execute automated external browser tests

snowflakedb · Nov 22, 2024 · c35b58e · c35b58e
1 parent bada542
commit c35b58e
Show file tree

Hide file tree

Showing 9 changed files with 210 additions and 83 deletions.
diff --git a/.github/workflows/parameters_aws_auth_tests.json.gpg b/.github/workflows/parameters_aws_auth_tests.json.gpg
@@ -0,0 +1,3 @@
+�	��P��t�������n4�"���Kx�{3�q��r����*�V}h� I�V_F�-�я[���q��x�/��,�0�N���j���p:k�~�0����;0�fp�tt���QF)q�v5��s٨����>P~TyG;J�b���o��/S����� �u��Na�n�lN���tG����z��-�T�������<S���Nb���jb��Yle�?9��뼽V�Hӡ<y��
+�ƠD[j�sE�?J^�y����u��m_�kL˙�Xv����=zY�b^9�$2Ƌc��eC�]2��!���.����2Y�y��/��H'u�.h��o6��j}ª3��Ib<w�C_r��3�]�g��2���Aݹ�oF
+�ԙ����^�

diff --git a/.gitignore b/.gitignore
@@ -1,7 +1,7 @@
 *.swp
 .idea
 .git
-parameters.json
+parameters*.json
 snowflake-sdk-*.tgz
 dist
 junit*.xml

diff --git a/Jenkinsfile b/Jenkinsfile
@@ -4,6 +4,7 @@ import groovy.json.JsonOutput
 timestamps {
   node('regular-memory-node') {
     stage('checkout') {
+      cleanWs()
       scmInfo = checkout scm
       println("${scmInfo}")
       env.GIT_BRANCH = scmInfo.GIT_BRANCH
@@ -13,8 +14,8 @@ timestamps {
     stage('Build') {
       withCredentials([
         usernamePassword(credentialsId: '063fc85b-62a6-4181-9d72-873b43488411', usernameVariable: 'AWS_ACCESS_KEY_ID', passwordVariable: 'AWS_SECRET_ACCESS_KEY'),
-        string(credentialsId: 'a791118f-a1ea-46cd-b876-56da1b9bc71c',variable: 'NEXUS_PASSWORD')
-        ]) {
+        string(credentialsId: 'a791118f-a1ea-46cd-b876-56da1b9bc71c', variable: 'NEXUS_PASSWORD')
+      ]) {
         sh '''\
         |#!/bin/bash -e
         |export GIT_BRANCH=${GIT_BRANCH}
@@ -23,18 +24,36 @@ timestamps {
         '''.stripMargin()
       }
     }
-    params = [
-      string(name: 'svn_revision', value: 'main'),
-      string(name: 'branch', value: 'main'),
-      string(name: 'client_git_commit', value: scmInfo.GIT_COMMIT),
-      string(name: 'client_git_branch', value: scmInfo.GIT_BRANCH),
-      string(name: 'TARGET_DOCKER_TEST_IMAGE', value: 'nodejs-chainguard-node18'),
-      string(name: 'parent_job', value: env.JOB_NAME),
-      string(name: 'parent_build_number', value: env.BUILD_NUMBER)
-    ]
-    stage('Test') {
-      build job: 'RT-LanguageNodeJS-PC',parameters: params
-    }
+
+    parallel(
+      'Test': {
+        stage('Test') {
+          def params = [
+            string(name: 'svn_revision', value: 'main'),
+            string(name: 'branch', value: 'main'),
+            string(name: 'client_git_commit', value: scmInfo.GIT_COMMIT),
+            string(name: 'client_git_branch', value: scmInfo.GIT_BRANCH),
+            string(name: 'TARGET_DOCKER_TEST_IMAGE', value: 'nodejs-chainguard-node18'),
+            string(name: 'parent_job', value: env.JOB_NAME),
+            string(name: 'parent_build_number', value: env.BUILD_NUMBER)
+          ]
+          build job: 'RT-LanguageNodeJS-PC', parameters: params
+        }
+      },
+      'Test Authentication': {
+        stage('Test Authentication') {
+          withCredentials([
+            string(credentialsId: 'a791118f-a1ea-46cd-b876-56da1b9bc71c', variable: 'NEXUS_PASSWORD'),
+            string(credentialsId: 'sfctest0-parameters-secret', variable: 'PARAMETERS_SECRET')
+          ]) {
+            sh '''\
+              |#!/bin/bash -e
+              |$WORKSPACE/ci/test_authentication.sh
+              '''.stripMargin()
+          }
+        }
+      }
+    )
   }
 }
 
@@ -61,7 +80,7 @@ pipeline {
 }
 
 def wgetUpdateGithub(String state, String folder, String targetUrl, String seconds) {
-    def ghURL = "https://api.github.com/repos/snowflakedb/snowflake-connector-nodejs/statuses/$COMMIT_SHA_LONG"
-    def data = JsonOutput.toJson([state: "${state}", context: "jenkins/${folder}",target_url: "${targetUrl}"])
-    sh "wget ${ghURL} --spider -q --header='Authorization: token $GIT_PASSWORD' --post-data='${data}'"
+  def ghURL = "https://api.github.com/repos/snowflakedb/snowflake-connector-nodejs/statuses/$COMMIT_SHA_LONG"
+  def data = JsonOutput.toJson([state: "${state}", context: "jenkins/${folder}", target_url: "${targetUrl}"])
+  sh "wget ${ghURL} --spider -q --header='Authorization: token $GIT_PASSWORD' --post-data='${data}'"
 }
diff --git a/ci/container/test_authentication.sh b/ci/container/test_authentication.sh
@@ -0,0 +1,8 @@
+#!/bin/bash -e
+
+set -o pipefail
+
+AUTH_PARAMETER_FILE=./.github/workflows/parameters_aws_auth_tests.json
+eval $(jq -r '.authtestparams | to_entries | map("export \(.key)=\(.value|tostring)")|.[]' $AUTH_PARAMETER_FILE)
+
+npm run test:authentication
diff --git a/ci/test_authentication.sh b/ci/test_authentication.sh
@@ -0,0 +1,15 @@
+#!/bin/bash -e
+
+set -o pipefail
+THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+export WORKSPACE=${WORKSPACE:-/tmp}
+
+gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output $THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json "$THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json.gpg"
+
+docker rmi -f nexus.int.snowflakecomputing.com:8086/docker/snowdrivers-test-external-browser:1
+docker run \
+  -v $(cd $THIS_DIR/.. && pwd):/mnt/host \
+  -v $WORKSPACE:/mnt/workspace \
+  --rm \
+  nexus.int.snowflakecomputing.com:8086/docker/snowdrivers-test-external-browser:1 \
+  "/mnt/host/ci/container/test_authentication.sh"
diff --git a/package.json b/package.json
@@ -61,6 +61,7 @@
     "lint:check:all:errorsOnly": "npm run lint:check:all -- --quiet",
     "lint:fix": "eslint --fix",
     "test": "mocha -timeout 180000 --recursive --full-trace test/unit/**/*.js test/unit/*.js",
+    "test:authentication": "mocha --exit -timeout 180000 --recursive --full-trace test/authentication/**/*.js test/authentication/*.js",
     "test:integration": "mocha -timeout 180000 --recursive --full-trace test/integration/**/*.js test/integration/*.js",
     "test:single": "mocha -timeout 180000 --full-trace",
     "test:system": "mocha -timeout 180000 --recursive --full-trace system_test/*.js",

diff --git a/test/authentication/connectionParameters.js b/test/authentication/connectionParameters.js
@@ -0,0 +1,30 @@
+const snowflakeAuthTestProtocol = process.env.SNOWFLAKE_AUTH_TEST_PROTOCOL;
+const snowflakeAuthTestHost = process.env.SNOWFLAKE_AUTH_TEST_HOST;
+const snowflakeAuthTestPort = process.env.SNOWFLAKE_AUTH_TEST_PORT;
+const snowflakeAuthTestAccount = process.env.SNOWFLAKE_AUTH_TEST_ACCOUNT;
+const snowflakeAuthTestRole = process.env.SNOWFLAKE_AUTH_TEST_ROLE;
+const snowflakeTestBrowserUser = process.env.SNOWFLAKE_AUTH_TEST_BROWSER_USER;
+const snowflakeAuthTestOktaPass = process.env.SNOWFLAKE_AUTH_TEST_OKTA_PASS;
+const snowflakeAuthTestDatabase = process.env.SNOWFLAKE_AUTH_TEST_DATABASE;
+const snowflakeAuthTestWarehouse = process.env.SNOWFLAKE_AUTH_TEST_WAREHOUSE;
+const snowflakeAuthTestSchema = process.env.SNOWFLAKE_AUTH_TEST_SCHEMA;
+
+const accessUrlAuthTests = snowflakeAuthTestProtocol + '://' + snowflakeAuthTestHost + ':' +
+  snowflakeAuthTestPort;
+
+const externalBrowser =
+  {
+    accessUrl: accessUrlAuthTests,
+    username: snowflakeTestBrowserUser,
+    account: snowflakeAuthTestAccount,
+    role: snowflakeAuthTestRole,
+    host: snowflakeAuthTestHost,
+    warehouse: snowflakeAuthTestWarehouse,
+    database: snowflakeAuthTestDatabase,
+    schema: snowflakeAuthTestSchema,
+    authenticator: 'EXTERNALBROWSER'
+  };
+
+exports.externalBrowser = externalBrowser;
+exports.snowflakeTestBrowserUser = snowflakeTestBrowserUser;
+exports.snowflakeAuthTestOktaPass = snowflakeAuthTestOktaPass;
diff --git a/test/authentication/testExternalBrowser.js b/test/authentication/testExternalBrowser.js
@@ -0,0 +1,116 @@
+const snowflake = require('../../lib/snowflake');
+const assert = require('assert');
+const testUtil = require('../integration/testUtil');
+const connParameters = require('./connectionParameters');
+const { exec, spawn } = require('child_process');
+
+describe('External browser authentication tests', function () {
+  const provideBrowserCredentialsPath = '/externalbrowser/provideBrowserCredentials.js';
+  const login = connParameters.snowflakeTestBrowserUser;
+  const password = connParameters.snowflakeAuthTestOktaPass;
+
+
+  describe('External browser tests', async () => {
+    before(async () => {
+      await cleanBrowserProcesses();
+    });
+
+    afterEach(async () => {
+      await cleanBrowserProcesses();
+    });
+
+    it('Successful connection', async () => {
+      const connectionOption = { ...connParameters.externalBrowser, clientStoreTemporaryCredential: false };
+      const connection = await snowflake.createConnection(connectionOption);
+      const connectAsyncPromise = connection.connectAsync(function (err, connection) {
+        connectionHandler(err, connection);
+      });
+      const provideCredentialsPromise = execWithTimeout('node', [provideBrowserCredentialsPath, 'success', login, password], 15000);
+      await Promise.all([connectAsyncPromise, provideCredentialsPromise]);
+    });
+
+    it('Wrong credentials', async () => {
+      const login = 'itsnotanaccount.com';
+      const password = 'fakepassword';
+      const connectionOption = { ...connParameters.externalBrowser, clientStoreTemporaryCredential: false };
+      const connection = await snowflake.createConnection(connectionOption);
+
+      connection.connectAsync(function (err, connection) {
+        connectionHandler(err, connection);
+      });
+      const provideCredentialsPromise = execWithTimeout('node', [provideBrowserCredentialsPath, 'fail', login, password]);
+      await Promise.all([provideCredentialsPromise]);
+
+    });
+
+    it('External browser timeout', async () => {
+      const connectionOption = { ...connParameters.externalBrowser, browserActionTimeout: 100, clientStoreTemporaryCredential: false };
+      const connection = await snowflake.createConnection(connectionOption);
+
+      const connectAsyncPromise = connection.connectAsync(function (err, connection) {
+        timeoutConnectionHandler(err, connection);
+      });
+
+      const connectToBrowserPromise = execWithTimeout('node', [provideBrowserCredentialsPath, 'timeout']);
+      await Promise.all([connectAsyncPromise, connectToBrowserPromise]);
+    });
+  });
+});
+
+async function timeoutConnectionHandler(err, timeout) {
+  try {
+    assert.ok(err, `Browser action timed out after ${timeout} ms.`);
+  } catch (err){
+    await assert.fail(err);
+  }
+}
+
+async function cleanBrowserProcesses() {
+  exec('pkill -f chromium');
+  exec('pkill -f xdg-open');
+}
+
+function connectionHandler(err, connection) {
+  assert.ok(connection.isUp(), 'Connection is not active');
+  testUtil.destroyConnection(connection, function () {
+    try {
+      assert.ok(!connection.isUp(), 'Connection is not closed');
+    } catch (err) {
+      assert.fail(err);
+    }
+  });
+}
+
+function execWithTimeout(command, args, timeout = 5000) {
+  return new Promise((resolve, reject) => {
+    const child = spawn(command, args, { shell: true });
+
+    let stdout = '';
+    let stderr = '';
+
+    child.stdout.on('data', (data) => {
+      stdout += data;
+    });
+
+    child.stderr.on('data', (data) => {
+      stderr += data;
+    });
+
+    child.on('error', (err) => {
+      reject(err);
+    });
+
+    child.on('close', (code) => {
+      if (code !== 0) {
+        reject(new Error(`Provide browser credentials process exited with code: ${code}, error: ${stderr}`));
+      } else {
+        resolve({ stdout, stderr });
+      }
+    });
+
+    setTimeout(() => {
+      child.kill();
+      reject(new Error('Provide browser credentials process timed out'));
+    }, timeout);
+  });
+}
diff --git a/test/integration/testManualConnection.js b/test/integration/testManualConnection.js
@@ -13,71 +13,6 @@ const JsonCredentialManager = require('../../lib/authentication/secure_storage/j
 
 if (process.env.RUN_MANUAL_TESTS_ONLY === 'true') {
   describe('Run manual tests', function () {
-    describe('Connection test - external browser', function () {
-      it('Simple Connect', function (done) {
-        const connection = snowflake.createConnection(
-          connOption.externalBrowser
-        );
-
-        connection.connectAsync(function (err, connection) {
-          try {
-            assert.ok(connection.isUp(), 'not active');
-            testUtil.destroyConnection(connection, function () {
-              try {
-                assert.ok(!connection.isUp(), 'not active');
-                done();
-              } catch (err) {
-                done(err);
-              }
-            });
-          } catch (err) {
-            done(err);
-          }
-        });
-      });
-
-      it('Connect - external browser timeout', function (done) {
-        const connection = snowflake.createConnection(
-          connOption.externalBrowserWithShortTimeout
-        );
-
-        connection.connectAsync(function (err) {
-          try {
-            const browserActionTimeout =
-              connOption.externalBrowserWithShortTimeout.browserActionTimeout;
-            assert.ok(
-              err,
-              `Browser action timed out after ${browserActionTimeout} ms.`
-            );
-            done();
-          } catch (err) {
-            done(err);
-          }
-        });
-      });
-
-      it('Mismatched Username', function (done) {
-        const connection = snowflake.createConnection(
-          connOption.externalBrowserMismatchUser
-        );
-        connection.connectAsync(function (err) {
-          try {
-            assert.ok(
-              err,
-              'Logged in with different user than one on connection string'
-            );
-            assert.equal(
-              'The user you were trying to authenticate as differs from the user currently logged in at the IDP.',
-              err['message']
-            );
-            done();
-          } catch (err) {
-            done(err);
-          }
-        });
-      });
-    });
-
     describe('Connection - ID Token authenticator', function () {
       const connectionOption = { ...connOption.externalBrowser, clientStoreTemporaryCredential: true };
       const key = Util.buildCredentialCacheKey(connectionOption.host, connectionOption.username, 'ID_TOKEN');