diff --git a/ui/e2e/tests/superuser/access/entities.spec.ts b/ui/e2e/tests/superuser/access/entities.spec.ts new file mode 100644 index 0000000000..226d679cd1 --- /dev/null +++ b/ui/e2e/tests/superuser/access/entities.spec.ts @@ -0,0 +1,101 @@ +/** + * Copyright IBM Corp. 2016, 2025 + * SPDX-License-Identifier: BUSL-1.1 + */ + +import { test, expect } from '@playwright/test'; + +test('entities workflow', async ({ page }) => { + await test.step('should display entities page', async () => { + await page.goto('dashboard'); + await page.getByRole('link', { name: 'Access control' }).click(); + await page.getByRole('link', { name: 'Entities' }).click(); + await expect(page.getByRole('heading', { name: 'Entities', exact: true })).toContainText('Entities'); + await expect(page.getByRole('heading', { name: 'No entities yet' })).toContainText('No entities yet'); + await expect(page.getByText('A list of entities in this')).toContainText( + 'A list of entities in this namespace will be listed here. Create your first entity to get started.' + ); + }); + + await test.step('create policy', async () => { + await page.getByRole('link', { name: 'ACL Policies' }).click(); + await page.getByRole('link', { name: 'Create ACL policy' }).click(); + await page.getByRole('textbox', { name: 'Policy name' }).click(); + await page.getByRole('textbox', { name: 'Policy name' }).fill('test-policy'); + await page.getByRole('radio', { name: 'Code editor' }).check(); + await page + .getByRole('textbox', { name: 'Policy editor' }) + .fill('path "auth/token/lookup-self" { capabilities = ["read"]}'); + await page.getByRole('button', { name: 'Create policy' }).click(); + await page.getByRole('link', { name: 'Entities' }).click(); + }); + + await test.step('create entity', async () => { + await page.getByRole('link', { name: 'Create entity' }).click(); + await page.getByRole('textbox', { name: 'Name' }).fill('entity-1'); + await page.getByRole('textbox', { name: 'Key' }).fill('hello'); + await page.getByRole('textbox', { name: 'Value' }).fill('world'); + await page.locator('.ember-basic-dropdown-trigger').first().click(); + await page.locator('.ember-power-select-option', { hasText: 'test-policy' }).click(); + await page.getByRole('button', { name: 'Create' }).click(); + }); + + await test.step('should display entity detail page', async () => { + await expect(page.getByRole('heading', { name: 'entity-' })).toContainText('entity-1'); + await page.locator('div:nth-child(2) > .column.is-flex-center').click(); + await expect(page.getByText('Name entity-')).toBeVisible(); + }); + + await test.step('should display correct entity information on each tab', async () => { + // Aliases tab + await expect(page.getByRole('link', { name: 'Aliases' })).toBeVisible(); + await page.getByRole('link', { name: 'Aliases' }).click(); + await expect(page.getByRole('heading', { name: 'No entity aliases for entity-1 yet' })).toBeVisible(); + + // Policies tab + await expect(page.getByRole('link', { name: 'Policies', exact: true })).toBeVisible(); + await page.getByRole('link', { name: 'Policies', exact: true }).click(); + await expect(page.locator('section')).toContainText('test-policy'); + await page.getByRole('button', { name: 'Identity policy management' }).click(); + await page.getByRole('link', { name: 'View policy', exact: true }).click(); + await page.getByText('Vault ACL policies test-policy test-policy Download policy').click(); + await expect(page.getByText('Vault ACL policies test-policy test-policy Download policy')).toBeVisible(); + await page.getByRole('link', { name: 'Entities' }).click(); + await page.getByRole('link', { name: 'entity-1', exact: true }).click(); + + // Groups tab + await expect(page.getByRole('link', { name: 'Groups' }).nth(1)).toBeVisible(); + await page.getByRole('link', { name: 'Groups' }).nth(1).click(); + await expect( + page.getByRole('heading', { name: 'entity-1 is not a member of any groups.' }) + ).toBeVisible(); + + // Metadata tab + await page.getByRole('link', { name: 'Metadata' }).click(); + await expect(page.getByText('hello world')).toBeVisible(); + await expect(page.getByRole('link', { name: 'Metadata' })).toBeVisible(); + }); + + await test.step('create and view aliases', async () => { + await page.getByRole('link', { name: 'Add alias' }).click(); + await expect(page.getByRole('heading', { name: 'Create Entity Alias for' })).toBeVisible(); + await page.getByRole('textbox', { name: 'Name' }).fill('alias-1'); + await page.getByRole('button', { name: 'Create' }).click(); + await expect(page.locator('.hds-page-header__title-wrapper')).toBeVisible(); + + await page.getByRole('link', { name: 'Edit entity alias' }).click(); + await expect(page.locator('.hds-page-header__title-wrapper')).toBeVisible(); + await page.getByRole('link', { name: 'Entity aliases' }).click(); + await expect(page.getByRole('link', { name: 'alias-1', exact: true })).toBeVisible(); + }); + + await test.step('cleanup by deleting entities if it was not deleted in previous step', async () => { + await page.getByLabel('navigation for entities').getByRole('link', { name: 'Entities' }).click(); + await page.getByRole('button', { name: 'Identity management options' }).click(); + await page.getByRole('button', { name: 'Delete' }).click(); + await page.getByRole('button', { name: 'Confirm' }).click(); + await expect(page.getByRole('heading', { name: 'No entities yet' })).toBeVisible(); + await page.getByRole('link', { name: 'Aliases' }).click(); + await expect(page.getByRole('heading', { name: 'No entity aliases yet' })).toBeVisible(); + }); +}); diff --git a/ui/e2e/tests/superuser/access/groups.spec.ts b/ui/e2e/tests/superuser/access/groups.spec.ts new file mode 100644 index 0000000000..26e5598234 --- /dev/null +++ b/ui/e2e/tests/superuser/access/groups.spec.ts @@ -0,0 +1,87 @@ +/** + * Copyright IBM Corp. 2016, 2025 + * SPDX-License-Identifier: BUSL-1.1 + */ + +import { test, expect } from '@playwright/test'; + +test('groups workflow', async ({ page }) => { + await test.step('should display groups page', async () => { + await page.goto('dashboard'); + await page.getByRole('link', { name: 'Access control' }).click(); + await page.getByRole('link', { name: 'Groups' }).click(); + await expect(page.getByRole('heading', { name: 'Groups', exact: true })).toContainText('Groups'); + await expect(page.getByRole('heading', { name: 'No groups yet' })).toContainText('No groups yet'); + await expect(page.getByText('A list of groups in this')).toContainText( + 'A list of groups in this namespace will be listed here. Create your first group to get started.' + ); + }); + + await test.step('create policy', async () => { + await page.getByRole('link', { name: 'ACL Policies' }).click(); + await page.getByRole('link', { name: 'Create ACL policy' }).click(); + await page.getByRole('textbox', { name: 'Policy name' }).click(); + await page.getByRole('textbox', { name: 'Policy name' }).fill('test-policy'); + await page.getByRole('radio', { name: 'Code editor' }).check(); + await page + .getByRole('textbox', { name: 'Policy editor' }) + .fill('path "auth/token/lookup-self" { capabilities = ["read"]}'); + await page.getByRole('button', { name: 'Create policy' }).click(); + await page.getByRole('link', { name: 'Groups' }).click(); + }); + + await test.step('create group', async () => { + await page.getByRole('link', { name: 'Create group' }).click(); + await page.getByRole('textbox', { name: 'Name' }).fill('group-1'); + await page.getByRole('textbox', { name: 'Key' }).fill('hello'); + await page.getByRole('textbox', { name: 'Value' }).fill('world'); + await page.locator('.ember-basic-dropdown-trigger').first().click(); + await page.locator('.ember-power-select-option', { hasText: 'test-policy' }).click(); + await page.getByRole('button', { name: 'Create' }).click(); + }); + + await test.step('should display group detail page', async () => { + await expect(page.getByRole('heading', { name: 'group-' })).toContainText('group-1'); + await page.locator('div:nth-child(2) > .column.is-flex-center').click(); + await expect(page.getByText('Name group-')).toBeVisible(); + }); + + await test.step('should display correct group information on each tab', async () => { + // Policies tab + await expect(page.getByRole('link', { name: 'Policies', exact: true })).toBeVisible(); + await page.getByRole('link', { name: 'Policies', exact: true }).click(); + await expect(page.locator('section')).toContainText('test-policy'); + await page.getByRole('button', { name: 'Identity policy management' }).click(); + await page.getByRole('link', { name: 'View policy', exact: true }).click(); + await page.getByText('Vault ACL policies test-policy test-policy Download policy').click(); + await expect(page.getByText('Vault ACL policies test-policy test-policy Download policy')).toBeVisible(); + await page.getByRole('link', { name: 'Groups' }).click(); + await page.getByRole('link', { name: 'group-1', exact: true }).click(); + + // Members tab + await expect(page.getByRole('link', { name: 'Members' })).toBeVisible(); + await page.getByRole('link', { name: 'Members' }).click(); + await expect(page.getByRole('heading', { name: 'No members in this group yet' })).toBeVisible(); + + // Parent groups tab + await expect(page.getByRole('link', { name: 'Parent groups' })).toBeVisible(); + await page.getByRole('link', { name: 'Parent groups' }).click(); + await expect(page.getByRole('heading', { name: 'This group has no parent' })).toBeVisible(); + + // Metadata tab + await page.getByRole('link', { name: 'Metadata' }).click(); + await expect(page.getByText('hello world')).toBeVisible(); + await expect(page.getByRole('link', { name: 'Metadata' })).toBeVisible(); + }); + + await test.step('edit and delete group', async () => { + await page.getByRole('link', { name: 'Edit group' }).click(); + await expect(page.getByRole('heading', { name: 'Edit Group-1' })).toContainText('Edit Group-1'); + await page.getByRole('button', { name: 'Delete group' }).click(); + await page.getByRole('button', { name: 'Confirm' }).click(); + }); + + await test.step('should show empty state after group deletion', async () => { + await expect(page.getByRole('heading', { name: 'No groups yet' })).toContainText('No groups yet'); + }); +}); diff --git a/ui/e2e/tests/superuser/mfa.ent.spec.ts b/ui/e2e/tests/superuser/mfa.ent.spec.ts new file mode 100644 index 0000000000..7cef098ab5 --- /dev/null +++ b/ui/e2e/tests/superuser/mfa.ent.spec.ts @@ -0,0 +1,72 @@ +/** + * Copyright IBM Corp. 2016, 2025 + * SPDX-License-Identifier: BUSL-1.1 + */ + +import { expect, test } from '@playwright/test'; + +test('mfa workflow', async ({ page }) => { + await page.goto('dashboard'); + + await test.step('create userpass auth method and user', async () => { + await page.getByRole('link', { name: 'Access control' }).click(); + await page.getByRole('link', { name: 'Authentication methods' }).click(); + await page.getByRole('link', { name: 'Enable new method' }).click(); + await page.getByLabel('Userpass').click(); + await page.getByRole('button', { name: 'Enable method' }).click(); + await page.getByRole('button', { name: 'Update options' }).click(); + + await page.getByRole('link', { name: 'Type of auth mount userpass/' }).click(); + await page.getByLabel('toolbar actions').getByRole('link', { name: 'Create user' }).click(); + await page.getByRole('textbox', { name: 'Username' }).fill('bob'); + await page.getByRole('textbox', { name: 'password', exact: true }).fill('bobpassword'); + await page.getByRole('button', { name: 'Save' }).click(); + await expect(page.getByRole('link', { name: 'bob', exact: true })).toBeVisible(); + }); + + await test.step('navigate to MFA page', async () => { + await page.getByRole('link', { name: 'Multi-factor authentication' }).click(); + await expect(page.getByRole('img', { name: 'MFA configure diagram' })).toBeVisible(); + }); + + await test.step('create method with enforcement', async () => { + await page.getByRole('link', { name: 'Configure MFA' }).click(); + await page.getByRole('radio', { name: 'TOTP' }).check(); + await page.getByRole('button', { name: 'Next' }).click(); + await page.getByRole('textbox', { name: 'Issuer' }).fill('mfa-totp-issuer'); + await page.getByLabel('TTL unit for Period').selectOption('m'); + await page.getByRole('textbox', { name: 'Number of units' }).fill('5'); + await page.getByRole('radio', { name: 'SHA1' }).check(); + await page.getByRole('radio', { name: '6', exact: true }).check(); + await page.getByRole('textbox', { name: 'Name' }).fill('mfa-totp-enforcement'); + await page.getByLabel('target-type').selectOption('method'); + await page.getByLabel('Auth method').locator('select').selectOption('userpass'); + await page.getByRole('button', { name: 'Add' }).click(); + await page.getByRole('button', { name: 'Continue' }).click(); + + await expect(page.getByText('Issuer mfa-totp-issuer')).toBeVisible(); + await expect(page.getByText('Period 5 minutes')).toBeVisible(); + await expect(page.getByText('Digits TOTP code length. 6')).toBeVisible(); + await expect(page.getByText('Enable self-enrollment No')).toBeVisible(); + await page.getByRole('link', { name: 'Enforcements' }).click(); + await expect(page.getByRole('link', { name: 'mfa-totp-enforcement' })).toBeVisible(); + }); + + await test.step('verify mfa enforcement on login', async () => { + await page.getByRole('button', { name: 'User menu' }).click(); + await page.getByRole('link', { name: 'Log out' }).click(); + + await page.getByLabel('Method').selectOption('userpass'); + await page.getByRole('textbox', { name: 'Username' }).fill('bob'); + await page.getByRole('textbox', { name: 'Password' }).fill('bobpassword'); + await page.getByRole('button', { name: 'Sign in' }).click(); + + await expect(page.getByRole('heading', { name: 'Multi-factor authentication' })).toBeVisible(); + await page.getByText('Enter your authentication code to log in. TOTP passcode').click(); + await page.getByRole('textbox', { name: 'TOTP passcode' }).fill('12'); + await page.getByRole('button', { name: 'Verify' }).click(); + await expect(page.getByRole('alert', { name: 'Error' })).toBeVisible(); + await page.getByRole('button', { name: 'Cancel' }).click(); + await expect(page.getByRole('heading', { name: 'Sign in to Vault' })).toBeVisible(); + }); +}); diff --git a/ui/e2e/tests/superuser/namespace.spec.ts b/ui/e2e/tests/superuser/namespace.spec.ts index 1bec0ba35e..76b12abc30 100644 --- a/ui/e2e/tests/superuser/namespace.spec.ts +++ b/ui/e2e/tests/superuser/namespace.spec.ts @@ -6,20 +6,33 @@ import { test, expect } from '@playwright/test'; test('namespace workflow', async ({ page }) => { - await page.goto('dashboard'); - // nav to namespaces and create a new namespace - await page.getByRole('link', { name: 'Access control' }).click(); - await page.getByRole('link', { name: 'Namespaces' }).click(); - await page.getByRole('link', { name: 'Create namespace' }).click(); - await page.getByRole('textbox', { name: 'Path' }).fill('testNamespace'); - await page.getByRole('button', { name: 'Save' }).click(); + await test.step('create namespace', async () => { + await page.goto('dashboard'); + await page.getByRole('link', { name: 'Access control' }).click(); + await page.getByRole('link', { name: 'Namespaces' }).click(); + await page.getByRole('link', { name: 'Create namespace' }).click(); + await page.getByRole('textbox', { name: 'Path' }).fill('testNamespace'); + await page.getByRole('button', { name: 'Save' }).click(); + }); - // click on the namespace picker in the top navbar and switch to the new namespace - await page.getByRole('button', { name: 'root' }).click(); - await page.getByRole('option', { name: 'testNamespace' }).click(); + await test.step('should display the new namespace in the namespace picker and switch to it', async () => { + await page.getByRole('button', { name: 'root' }).click(); + await page.getByRole('option', { name: 'testNamespace' }).click(); + }); - // verify that we are switched into the new namespace by checking for the namespace name in the header - await expect(page.locator('#app-main-content').getByText('testNamespace')).toBeVisible(); + await test.step('should switch to the new namespace and display the correct header', async () => { + await expect(page.locator('#app-main-content').getByText('testNamespace')).toBeVisible(); + }); + + await test.step('delete namespace', async () => { + await page.getByRole('button', { name: 'testNamespace' }).click(); + await page.getByRole('option', { name: 'root' }).click(); + await page.getByRole('link', { name: 'Access control' }).click(); + await page.getByRole('link', { name: 'Namespaces' }).click(); + await page.getByRole('button', { name: 'More options' }).click(); + await page.getByRole('button', { name: 'Delete' }).click(); + await page.getByRole('button', { name: 'Confirm' }).click(); + }); }); test('namespace wizard workflow', async ({ page }) => { diff --git a/ui/e2e/tests/superuser/oidc.spec.ts b/ui/e2e/tests/superuser/oidc.spec.ts index 82cc44075b..1c71ac97bc 100644 --- a/ui/e2e/tests/superuser/oidc.spec.ts +++ b/ui/e2e/tests/superuser/oidc.spec.ts @@ -95,7 +95,6 @@ test('oidc workflow', async ({ page }) => { await page.getByRole('link', { name: 'Create assignment' }).click(); await page.getByRole('textbox', { name: 'Name' }).fill('oidc-assignment'); await page.getByLabel('Entities').getByText('Search').click(); - await page.locator('div').filter({ hasText: 'Vault Assignments Create' }).nth(1).click(); await page.getByRole('button', { name: 'Create' }).click(); await expect(page.getByText('At least one entity or group')).toBeVisible(); await page.getByLabel('Groups').getByText('Search').click();