@camunda/e2e-test-suite 0.0.229 → 0.0.230

package/dist/fixtures/8.7.d.ts

@@ -27,6 +27,7 @@ import { SignUpPage } from '../pages/8.7/SignUpPage';
 import { PlayPage } from '../pages/8.7/PlayPage';
 import { ConnectorTemplatePage } from '../pages/8.7/ConnectorTemplatePage';
 import { IdpCreatePage } from '../pages/8.7/IdpCreatePage';
+import { ClientCredentialsDetailsPage } from '../pages/8.7/ClientCredentialsDetailsPage';
 type PlaywrightFixtures = {
     makeAxeBuilder: () => AxeBuilder;
     loginPage: LoginPage;
@@ -57,6 +58,7 @@ type PlaywrightFixtures = {
     playPage: PlayPage;
     connectorTemplatePage: ConnectorTemplatePage;
     idpCreatePage: IdpCreatePage;
+    clientCredentialsDetailsPage: ClientCredentialsDetailsPage;
     overrideTrackingScripts: void;
 };
 declare const test: import("@playwright/test").TestType<import("@playwright/test").PlaywrightTestArgs & import("@playwright/test").PlaywrightTestOptions & PlaywrightFixtures, import("@playwright/test").PlaywrightWorkerArgs & import("@playwright/test").PlaywrightWorkerOptions>;

package/dist/fixtures/8.7.js

@@ -34,6 +34,7 @@ const SignUpPage_1 = require("../pages/8.7/SignUpPage");
 const PlayPage_1 = require("../pages/8.7/PlayPage");
 const ConnectorTemplatePage_1 = require("../pages/8.7/ConnectorTemplatePage");
 const IdpCreatePage_1 = require("../pages/8.7/IdpCreatePage");
+const ClientCredentialsDetailsPage_1 = require("../pages/8.7/ClientCredentialsDetailsPage");
 const test = test_1.test.extend({
     makeAxeBuilder: async ({ page }, use) => {
         const makeAxeBuilder = () => new playwright_1.default({ page }).withTags([
@@ -129,6 +130,9 @@ const test = test_1.test.extend({
     idpCreatePage: async ({ page }, use) => {
         await use(new IdpCreatePage_1.IdpCreatePage(page));
     },
+    clientCredentialsDetailsPage: async ({ page }, use) => {
+        await use(new ClientCredentialsDetailsPage_1.ClientCredentialsDetailsPage(page));
+    },
     overrideTrackingScripts: [
         async ({ context }, use) => {
             await context.route('https://cmp.osano.com/16CVvwSNKHi9t1grQ/9403708a-488b-4f3b-aea6-613825dec79f/osano.js', (route) => route.fulfill({

package/dist/pages/8.7/ClientCredentialsDetailsPage.d.ts

@@ -0,0 +1,12 @@
+import { Page, Locator } from '@playwright/test';
+declare class ClientCredentialsDetailsPage {
+    private page;
+    readonly operateUrlRow: Locator;
+    readonly operateUrlValue: Locator;
+    readonly clientNameHeading: (clientName: string) => Locator;
+    constructor(page: Page);
+    isOpen(clientName: string): Promise<void>;
+    getOperateUrl(): Promise<string>;
+    goBack(): Promise<void>;
+}
+export { ClientCredentialsDetailsPage };

package/dist/pages/8.7/ClientCredentialsDetailsPage.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ClientCredentialsDetailsPage = void 0;
+const test_1 = require("@playwright/test");
+class ClientCredentialsDetailsPage {
+    page;
+    operateUrlRow;
+    operateUrlValue;
+    clientNameHeading;
+    constructor(page) {
+        this.page = page;
+        this.operateUrlRow = page.getByRole('cell', { name: 'Operate URL' });
+        this.operateUrlValue = this.operateUrlRow.getByRole('textbox');
+        this.clientNameHeading = (clientName) => page.getByRole('heading', { name: clientName });
+    }
+    async isOpen(clientName) {
+        await (0, test_1.expect)(this.clientNameHeading(clientName)).toBeVisible({
+            timeout: 30000,
+        });
+    }
+    async getOperateUrl() {
+        if (await this.operateUrlValue.isVisible({ timeout: 10000 }).catch(() => false)) {
+            return await this.operateUrlValue.inputValue();
+        }
+        const text = await this.page.innerText('body');
+        const match = text.match(/Operate URL\s*([\w:/.-]+\/?)/i);
+        if (!match || !match[1]) {
+            throw new Error('Operate URL not found in client credentials page');
+        }
+        return match[1];
+    }
+    async goBack() {
+        await this.page.goBack();
+    }
+}
+exports.ClientCredentialsDetailsPage = ClientCredentialsDetailsPage;

package/dist/pages/8.7/ClusterDetailsPage.d.ts

@@ -1,4 +1,5 @@
 import { Page, Locator } from '@playwright/test';
+import { ClientCredentialsDetailsPage } from '../8.7/ClientCredentialsDetailsPage';
 declare class ClusterDetailsPage {
     private page;
     readonly apiTab: Locator;
@@ -38,6 +39,9 @@ declare class ClusterDetailsPage {
     readonly apiClientNameTextbox: Locator;
     readonly expandButton: Locator;
     readonly rbaHeading: Locator;
+    readonly clientCredentialsLink: (clientCredentials: string) => Locator;
+    readonly clientRow: (name: string) => Locator;
+    readonly clientRowDeleteButton: (name: string) => Locator;
     constructor(page: Page);
     clickAPITab(): Promise<void>;
     clickCreateClientButton(): Promise<void>;
@@ -53,7 +57,8 @@ declare class ClusterDetailsPage {
     clickSettingsTab(): Promise<void>;
     enableRBA(): Promise<void>;
     disableRBA(): Promise<void>;
-    deleteAPIClientsIfExist(): Promise<void>;
+    searchAndClickClientCredentialsLink(name: string): Promise<ClientCredentialsDetailsPage>;
+    deleteAPIClientsIfExist(name?: string): Promise<void>;
     clickAlertsTab(): Promise<void>;
     clickCreateFirstAlertButton(): Promise<void>;
     clickCreateNewAlertButton(): Promise<void>;

package/dist/pages/8.7/ClusterDetailsPage.js

@@ -4,6 +4,7 @@ exports.ClusterDetailsPage = void 0;
 const test_1 = require("@playwright/test");
 const sleep_1 = require("../../utils/sleep");
 const clickLocatorWithRetry_1 = require("../../utils/assertionHelpers/clickLocatorWithRetry");
+const ClientCredentialsDetailsPage_1 = require("../8.7/ClientCredentialsDetailsPage");
 class ClusterDetailsPage {
     page;
     apiTab;
@@ -43,6 +44,9 @@ class ClusterDetailsPage {
     apiClientNameTextbox;
     expandButton;
     rbaHeading;
+    clientCredentialsLink;
+    clientRow;
+    clientRowDeleteButton;
     constructor(page) {
         this.page = page;
         this.apiTab = page.getByRole('tab', { name: 'API' });
@@ -128,6 +132,9 @@ class ClusterDetailsPage {
         this.rbaHeading = this.page.getByRole('heading', {
             name: 'Resource-based authorizations',
         });
+        this.clientCredentialsLink = (clientCredentials) => page.getByRole('cell', { name: clientCredentials });
+        this.clientRow = (name) => this.clientsList.filter({ hasText: name });
+        this.clientRowDeleteButton = (name) => this.clientRow(name).getByRole('button', { name: 'Delete' });
     }
     async clickAPITab() {
         await (0, test_1.expect)(this.apiTab).toBeVisible({ timeout: 60000 });
@@ -238,7 +245,34 @@ class ClusterDetailsPage {
             console.log('Toggle text elements not found or less than 2.');
         }
     }
-    async deleteAPIClientsIfExist() {
+    async searchAndClickClientCredentialsLink(name) {
+        await (0, test_1.expect)(this.clientsList.first()).toBeVisible({ timeout: 60000 });
+        const clientLink = this.clientCredentialsLink(name);
+        await (0, test_1.expect)(clientLink).toBeVisible({ timeout: 30000 });
+        await clientLink.click();
+        const clientCredentialsDetailsPage = new ClientCredentialsDetailsPage_1.ClientCredentialsDetailsPage(this.page);
+        await clientCredentialsDetailsPage.isOpen(name);
+        return clientCredentialsDetailsPage;
+    }
+    async deleteAPIClientsIfExist(name) {
+        if (name) {
+            const row = this.clientRow(name);
+            const deleteButton = this.clientRowDeleteButton(name);
+            try {
+                await (0, test_1.expect)(deleteButton).toBeVisible({ timeout: 10000 });
+                await deleteButton.click();
+                await (0, test_1.expect)(this.dialog).toBeVisible();
+                await this.deleteSubButton.click();
+                await (0, test_1.expect)(this.page.getByText('Deleting...')).not.toBeVisible({
+                    timeout: 10000,
+                });
+                await (0, test_1.expect)(row).not.toBeVisible();
+            }
+            catch (error) {
+                console.warn(`No client row found for ${name} or deletion failed: ${error}`);
+            }
+            return;
+        }
         await this.doDelete(this.dialog, 'API clients');
     }
     async clickAlertsTab() {
@@ -362,7 +396,7 @@ class ClusterDetailsPage {
             timeout: 20000,
         });
         await (0, test_1.expect)(this.clientCredentialsDialog.getByText('The Client Secret will not be shown again.')).toBeVisible();
-        await (0, test_1.expect)(this.clientsList.filter({ hasText: name })).toContainText('Zeebe, Tasklist, Operate, Optimize, and Secrets');
+        await (0, test_1.expect)(this.clientRow(name)).toContainText('Zeebe, Tasklist, Operate, Optimize, and Secrets');
     }
     async clickEnvVarsButton() {
         await (0, test_1.expect)(this.envVarsTab).toBeVisible({ timeout: 40000 });

package/dist/tests/8.7/operate-access-flow.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/tests/8.7/operate-access-flow.spec.js

@@ -0,0 +1,57 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const test_1 = require("@playwright/test");
+const _8_7_1 = require("../../fixtures/8.7");
+const UtilitiesPage_1 = require("../../pages/8.7/UtilitiesPage");
+const _setup_1 = require("../../test-setup.js");
+const users_1 = require("../../utils/users");
+const urlHelpers_1 = require("../../utils/urlHelpers");
+const testUser = (0, users_1.getTestUser)('twentySecondUser');
+// This test covers the manual scenario: create a new API client via UI, copy the Operate URL, and verify the Operate endpoint denies unauthenticated access.
+_8_7_1.test.describe.configure({ mode: 'parallel' });
+_8_7_1.test.describe('Operate access requires authentication', () => {
+    let clientName;
+    const clusterName = 'Test Cluster';
+    _8_7_1.test.beforeEach(async ({ page, loginPage }, testInfo) => {
+        await (0, UtilitiesPage_1.loginWithRetry)(page, loginPage, testUser, (testInfo.workerIndex + 1) * 1000);
+    });
+    _8_7_1.test.afterEach(async ({ page, homePage, clusterPage, clusterDetailsPage }, testInfo) => {
+        await (0, _setup_1.captureScreenshot)(page, testInfo);
+        await (0, _setup_1.captureFailureVideo)(page, testInfo);
+        if (clientName) {
+            await homePage.clickClusters();
+            await clusterPage.clickClusterLink(clusterName);
+            await clusterDetailsPage.clickAPITab();
+            await clusterDetailsPage.deleteAPIClientsIfExist(clientName);
+        }
+    });
+    (0, _8_7_1.test)('check that request POST /v1/process-definitions/search returns 403 without credentials', async ({ homePage, clusterPage, clusterDetailsPage, clientCredentialsDetailsPage, request, }) => {
+        clientName = `operate-deny-${await (0, _setup_1.generateRandomStringAsync)(5)}`;
+        await _8_7_1.test.step('Add API Client to Cluster', async () => {
+            await homePage.clickClusters();
+            await clusterPage.clickClusterLink(clusterName);
+            await clusterDetailsPage.clickAPITab();
+            await clusterDetailsPage.createAPIClient(clientName);
+            await clusterDetailsPage.clickCloseModalButton();
+            await (0, test_1.expect)(clusterDetailsPage.clientsList.filter({ hasText: clientName })).toBeVisible({ timeout: 6000 });
+        });
+        let operateUrl = '';
+        await _8_7_1.test.step('Capture Operate URL from client credentials page and close it', async () => {
+            await clusterDetailsPage.searchAndClickClientCredentialsLink(clientName);
+            operateUrl = await clientCredentialsDetailsPage.getOperateUrl();
+            (0, test_1.expect)(operateUrl).toMatch(/^https?:\/\//);
+            await clientCredentialsDetailsPage.goBack();
+            await clusterDetailsPage.clickAPITab();
+        });
+        await _8_7_1.test.step('POST search endpoint without auth should be rejected', async () => {
+            const sanitizedOperateUrl = (0, urlHelpers_1.sanitizeUrl)(operateUrl);
+            const response = await request.post(`${sanitizedOperateUrl}/v1/process-definitions/search`, {
+                data: { filter: {}, size: 10 },
+            });
+            (0, test_1.expect)(response.status()).toBe(403);
+            const body = await response.json();
+            (0, test_1.expect)(body.status).toBe(403);
+            (0, test_1.expect)(body.error).toBe('Forbidden');
+        });
+    });
+});

package/dist/utils/urlHelpers.d.ts

@@ -0,0 +1,12 @@
+/**
+ * URL utility functions for test operations
+ */
+/**
+ * Removes trailing slash from a URL if present
+ * @param url - The URL to sanitize
+ * @returns The URL without a trailing slash
+ * @example
+ * sanitizeUrl('https://example.com/') // returns 'https://example.com'
+ * sanitizeUrl('https://example.com') // returns 'https://example.com'
+ */
+export declare function sanitizeUrl(url: string): string;

package/dist/utils/urlHelpers.js

@@ -0,0 +1,18 @@
+"use strict";
+/**
+ * URL utility functions for test operations
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sanitizeUrl = void 0;
+/**
+ * Removes trailing slash from a URL if present
+ * @param url - The URL to sanitize
+ * @returns The URL without a trailing slash
+ * @example
+ * sanitizeUrl('https://example.com/') // returns 'https://example.com'
+ * sanitizeUrl('https://example.com') // returns 'https://example.com'
+ */
+function sanitizeUrl(url) {
+    return url.replace(/\/$/, '');
+}
+exports.sanitizeUrl = sanitizeUrl;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@camunda/e2e-test-suite",
-  "version": "0.0.229",
+  "version": "0.0.230",
   "description": "End-to-end test helpers for Camunda 8",
   "repository": {
     "type": "git",