Add Testcafe tests (#1625)

minio · Mar 1, 2022 · d82bd31 · d82bd31
1 parent 4fa2f16
commit d82bd31
Show file tree

Hide file tree

Showing 6 changed files with 125 additions and 5 deletions.
diff --git a/portal-ui/src/common/SecureComponent/accessControl.ts b/portal-ui/src/common/SecureComponent/accessControl.ts
@@ -80,7 +80,8 @@ const hasPermission = (
         }
       });
 
-      const simpleResources = get(sessionGrants, rsItem, []);
+      let simpleResources = get(sessionGrants, rsItem, []);
+      simpleResources = simpleResources || [];
       const s3Resources = get(sessionGrants, `arn:aws:s3:::${rsItem}/*`, []);
       const bucketOnly = get(sessionGrants, `arn:aws:s3:::${rsItem}/`, []);
       const bckOnlyNoSlash = get(sessionGrants, `arn:aws:s3:::${rsItem}`, []);
@@ -106,10 +107,12 @@ const hasPermission = (
   }
 
   let anyResourceGrant: string[] = [];
+  let validScopes = scopes || [];
   if (resource === "*") {
-    Object.entries(sessionGrants).forEach(([key, values]) => {
-      scopes.forEach((scope) => {
-        values.forEach((val) => {
+    Object.entries(sessionGrants).forEach(([key, values = []]) => {
+      let validValues = values || [];
+      validScopes.forEach((scope) => {
+        validValues.forEach((val) => {
           if (val === scope || val === "s3:*") {
             anyResourceGrant = [...anyResourceGrant, scope];
           }

diff --git a/portal-ui/tests/permissions/test-fix-ui-crash-for-policy.ts b/portal-ui/tests/permissions/test-fix-ui-crash-for-policy.ts
@@ -0,0 +1,80 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import { Role, Selector } from "testcafe";
+import { readFileSync } from "fs";
+
+const data = readFileSync(__dirname + "/../constants/timestamp.txt", "utf-8");
+const $TIMESTAMP = data.trim();
+
+let testDomainUrl = "http://localhost:9090";
+
+let insAllowedAccKey = `prefix-policy-ui-crash-${$TIMESTAMP}`;
+let insAllowedSeckey = "poluicrashfix1234";
+
+/* Begin Local Testing config block */
+
+// For local Testing Create users and assign policies then update here.
+// Command to invoke the test locally: testcafe chrome tests/permissions/inspect.ts
+/*testDomainUrl = "http://localhost:5005";
+insAllowedAccKey = `prefix-policy-ui-crash`;
+insAllowedSeckey = "poluicrashfix1234";*/
+/* End Local Testing config block */
+
+const loginUrl = `${testDomainUrl}/login`;
+const bucketsScreenUrl = `${testDomainUrl}/buckets`;
+
+const loginSubmitBtn = Selector("form button");
+
+export const bucketsSidebarEl = Selector(".MuiPaper-root")
+  .find("ul")
+  .child("#buckets");
+
+export const menuListchildren = Selector("#tools-children");
+export const bucketsEl = menuListchildren
+  .find("a")
+  .withAttribute("href", "/buckets");
+
+export const inspectAllowedRole = Role(
+  loginUrl,
+  async (t) => {
+    await t
+      .typeText("#accessKey", insAllowedAccKey)
+      .typeText("#secretKey", insAllowedSeckey)
+      .click(loginSubmitBtn);
+  },
+  { preserveUrl: true }
+);
+
+fixture("For user with Bucket Prefix permissions")
+  .page(testDomainUrl)
+  .beforeEach(async (t) => {
+    await t.useRole(inspectAllowedRole);
+  });
+
+test("Bucket page can be opened", async (t) => {
+  await t.navigateTo(bucketsScreenUrl);
+});
+test("Buckets sidebar item exists", async (t) => {
+  await t.expect(bucketsSidebarEl.exists).ok();
+});
+
+/**
+ * Without the fix UI crashes with
+ * TypeError: simpleResources is not iterable (if fixed -> )
+ * TypeError: scopes is not iterable  (if fixed -> )
+ * TypeError: values is not iterable
+ */
diff --git a/portal-ui/tests/policies/fix-prefix-policy-ui-crash.json b/portal-ui/tests/policies/fix-prefix-policy-ui-crash.json
@@ -0,0 +1,31 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Deny",
+      "Action": [
+        "admin:*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:ListBucket"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*testcafe/*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetObject",
+        "s3:ListBucket"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*testcafe/write/*"
+      ]
+    }
+  ]
+}
diff --git a/portal-ui/tests/scripts/cleanup-env.sh b/portal-ui/tests/scripts/cleanup-env.sh
@@ -25,6 +25,7 @@ remove_users() {
   mc admin user remove minio watch-$TIMESTAMP
   mc admin user remove minio inspect-allowed-$TIMESTAMP
   mc admin user remove minio inspect-not-allowed-$TIMESTAMP
+  mc admin user remove minio prefix-policy-ui-crash-$TIMESTAMP
 }
 
 remove_policies() {
@@ -44,7 +45,8 @@ remove_policies() {
   mc admin policy remove minio users-$TIMESTAMP
   mc admin policy remove minio watch-$TIMESTAMP
   mc admin policy remove minio inspect-allowed-$TIMESTAMP
-  mc admin policy remove minio inspect-not-allowed-$TIMESTAMP
+  mc admin policy remove minio inspect-not-allowed-$TIMESTAMPmc
+  mc admin policy remove minio fix-prefix-policy-ui-crash-$TIMESTAMP
 }
 
 __init__() {

diff --git a/portal-ui/tests/scripts/common.sh b/portal-ui/tests/scripts/common.sh
@@ -42,6 +42,7 @@ create_policies() {
   mc admin policy add minio bucketwriteprefixonlypolicy-$TIMESTAMP portal-ui/tests/policies/bucketWritePrefixOnlyPolicy.json
   mc admin policy add minio inspect-allowed-$TIMESTAMP portal-ui/tests/policies/inspect-allowed.json
   mc admin policy add minio inspect-not-allowed-$TIMESTAMP portal-ui/tests/policies/inspect-not-allowed.json
+  mc admin policy add minio fix-prefix-policy-ui-crash-$TIMESTAMP portal-ui/tests/policies/fix-prefix-policy-ui-crash.json
 }
 
 create_users() {
@@ -64,6 +65,7 @@ create_users() {
   mc admin user add minio bucketwriteprefixonlypolicy-$TIMESTAMP bucketwriteprefixonlypolicy
   mc admin user add minio inspect-allowed-$TIMESTAMP insallowed1234
   mc admin user add minio inspect-not-allowed-$TIMESTAMP insnotallowed1234
+  mc admin user add minio prefix-policy-ui-crash-$TIMESTAMP poluicrashfix1234
 }
 
 create_buckets() {

diff --git a/portal-ui/tests/scripts/permissions.sh b/portal-ui/tests/scripts/permissions.sh
@@ -34,6 +34,7 @@ remove_users() {
   mc admin user remove minio bucketwriteprefixonlypolicy-$TIMESTAMP
   mc admin user remove minio inspect-allowed-$TIMESTAMP
   mc admin user remove minio inspect-not-allowed-$TIMESTAMP
+  mc admin user remove minio prefix-policy-ui-crash-$TIMESTAMP
 }
 
 remove_policies() {
@@ -55,6 +56,7 @@ remove_policies() {
   mc admin policy remove minio bucketwriteprefixonlypolicy-$TIMESTAMP
   mc admin policy remove minio inspect-allowed-$TIMESTAMP
   mc admin policy remove minio inspect-not-allowed-$TIMESTAMP
+  mc admin policy remove minio fix-prefix-policy-ui-crash-$TIMESTAMP
 }
 
 remove_buckets() {