Remote tests

homecentr · May 23, 2023 · a454219 · a454219
1 parent 6056a07
commit a454219
Show file tree

Hide file tree

Showing 10 changed files with 142 additions and 15 deletions.
diff --git a/.github/workflows/run-e2e.yml b/.github/workflows/run-e2e.yml
@@ -10,7 +10,7 @@ on:
       gitref:
         required: false
         type: string
-        default: master
+        default: refs/heads/master
     secrets:
       sops_age_key:
         required: true

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -7,6 +7,8 @@ services:
       - 4444:4444
       - 7900:7900
     shm_size: 4g
+    environment:
+      VNC_NO_PASSWORD: 1
     dns:
       - ${DNS1}
       - ${DNS2}
diff --git a/nightwatch.conf.js b/nightwatch.conf.js
@@ -32,16 +32,32 @@ module.exports = {
         acceptInsecureCerts: true
       }
     },
-    "lab": {
+    "local:lab": {
       globals: {
         domainSuffix: "-lab.homecentr.one",
-        secretsFile: "secrets.lab.yml"
+        secretsFile: "secrets.lab.yml",
+        isRemote: false
       }
     },
-    "prod": {
+    "remote:lab": {
       globals: {
         domainSuffix: "-lab.homecentr.one",
-        secretsFile: "secrets.prod.yml"
+        secretsFile: "secrets.lab.yml",
+        isRemote: true
+      }
+    },
+    "local:prod": {
+      globals: {
+        domainSuffix: ".homecentr.one",
+        secretsFile: "secrets.prod.yml",
+        isRemote: false
+      }
+    },
+    "remote:prod": {
+      globals: {
+        domainSuffix: ".homecentr.one",
+        secretsFile: "secrets.prod.yml",
+        isRemote: true
       }
     }
   }

diff --git a/nightwatch/assertions/isAadPermissionRejectedPage.js b/nightwatch/assertions/isAadPermissionRejectedPage.js
@@ -1,5 +1,14 @@
-const { reusable } = require("./isAadErrorPage")
+const isAadErrorPage = require("./isAadErrorPage")
 
-exports.assertion = function () {
-  reusable(this, "AADSTS50105")
+const reusable = function (context) {
+  isAadErrorPage.reusable("AADSTS50105", context)
+}
+
+const assertion = function () {
+  reusable(this)
+};
+
+module.exports = {
+  reusable,
+  assertion
 }
diff --git a/nightwatch/assertions/isCloudflarePermissionRejectedPage.js b/nightwatch/assertions/isCloudflarePermissionRejectedPage.js
@@ -0,0 +1,39 @@
+const reusable = function (context) {
+  context.formatMessage = () => {
+    const message = `Checking if the page ${this.negate ? 'doesn\'t indicate' : 'indicates'} cloudflare permission rejected`;
+
+    return {
+      message,
+      args: []
+    }
+  };
+
+  context.expected = () => {
+    return "That account does not have access."
+  }
+
+  context.value = function (result) {
+    return result.value;
+  };
+
+  context.failure = function (result) {
+    return !result;
+  };
+
+  context.evaluate = function (value) {
+    return value && value.startsWith(this.expected())
+  };
+
+  context.command = async function (callback) {
+    this.api.getText("div.AuthBox-messages", callback)
+  };
+};
+
+const assertion = function () {
+  reusable(this)
+};
+
+module.exports = {
+  reusable,
+  assertion
+}
diff --git a/nightwatch/assertions/isPermissionRejectedPage.js b/nightwatch/assertions/isPermissionRejectedPage.js
@@ -0,0 +1,10 @@
+const isAadPermissionRejectedPage = require("./isAadPermissionRejectedPage")
+const isCloudflarePermissionRejectedPage = require("./isCloudflarePermissionRejectedPage")
+
+exports.assertion = function () {
+  if (this.__nightwatchInstance.settings.globals.isRemote) {
+    isCloudflarePermissionRejectedPage.reusable(this)
+  } else {
+    isAadPermissionRejectedPage.reusable(this)
+  }
+}
diff --git a/package.json b/package.json
@@ -11,10 +11,10 @@
     "client:local:prod": "env-cmd -f ./environments/local.prod.env docker-compose up --force-recreate --remove-orphans",
     "client:remote:lab": "env-cmd -f ./environments/remote.lab.env docker-compose up --force-recreate --remove-orphans",
     "client:remote:prod": "env-cmd -f ./environments/remote.prod.env docker-compose up --force-recreate --remove-orphans",
-    "test:local:lab": "nightwatch --skiptags remoteonly -e lab",
-    "test:local:prod": "nightwatch --skiptags remoteonly -e prod",
-    "test:remote:lab": "nightwatch --skiptags localonly -e lab",
-    "test:remove:prod": "nightwatch --skiptags localonly -e prod"
+    "test:local:lab": "nightwatch --skiptags remoteonly -e local:lab",
+    "test:local:prod": "nightwatch --skiptags remoteonly -e local:prod",
+    "test:remote:lab": "nightwatch --skiptags localonly -e remote:lab",
+    "test:remove:prod": "nightwatch --skiptags localonly -e remote:prod"
   },
   "devDependencies": {
     "env-cmd": "^10.1.0",

diff --git a/tests/argocd.js b/tests/argocd.js
@@ -1,4 +1,6 @@
-describe('Argo CD should', () => {
+describe('Argo CD when accessed locally should', () => {
+  this.tags = [ "localonly" ]
+
   afterEach((browser) => {
     browser.end()
   })
@@ -18,4 +20,27 @@ describe('Argo CD should', () => {
       .signInAsNonAdmin()
       .assert.isAadPermissionRejectedPage()
   });
+});
+
+describe('Argo CD when accessed remotely should', () => {
+  this.tags = [ "remoteonly" ]
+
+  afterEach((browser) => {
+    browser.end()
+  })
+
+  it('Load main screen after signing in as admin', (browser) => {
+    browser
+      .subdomain('argocd')
+      .signInAsAdmin() // Sign into Cloudflare access
+      .click('a > button') // Redirects to AAD
+      .assert.textContains("div.sidebar__logo", "Argo CD")
+  });
+
+  it('Not allow non-admins to use the app', (browser) => {
+    browser
+      .subdomain('argocd')
+      .signInAsNonAdmin()  // Sign into Cloudflare access
+      .assert.isCloudflarePermissionRejectedPage()
+  });
 });
diff --git a/tests/k8s-dashboard.js b/tests/k8s-dashboard.js
@@ -16,6 +16,6 @@ describe('Kubernetes dashboard should', () => {
     browser
       .subdomain('k8s')
       .signInAsNonAdmin()
-      .assert.isAadPermissionRejectedPage()
+      .assert.isPermissionRejectedPage()
   });
 });
diff --git a/tests/proxmox-ve.js b/tests/proxmox-ve.js
@@ -1,4 +1,6 @@
-describe('Proxmox VE should', () => {
+describe('Proxmox VE when accessed locally should', () => {
+  this.tags = [ "localonly" ]
+
   afterEach((browser) => {
     browser.end()
   })
@@ -20,4 +22,28 @@ describe('Proxmox VE should', () => {
       .signInAsNonAdmin()
       .assert.isAadPermissionRejectedPage()
   });
+});
+
+describe('Proxmox VE when accessed remotely should', () => {
+  this.tags = [ "remoteonly" ]
+
+  afterEach((browser) => {
+    browser.end()
+  })
+
+  it('Load main screen after signing in as admin', (browser) => {
+    browser
+      .subdomain('pve')
+      .signInAsAdmin() // Sign into Cloudflare Access
+      .setValue('#pveloginrealm-inputEl', 'Azure Active Directory')
+      .click('a#button-1070')  // Redirects to AAD
+      .assert.textContains("#versioninfo-innerCt", "Virtual Environment")
+  });
+
+  it('Not allow non-admins to use the app', (browser) => {
+    browser
+      .subdomain('pve')
+      .signInAsNonAdmin()  // Sign into Cloudflare Access
+      .assert.isCloudflarePermissionRejectedPage()
+  });
 });