Merge branch '475-testing-single-sign-on-in-ci' into 'main'

Resolve "Testing single sign on in CI" Closes #475 See merge request stackspin/stackspin!686

Merge branch '475-testing-single-sign-on-in-ci' into 'main'
Resolve "Testing single sign on in CI" Closes #475 See merge request stackspin/stackspin!686
26e42d56 · Maarten de Waard · 40046acd · 0aa7bc71 · 26e42d56 · 26e42d56
Commit 26e42d56 authored 3 years ago by Maarten de Waard
--- a/stackspin/__main__.py
+++ b/stackspin/__main__.py
@@ -375,48 +375,19 @@ def test(clus, args):
    # Set env vars
-    # SSO tests currently only work with valid letsencrypt production certs.
+    sso_username = clus.get_password_from_kubernetes(
-    # Therefor we disable SSO tests for now, until
+        'stackspin-cluster-variables',
-    # https://open.greenhost.net/stackspin/single-sign-on/-/issues/62
+        'admin_email',
-    # is fixed.
+        'flux-system'
-    #
+    )
-    #  sso_username = clus.get_password_from_kubernetes(
+    sso_password = clus.get_password_from_kubernetes(
-    #      'stackspin-single-sign-on-variables',
+        'stackspin-single-sign-on-variables',
-    #      'userbackend_admin_username',
+        'userbackend_admin_password',
-    #      'flux-system'
+        'flux-system'
-    #  )
+    )
-    #  sso_password = clus.get_password_from_kubernetes(
-    #      'stackspin-single-sign-on-variables',
-    #      'userbackend_admin_password',
-    #      'flux-system'
-    #  )
-    #  os.environ["SSO_USERNAME"] = sso_username
-    #  os.environ["SSO_PASSWORD"] = sso_password
-    if "nextcloud" in args.apps or args.apps=='all':
-        nextcloud_password = clus.get_password_from_kubernetes(
-            'stackspin-nextcloud-variables',
-            'nextcloud_password',
-            'flux-system'
-        )
-        os.environ["NEXTCLOUD_PASSWORD"] = nextcloud_password
-    if "wordpress" in args.apps or args.apps=='all':
-        wordpress_password = clus.get_password_from_kubernetes(
-            'stackspin-wordpress-variables',
-            'wordpress_admin_password',
-            'flux-system'
-        )
-        os.environ["WORDPRESS_PASSWORD"] = wordpress_password
-    if "grafana" in args.apps or args.apps=='all':
-        grafana_password = clus.get_password_from_kubernetes(
-            'stackspin-kube-prometheus-stack-variables',
-            'grafana_admin_password',
-            'flux-system'
-        )
-        os.environ["GRAFANA_PASSWORD"] = grafana_password
+    os.environ["SSO_USER_PW"] = sso_password
+    os.environ["SSO_USERNAME"] = sso_username
    os.environ["TAIKO_TESTS"] = args.apps
    os.environ['DOMAIN'] = clus.domain

--- a/stackspin/cluster.py
+++ b/stackspin/cluster.py
@@ -209,7 +209,6 @@ KUBECONFIG={cluster_dir}/kube_config_cluster.yml
                    'onlyoffice_postgresql_password',
                    'onlyoffice_rabbitmq_password'],
                'stackspin-single-sign-on-variables': [
-                    'userbackend_admin_username',
                    'userbackend_admin_password',
                    'userbackend_postgres_password',
                    'hydra_system_secret'],
@@ -255,7 +254,7 @@ KUBECONFIG={cluster_dir}/kube_config_cluster.yml
            password = secret_data.data[key]
        except KeyError:
            print(f"Could not get password from secret '{secret}' in namespace"
-                  " '{namespace}' with key '{key}'")
+                  f" '{namespace}' with key '{key}'")
            return "password not found"
        return base64.b64decode(password).decode('utf-8')

--- a/test/taiko/apps.js
+++ b/test/taiko/apps.js
-// Tests if logging into all apps works using the admin user without SSO
-// For SSO login tests see ./single-sign-on
-const { openBrowser, goto, textBox, into, write, click, toRightOf, below, link, press, image, waitFor, closeBrowser, screenshot } = require('taiko');
-const assert = require('assert');
 (async () => {
  try {
+    async function sso_login_if_needed (button_text) {
+      try {
+        await text(button_text).exists()
+        // await console.log('Logging in...')
+        await click(button_text)
+        await write(sso_username, into(textBox('E-mail address')))
+        await write(sso_user_pw, into(textBox('Password')))
+        await click('Go!')
+      } catch (error) {
+        await console.error(error)
+        console.log('Looks like we dont need to login, continuing')
+      }
+    }
+    const { openBrowser, goto, textBox, into, write, click, toRightOf, below, link, press, image, waitFor, closeBrowser, screenshot } = require('taiko');
+    const assert = require('assert');
+    const globalTimeout = 60000
    const taikoTests = process.env.TAIKO_TESTS || 'all'
    const domain = process.env.DOMAIN
-    const globalTimeout = 60000
+    const sso_username = process.env.SSO_USERNAME
+    const sso_user_pw = process.env.SSO_USER_PW
    // https://docs.taiko.dev/api/setconfig/
    // setConfig( { observeTime: 1000});
@@ -38,8 +50,6 @@ const assert = require('assert');
    if (taikoTests.includes('nextcloud') || taikoTests === 'all') {
      const nextcloudUrl = 'https://files.' + domain
      const onlyofficeUrl = 'https://office.' + domain
-      const nextcloudUsername = process.env.NEXTCLOUD_USERNAME || 'admin'
-      const nextcloudPassword = process.env.NEXTCLOUD_PASSWORD
      console.log('• Onlyoffice')
      await goto(onlyofficeUrl + '/welcome')
@@ -51,10 +61,7 @@ const assert = require('assert');
      console.log('• Nextcloud')
      await goto(nextcloudUrl)
-      await write(nextcloudUsername, into(textBox('Username')))
+      await sso_login_if_needed('Log in with Stackspin')
-      await write(nextcloudPassword, into(textBox('Password')))
-      await click('Log in')
      await waitFor(async () => (await text("Set location for weather").isVisible()), globalTimeout)
      // Close potential nextcloud first run wizard modal
      // https://github.com/nextcloud/firstrunwizard/issues/488
@@ -111,31 +118,22 @@ const assert = require('assert');
    // Wordpress
    if (taikoTests.includes('wordpress') || taikoTests === 'all') {
      const wordpressUrl = 'https://www.' + domain
-      const wordpressUsername = process.env.WORDPRESS_USERNAME || 'admin'
-      const wordpressPassword = process.env.WORDPRESS_PASSWORD
      console.log('• Wordpress')
      await goto(wordpressUrl)
      await waitFor('Hello world!')
      await goto(wordpressUrl + '/wp-admin/')
-      await click('Log in')
+      await sso_login_if_needed('Login with OpenID Connect')
-      await write(wordpressUsername, into(textBox('Username')))
-      await write(wordpressPassword, into(textBox('Password')))
-      await click('Log in')
      await assert.ok(await link('Dashboard').exists())
    }
    // Grafana
    if (taikoTests.includes('grafana') || taikoTests === 'all') {
      const grafanaUrl = 'https://grafana.' + domain
-      const grafanaUsername = process.env.GRAFANA_USERNAME || 'admin'
-      const grafanaPassword = process.env.GRAFANA_PASSWORD
      console.log('• Grafana')
      await goto(grafanaUrl)
-      await write(grafanaUsername, into(textBox('Username')))
+      await sso_login_if_needed('Sign in with Stackspin')
-      await write(grafanaPassword, into(textBox('Password')))
-      await click('Log in')
      // Node exporter dashboard
      // Couldn't select "Manage dashboards" from the sidebar menu easily,
@@ -145,14 +143,16 @@ const assert = require('assert');
      await('CPU Usage')
      // Explore Loki log messages
-      await goto(grafanaUrl + '/explore')
+      // Currently disabled until admin user gets proper admin privileges
-      await click(image(toRightOf('Explore')))
+      // See https://open.greenhost.net/stackspin/single-sign-on/-/issues/122
-      await click('Loki')
+      // await goto(grafanaUrl + '/explore')
-      await click('Log browser')
+      // await click(image(toRightOf('Explore')))
-      await click('app')
+      // await click('Loki')
-      await click('cert-manager')
+      // await click('Log browser')
-      await click('grafana')
+      // await click('app')
-      await click('Show logs')
+      // await click('cert-manager')
+      // await click('grafana')
+      // await click('Show logs')
    }
    // Wekan
@@ -161,7 +161,12 @@ const assert = require('assert');
      console.log('• Wekan')
      await goto(wekanUrl)
-      await click("Sign In with Oidc")
+      await sso_login_if_needed('sign in with Oidc')
+      console.log(`\nPlease note that above error message is acceptable since wei
+did not find a way with taiko to handle OIDC login popup windows well.
+Wekan still doesnt support OIDC redirects (https://github.com/wekan/wekan/issues/3845).\n`)
+      await goto(wekanUrl)
+      await assert.ok(await text('All boards').exists())
    }
    // Dashboard
@@ -177,7 +182,8 @@ const assert = require('assert');
      console.log('• Zulip')
      await goto(zulipUrl)
-      await click("Log in with Stackspin")
+      await sso_login_if_needed("Log in with Stackspin")
+      await assert.ok(await text('Private messages').exists())
    }
  } catch (error) {

--- a/test/taiko/single-sign-on.js
+++ b/test/taiko/single-sign-on.js
-// Tests if logging into all apps works using SSO
-// Unfortunately we still can't run this test in CI because we haven't found
-// a way to use SSO with LE staging certs.
-// See https://open.greenhost.net/stackspin/single-sign-on/-/issues/62
-const { openBrowser, goto, textBox, into, write, click, toRightOf, below, link, press, image, waitFor, closeBrowser, screenshot } = require('taiko');
-const assert = require('assert');
-(async () => {
-  try {
-    const taikoTests = process.env.TAIKO_TESTS || 'all'
-    const username = process.env.SSO_USERNAME
-    const pw = process.env.SSO_USER_PW
-    const domain = process.env.DOMAIN
-    const adminpanelUrl = 'https://admin.' + domain
-    const grafanaUrl = 'https://grafana.' + domain
-    const globalTimeout = 60000
-    // https://docs.taiko.dev/api/setconfig/
-    // setConfig( { observeTime: 1000});
-    setConfig( { observeTime: 0, navigationTimeout: globalTimeout });
-    console.log('Executing these tests: ' + taikoTests)
-    console.log('• Login to admin panel')
-    await openBrowser()
-    await goto(adminpanelUrl)
-    await click('Login')
-    await click('Login with Stackspin')
-    await write(username, into(textBox('Username')))
-    await write(pw, into(textBox('Password')))
-    await click('Remember me')
-    await click('Sign in')
-    // Nextcloud
-    if (taikoTests.includes('nextcloud') || taikoTests === 'all') {
-      console.log('• Nextcloud and Onlyoffice')
-      await click(link(below('nextcloud')))
-      await click('Log in with Stackspin')
-      await click('Continue with ' + username)
-      // Close potential nextcloud first run wizard modal
-      // https://github.com/nextcloud/firstrunwizard/issues/488
-      // Unfortunately, we need to sleep a while since I haven't found a
-      // good way that closes the modal *if* it pops up, since these
-      // tests should also work on subsequent logins.
-      await waitFor(5000)
-      await press('Escape')
-      await assert.ok(await text('Add notes, lists or links …').exists());
-    }
-    // Wordpress
-    if (taikoTests.includes('wordpress') || taikoTests === 'all') {
-      console.log('• Wordpress')
-      await goto(adminpanelUrl)
-      await click(link(below('wordpress')))
-      await click('Log in')
-      await click('Login with OpenID Connect')
-      await click('Continue with ' + username)
-      await assert.ok(await link('Dashboard').exists())
-    }
-    // Grafana
-    if (taikoTests.includes('grafana') || taikoTests === 'all') {
-      console.log('• Grafana')
-      await goto(adminpanelUrl)
-      await click(link(below('grafana')))
-      await click('Sign in with Stackspin')
-      await click('Continue with ' + username)
-      await assert.ok(await text('Welcome to Grafana').exists());
-    }
-  } catch (error) {
-    await screenshot()
-    console.error(error)
-    process.exitCode = 1
-  } finally {
-    await closeBrowser()
-  }
-})()