From 20540b735a33fae1340f0c2f6a3cac5fbae1b407 Mon Sep 17 00:00:00 2001 From: Anton Baliasnikov Date: Mon, 20 Nov 2023 07:44:48 +0000 Subject: [PATCH] test: configurable integration tests support (#772) Signed-off-by: Anton Baliasnikov Signed-off-by: Shota Jolbordi --- .github/workflows/integration-tests.yml | 46 +--- .github/workflows/prism-unit-tests.yml | 21 -- .github/workflows/unit-tests-common.yml | 77 ------ .github/workflows/unit-tests.yml | 69 +++++ README.md | 2 +- tests/integration-tests/build.gradle.kts | 2 + .../src/test/kotlin/config/AgentConf.kt | 4 +- .../src/test/kotlin/config/AgentInitConf.kt | 12 + .../src/test/kotlin/config/Config.kt | 4 +- .../src/test/kotlin/config/GlobalConf.kt | 6 +- .../src/test/kotlin/config/ServicesConf.kt | 31 +++ .../src/test/kotlin/features/CommonSteps.kt | 253 ++++++++++++++---- .../interactions/AuthRestInteraction.kt | 14 +- .../src/test/resources/configs/basic.conf | 47 ++++ .../src/test/resources/configs/double.conf | 75 ++++++ .../src/test/resources/configs/keycloak.conf | 70 +++++ .../src/test/resources/containers/agent.yml | 66 +++++ .../test/resources/containers/keycloak.yml | 13 + .../containers/postgres/init-script.sh | 24 ++ .../containers/postgres/max_conns.sql | 1 + .../src/test/resources/containers/vault.yml | 20 ++ .../src/test/resources/containers/vdr.yml | 28 ++ .../src/test/resources/tests.conf | 32 --- 23 files changed, 681 insertions(+), 236 deletions(-) delete mode 100644 .github/workflows/prism-unit-tests.yml delete mode 100644 .github/workflows/unit-tests-common.yml create mode 100644 .github/workflows/unit-tests.yml create mode 100644 tests/integration-tests/src/test/kotlin/config/AgentInitConf.kt create mode 100644 tests/integration-tests/src/test/kotlin/config/ServicesConf.kt create mode 100644 tests/integration-tests/src/test/resources/configs/basic.conf create mode 100644 tests/integration-tests/src/test/resources/configs/double.conf create mode 100644 tests/integration-tests/src/test/resources/configs/keycloak.conf create mode 100644 tests/integration-tests/src/test/resources/containers/agent.yml create mode 100644 tests/integration-tests/src/test/resources/containers/keycloak.yml create mode 100755 tests/integration-tests/src/test/resources/containers/postgres/init-script.sh create mode 100644 tests/integration-tests/src/test/resources/containers/postgres/max_conns.sql create mode 100644 tests/integration-tests/src/test/resources/containers/vault.yml create mode 100644 tests/integration-tests/src/test/resources/containers/vdr.yml delete mode 100644 tests/integration-tests/src/test/resources/tests.conf diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index ce047ef1a8..f448dfdae2 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -20,7 +20,7 @@ defaults: jobs: run-integration-tests: - name: "Run e2e tests" + name: "Run integration tests" runs-on: ubuntu-latest env: REPORTS_DIR: "tests/integration-tests/target/site/serenity" @@ -50,49 +50,17 @@ jobs: legacy: true # will also install in PATH as `docker-compose` - name: Build local version of PRISM Agent + id: build_local_prism_agent env: - ENV_FILE: "infrastructure/local/.env" PRISM_AGENT_PATH: "../.." + ENV_FILE: "infrastructure/local/.env" GITHUB_ACTOR: ${{ secrets.ATALA_GITHUB_ACTOR }} GITHUB_TOKEN: ${{ secrets.ATALA_GITHUB_TOKEN }} run: | cd "${PRISM_AGENT_PATH}" || exit 129 sbt docker:publishLocal - PRISM_AGENT_VERSION=$(cut version.sbt -d '=' -f2 | tr -d '" ') - sed -i.bak "s/PRISM_AGENT_VERSION=.*/PRISM_AGENT_VERSION=${PRISM_AGENT_VERSION}/" "${ENV_FILE}" && rm -f "${ENV_FILE}.bak" - cat "${ENV_FILE}" - - - name: Start Cloud Agent for issuer and verifier - env: - PORT: 8080 - ADMIN_TOKEN: "admin" - DEFAULT_WALLET_ENABLED: "false" - API_KEY_AUTO_PROVISIONING: "false" - API_KEY_ENABLED: "true" - DOCKERHOST: "host.docker.internal" - uses: isbang/compose-action@v1.4.1 - with: - compose-file: "./infrastructure/shared/docker-compose-demo.yml" - compose-flags: "--env-file ./infrastructure/local/.env -p issuer" - up-flags: "--wait" - down-flags: "--volumes" - - - name: Start Cloud Agent for holder - env: - PORT: 8090 - ADMIN_TOKEN: admin - DEFAULT_WALLET_ENABLED: true - DEFAULT_WALLET_WEBHOOK_URL: http://host.docker.internal:9956 - DEFAULT_WALLET_AUTH_API_KEY: default - API_KEY_AUTO_PROVISIONING: false - API_KEY_ENABLED: true - DOCKERHOST: "host.docker.internal" - uses: isbang/compose-action@v1.4.1 - with: - compose-file: "./infrastructure/shared/docker-compose-demo.yml" - compose-flags: "--env-file ./infrastructure/local/.env -p holder" - up-flags: "--wait" - down-flags: "--volumes" + echo "open_enterprise_agent_version=$(cut -d'=' -f2 version.sbt | tr -d '" ')" >> "${GITHUB_OUTPUT}" + echo "prism_node_version=$(grep PRISM_NODE_VERSION infrastructure/local/.env | cut -d'=' -f2 | tr -d ' ')" >> "${GITHUB_OUTPUT}" - uses: actions/setup-java@v3 with: @@ -101,6 +69,8 @@ jobs: - name: Run integration tests env: + PRISM_NODE_VERSION: ${{ steps.build_local_prism_agent.outputs.prism_node_version }} + OPEN_ENTERPRISE_AGENT_VERSION: ${{ steps.build_local_prism_agent.outputs.open_enterprise_agent_version }} ATALA_GITHUB_ACTOR: ${{ secrets.ATALA_GITHUB_ACTOR }} ATALA_GITHUB_TOKEN: ${{ secrets.ATALA_GITHUB_TOKEN }} continue-on-error: true @@ -164,6 +134,6 @@ jobs: Failed: ${{ steps.analyze_test_results.outputs.failures }} Errors in tests: ${{ steps.analyze_test_results.outputs.errors }} Skipped (known bugs): ${{ steps.analyze_test_results.outputs.skipped }} - SLACK_TITLE: "Atala PRISM V2 Integration tests: ${{ steps.analyze_test_results.outputs.conclusion }}" + SLACK_TITLE: "Open Enterprise Agent Integration Tests: ${{ steps.analyze_test_results.outputs.conclusion }}" SLACK_USERNAME: circleci SLACK_WEBHOOK: ${{ secrets.E2E_TESTS_SLACK_WEBHOOK }} diff --git a/.github/workflows/prism-unit-tests.yml b/.github/workflows/prism-unit-tests.yml deleted file mode 100644 index 13db3c8f0d..0000000000 --- a/.github/workflows/prism-unit-tests.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Atala PRISM unit tests - -# Cancel previously running workflows if new commit pushed to the branch -# this will help to push fixes earlier and stop previous workflows -concurrency: - group: ${{ github.head_ref }}${{ github.ref }}-atala-prism - cancel-in-progress: true - -on: - push: - branches: - - "main" - pull_request: - -jobs: - build-and-test-atala-prism: - uses: ./.github/workflows/unit-tests-common.yml - with: - component-name: "Atala PRISM" - component-dir: "." - secrets: inherit diff --git a/.github/workflows/unit-tests-common.yml b/.github/workflows/unit-tests-common.yml deleted file mode 100644 index 26c0ec134d..0000000000 --- a/.github/workflows/unit-tests-common.yml +++ /dev/null @@ -1,77 +0,0 @@ -name: Scala build and unit tests - -on: - workflow_call: - inputs: - component-name: - required: true - type: string - component-dir: - required: true - type: string - measure-coverage: - required: false - type: boolean - default: true - -jobs: - build-and-unit-tests: - name: "Build and unit tests for ${{ inputs.component-name }}" - runs-on: self-hosted - container: - image: ghcr.io/hyperledger-labs/ci-debian-jdk-22:0.1.0 - volumes: - - /nix:/nix - credentials: - username: ${{ secrets.ATALA_GITHUB_ACTOR }} - password: ${{ secrets.ATALA_GITHUB_TOKEN }} - env: - GITHUB_TOKEN: ${{ secrets.ATALA_GITHUB_TOKEN }} - TESTCONTAINERS_RYUK_DISABLED: true - defaults: - run: - working-directory: ${{ inputs.component-dir }} - steps: - - name: Git checkout (merge) - uses: actions/checkout@v3 - if: github.event_name != 'pull_request' - with: - fetch-depth: 0 - - - name: Git checkout (PR) - uses: actions/checkout@v3 - if: github.event_name == 'pull_request' - with: - fetch-depth: 0 - # see: https://frontside.com/blog/2020-05-26-github-actions-pull_request/#how-does-pull_request-affect-actionscheckout - ref: ${{ github.event.pull_request.head.sha }} - - - name: Run Scala formatter - run: sbt scalafmtCheckAll - - - name: Run Unit Tests - run: | - # Workaround for container runners to correctly restore - # https://github.com/actions/runner/issues/863 - echo HOME=/root >> "${GITHUB_ENV}" - sbt -v coverage test coverageAggregate - - - name: Upload coverage data to Coveralls - run: sbt coveralls - env: - COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} - - - name: Aggregate test reports - if: always() - uses: ./.github/actions/aggregate-test-reports - with: - tests-dir: ${{ inputs.component-dir }} - - - name: Publish test results - # Publish even if the previous test step fails - if: always() - uses: EnricoMi/publish-unit-test-result-action@v2 - with: - junit_files: "${{ inputs.component-dir }}/target/test-reports/**/TEST-*.xml" - comment_title: "${{ inputs.component-name }} Test Results" - check_name: "${{ inputs.component-name }} Test Results" diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml new file mode 100644 index 0000000000..9d0c73dd1a --- /dev/null +++ b/.github/workflows/unit-tests.yml @@ -0,0 +1,69 @@ +name: Unit tests + +# Cancel previously running workflows if new commit pushed to the branch +# this will help to push fixes earlier and stop previous workflows +concurrency: + group: ${{ github.head_ref }}${{ github.ref }}-unit-tests + cancel-in-progress: true + +on: + push: + branches: + - "main" + pull_request: + +jobs: + build-and-unit-tests: + name: "Build and unit tests" + runs-on: self-hosted + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + container: + image: ghcr.io/hyperledger-labs/ci-debian-jdk-22:0.1.0 + volumes: + - /nix:/nix + env: + TESTCONTAINERS_RYUK_DISABLED: true + steps: + - name: Git checkout (merge) + uses: actions/checkout@v3 + if: github.event_name != 'pull_request' + with: + fetch-depth: 0 + + - name: Git checkout (PR) + uses: actions/checkout@v3 + if: github.event_name == 'pull_request' + with: + fetch-depth: 0 + # see: https://frontside.com/blog/2020-05-26-github-actions-pull_request/#how-does-pull_request-affect-actionscheckout + ref: ${{ github.event.pull_request.head.sha }} + + - name: Download dependencies + run: sbt +update + + - name: Check formatting + run: sbt scalafmtCheckAll + + - name: Run unit tests + env: + HOME: /root + run: | + sbt -v coverage test coverageAggregate + + - name: Upload coverage to Coveralls + env: + COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} + run: sbt coveralls + + - name: Aggregate test reports + if: always() + uses: ./.github/actions/aggregate-test-reports + + - name: Publish test results + if: always() + uses: EnricoMi/publish-unit-test-result-action@v2 + with: + junit_files: "./target/test-reports/**/TEST-*.xml" + comment_title: "Unit Test Results" + check_name: "Unit Test Results" diff --git a/README.md b/README.md index 19a45729d3..07420f4b1e 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@

Coverage Status - Unit tests + Unit tests End-to-end tests Performance tests

diff --git a/tests/integration-tests/build.gradle.kts b/tests/integration-tests/build.gradle.kts index ea7b9a924f..221265ae72 100644 --- a/tests/integration-tests/build.gradle.kts +++ b/tests/integration-tests/build.gradle.kts @@ -44,6 +44,8 @@ dependencies { // Hoplite for configuration implementation("com.sksamuel.hoplite:hoplite-core:2.7.5") implementation("com.sksamuel.hoplite:hoplite-hocon:2.7.5") + // Kotlin compose + testImplementation("org.testcontainers:testcontainers:1.19.1") } buildscript { diff --git a/tests/integration-tests/src/test/kotlin/config/AgentConf.kt b/tests/integration-tests/src/test/kotlin/config/AgentConf.kt index 3918ef0960..38d5e87649 100644 --- a/tests/integration-tests/src/test/kotlin/config/AgentConf.kt +++ b/tests/integration-tests/src/test/kotlin/config/AgentConf.kt @@ -5,7 +5,7 @@ import java.net.URL data class AgentConf( val url: URL, + val apikey: String?, @ConfigAlias("webhook_url") val webhookUrl: URL?, - var apikey: String?, - @ConfigAlias("multi-tenant") val multiTenant: Boolean?, + val init: AgentInitConf?, ) diff --git a/tests/integration-tests/src/test/kotlin/config/AgentInitConf.kt b/tests/integration-tests/src/test/kotlin/config/AgentInitConf.kt new file mode 100644 index 0000000000..3ba21e3cbe --- /dev/null +++ b/tests/integration-tests/src/test/kotlin/config/AgentInitConf.kt @@ -0,0 +1,12 @@ +package config + +import com.sksamuel.hoplite.ConfigAlias + +data class AgentInitConf( + val version: String, + @ConfigAlias("http_port") val httpPort: Int, + @ConfigAlias("didcomm_port") val didcommPort: Int, + @ConfigAlias("secret_storage_backend") val secretStorageBackend: String, + @ConfigAlias("auth_enabled") val authEnabled: Boolean, + @ConfigAlias("keycloak_enabled") val keycloakEnabled: Boolean, +) diff --git a/tests/integration-tests/src/test/kotlin/config/Config.kt b/tests/integration-tests/src/test/kotlin/config/Config.kt index c4abe8b62d..b5f7cd8130 100644 --- a/tests/integration-tests/src/test/kotlin/config/Config.kt +++ b/tests/integration-tests/src/test/kotlin/config/Config.kt @@ -2,8 +2,10 @@ package config data class Config( val global: GlobalConf, + val admin: AgentConf, val issuer: AgentConf, val holder: AgentConf, val verifier: AgentConf, - val admin: AgentConf + val agents: List, + val services: ServicesConf ) diff --git a/tests/integration-tests/src/test/kotlin/config/GlobalConf.kt b/tests/integration-tests/src/test/kotlin/config/GlobalConf.kt index e3e6d89a34..ade1a77c88 100644 --- a/tests/integration-tests/src/test/kotlin/config/GlobalConf.kt +++ b/tests/integration-tests/src/test/kotlin/config/GlobalConf.kt @@ -3,8 +3,6 @@ package config import com.sksamuel.hoplite.ConfigAlias data class GlobalConf( - @ConfigAlias("auth_required") val authRequired: Boolean, - @ConfigAlias("auth_header") val authHeader: String, - @ConfigAlias("admin_auth_header") val adminAuthHeader: String, - @ConfigAlias("admin_apikey") val adminApiKey: String + @ConfigAlias("auth_header") val authHeader: String = "apikey", + @ConfigAlias("admin_auth_header") val adminAuthHeader: String = "x-admin-api-key", ) diff --git a/tests/integration-tests/src/test/kotlin/config/ServicesConf.kt b/tests/integration-tests/src/test/kotlin/config/ServicesConf.kt new file mode 100644 index 0000000000..691afbc4e1 --- /dev/null +++ b/tests/integration-tests/src/test/kotlin/config/ServicesConf.kt @@ -0,0 +1,31 @@ +package config + +import com.sksamuel.hoplite.ConfigAlias + +data class ServicesConf( + @ConfigAlias("prism_node") val prismNode: PrismNodeConf?, + val keycloak: KeycloakConf?, + val vault: VaultConf?, +) + +data class PrismNodeConf( + @ConfigAlias("http_port") val httpPort: Int, + val version: String, +) + +data class KeycloakConf( + @ConfigAlias("http_port") val httpPort: Int, + val realm: String, + @ConfigAlias("client_id") val clientId: String, + @ConfigAlias("client_secret") val clientSecret: String, + val users: List +) + +data class KeycloakUser( + val username: String, + val password: String +) + +data class VaultConf( + @ConfigAlias("http_port") val httpPort: Int, +) diff --git a/tests/integration-tests/src/test/kotlin/features/CommonSteps.kt b/tests/integration-tests/src/test/kotlin/features/CommonSteps.kt index 95a9ab8762..440bea7212 100644 --- a/tests/integration-tests/src/test/kotlin/features/CommonSteps.kt +++ b/tests/integration-tests/src/test/kotlin/features/CommonSteps.kt @@ -2,12 +2,10 @@ package features import com.sksamuel.hoplite.ConfigLoader import common.ListenToEvents -import config.AgentConf -import config.Config +import config.* import features.connection.ConnectionSteps import features.credentials.IssueCredentialsSteps import features.did.PublishDidSteps -import features.multitenancy.EventsSteps import interactions.Get import io.cucumber.java.AfterAll import io.cucumber.java.BeforeAll @@ -23,71 +21,184 @@ import net.serenitybdd.screenplay.actors.Cast import net.serenitybdd.screenplay.actors.OnStage import net.serenitybdd.screenplay.rest.abilities.CallAnApi import org.apache.http.HttpStatus +import org.apache.http.HttpStatus.SC_CREATED import org.apache.http.HttpStatus.SC_OK +import org.testcontainers.containers.ComposeContainer +import org.testcontainers.containers.wait.strategy.Wait +import java.io.File import java.util.* -import kotlin.random.Random - -@OptIn(ExperimentalStdlibApi::class) -fun createWalletAndEntity(agentConf: AgentConf) { - val config = ConfigLoader().loadConfigOrThrow("/tests.conf") - val createWalletResponse = RestAssured - .given().body( - CreateWalletRequest( - name = UUID.randomUUID().toString(), - seed = Random.nextBytes(64).toHexString(), - id = UUID.randomUUID() - ) + +val environments: MutableList = mutableListOf() + +fun initializeVdr(prismNode: PrismNodeConf) { + val vdrEnvironment: ComposeContainer = ComposeContainer( + File("src/test/resources/containers/vdr.yml") + ).withEnv( + mapOf( + "PRISM_NODE_VERSION" to prismNode.version, + "PRISM_NODE_PORT" to prismNode.httpPort.toString() ) - .header(config.global.adminAuthHeader, config.global.adminApiKey) - .post("${agentConf.url}/wallets") - .thenReturn() - Ensure.that(createWalletResponse.statusCode).isEqualTo(HttpStatus.SC_CREATED) - val wallet = createWalletResponse.body.jsonPath().getObject("", WalletDetail::class.java) - val tenantResponse = RestAssured - .given().body( - CreateEntityRequest( - name = UUID.randomUUID().toString(), - walletId = wallet.id - ) + ).waitingFor( + "prism-node", Wait.forLogMessage(".*Server started, listening on.*", 1) + ) + environments.add(vdrEnvironment) + vdrEnvironment.start() +} + +fun initializeKeycloak(keycloakConf: KeycloakConf) { + val keycloakEnvironment: ComposeContainer = ComposeContainer( + File("src/test/resources/containers/keycloak.yml") + ).withEnv( + mapOf( + "KEYCLOAK_HTTP_PORT" to keycloakConf.httpPort.toString(), ) - .header(config.global.adminAuthHeader, config.global.adminApiKey) - .post("${agentConf.url}/iam/entities") - .thenReturn() - Ensure.that(tenantResponse.statusCode).isEqualTo(HttpStatus.SC_CREATED) - val entity = tenantResponse.body.jsonPath().getObject("", EntityResponse::class.java) - val addApiKeyResponse = + ).waitingFor( + "keycloak", Wait.forLogMessage(".*Running the server.*", 1) + ) + environments.add(keycloakEnvironment) + keycloakEnvironment.start() + + // Get admin token + val getAdminTokenResponse = + RestAssured + .given().body("grant_type=password&client_id=admin-cli&username=admin&password=admin") + .contentType("application/x-www-form-urlencoded") + .post("http://localhost:${keycloakConf.httpPort}/realms/master/protocol/openid-connect/token") + .thenReturn() + getAdminTokenResponse.then().statusCode(SC_OK) + val adminToken = getAdminTokenResponse.body.jsonPath().getString("access_token") + + // Create realm + val createRealmResponse = RestAssured .given().body( - ApiKeyAuthenticationRequest( - entityId = entity.id, - apiKey = agentConf.apikey!! + mapOf( + "realm" to keycloakConf.realm, + "enabled" to true, + "accessTokenLifespan" to 3600000 ) ) - .header(config.global.adminAuthHeader, config.global.adminApiKey) - .post("${agentConf.url}/iam/apikey-authentication") - .thenReturn() - Ensure.that(addApiKeyResponse.statusCode).isEqualTo(HttpStatus.SC_CREATED) - val registerIssuerWebhookResponse = + .header("Authorization", "Bearer $adminToken") + .contentType("application/json") + .post("http://localhost:${keycloakConf.httpPort}/admin/realms") + .then().statusCode(SC_CREATED) + + // Create client + val createClientResponse = + RestAssured + .given().body( + mapOf( + "id" to keycloakConf.clientId, + "directAccessGrantsEnabled" to true, + "authorizationServicesEnabled" to true, + "serviceAccountsEnabled" to true, + "secret" to keycloakConf.clientSecret, + )) + .header("Authorization", "Bearer $adminToken") + .contentType("application/json") + .post("http://localhost:${keycloakConf.httpPort}/admin/realms/${keycloakConf.realm}/clients") + .then().statusCode(SC_CREATED) + + // Create users + keycloakConf.users.forEach { keycloakUser -> + RestAssured + .given().body( + mapOf( + "id" to keycloakUser.username, + "username" to keycloakUser.username, + "firstName" to keycloakUser.username, + "enabled" to true, + "credentials" to listOf( + mapOf( + "value" to keycloakUser.password, + "temporary" to false + ) + ) + ) + ) + .header("Authorization", "Bearer $adminToken") + .contentType("application/json") + .post("http://localhost:${keycloakConf.httpPort}/admin/realms/${keycloakConf.realm}/users") + .then().statusCode(SC_CREATED) + } +} + +fun initializeAgent(agentInitConf: AgentInitConf) { + val config = ConfigLoader().loadConfigOrThrow(System.getenv("INTEGRATION_TESTS_CONFIG") ?: "/configs/basic.conf") + val agentConfMap: Map = mapOf( + "OPEN_ENTERPRISE_AGENT_VERSION" to agentInitConf.version, + "API_KEY_ENABLED" to agentInitConf.authEnabled.toString(), + "AUTH_HEADER" to config.global.authHeader, + "ADMIN_AUTH_HEADER" to config.global.adminAuthHeader, + "AGENT_DIDCOMM_PORT" to agentInitConf.didcommPort.toString(), + "AGENT_HTTP_PORT" to agentInitConf.httpPort.toString(), + "PRISM_NODE_PORT" to if (config.services.prismNode != null) + config.services.prismNode.httpPort.toString() else "", + "SECRET_STORAGE_BACKEND" to agentInitConf.secretStorageBackend, + "VAULT_HTTP_PORT" to if (config.services.vault != null && agentInitConf.secretStorageBackend == "vault") + config.services.vault.httpPort.toString() else "", + "KEYCLOAK_ENABLED" to agentInitConf.keycloakEnabled.toString(), + "KEYCLOAK_HTTP_PORT" to if (config.services.keycloak != null && agentInitConf.keycloakEnabled) + config.services.keycloak.httpPort.toString() else "", + "KEYCLOAK_REALM" to if (config.services.keycloak != null && agentInitConf.keycloakEnabled) + config.services.keycloak.realm else "", + "KEYCLOAK_CLIENT_ID" to if (config.services.keycloak != null && agentInitConf.keycloakEnabled) + config.services.keycloak.clientId else "", + "KEYCLOAK_CLIENT_SECRET" to if (config.services.keycloak != null && agentInitConf.keycloakEnabled) + config.services.keycloak.clientSecret else "", + ) + val environment: ComposeContainer = ComposeContainer( + File("src/test/resources/containers/agent.yml") + ).withEnv(agentConfMap).waitingFor("open-enterprise-agent", Wait.forHealthcheck()) + environments.add(environment) + environment.start() +} + +fun initializeWallet(agentConf: AgentConf, bearerToken: String? = "") { + val config = ConfigLoader().loadConfigOrThrow(System.getenv("INTEGRATION_TESTS_CONFIG") ?: "/configs/basic.conf") + val createWalletResponse = + RestAssured + .given().body( + CreateWalletRequest( + name = UUID.randomUUID().toString() + ) + ) + .header("Authorization", "Bearer $bearerToken") + .post("${agentConf.url}/wallets") + .then().statusCode(HttpStatus.SC_CREATED) +} + +fun initializeWebhook(agentConf: AgentConf, bearerToken: String? = "") { + val config = ConfigLoader().loadConfigOrThrow(System.getenv("INTEGRATION_TESTS_CONFIG") ?: "/configs/basic.conf") + val registerWebhookResponse = RestAssured .given().body( CreateWebhookNotification( url = agentConf.webhookUrl!!.toExternalForm() ) ) + .header("Authorization", "Bearer $bearerToken") .header(config.global.authHeader, agentConf.apikey) .post("${agentConf.url}/events/webhooks") + .then().statusCode(HttpStatus.SC_OK) +} + +fun getKeycloakAuthToken(keycloakConf: KeycloakConf, username: String, password: String): String { + val tokenResponse = + RestAssured + .given().body("grant_type=password&client_id=${keycloakConf.clientId}&client_secret=${keycloakConf.clientSecret}&username=${username}&password=${password}") + .contentType("application/x-www-form-urlencoded") + .header("Host", "localhost") + .post("http://localhost:${keycloakConf.httpPort}/realms/${keycloakConf.realm}/protocol/openid-connect/token") .thenReturn() - Ensure.that(registerIssuerWebhookResponse.statusCode).isEqualTo(HttpStatus.SC_CREATED) + tokenResponse.then().statusCode(HttpStatus.SC_OK) + return tokenResponse.body.jsonPath().getString("access_token") } @BeforeAll fun initAgents() { val cast = Cast() - val config = ConfigLoader().loadConfigOrThrow("/tests.conf") - cast.actorNamed( - "Admin", - CallAnApi.at(config.admin.url.toExternalForm()) - ) + val config = ConfigLoader().loadConfigOrThrow(System.getenv("INTEGRATION_TESTS_CONFIG") ?: "/configs/basic.conf") cast.actorNamed( "Acme", CallAnApi.at(config.issuer.url.toExternalForm()), @@ -103,27 +214,62 @@ fun initAgents() { CallAnApi.at(config.verifier.url.toExternalForm()), ListenToEvents.at(config.verifier.webhookUrl!!) ) + cast.actorNamed( + "Admin", + CallAnApi.at(config.admin.url.toExternalForm()) + ) OnStage.setTheStage(cast) - // Create issuer wallet and tenant - if (config.issuer.multiTenant!!) { - createWalletAndEntity(config.issuer) + if (config.services.keycloak != null) { + initializeKeycloak(config.services.keycloak) + } + + if (config.services.prismNode != null) { + initializeVdr(config.services.prismNode) + } + // Initialize the agents + config.agents.forEach { agent -> + initializeAgent(agent) } - // Create verifier wallet - if (config.verifier.multiTenant!!) { - createWalletAndEntity(config.verifier) + + if (config.services.keycloak != null) { + cast.actors.forEach { actor -> + actor.remember("KEYCLOAK_BEARER_TOKEN", getKeycloakAuthToken(config.services.keycloak, actor.name, actor.name)) + when (actor.name) { + "Acme" -> { + initializeWallet(config.issuer, cast.actorNamed(actor.name).recall("KEYCLOAK_BEARER_TOKEN")) + } + "Bob" -> { + initializeWallet(config.holder, cast.actorNamed(actor.name).recall("KEYCLOAK_BEARER_TOKEN")) + } + "Faber" -> { + initializeWallet(config.verifier, cast.actorNamed(actor.name).recall("KEYCLOAK_BEARER_TOKEN")) + } + } + } } + initializeWebhook(config.issuer, cast.actorNamed("Acme").recall("KEYCLOAK_BEARER_TOKEN")) + initializeWebhook(config.holder, cast.actorNamed("Bob").recall("KEYCLOAK_BEARER_TOKEN")) + initializeWebhook(config.verifier, cast.actorNamed("Faber").recall("KEYCLOAK_BEARER_TOKEN")) + cast.actors.forEach { actor -> when (actor.name) { "Acme" -> { actor.remember("AUTH_KEY", config.issuer.apikey) + actor.remember("AUTH_HEADER", config.global.authHeader) } "Bob" -> { actor.remember("AUTH_KEY", config.holder.apikey) + actor.remember("AUTH_HEADER", config.global.authHeader) } "Faber" -> { actor.remember("AUTH_KEY", config.verifier.apikey) + actor.remember("AUTH_HEADER", config.global.authHeader) + } + "Admin" -> { + actor.remember("AUTH_KEY", config.admin.apikey) + actor.remember("AUTH_HEADER", config.global.adminAuthHeader) } } } @@ -132,6 +278,9 @@ fun initAgents() { @AfterAll fun clearStage() { OnStage.drawTheCurtain() + environments.forEach { environment -> + environment.stop() + } } class CommonSteps { diff --git a/tests/integration-tests/src/test/kotlin/interactions/AuthRestInteraction.kt b/tests/integration-tests/src/test/kotlin/interactions/AuthRestInteraction.kt index 881c193dae..d1350973bd 100644 --- a/tests/integration-tests/src/test/kotlin/interactions/AuthRestInteraction.kt +++ b/tests/integration-tests/src/test/kotlin/interactions/AuthRestInteraction.kt @@ -2,23 +2,21 @@ package interactions import com.sksamuel.hoplite.ConfigLoader import config.Config -import io.ktor.util.* import io.restassured.specification.RequestSpecification import net.serenitybdd.screenplay.Actor import net.serenitybdd.screenplay.rest.interactions.RestInteraction abstract class AuthRestInteraction : RestInteraction() { - private val config = ConfigLoader().loadConfigOrThrow("/tests.conf") + private val config = ConfigLoader().loadConfigOrThrow(System.getenv("INTEGRATION_TESTS_CONFIG") ?: "/configs/basic.conf") fun specWithAuthHeaders(actor: T): RequestSpecification { val spec = rest() - if (actor!!.name.toLowerCasePreservingASCIIRules().contains("admin")) { - spec.header(config.global.adminAuthHeader, config.global.adminApiKey) - } else { - if (config.global.authRequired) { - spec.header(config.global.authHeader, actor.recall("AUTH_KEY")) - } + if (config.services.keycloak != null && actor!!.recall("KEYCLOAK_BEARER_TOKEN") != null) { + spec.header("Authorization", "Bearer ${actor!!.recall("KEYCLOAK_BEARER_TOKEN")}") + } + if (actor!!.recall("AUTH_KEY") != null) { + spec.header(actor.recall("AUTH_HEADER"), actor.recall("AUTH_KEY")) } return spec } diff --git a/tests/integration-tests/src/test/resources/configs/basic.conf b/tests/integration-tests/src/test/resources/configs/basic.conf new file mode 100644 index 0000000000..3b30de9fb5 --- /dev/null +++ b/tests/integration-tests/src/test/resources/configs/basic.conf @@ -0,0 +1,47 @@ +# Specify shared services that are used by all agents (if any) +services = { + prism_node = { + http_port = 50053 + version = "${PRISM_NODE_VERSION}" + } +} + +# Specify agents that are required to be created before running tests +agents = [ + { + version = "${OPEN_ENTERPRISE_AGENT_VERSION}" + http_port = 8080 + didcomm_port = 7080 + secret_storage_backend = "postgres" + auth_enabled = true + keycloak_enabled = false + } +] + +global { + auth_header = "${AUTH_HEADER:-apikey}" + admin_auth_header = "${ADMIN_AUTH_HEADER:-x-admin-api-key}" +} + +admin { + url = "${ADMIN_AGENT_URL:-http://localhost:8080}" + apikey = "${ADMIN_API_KEY:-admin}" +} + +issuer { + url = "${ISSUER_AGENT_URL:-http://localhost:8080}" + apikey = "${ISSUER_API_KEY:-${random.string(16)}}" + webhook_url = "${ISSUER_WEBHOOK_URL:-http://host.docker.internal:9955}" +} + +holder { + url = "${HOLDER_AGENT_URL:-http://localhost:8080}" + apikey = "${HOLDER_API_KEY:-${random.string(16)}}" + webhook_url = "${HOLDER_WEBHOOK_URL:-http://host.docker.internal:9956}" +} + +verifier { + url = "${VERIFIER_AGENT_URL:-http://localhost:8080}" + apikey = "${VERIFIER_API_KEY:-${random.string(16)}}" + webhook_url = "${VERIFIER_WEBHOOK_URL:-http://host.docker.internal:9957}" +} diff --git a/tests/integration-tests/src/test/resources/configs/double.conf b/tests/integration-tests/src/test/resources/configs/double.conf new file mode 100644 index 0000000000..871daf4dc7 --- /dev/null +++ b/tests/integration-tests/src/test/resources/configs/double.conf @@ -0,0 +1,75 @@ +# Specify shared services that are used by all agents (if any) +services = { + prism_node = { + http_port = 50053 + version = "${PRISM_NODE_VERSION}" + }, + keycloak = { + http_port = 9980 + realm = "atala-demo" + client_id = "prism-agent" + client_secret = "prism-agent-demo-secret" + users = [ + { + username = "Acme" + password = "Acme" + }, + { + username = "Bob" + password = "Bob" + }, + { + username = "Faber" + password = "Faber" + } + ] + } +} + +# Specify agents that are required to be created before running tests +agents = [ + { + version = "${OPEN_ENTERPRISE_AGENT_VERSION}" + http_port = 8080 + didcomm_port = 7080 + secret_storage_backend = "postgres" + auth_enabled = true + keycloak_enabled = false + }, + { + version = "${OPEN_ENTERPRISE_AGENT_VERSION}" + http_port = 8090 + didcomm_port = 7090 + secret_storage_backend = "postgres" + auth_enabled = false + keycloak_enabled = true + } +] + +global { + auth_header = "${AUTH_HEADER:-apikey}" + admin_auth_header = "${ADMIN_AUTH_HEADER:-x-admin-api-key}" +} + +admin { + url = "${ADMIN_AGENT_URL:-http://localhost:8080}" + apikey = "${ADMIN_API_KEY:-admin}" +} + +issuer { + url = "${ISSUER_AGENT_URL:-http://localhost:8080}" + apikey = "${ISSUER_API_KEY:-${random.string(16)}}" + webhook_url = "${ISSUER_WEBHOOK_URL:-http://host.docker.internal:9955}" +} + +holder { + url = "${HOLDER_AGENT_URL:-http://localhost:8090}" + apikey = "${HOLDER_API_KEY:-${random.string(16)}}" + webhook_url = "${HOLDER_WEBHOOK_URL:-http://host.docker.internal:9956}" +} + +verifier { + url = "${VERIFIER_AGENT_URL:-http://localhost:8080}" + apikey = "${VERIFIER_API_KEY:-${random.string(16)}}" + webhook_url = "${VERIFIER_WEBHOOK_URL:-http://host.docker.internal:9957}" +} diff --git a/tests/integration-tests/src/test/resources/configs/keycloak.conf b/tests/integration-tests/src/test/resources/configs/keycloak.conf new file mode 100644 index 0000000000..5f42199e48 --- /dev/null +++ b/tests/integration-tests/src/test/resources/configs/keycloak.conf @@ -0,0 +1,70 @@ +# Specify shared services that are used by all agents (if any) +services = { + prism_node = { + http_port = 50053 + version = "${PRISM_NODE_VERSION}" + } + keycloak = { + http_port = 9980 + realm = "atala-demo" + client_id = "prism-agent" + client_secret = "prism-agent-demo-secret" + users = [ + { + username = "Acme" + password = "Acme" + }, + { + username = "Bob" + password = "Bob" + }, + { + username = "Faber" + password = "Faber" + } + ] + } + vault = { + http_port = 8200 + } +} + +# Specify agents that are required to be created before running tests +agents = [ + { + version = "${OPEN_ENTERPRISE_AGENT_VERSION}" + http_port = 8080 + didcomm_port = 7080 + secret_storage_backend = "postgres" # can be vault + auth_enabled = false + keycloak_enabled = true + } +] + +global { + auth_header = "${AUTH_HEADER:-apikey}" + admin_auth_header = "${ADMIN_AUTH_HEADER:-x-admin-api-key}" +} + +admin { + url = "${ADMIN_AGENT_URL:-http://localhost:8080}" + apikey = "${ADMIN_API_KEY:-admin}" +} + +issuer { + url = "${ISSUER_AGENT_URL:-http://localhost:8080}" + apikey = "${ISSUER_API_KEY:-${random.string(16)}}" + webhook_url = "${ISSUER_WEBHOOK_URL:-http://host.docker.internal:9955}" +} + +holder { + url = "${HOLDER_AGENT_URL:-http://localhost:8080}" + apikey = "${HOLDER_API_KEY:-${random.string(16)}}" + webhook_url = "${HOLDER_WEBHOOK_URL:-http://host.docker.internal:9956}" +} + +verifier { + url = "${VERIFIER_AGENT_URL:-http://localhost:8080}" + apikey = "${VERIFIER_API_KEY:-${random.string(16)}}" + webhook_url = "${VERIFIER_WEBHOOK_URL:-http://host.docker.internal:9957}" +} diff --git a/tests/integration-tests/src/test/resources/containers/agent.yml b/tests/integration-tests/src/test/resources/containers/agent.yml new file mode 100644 index 0000000000..c82e740a54 --- /dev/null +++ b/tests/integration-tests/src/test/resources/containers/agent.yml @@ -0,0 +1,66 @@ +--- +version: "3.8" + +services: + + # Mandatory PostgreSQL database for the Open Enterprise Agent + postgres: + image: postgres:13 + environment: + POSTGRES_MULTIPLE_DATABASES: "castor,pollux,connect,agent" + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + volumes: + - ./postgres/init-script.sh:/docker-entrypoint-initdb.d/init-script.sh + - ./postgres/max_conns.sql:/docker-entrypoint-initdb.d/max_conns.sql + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres", "-d", "agent"] + interval: 10s + timeout: 5s + retries: 5 + + # Secret storage - hashicorp + + # Open Enterprise Agent + open-enterprise-agent: + image: ghcr.io/input-output-hk/prism-agent:${OPEN_ENTERPRISE_AGENT_VERSION} + environment: + PRISM_NODE_HOST: host.docker.internal + PRISM_NODE_PORT: + CASTOR_DB_HOST: postgres + POLLUX_DB_HOST: postgres + CONNECT_DB_HOST: postgres + AGENT_DB_HOST: postgres + VAULT_TOKEN: root + # Configuration parameters + AGENT_DIDCOMM_PORT: + AGENT_HTTP_PORT: + DIDCOMM_SERVICE_URL: "http://host.docker.internal:${AGENT_DIDCOMM_PORT}" + REST_SERVICE_URL: "http://host.docker.internal:${AGENT_HTTP_PORT}" + AUTH_HEADER: + ADMIN_AUTH_HEADER: + API_KEY_ENABLED: + # Secret storage configuration + SECRET_STORAGE_BACKEND: + VAULT_ADDR: "http://host.docker.internal:${VAULT_HTTP_PORT}" + # Keycloak configuration + KEYCLOAK_ENABLED: + KEYCLOAK_URL: "http://host.docker.internal:${KEYCLOAK_HTTP_PORT}" + KEYCLOAK_REALM: + KEYCLOAK_CLIENT_ID: + KEYCLOAK_CLIENT_SECRET: + KEYCLOAK_UMA_AUTO_UPGRADE_RPT: true # no configurable at the moment + depends_on: + postgres: + condition: service_healthy + ports: + - "${AGENT_DIDCOMM_PORT}:${AGENT_DIDCOMM_PORT}" + - "${AGENT_HTTP_PORT}:${AGENT_HTTP_PORT}" + healthcheck: + test: ["CMD", "curl", "-f", "http://open-enterprise-agent:${AGENT_HTTP_PORT}/_system/health"] + interval: 10s + timeout: 5s + retries: 5 + # Extra hosts for Linux networking + extra_hosts: + - "host.docker.internal:host-gateway" diff --git a/tests/integration-tests/src/test/resources/containers/keycloak.yml b/tests/integration-tests/src/test/resources/containers/keycloak.yml new file mode 100644 index 0000000000..b98a83db3f --- /dev/null +++ b/tests/integration-tests/src/test/resources/containers/keycloak.yml @@ -0,0 +1,13 @@ +--- +version: "3.8" + +services: + + keycloak: + image: quay.io/keycloak/keycloak:22.0.4 + ports: + - "${KEYCLOAK_HTTP_PORT}:8080" + environment: + KEYCLOAK_ADMIN: admin + KEYCLOAK_ADMIN_PASSWORD: admin + command: start-dev --health-enabled=true --hostname-url=http://localhost:${KEYCLOAK_HTTP_PORT} diff --git a/tests/integration-tests/src/test/resources/containers/postgres/init-script.sh b/tests/integration-tests/src/test/resources/containers/postgres/init-script.sh new file mode 100755 index 0000000000..408264cf1e --- /dev/null +++ b/tests/integration-tests/src/test/resources/containers/postgres/init-script.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +set -e +set -u + +function create_user_and_database() { + local database=$1 + local app_user=${database}-application-user + echo " Creating user and database '$database'" + psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL + CREATE USER "$app_user" WITH PASSWORD 'password'; + CREATE DATABASE $database; + \c $database + ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO "$app_user"; + EOSQL +} + +if [ -n "$POSTGRES_MULTIPLE_DATABASES" ]; then + echo "Multiple database creation requested: $POSTGRES_MULTIPLE_DATABASES" + for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ',' ' '); do + create_user_and_database $db + done + echo "Multiple databases created" +fi diff --git a/tests/integration-tests/src/test/resources/containers/postgres/max_conns.sql b/tests/integration-tests/src/test/resources/containers/postgres/max_conns.sql new file mode 100644 index 0000000000..f2a343e505 --- /dev/null +++ b/tests/integration-tests/src/test/resources/containers/postgres/max_conns.sql @@ -0,0 +1 @@ +ALTER SYSTEM SET max_connections = 500; diff --git a/tests/integration-tests/src/test/resources/containers/vault.yml b/tests/integration-tests/src/test/resources/containers/vault.yml new file mode 100644 index 0000000000..a762c5dc0b --- /dev/null +++ b/tests/integration-tests/src/test/resources/containers/vault.yml @@ -0,0 +1,20 @@ +--- +version: "3.8" + +services: + + vault-server: + image: hashicorp/vault:1.13.3 + ports: + - "${VAULT_PORT}:8200" + environment: + VAULT_ADDR: "http://0.0.0.0:8200" + VAULT_DEV_ROOT_TOKEN_ID: root + command: server -dev -dev-root-token-id=root + cap_add: + - IPC_LOCK + healthcheck: + test: ["CMD", "vault", "status"] + interval: 10s + timeout: 5s + retries: 5 diff --git a/tests/integration-tests/src/test/resources/containers/vdr.yml b/tests/integration-tests/src/test/resources/containers/vdr.yml new file mode 100644 index 0000000000..2bc432bbc6 --- /dev/null +++ b/tests/integration-tests/src/test/resources/containers/vdr.yml @@ -0,0 +1,28 @@ +--- +version: "3.8" + +services: + + node-db: + image: postgres:13 + environment: + POSTGRES_DB: "node_db" + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres", "-d", "node_db"] + interval: 10s + timeout: 5s + retries: 5 + + prism-node: + image: ghcr.io/input-output-hk/prism-node:${PRISM_NODE_VERSION} + environment: + NODE_PSQL_HOST: node-db:5432 + NODE_REFRESH_AND_SUBMIT_PERIOD: 1s + NODE_MOVE_SCHEDULED_TO_PENDING_PERIOD: 1s + ports: + - "${PRISM_NODE_PORT}:50053" + depends_on: + node-db: + condition: service_healthy diff --git a/tests/integration-tests/src/test/resources/tests.conf b/tests/integration-tests/src/test/resources/tests.conf deleted file mode 100644 index bd1065b8e6..0000000000 --- a/tests/integration-tests/src/test/resources/tests.conf +++ /dev/null @@ -1,32 +0,0 @@ -global { - auth_required = true - auth_header = "${AUTH_HEADER:-apikey}" - admin_auth_header = "${ADMIN_AUTH_HEADER:-x-admin-api-key}" - admin_apikey = "${ADMIN_API_KEY:-admin}" -} - -admin { - url = "${ADMIN_AGENT_URL:-http://localhost:8080/prism-agent}" - apikey = "${ISSUER_API_KEY:-${random.string(16)}}" -} - -issuer { - url = "${ISSUER_AGENT_URL:-http://localhost:8080/prism-agent}" - webhook_url = "${ISSUER_WEBHOOK_URL:-http://host.docker.internal:9955}" - apikey = "${ISSUER_API_KEY:-${random.string(16)}}" - multi-tenant = true -} - -verifier { - url = "${VERIFIER_AGENT_URL:-http://localhost:8080/prism-agent}" - webhook_url = "${VERIFIER_WEBHOOK_URL:-http://host.docker.internal:9957}" - apikey = "${VERIFIER_API_KEY:-${random.string(16)}}" - multi-tenant = true -} - -holder { - url = "${HOLDER_AGENT_URL:-http://localhost:8090/prism-agent}" - webhook_url = "${HOLDER_WEBHOOK_URL:-http://host.docker.internal:9956}" - apikey = "${HOLDER_API_KEY:-default}" - multi-tenant = false -}