1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
//go:build integration
// +build integration
package test
import (
"context"
"net/http"
"net/url"
"strconv"
"testing"
"time"
"github.com/oauth2-proxy/mockoidc"
"github.com/playwright-community/playwright-go"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/testcontainers/testcontainers-go"
"github.com/testcontainers/testcontainers-go/wait"
"github.com/xlgmokha/x/pkg/env"
"github.com/xlgmokha/x/pkg/x"
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
)
type TestLogConsumer struct {
t *testing.T
}
func (lc *TestLogConsumer) Accept(l testcontainers.Log) {
lc.t.Logf("%s", l.Content)
}
func TestContainer(t *testing.T) {
srv := oidc.NewTestServer(t)
defer srv.Close()
ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
defer cancel()
address, err := url.Parse(srv.MockOIDC.Addr())
require.NoError(t, err)
t.Logf("mockoidc: %v %v\n", address.String(), srv.Issuer())
container, err := testcontainers.Run(
ctx,
env.Fetch("IMAGE_TAG", "sparkled:invalid"),
testcontainers.WithEnv(map[string]string{
"APP_ENV": "test",
"BIND_ADDR": ":8080",
"DEBUG": env.Fetch("DEBUG", ""),
"HMAC_SESSION_SECRET": "secret",
"OAUTH_CLIENT_ID": srv.MockOIDC.Config().ClientID,
"OAUTH_CLIENT_SECRET": srv.MockOIDC.Config().ClientSecret,
"OAUTH_REDIRECT_URL": "",
"OIDC_ISSUER": srv.Issuer(),
}),
testcontainers.WithHostPortAccess(x.Must(strconv.Atoi(address.Port()))),
testcontainers.WithExposedPorts("8080/tcp", "9901/tcp", "10000/tcp"),
testcontainers.WithLogConsumers(&TestLogConsumer{t: t}),
testcontainers.WithWaitStrategy(wait.ForLog("Listening on").WithStartupTimeout(time.Second*5)),
)
require.NoError(t, err)
defer testcontainers.TerminateContainer(container)
oidcProviderEndpoint := address.String()
sparkleEndpoint, err := container.PortEndpoint(ctx, "8080", "http")
require.NoError(t, err)
envoyEndpoint, err := container.PortEndpoint(ctx, "10000", "http")
require.NoError(t, err)
paths := []string{
envoyEndpoint + "/",
envoyEndpoint + "/health",
oidcProviderEndpoint + mockoidc.DiscoveryEndpoint,
sparkleEndpoint + "/",
sparkleEndpoint + "/favicon.ico",
sparkleEndpoint + "/health",
}
client := &http.Client{Timeout: 5 * time.Second}
for _, path := range paths {
t.Run(path, func(t *testing.T) {
request, err := http.NewRequestWithContext(ctx, http.MethodGet, path, nil)
response, err := client.Do(request)
require.NoError(t, err)
assert.Equal(t, http.StatusOK, response.StatusCode)
})
}
t.Run("UI", func(t *testing.T) {
if env.Fetch("SKIP_E2E", "") != "" {
t.Skip()
}
_ = playwright.Install()
pw := x.Must(playwright.Run())
browser := x.Must(pw.Firefox.Launch(playwright.BrowserTypeLaunchOptions{
Headless: playwright.Bool(env.Fetch("HEADLESS", "true") == "true"),
SlowMo: playwright.Float(1000),
}))
page := x.Must(browser.NewPage())
defer browser.Close()
defer pw.Stop()
t.Run("initiates an OIDC login", func(t *testing.T) {
require.NoError(t, page.Context().ClearCookies())
response, err := page.Goto(sparkleEndpoint + "/")
require.NoError(t, err)
assert.True(t, response.Ok())
})
})
}
|
