = res.body
+      cy.makeAPIRequest(namespaces.endPoint + "/" + nameSpace + "/activity?first=100", 'GET').then((res:any) => {
+        expect(res.data2.status).to.be.equal(200)
+        response = res.data2.body
       })
     })
   })

diff --git a/e2e/cypress/tests/12-access-permission/01-create-api.cy.ts b/e2e/cypress/tests/12-access-permission/01-create-api.cy.ts
@@ -81,8 +81,8 @@ describe('Create API Spec', () => {
     cy.get('@api').then(({ organization }: any) => {
       cy.setHeaders(organization.headers)
       cy.setAuthorizationToken(userSession)
-      cy.makeAPIRequest(organization.endPoint + '/' + organization.orgName + '/' + organization.orgExpectedList.name + '/namespaces/' + namespace, 'PUT').then((response) => {
-        expect(response.status).to.be.equal(200)
+      cy.makeAPIRequest(organization.endPoint + '/' + organization.orgName + '/' + organization.orgExpectedList.name + '/namespaces/' + namespace, 'PUT').then((response:any) => {
+        expect(response.data2.status).to.be.equal(200)
       })
     })
   })

diff --git a/e2e/cypress/tests/12-access-permission/09-content-publish.cy.ts b/e2e/cypress/tests/12-access-permission/09-content-publish.cy.ts
@@ -52,9 +52,9 @@ describe('Verify Content Publish Permission', () => {
 
   it('Verify that the document is not published without "Content.Publish" permission', () => {
     cy.get('@api').then(({ documentation }: any) => {
-      cy.makeAPIRequest(documentation.endPoint, 'PUT').then((response) => {
-        expect(response.status).to.be.equal(401)
-        expect(response.body.message).contain('Missing authorization scope')
+      cy.makeAPIRequest(documentation.endPoint, 'PUT').then((response:any) => {
+        expect(response.data2.status).to.be.equal(401)
+        expect(response.data2.body.message).contain('Missing authorization scope')
       })
     })
   })

diff --git a/e2e/cypress/tests/15-aps-api/01-create-api.cy.ts b/e2e/cypress/tests/15-aps-api/01-create-api.cy.ts
@@ -60,8 +60,8 @@ describe('Create API Spec', () => {
     cy.get('@api').then(({ organization }: any) => {
       cy.setHeaders(organization.headers)
       cy.setAuthorizationToken(userSession)
-      cy.makeAPIRequest(organization.endPoint + '/' + organization.orgName + '/' + organization.orgExpectedList.name + '/namespaces/' + namespace, 'PUT').then((response) => {
-        expect(response.status).to.be.equal(200)
+      cy.makeAPIRequest(organization.endPoint + '/' + organization.orgName + '/' + organization.orgExpectedList.name + '/namespaces/' + namespace, 'PUT').then((response:any) => {
+        expect(response.data2.status).to.be.equal(200)
       })
     })
   })