Integration Testing For UDS Identity Config + UDS Core
Cypress Web Flow/Integration Testing Docs
Implemented Tests
| Test Name (link) | Test Description |
|---|---|
| Login Existing User | Login in existing user that is created in the testing realm.json |
| Login Nonexistant User / Incorrect creds | User cannot login / authenticate with incorrect creds or without account |
| Successfuly CAC Registration | New user can successfully register with CAC |
| CAC User Login | New user can successfully login with CAC |
| Duplicate User Registration | User cannot register more than once |
| Password check for special characters | User registration requires password special characters |
| Password check for length | User registration requires password length check |
| Group Authorization | Grafana is deployed to required admin group to authorize |
Cypress Testing
Using uds-cli task uds-core-integration-tests.
Task explanation:
- Cleanup an existing uds-core directory ( mainly for local testing )
- Create docker image that uses the new certs as well as a testing realm.json ( has a defined user, no MFA, and no email verification )
- Clone
uds-corenecessary for setting up k3d cluster to test against - Use that cacert in deploying
uds-coreistio gateways - Create zarf package that combines uds-core and identity-config
- Setup k3d cluster by utilizing
uds-core(istio, keycloak, pepr, zarf) - Deploy zarf package that was created earlier
- Run cypress tests against deployed cluster
Updating Cypress Certs
Cypress testing requires that a ca.cer be created and put into an authorized_certs.zip, done by using the regenerate-test-pki uds task, which is then utilized by the Dockerfile. Once a docker image has been created another command is used for pulling that cacert, uds task cacert, from the image using it’s value to configure uds-core’s gateways, uds-core-gateway-cacert uds task . Eventually cypress will require a pfx cert for its CAC testing.
Our cypress testing utilizes static certs that are created and saved to limit the need for constantly rebuilding and importing those certs.
Follow these steps to update the certs for cypress:
- Run
uds run regenerate-test-pkito regenerate the necessary certs and authorized_certs.zip - Run
docker build --build-arg CA_ZIP_URL="authorized_certs.zip" -t uds-core-config:keycloak --no-cache srcto create docker image - Run
uds run cacertto extract cacert from docker image for the tls_cacert.yaml file - Copy the authorized_certs.zip, test.pfx, and tls_cacert.yaml into the certs directory
mv test.pfx tls_cacert.yaml src/authorized_certs.zip src/cypress/certs/