[release-1.9] test(e2e): add orchestrator RBAC e2e tests#4197
[release-1.9] test(e2e): add orchestrator RBAC e2e tests#4197chadcrum wants to merge 3 commits intoredhat-developer:release-1.9from
Conversation
* test(e2e): add orchestrator RBAC e2e test suite Add comprehensive RBAC end-to-end tests for the Orchestrator plugin covering workflow and instance access control: - Read-write access: users can view and execute all workflows - Read-only access: users can view but not execute workflows - Denied access: users cannot see any workflows - Workflow-specific read-write: access only to specific workflow - Workflow-specific read-only: view only specific workflow - Workflow-specific denied: hide specific workflow - Initiator-based access: users can only see their own instances - Admin override: instanceAdminView grants access to all instances - Cross-user isolation verification - Re-enable RBAC API validation test (previously test.fixme) - Add filtering for dynamically created workflow roles/policies - Prevents test interference during parallel execution - Add waitForWorkflowVisible() helper with configurable timeout - Add timeout parameter to selectGreetingWorkflowItem() - Add timeout parameter to selectFailSwitchWorkflowItem() - Handles RBAC permission propagation delay - orchestrator.workflow / orchestrator.workflow.<id> (read) - orchestrator.workflow.use / orchestrator.workflow.use.<id> (update) - orchestrator.instanceAdminView (read) - admin access to all instances Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(e2e): skip orchestrator RBAC tests when orchestrator not deployed Add testIgnore to SHOWCASE_RBAC, SHOWCASE_RBAC_K8S, and SHOWCASE_OPERATOR_RBAC projects to prevent orchestrator-rbac.spec.ts from running on PR jobs and K8s environments where orchestrator is not deployed. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- Add missing shouldSkipOrchestratorTests variable to playwright.config.ts - Temporarily enable RBAC API validation test for testing - Fix case-sensitive selector in reRunFailSwitchWorkflow()
chadcrum
force-pushed
the
add-e2e-orchestrator-rbac-tests-rhdh-1-9-branch
branch
from
bd6aadd to
0eb25cf
Compare
|
/ok-to-test |
|
/test e2e-ocp-helm-nightly |
ⓘ Your monthly quota for Qodo has expired. Upgrade your plan ⓘ Paying users. Check that your Qodo account is linked with this Git user account |
|
The image is available at: |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
/retest |
|
🚫 Image Push Skipped. The container image push was skipped because the build was skipped (either due to [skip-build] tag or no relevant changes with existing image) |
|
/test e2e-ocp-helm-nightly |
ⓘ Your monthly quota for Qodo has expired. Upgrade your plan ⓘ Paying users. Check that your Qodo account is linked with this Git user account |
|
|
@chadcrum: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
1 participant
Summary
Backport of orchestrator RBAC e2e tests to release-1.9 branch.
shouldSkipOrchestratorTestsvariable to playwright.config.tsreRunFailSwitchWorkflow()Test plan
Notes
rbac.spec.tsis temporarily enabled for testing. It must be changed back totest.fixmebefore merge (see TODO comment on line 552).