cloud-gov · markdboyd · Jun 15, 2022 · Jun 13, 2022 · Jun 13, 2022 · Jun 13, 2022
@@ -5,6 +5,7 @@ FLASK_ENV=local
 # you might change these
 SESSION_LIFETIME=600
 PORT=8080
+AUTH_PROXY_URL="http://localhost:8080/"
 
 # you almost certainly should change these
 CF_API_URL=https://api.example.cloud.gov/ # make sure to include trailing slash!
@@ -14,4 +15,30 @@ UAA_BASE_URL=https://uaa.example.com/ # make sure to include trailing slash!
 UAA_CLIENT_ID=FEEDABEE
 UAA_CLIENT_SECRET=CHANGEME
 SECRET_KEY=changeme
-CF_ADMIN_GROUP_NAME="<cf-group-name>"
+CF_ADMIN_GROUP_NAME="<cf-group-name>"
+
+# only necessary for running e2e tests locally
+<!--
+CF_ORG_ID_1=<insert-random-guid>
+CF_SPACE_ID_1=<insert-random-guid>
+
+CF_ORG_ID_2=<insert-random-guid>
+CF_SPACE_ID_2=<insert-random-guid>
+
+DEV_TEST_USER_1_ORG_ID="<match value of CF_ORG_ID_1 above>"
+DEV_TEST_USER_1_SPACE_ID="<match value of CF_SPACE_ID_1 above>"
+
+DEV_TEST_USER_2_ORG_ID="<match value of CF_ORG_ID_2 above>"
+DEV_TEST_USER_2_SPACE_ID="<match value of CF_SPACE_ID_2 above>"
+
+DEV_TEST_USER_1_USERNAME=
+DEV_TEST_USER_1_PASSWORD=
+DEV_TEST_USER_1_TOTP_SEED=
+
+DEV_TEST_USER_2_USERNAME=
+DEV_TEST_USER_2_PASSWORD=
+DEV_TEST_USER_2_TOTP_SEED=
+
+ES_USER=
+ES_PASSWORD=
+-->
@@ -6,6 +6,14 @@ outside of this repository.
 
 To see all of the available commands, run `./dev -h`.
 
+## Running e2e tests locally
+
+1. Update your `.env` file and uncomment/set values for the e2e test variables. You can find the necessary
+variables in `.env-sample`. You can get the values used in the pipeline from the credentials file stored
+on S3.
+1. [Make sure your local development stack is up and running](./README.md#running-locally)
+1. Run `./dev e2e-local`
+
 ## Code style
 
 Code is styled with `black`, which is configured in `pyproject.toml`. This means you can (and

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 set -euo pipefail
-shopt -s inherit_errexit
+shopt -s inherit_errexit || true
 
 
 function cleanup() {
@@ -18,236 +18,7 @@ echo "Creating SSH tunnel"
 cf ssh -L 9200:odfe-test.apps.internal:9200 -L 5601:kbn-test.apps.internal:5601 kibana -N &
 ssh_pid=$!
 
-cookie_jar=$(mktemp)
-
 echo "Waiting for tunnel to come up ..."
 sleep 10
 
-# we have to create index and component templates
-# to work around the baked-in stream templates
-echo "creating component template"
-curl --fail --silent --show-error -u ${ES_USER}:${ES_PASSWORD} -k \
-    -X PUT \
-    -H "content-type: application/json" \
-    https://localhost:9200/_component_template/ct_apps \
-    -d '{
-    "template": {
-        "settings": {
-            "number_of_shards": 1
-        },
-        "mappings": {
-            "properties": {
-                "@cf": {
-                    "type": "object",
-                    "dynamic": true,
-                    "properties": {
-                        "space_id": {
-                            "type": "keyword",
-                            "index": true
-                        },
-                        "org_id": {
-                            "type": "keyword",
-                            "index": true
-                        }
-                    }
-                }
-            }
-        }
-    }
-}' | jq
-
-echo "Creating index template"
-curl --fail --silent --show-error -u ${ES_USER}:${ES_PASSWORD} -k \
-    -X PUT \
-    -H "content-type: application/json" \
-    https://localhost:9200/_index_template/it_apps \
-    -d '{
-         "index_patterns" : ["logs-app-*"],
-          "priority" : 1,
-          "composed_of": ["ct_apps"]
-        }' | jq
-
-echo "Creating index"
-curl --silent --show-error -u ${ES_USER}:${ES_PASSWORD} -k \
-    -X PUT \
-    -H "content-type: application/json" \
-    https://localhost:9200/logs-app-now \
-    -d '{
-    "mappings": {
-        "properties": {
-            "@cf": {
-                "type": "object",
-                "dynamic": true,
-                "properties": {
-                    "@cf": {
-                        "space_id": {
-                            "type": "keyword",
-                            "index": true
-                        },
-                        "org_id": {
-                            "type": "keyword",
-                            "index": true
-                        }
-                    }
-                }
-            }
-        }
-    }
-}' | jq
-
-
-# next we add some logs
-# the idea is to add one log for each test
-#  - user should be able to see logs with their space id
-#  - user should not be able to see logs with the wrong space id
-#  - user should not be able to see logs without a space id
-
-# We should have this set up ahead of time:
-#   - org 1 has space space 1 with id ${CF_SPACE_ID_1}
-#   - org 2 has space space 2 with id ${CF_SPACE_ID_2}
-#   - user 1 is a space developer in space 1, with no org-level role
-#   - user 2 is an org manager in org 2, with no space-level role
-#   - user 3 is a space developer in space 1 and space 2, with no org-level roles
-
-# we're using features from `date` that the default MacOS date
-# doesn't have installed, so we need to figure out what `date`
-# to use
-date_bin=date
-
-if [[ ! $(${date_bin} --iso-8601 2> /dev/null) ]]; then
-    if [[ $(which gdate) ]]; then
-        date_bin=gdate
-    else
-        echo "Can't find a suitable date program"
-        echo "try \`brew install coreutils\` if you're on MacOS"
-        exit 1
-    fi
-fi
-
-time=$(${date_bin} --iso-8601=seconds)
-
-# user 1 should be able to see this log
-# user 2 should not be able to see it
-# user 3 should be able to see this log
-echo "creating test document 1/5"
-# we use refresh=true on all these to force elasticsearch to refresh
-# It doesn't seem to make the docs available otherwise
-# We could probably just do this on the last doc we index, but doing
-# it on all of them makes it easier to modify the script
-curl --fail --silent --show-error -u ${ES_USER}:${ES_PASSWORD} -k \
-    -X POST \
-    -H "content-type: application/json" \
-    https://localhost:9200/logs-app-now/_doc?refresh=true \
-    -d '{
-        "@timestamp": "'${time}'",
-        "@cf": {
-            "space_id":"'${CF_SPACE_ID_1}'"
-        },
-        "message": "space_id_1"
-        }' | jq
-
-# user 1 should not be able to see it
-# user 2 should be able to see this log
-# user 3 should be able to see this log
-echo "creating test document 2/5"
-curl --fail --silent --show-error -u ${ES_USER}:${ES_PASSWORD} -k \
-    -X POST \
-    -H "content-type: application/json" \
-    https://localhost:9200/logs-app-now/_doc?refresh=true \
-    -d '{
-        "@timestamp": "'${time}'",
-        "@cf": {
-            "space_id":"'${CF_SPACE_ID_2}'"
-        },
-        "message": "space_id_2"
-        }' | jq
-
-# none of the users should be able to see this log
-echo "creating test document 3/5"
-curl --fail --silent --show-error -u ${ES_USER}:${ES_PASSWORD} -k \
-    -X POST \
-    -H "content-type: application/json" \
-    https://localhost:9200/logs-app-now/_doc?refresh=true \
-    -d '{
-        "@timestamp": "'${time}'",
-        "message": "no_space_id"
-        }' | jq
-
-# user 1 should be able to see this log
-# user 2 should not be able to see it
-# user 3 should be able to see this log
-echo "creating test document 4/5"
-curl --fail --silent --show-error -u ${ES_USER}:${ES_PASSWORD} -k \
-    -X POST \
-    -H "content-type: application/json" \
-    https://localhost:9200/logs-app-now/_doc?refresh=true \
-    -d '{
-        "@timestamp": "'${time}'",
-        "@cf":{ "org_id":"'${CF_ORG_ID_1}'"},
-        "message": "org_id_1"
-        }' | jq
-
-# user 1 should not be able to see it
-# user 2 should be able to see this log
-# user 3 should be able to see this log
-echo "creating test document 5/5"
-curl --fail --silent --show-error -u ${ES_USER}:${ES_PASSWORD} -k \
-    -X POST \
-    -H "content-type: application/json" \
-    https://localhost:9200/logs-app-now/_doc?refresh=true \
-    -d '{
-        "@timestamp": "'${time}'",
-        "@cf": {"org_id":"'${CF_ORG_ID_2}'"},
-        "message": "org_id_2"
-        }' | jq
-
-# for the kibana stuff, we need cookies just to deal with the multitenancy
-echo "Setting up kibana http session"
-# this curl is just to get a cookie ready 
-curl --fail --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \
-    -X GET \
-    -H "x-proxy-roles: admin" \
-    -H "x-proxy-user: admin" \
-    -H 'x-forwarded-for: 127.0.0.1' \
-    -H "kbn-xsrf: 1" \
-    -H "kbn-version: 7.10.0" \
-    http://localhost:5601/api/v1/configuration/account | jq
-
-echo "Switching to default tenant"
-curl --fail --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \
-    -X POST \
-    -H "content-type: application/json" \
-    -H "x-proxy-roles: admin" \
-    -H "x-proxy-user: admin" \
-    -H 'x-forwarded-for: 127.0.0.1' \
-    -H "kbn-version: 7.10.0" \
-    http://localhost:5601/api/v1/multitenancy/tenant \
-    -d '{"tenant":"","username":"'${ES_USER}'"}'
-
-echo "Creating index pattern"
-curl --fail --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \
-    -X POST \
-    -H "content-type: application/json" \
-    -H "x-proxy-roles: admin" \
-    -H "x-proxy-user: admin" \
-    -H 'x-forwarded-for: 127.0.0.1' \
-    -H "kbn-version: 7.10.0" \
-    http://localhost:5601/api/saved_objects/index-pattern \
-    -d '
-    {
-  "attributes": {
-    "title": "logs-app-*",
-    "timeFieldName": "@timestamp"
-    }
-    }' | jq
-
-echo "Setting default index"
-curl --fail --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \
-    -X POST \
-    -H "content-type: application/json" \
-    -H "x-proxy-roles: admin" \
-    -H "x-proxy-user: admin" \
-    -H 'x-forwarded-for: 127.0.0.1' \
-    -H "kbn-version: 7.10.0" \
-    http://localhost:5601/api/kibana/settings \
-    -d '{"changes":{"defaultIndex":"logs-app-*"}}' | jq
+./seed-es-data.sh
@@ -129,7 +129,7 @@ jobs:
         run:
           path: src/ci/e2e.sh
         params:
-          KIBANA_URL: ((kibana-url))
+          AUTH_PROXY_URL: ((auth-proxy-url))
           DEV_TEST_USER_1_USERNAME: ((dev-test-user-1-username))
           DEV_TEST_USER_1_PASSWORD: ((dev-test-user-1-password))
           DEV_TEST_USER_1_TOTP_SEED: ((dev-test-user-1-totp-seed))