npm - @camunda/e2e-test-suite - Versions diffs - 0.0.572 → 0.0.573 - Mend

@camunda/e2e-test-suite 0.0.572 → 0.0.573

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/pages/8.9/UtilitiesPage.js +27 -4
package/dist/tests/8.9/api-tests-v2.spec.js +1 -1
package/dist/tests/8.9/operate-access-flow.spec.js +68 -7
package/dist/tests/8.9/optimize-api-tests.spec.js +705 -59
package/dist/utils/apiHelpers.js +41 -7
package/dist/utils/utils.js +2 -2
package/package.json +1 -1

package/dist/pages/8.9/UtilitiesPage.js CHANGED Viewed

@@ -9,21 +9,44 @@ const randomSleep_1 = require("../../utils/randomSleep");
 const fileUpload_1 = require("../../utils/fileUpload");
 const mailSlurpClient_1 = require("../../utils/mailSlurpClient");
 async function loginWithRetry(page, loginPage, testUser, timeout, maxRetries = 3) {
+    let lastError;
     for (let attempt = 0; attempt < maxRetries; attempt++) {
         try {
-            await page.goto('/');
+            await page.context().clearCookies();
+            await page.goto('about:blank');
+            await page
+                .evaluate(() => {
+                try {
+                    localStorage.clear();
+                }
+                catch (_) {
+                    // storage may be unavailable in some contexts
+                }
+                try {
+                    sessionStorage.clear();
+                }
+                catch (_) {
+                    // storage may be unavailable in some contexts
+                }
+            })
+                .catch(() => { });
+            await page.goto('/', { waitUntil: 'domcontentloaded', timeout: 60000 });
+            await page
+                .waitForLoadState('networkidle', { timeout: 30000 })
+                .catch(() => { });
             await (0, sleep_1.sleep)(timeout);
             await loginPage.loginWithTestUser(testUser);
             return;
         }
         catch (error) {
+            lastError = error;
             if (attempt < maxRetries - 1) {
-                console.warn(`Attempt ${attempt + 1} failed for logging in. Retrying...`);
+                console.warn(`Attempt ${attempt + 1} failed for logging in. Retrying with clean session...`, error);
                 await (0, randomSleep_1.randomSleep)(10000, 20000);
             }
             else {
-                console.error(error);
-                throw new Error(`Login failed after ${maxRetries} attempts`);
+                console.error(lastError);
+                throw new Error(`Login failed after ${maxRetries} attempts: ${String(lastError)}`);
             }
         }
     }

package/dist/tests/8.9/api-tests-v2.spec.js CHANGED Viewed

@@ -6,7 +6,7 @@ _8_9_1.test.describe.configure({ mode: 'parallel' });
 _8_9_1.test.describe('API V2 tests on SaaS cluster ', () => {
     let bearerToken;
     _8_9_1.test.beforeAll(async () => {
-        bearerToken = await (0, apiHelpers_1.authSaasAPI)();
+        bearerToken = await (0, apiHelpers_1.authSaasAPI)(process.env.ZEEBE_API_TOKEN_AUDIENCE);
     });
     (0, _8_9_1.test)('Get cluster topology', async ({ request }) => {
         const topologyResponse = await request.get(`${process.env.ZEEBE_API_URL}/v2/topology`, {

package/dist/tests/8.9/operate-access-flow.spec.js CHANGED Viewed

@@ -4,6 +4,7 @@ const test_1 = require("@playwright/test");
 const _8_9_1 = require("../../fixtures/8.9");
 const UtilitiesPage_1 = require("../../pages/8.9/UtilitiesPage");
 const _setup_1 = require("../../test-setup.js");
+const apiHelpers_1 = require("../../utils/apiHelpers");
 const users_1 = require("../../utils/users");
 const urlHelpers_1 = require("../../utils/urlHelpers");
 const testUser = (0, users_1.getTestUser)('twentySecondUser');
@@ -25,8 +26,9 @@ _8_9_1.test.describe('Operate access requires authentication @tasklistV2', () =>
             await clusterDetailsPage.deleteAPIClientsIfExist(clientName);
         }
     });
-    (0, _8_9_1.test)('check that request POST /v2/process-definitions/search returns 401 without credentials', async ({ homePage, clusterPage, clusterDetailsPage, clientCredentialsDetailsPage, request, }) => {
-        clientName = `operate-deny-${await (0, _setup_1.generateRandomStringAsync)(5)}`;
+    (0, _8_9_1.test)('check that request POST /v2/process-definitions/search returns 200 with valid credentials', async ({ homePage, clusterPage, clusterDetailsPage, clientCredentialsDetailsPage, request, }) => {
+        clientName = `operate-allow-${await (0, _setup_1.generateRandomStringAsync)(5)}`;
+        let operateUrl = '';
         await _8_9_1.test.step('Add API Client to Cluster', async () => {
             await homePage.clickClusters();
             await clusterPage.clickClusterLink(clusterName);
@@ -35,22 +37,81 @@ _8_9_1.test.describe('Operate access requires authentication @tasklistV2', () =>
             await clusterDetailsPage.clickCloseModalButton();
             await (0, test_1.expect)(clusterDetailsPage.clientsList.filter({ hasText: clientName })).toBeVisible({ timeout: 6000 });
         });
-        let operateUrl = '';
-        await _8_9_1.test.step('Capture Operate URL from client credentials page and close it', async () => {
+        await _8_9_1.test.step('Capture Operate URL', async () => {
             await clusterDetailsPage.searchAndClickClientCredentialsLink(clientName);
             operateUrl = await clientCredentialsDetailsPage.getOperateUrl();
             (0, test_1.expect)(operateUrl).toMatch(/^https?:\/\//);
             await clientCredentialsDetailsPage.goBack();
             await clusterDetailsPage.clickAPITab();
         });
-        await _8_9_1.test.step('POST search endpoint without auth should be rejected', async () => {
+        await _8_9_1.test.step('POST search endpoint with valid Zeebe bearer token returns 200 or 405', async () => {
+            const validToken = await (0, apiHelpers_1.authSaasAPI)();
             const sanitizedOperateUrl = (0, urlHelpers_1.sanitizeUrl)(operateUrl);
             const response = await request.post(`${sanitizedOperateUrl}/v2/process-definitions/search`, {
+                headers: {
+                    Authorization: validToken,
+                    'Content-Type': 'application/json',
+                },
+                data: { filter: {}, size: 10 },
+            });
+            (0, test_1.expect)([200, 405]).toContain(response.status());
+        });
+    });
+    (0, _8_9_1.test)('check that POST /v2/user-tasks/search returns 401 without credentials', async ({ homePage, clusterPage, clusterDetailsPage, clientCredentialsDetailsPage, request, }) => {
+        clientName = `tasklist-deny-${await (0, _setup_1.generateRandomStringAsync)(5)}`;
+        let operateUrl = '';
+        await _8_9_1.test.step('Add API Client to Cluster', async () => {
+            await homePage.clickClusters();
+            await clusterPage.clickClusterLink(clusterName);
+            await clusterDetailsPage.clickAPITab();
+            await clusterDetailsPage.createAPIClient(clientName);
+            await clusterDetailsPage.clickCloseModalButton();
+            await (0, test_1.expect)(clusterDetailsPage.clientsList.filter({ hasText: clientName })).toBeVisible({ timeout: 6000 });
+        });
+        await _8_9_1.test.step('Capture Operate URL (base URL shared with Tasklist v2 endpoint)', async () => {
+            await clusterDetailsPage.searchAndClickClientCredentialsLink(clientName);
+            operateUrl = await clientCredentialsDetailsPage.getOperateUrl();
+            (0, test_1.expect)(operateUrl).toMatch(/^https?:\/\//);
+            await clientCredentialsDetailsPage.goBack();
+            await clusterDetailsPage.clickAPITab();
+        });
+        await _8_9_1.test.step('POST /v2/user-tasks/search without auth returns 401', async () => {
+            const sanitizedOperateUrl = (0, urlHelpers_1.sanitizeUrl)(operateUrl);
+            const response = await request.post(`${sanitizedOperateUrl}/v2/user-tasks/search`, {
                 data: { filter: {}, size: 10 },
             });
             (0, test_1.expect)(response.status()).toBe(401);
-            const body = await response.text();
-            (0, test_1.expect)(body).toBe('');
+        });
+    });
+    (0, _8_9_1.test)('check that POST /v2/process-definitions/search with wrong-audience token returns 401', async ({ homePage, clusterPage, clusterDetailsPage, clientCredentialsDetailsPage, request, }) => {
+        clientName = `operate-wrong-aud-${await (0, _setup_1.generateRandomStringAsync)(5)}`;
+        let operateUrl = '';
+        await _8_9_1.test.step('Add API Client to Cluster', async () => {
+            await homePage.clickClusters();
+            await clusterPage.clickClusterLink(clusterName);
+            await clusterDetailsPage.clickAPITab();
+            await clusterDetailsPage.createAPIClient(clientName);
+            await clusterDetailsPage.clickCloseModalButton();
+            await (0, test_1.expect)(clusterDetailsPage.clientsList.filter({ hasText: clientName })).toBeVisible({ timeout: 6000 });
+        });
+        await _8_9_1.test.step('Capture Operate URL', async () => {
+            await clusterDetailsPage.searchAndClickClientCredentialsLink(clientName);
+            operateUrl = await clientCredentialsDetailsPage.getOperateUrl();
+            (0, test_1.expect)(operateUrl).toMatch(/^https?:\/\//);
+            await clientCredentialsDetailsPage.goBack();
+            await clusterDetailsPage.clickAPITab();
+        });
+        await _8_9_1.test.step('Token scoped for Optimize audience rejected by Operate endpoint', async () => {
+            const optimizeToken = await (0, apiHelpers_1.authSaasAPI)(process.env.OPTIMIZE_API_TOKEN_AUDIENCE);
+            const sanitizedOperateUrl = (0, urlHelpers_1.sanitizeUrl)(operateUrl);
+            const response = await request.post(`${sanitizedOperateUrl}/v2/process-definitions/search`, {
+                headers: {
+                    Authorization: optimizeToken,
+                    'Content-Type': 'application/json',
+                },
+                data: { filter: {}, size: 10 },
+            });
+            (0, test_1.expect)([401, 403]).toContain(response.status());
         });
     });
 });

package/dist/tests/8.9/optimize-api-tests.spec.js CHANGED Viewed

@@ -1,10 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-/* eslint-disable @typescript-eslint/no-unused-vars */
-/* eslint-disable prefer-const */
-/* eslint-disable @typescript-eslint/no-explicit-any */
-const _8_9_1 = require("../../fixtures/8.9");
 const test_1 = require("@playwright/test");
+const _8_9_1 = require("../../fixtures/8.9");
+const constants_1 = require("../../utils/constants");
 const apiHelpers_1 = require("../../utils/apiHelpers");
 const randomName_1 = require("../../utils/randomName");
 _8_9_1.test.describe.configure({ mode: 'parallel' });
@@ -13,10 +11,8 @@ _8_9_1.test.describe('API optimize SaaS Tests', () => {
     let optimizeBearerToken;
     let collectionIdValue;
     let dashboardIdValue;
-    let collectionScopeResponse;
     let reportId;
     let baseUrl;
-    let exportedEntities;
     _8_9_1.test.beforeAll(async ({ browser, request }) => {
         const page = await browser.newPage();
         optimizeCookie = await (0, apiHelpers_1.getOptimizeCoockie)(page);
@@ -26,7 +22,8 @@ _8_9_1.test.describe('API optimize SaaS Tests', () => {
             name: await (0, randomName_1.randomNameAgregator)('Test Collection'),
             optimizeCookie,
         });
-        collectionScopeResponse = await (0, apiHelpers_1.updateCollectionScope)(request, {
+        baseUrl = process.env.CAMUNDA_OPTIMIZE_BASE_URL;
+        await (0, apiHelpers_1.updateCollectionScope)(request, {
             optimizeCookie,
             collectionId: collectionIdValue,
             data: [
@@ -56,11 +53,14 @@ _8_9_1.test.describe('API optimize SaaS Tests', () => {
                 },
             ],
         });
-        baseUrl = process.env.CAMUNDA_OPTIMIZE_BASE_URL;
     });
-    // Skipped due to bug:41410: https://github.com/camunda/camunda/issues/41410
-    _8_9_1.test.skip('Dashboard Scenarios Flow Tests', async ({ request }) => {
-        await _8_9_1.test.step('Get dashboards successfully (200)', async () => {
+    _8_9_1.test.afterAll(async ({ request }) => {
+        if (collectionIdValue) {
+            await request.delete(`${baseUrl}/api/public/collection/${collectionIdValue}`, { headers: { Authorization: optimizeBearerToken } });
+        }
+    });
+    (0, _8_9_1.test)('Get dashboard IDs returns 200 with id array', async ({ request }) => {
+        await _8_9_1.test.step('GET /api/public/dashboard?collectionId returns 200', async () => {
             const response = await request.get(`${baseUrl}/api/public/dashboard?collectionId=${collectionIdValue}`, { headers: { Authorization: optimizeBearerToken } });
             await (0, apiHelpers_1.assertResponseStatus)(response, 200);
             const body = await response.json();
@@ -69,19 +69,27 @@ _8_9_1.test.describe('API optimize SaaS Tests', () => {
             const dashboard = body[0];
             (0, test_1.expect)(dashboard).toHaveProperty('id');
         });
-        await _8_9_1.test.step('Get dashboards without token (401)', async () => {
+    });
+    (0, _8_9_1.test)('Get dashboards without token returns 401', async ({ request }) => {
+        await _8_9_1.test.step('GET /api/public/dashboard without token (401)', async () => {
             const response = await request.get(`${baseUrl}/api/public/dashboard?collectionId=${collectionIdValue}`);
             (0, test_1.expect)(response.status()).toBe(401);
         });
-        await _8_9_1.test.step('Get dashboards with invalid token (401)', async () => {
+    });
+    (0, _8_9_1.test)('Get dashboards with invalid token returns 401', async ({ request }) => {
+        await _8_9_1.test.step('GET /api/public/dashboard with invalid token (401)', async () => {
             const response = await request.get(`${baseUrl}/api/public/dashboard?collectionId=${collectionIdValue}`, { headers: { Authorization: 'Bearer invalid_token' } });
             (0, test_1.expect)(response.status()).toBe(401);
         });
+    });
+    (0, _8_9_1.test)('GET /api/public/dashboard/force-internal-error returns 500', async ({ request, }) => {
         await _8_9_1.test.step('Force internal server error (500)', async () => {
             const response = await request.get(`${baseUrl}/api/public/dashboard/force-internal-error`, { headers: { Authorization: optimizeBearerToken } });
             (0, test_1.expect)(response.status()).toBe(500);
         });
-        await _8_9_1.test.step('Export dashboard definitions successfully (200)', async () => {
+    });
+    (0, _8_9_1.test)('Export dashboard definitions successfully returns 200', async ({ request, }) => {
+        await _8_9_1.test.step('POST export dashboard definitions (200)', async () => {
             const response = await request.post(`${baseUrl}/api/public/export/dashboard/definition/json`, {
                 headers: {
                     Authorization: optimizeBearerToken,
@@ -93,14 +101,18 @@ _8_9_1.test.describe('API optimize SaaS Tests', () => {
             const body = await response.json();
             (0, test_1.expect)(Array.isArray(body)).toBeTruthy();
         });
-        await _8_9_1.test.step('Export dashboards without token (401)', async () => {
+    });
+    (0, _8_9_1.test)('Export dashboards without token returns 401', async ({ request }) => {
+        await _8_9_1.test.step('POST export dashboards without token (401)', async () => {
             const response = await request.post(`${baseUrl}/api/public/export/dashboard/definition/json`, {
                 headers: { 'Content-Type': 'application/json' },
                 data: [dashboardIdValue],
             });
             (0, test_1.expect)(response.status()).toBe(401);
         });
-        await _8_9_1.test.step('Export dashboards with invalid token (401)', async () => {
+    });
+    (0, _8_9_1.test)('Export dashboards with invalid token returns 401', async ({ request, }) => {
+        await _8_9_1.test.step('POST export dashboards with invalid token (401)', async () => {
             const response = await request.post(`${baseUrl}/api/public/export/dashboard/definition/json`, {
                 headers: {
                     Authorization: 'Bearer invalid_token',
@@ -110,7 +122,9 @@ _8_9_1.test.describe('API optimize SaaS Tests', () => {
             });
             (0, test_1.expect)(response.status()).toBe(401);
         });
-        await _8_9_1.test.step('Export dashboard with invalid body (400)', async () => {
+    });
+    (0, _8_9_1.test)('Export dashboard with invalid body returns 400', async ({ request }) => {
+        await _8_9_1.test.step('POST export dashboard with invalid body (400)', async () => {
             const response = await request.post(`${baseUrl}/api/public/export/dashboard/definition/json`, {
                 headers: {
                     Authorization: optimizeBearerToken,
@@ -120,7 +134,9 @@ _8_9_1.test.describe('API optimize SaaS Tests', () => {
             });
             (0, test_1.expect)(response.status()).toBe(400);
         });
-        await _8_9_1.test.step('Export non-existent dashboard (404)', async () => {
+    });
+    (0, _8_9_1.test)('Export non-existent dashboard returns 404', async ({ request }) => {
+        await _8_9_1.test.step('POST export non-existent dashboard (404)', async () => {
             const fakeDashboardId = 'nonexistent-dashboard-id';
             const response = await request.post(`${baseUrl}/api/public/export/dashboard/definition/json`, {
                 headers: {
@@ -131,45 +147,53 @@ _8_9_1.test.describe('API optimize SaaS Tests', () => {
             });
             (0, test_1.expect)([401, 404]).toContain(response.status());
         });
-        await _8_9_1.test.step('Export existing dashboard successfully (200)', async () => {
-            const response = await request.post(`${baseUrl}/api/public/export/dashboard/definition/json`, {
-                headers: {
-                    Authorization: optimizeBearerToken,
-                    'Content-Type': 'application/json',
-                },
-                data: [dashboardIdValue],
-            });
-            await (0, apiHelpers_1.assertResponseStatus)(response, 200);
+    });
+    (0, _8_9_1.test)('Delete dashboard and verify it is no longer retrievable', async ({ request, }) => {
+        const dashboardToDeleteId = await (0, apiHelpers_1.createDashboard)(request, {
+            name: await (0, randomName_1.randomNameAgregator)('Dashboard To Delete'),
+            optimizeCookie,
+            collectionId: collectionIdValue,
         });
         await _8_9_1.test.step('Delete dashboard successfully (200)', async () => {
-            const response = await request.delete(`${baseUrl}/api/public/dashboard/${dashboardIdValue}`, { headers: { Authorization: optimizeBearerToken } });
+            const response = await request.delete(`${baseUrl}/api/public/dashboard/${dashboardToDeleteId}`, { headers: { Authorization: optimizeBearerToken } });
             await (0, apiHelpers_1.assertResponseStatus)(response, 200);
         });
-        await _8_9_1.test.step('Verify dashboard not found after deletion (404/410/500)', async () => {
-            const response = await request.get(`${baseUrl}/api/public/dashboard/${dashboardIdValue}`, { headers: { Authorization: optimizeBearerToken } });
-            (0, test_1.expect)([404, 410, 500]).toContain(response.status());
+        await _8_9_1.test.step('Verify dashboard not found after deletion', async () => {
+            await (0, test_1.expect)(async () => {
+                const response = await request.get(`${baseUrl}/api/public/dashboard/${dashboardToDeleteId}`, { headers: { Authorization: optimizeBearerToken } });
+                (0, test_1.expect)([404, 410, 500]).toContain(response.status());
+            }).toPass({ ...constants_1.defaultAssertionOptions, timeout: 60000 });
         });
-        await _8_9_1.test.step('Delete dashboard with invalid token (401)', async () => {
+    });
+    (0, _8_9_1.test)('Delete dashboard with invalid token returns 401', async ({ request }) => {
+        await _8_9_1.test.step('DELETE /api/public/dashboard with invalid token (401)', async () => {
             const response = await request.delete(`${baseUrl}/api/public/dashboard/${dashboardIdValue}`, { headers: { Authorization: 'Bearer invalid_token' } });
             (0, test_1.expect)(response.status()).toBe(401);
         });
-        await _8_9_1.test.step('Delete non-existent dashboard (404)', async () => {
+    });
+    (0, _8_9_1.test)('Delete non-existent dashboard returns 404', async ({ request }) => {
+        await _8_9_1.test.step('DELETE non-existent dashboard (404)', async () => {
             const fakeDashboardId = 'nonexistent-dashboard-id';
             const response = await request.delete(`${baseUrl}/api/public/dashboard/${fakeDashboardId}`, { headers: { Authorization: optimizeBearerToken } });
             (0, test_1.expect)(response.status()).toBe(404);
         });
     });
-    // Skipped due to bug:41410: https://github.com/camunda/camunda/issues/41410
-    _8_9_1.test.skip('Reports Scenarios Flow Tests', async ({ request }) => {
-        await _8_9_1.test.step('Get reports successfully (200)', async () => {
+    (0, _8_9_1.test)('Get report IDs returns 200 with id array', async ({ request }) => {
+        await _8_9_1.test.step('GET /api/public/report?collectionId returns 200', async () => {
             const response = await request.get(`${baseUrl}/api/public/report?collectionId=${collectionIdValue}`, { headers: { Authorization: optimizeBearerToken } });
             await (0, apiHelpers_1.assertResponseStatus)(response, 200);
+            const body = await response.json();
+            (0, test_1.expect)(Array.isArray(body)).toBeTruthy();
         });
-        await _8_9_1.test.step('Get reports with invalid/missing token (401)', async () => {
+    });
+    (0, _8_9_1.test)('Get reports with invalid token returns 401', async ({ request }) => {
+        await _8_9_1.test.step('GET /api/public/report with invalid token (401)', async () => {
             const response = await request.get(`${baseUrl}/api/public/report?collectionId=${collectionIdValue}`, { headers: { Authorization: 'Bearer invalid_token' } });
             (0, test_1.expect)(response.status()).toBe(401);
         });
-        await _8_9_1.test.step('Export reports successfully (200)', async () => {
+    });
+    (0, _8_9_1.test)('Export reports successfully returns 200 with full payload', async ({ request, }) => {
+        await _8_9_1.test.step('POST export report definitions (200)', async () => {
             const response = await request.post(`${baseUrl}/api/public/export/report/definition/json`, {
                 headers: {
                     Authorization: optimizeBearerToken,
@@ -186,7 +210,9 @@ _8_9_1.test.describe('API optimize SaaS Tests', () => {
             (0, test_1.expect)(body[0]).toHaveProperty('name');
             (0, test_1.expect)(body[0]).toHaveProperty('collectionId');
         });
-        await _8_9_1.test.step('Export reports with invalid token (401)', async () => {
+    });
+    (0, _8_9_1.test)('Export reports with invalid token returns 401', async ({ request }) => {
+        await _8_9_1.test.step('POST export reports with invalid token (401)', async () => {
             const response = await request.post(`${baseUrl}/api/public/export/report/definition/json`, {
                 headers: {
                     Authorization: 'Bearer invalid_token',
@@ -196,7 +222,9 @@ _8_9_1.test.describe('API optimize SaaS Tests', () => {
             });
             (0, test_1.expect)(response.status()).toBe(401);
         });
-        await _8_9_1.test.step('Export non-existent report (404)', async () => {
+    });
+    (0, _8_9_1.test)('Export non-existent report returns 404', async ({ request }) => {
+        await _8_9_1.test.step('POST export non-existent report (404)', async () => {
             const invalidReportId = '11111111-1111-1111-1111-111111111111';
             const response = await request.post(`${baseUrl}/api/public/export/report/definition/json`, {
                 headers: {
@@ -207,21 +235,32 @@ _8_9_1.test.describe('API optimize SaaS Tests', () => {
             });
             await (0, apiHelpers_1.assertResponseStatus)(response, 404);
         });
+    });
+    (0, _8_9_1.test)('Delete report and verify it is no longer retrievable', async ({ request, }) => {
+        const reportToDeleteId = await (0, apiHelpers_1.createSingleProcessReport)(request, {
+            optimizeCookie,
+            collectionId: collectionIdValue,
+            name: await (0, randomName_1.randomNameAgregator)('Report To Delete'),
+            definitions: [
+                {
+                    key: 'aProcess',
+                    filter: [],
+                    groupBy: { type: 'flowNodes', value: null },
+                    distributedBy: { type: 'none', value: null },
+                    view: { entity: 'flowNode', properties: ['duration'] },
+                },
+            ],
+        });
         await _8_9_1.test.step('Delete report successfully (200)', async () => {
-            const response = await request.delete(`${baseUrl}/api/public/report/${reportId}`, { headers: { Authorization: optimizeBearerToken } });
+            const response = await request.delete(`${baseUrl}/api/public/report/${reportToDeleteId}`, { headers: { Authorization: optimizeBearerToken } });
             await (0, apiHelpers_1.assertResponseStatus)(response, 200);
         });
-        await _8_9_1.test.step('Verify deleted report returns 404 or 500', async () => {
-            const response = await request.get(`${baseUrl}/api/public/report/${reportId}`, { headers: { Authorization: optimizeBearerToken } });
+        await _8_9_1.test.step('Verify deleted report is no longer retrievable (404 or 500)', async () => {
+            const response = await request.get(`${baseUrl}/api/public/report/${reportToDeleteId}`, { headers: { Authorization: optimizeBearerToken } });
             (0, test_1.expect)([404, 500]).toContain(response.status());
         });
-        await _8_9_1.test.step('Attempt delete report with invalid token (401)', async () => {
-            const response = await request.delete(`${baseUrl}/api/public/report/${reportId}`, { headers: { Authorization: 'Bearer invalid_token' } });
-            (0, test_1.expect)(response.status()).toBe(401);
-        });
     });
-    // Skipped due to bug:41410: https://github.com/camunda/camunda/issues/41410
-    _8_9_1.test.skip('Import entities successfully (200)', async ({ request }) => {
+    (0, _8_9_1.test)('Import entities successfully (200)', async ({ request }) => {
         const exportResponse = await request.post(`${baseUrl}/api/public/export/dashboard/definition/json`, {
             headers: {
                 Authorization: optimizeBearerToken,
@@ -230,40 +269,55 @@ _8_9_1.test.describe('API optimize SaaS Tests', () => {
             data: [dashboardIdValue],
         });
         await (0, apiHelpers_1.assertResponseStatus)(exportResponse, 200);
-        exportedEntities = await exportResponse.json();
+        const entitiesToImport = await exportResponse.json();
         const response = await request.post(`${baseUrl}/api/public/import?collectionId=${collectionIdValue}`, {
             headers: {
                 Authorization: optimizeBearerToken,
                 'Content-Type': 'application/json',
             },
-            data: exportedEntities,
+            data: entitiesToImport,
         });
         await (0, apiHelpers_1.assertResponseStatus)(response, 200);
     });
-    // Skipped due to bug:41410: https://github.com/camunda/camunda/issues/41410
-    _8_9_1.test.skip('Import without token or invalid token (401)', async ({ request, }) => {
+    (0, _8_9_1.test)('Import without token or invalid token returns 401', async ({ request, }) => {
+        const exportResponse = await request.post(`${baseUrl}/api/public/export/dashboard/definition/json`, {
+            headers: {
+                Authorization: optimizeBearerToken,
+                'Content-Type': 'application/json',
+            },
+            data: [dashboardIdValue],
+        });
+        await (0, apiHelpers_1.assertResponseStatus)(exportResponse, 200);
+        const entitiesToImport = await exportResponse.json();
         const response = await request.post(`${baseUrl}/api/public/import?collectionId=${collectionIdValue}`, {
             headers: {
                 Authorization: 'Bearer invalid_token',
                 'Content-Type': 'application/json',
             },
-            data: exportedEntities,
+            data: entitiesToImport,
         });
-        const status = response.status();
-        (0, test_1.expect)(status).toBe(401);
+        (0, test_1.expect)(response.status()).toBe(401);
     });
     // Skipped due to bug 40497: https://github.com/camunda/camunda/issues/40497
     _8_9_1.test.skip('Import to non-existent collection (404)', async ({ request }) => {
+        const exportResponse = await request.post(`${baseUrl}/api/public/export/dashboard/definition/json`, {
+            headers: {
+                Authorization: optimizeBearerToken,
+                'Content-Type': 'application/json',
+            },
+            data: [dashboardIdValue],
+        });
+        await (0, apiHelpers_1.assertResponseStatus)(exportResponse, 200);
+        const entitiesToImport = await exportResponse.json();
         const fakeCollectionId = 'nonexistent-collection-id';
         const response = await request.post(`${baseUrl}/api/public/import?collectionId=${fakeCollectionId}`, {
             headers: {
                 Authorization: optimizeBearerToken,
                 'Content-Type': 'application/json',
             },
-            data: exportedEntities,
+            data: entitiesToImport,
         });
-        const status = response.status();
-        (0, test_1.expect)(status).toBe(404);
+        (0, test_1.expect)(response.status()).toBe(404);
     });
 });
 _8_9_1.test.describe('API optimize SaaS Tests - Conditional Events', () => {
@@ -309,6 +363,11 @@ _8_9_1.test.describe('API optimize SaaS Tests - Conditional Events', () => {
         });
         baseUrl = process.env.CAMUNDA_OPTIMIZE_BASE_URL;
     });
+    _8_9_1.test.afterAll(async ({ request }) => {
+        if (conditionalEventsCollectionId) {
+            await request.delete(`${baseUrl}/api/public/collection/${conditionalEventsCollectionId}`, { headers: { Authorization: optimizeBearerToken } });
+        }
+    });
     (0, _8_9_1.test)('CE-OPT-09: Creating a Process Report for Conditional Events via API returns HTTP 200', async ({ request, }) => {
         await _8_9_1.test.step('Create a process report for conditional-events-auto-process (200)', async () => {
             const response = await request.post(`${baseUrl}/api/report/process/single`, {
@@ -435,3 +494,590 @@ _8_9_1.test.describe('API optimize SaaS Tests - Conditional Events', () => {
         });
     });
 });
+_8_9_1.test.describe('API optimize SaaS Tests - Health Readiness', () => {
+    let baseUrl;
+    _8_9_1.test.beforeAll(async () => {
+        baseUrl = process.env.CAMUNDA_OPTIMIZE_BASE_URL;
+    });
+    (0, _8_9_1.test)('Health readiness returns 200 when Optimize is ready', async ({ request, }) => {
+        await _8_9_1.test.step('GET /api/readyz returns 200 (no auth required)', async () => {
+            const response = await request.get(`${baseUrl}/api/readyz`);
+            (0, test_1.expect)(response.status()).toBe(200);
+        });
+    });
+    (0, _8_9_1.test)('Health readiness rejects requests that include an Authorization header', async ({ request, }) => {
+        await _8_9_1.test.step('GET /api/readyz with Authorization header should be rejected', async () => {
+            const token = await (0, apiHelpers_1.authSaasAPI)(process.env.OPTIMIZE_API_TOKEN_AUDIENCE);
+            const response = await request.get(`${baseUrl}/api/readyz`, {
+                headers: { Authorization: token },
+            });
+            (0, test_1.expect)([400, 401, 403]).toContain(response.status());
+        });
+    });
+});
+_8_9_1.test.describe('API optimize SaaS Tests - Sharing', () => {
+    let optimizeBearerToken;
+    let baseUrl;
+    _8_9_1.test.beforeAll(async () => {
+        optimizeBearerToken = await (0, apiHelpers_1.authSaasAPI)(process.env.OPTIMIZE_API_TOKEN_AUDIENCE);
+        baseUrl = process.env.CAMUNDA_OPTIMIZE_BASE_URL;
+    });
+    (0, _8_9_1.test)('Enable sharing with valid token returns 200 or 204', async ({ request, }) => {
+        await _8_9_1.test.step('POST /api/public/share/enable with valid token (200 or 204)', async () => {
+            const response = await request.post(`${baseUrl}/api/public/share/enable`, { headers: { Authorization: optimizeBearerToken } });
+            (0, test_1.expect)([200, 204]).toContain(response.status());
+        });
+    });
+    (0, _8_9_1.test)('Enable sharing without token returns 401', async ({ request }) => {
+        await _8_9_1.test.step('POST /api/public/share/enable without token (401)', async () => {
+            const response = await request.post(`${baseUrl}/api/public/share/enable`);
+            (0, test_1.expect)(response.status()).toBe(401);
+        });
+    });
+    (0, _8_9_1.test)('Enable sharing with invalid token returns 401', async ({ request }) => {
+        await _8_9_1.test.step('POST /api/public/share/enable with invalid token (401)', async () => {
+            const response = await request.post(`${baseUrl}/api/public/share/enable`, { headers: { Authorization: 'Bearer invalid_token' } });
+            (0, test_1.expect)(response.status()).toBe(401);
+        });
+    });
+    (0, _8_9_1.test)('Disable sharing with valid token returns 200 or 204', async ({ request, }) => {
+        await _8_9_1.test.step('POST /api/public/share/disable with valid token (200 or 204)', async () => {
+            const response = await request.post(`${baseUrl}/api/public/share/disable`, { headers: { Authorization: optimizeBearerToken } });
+            (0, test_1.expect)([200, 204]).toContain(response.status());
+        });
+    });
+    (0, _8_9_1.test)('Disable sharing without token returns 401', async ({ request }) => {
+        await _8_9_1.test.step('POST /api/public/share/disable without token (401)', async () => {
+            const response = await request.post(`${baseUrl}/api/public/share/disable`);
+            (0, test_1.expect)(response.status()).toBe(401);
+        });
+    });
+    (0, _8_9_1.test)('Disable sharing with invalid token returns 401', async ({ request }) => {
+        await _8_9_1.test.step('POST /api/public/share/disable with invalid token (401)', async () => {
+            const response = await request.post(`${baseUrl}/api/public/share/disable`, { headers: { Authorization: 'Bearer invalid_token' } });
+            (0, test_1.expect)(response.status()).toBe(401);
+        });
+    });
+    (0, _8_9_1.test)('Sharing toggle cycle: enable then disable is idempotent', async ({ request, }) => {
+        await _8_9_1.test.step('Enable sharing (200 or 204)', async () => {
+            const response = await request.post(`${baseUrl}/api/public/share/enable`, { headers: { Authorization: optimizeBearerToken } });
+            (0, test_1.expect)([200, 204]).toContain(response.status());
+        });
+        await _8_9_1.test.step('Disable sharing (200 or 204)', async () => {
+            const response = await request.post(`${baseUrl}/api/public/share/disable`, { headers: { Authorization: optimizeBearerToken } });
+            (0, test_1.expect)([200, 204]).toContain(response.status());
+        });
+        await _8_9_1.test.step('Re-enable sharing returns 200 or 204 (idempotent)', async () => {
+            const response = await request.post(`${baseUrl}/api/public/share/enable`, { headers: { Authorization: optimizeBearerToken } });
+            (0, test_1.expect)([200, 204]).toContain(response.status());
+        });
+    });
+});
+_8_9_1.test.describe('API optimize SaaS Tests - Dashboard and Report GET edge cases', () => {
+    let optimizeBearerToken;
+    let optimizeCookie;
+    let collectionId;
+    let baseUrl;
+    _8_9_1.test.beforeAll(async ({ browser, request }) => {
+        const page = await browser.newPage();
+        optimizeCookie = await (0, apiHelpers_1.getOptimizeCoockie)(page);
+        await page.close();
+        optimizeBearerToken = await (0, apiHelpers_1.authSaasAPI)(process.env.OPTIMIZE_API_TOKEN_AUDIENCE);
+        baseUrl = process.env.CAMUNDA_OPTIMIZE_BASE_URL;
+        collectionId = await (0, apiHelpers_1.createCollection)(request, {
+            name: await (0, randomName_1.randomNameAgregator)('GET Edge Cases Collection'),
+            optimizeCookie,
+        });
+    });
+    _8_9_1.test.afterAll(async ({ request }) => {
+        if (collectionId) {
+            await request.delete(`${baseUrl}/api/public/collection/${collectionId}`, {
+                headers: { Authorization: optimizeBearerToken },
+            });
+        }
+    });
+    (0, _8_9_1.test)('GET dashboards with valid token and collectionId returns 200 with id array', async ({ request, }) => {
+        await _8_9_1.test.step('GET /api/public/dashboard?collectionId returns 200', async () => {
+            const response = await request.get(`${baseUrl}/api/public/dashboard?collectionId=${collectionId}`, { headers: { Authorization: optimizeBearerToken } });
+            await (0, apiHelpers_1.assertResponseStatus)(response, 200);
+            const body = await response.json();
+            (0, test_1.expect)(Array.isArray(body)).toBeTruthy();
+        });
+    });
+    (0, _8_9_1.test)('GET dashboards without collectionId param returns 400 or 500', async ({ request, }) => {
+        await _8_9_1.test.step('GET /api/public/dashboard without collectionId', async () => {
+            const response = await request.get(`${baseUrl}/api/public/dashboard`, {
+                headers: { Authorization: optimizeBearerToken },
+            });
+            (0, test_1.expect)([400, 500]).toContain(response.status());
+        });
+    });
+    (0, _8_9_1.test)('GET reports with valid token and collectionId returns 200 with id array', async ({ request, }) => {
+        await _8_9_1.test.step('GET /api/public/report?collectionId returns 200', async () => {
+            const response = await request.get(`${baseUrl}/api/public/report?collectionId=${collectionId}`, { headers: { Authorization: optimizeBearerToken } });
+            await (0, apiHelpers_1.assertResponseStatus)(response, 200);
+            const body = await response.json();
+            (0, test_1.expect)(Array.isArray(body)).toBeTruthy();
+        });
+    });
+    (0, _8_9_1.test)('GET reports without collectionId param returns 400 or 500', async ({ request, }) => {
+        await _8_9_1.test.step('GET /api/public/report without collectionId', async () => {
+            const response = await request.get(`${baseUrl}/api/public/report`, {
+                headers: { Authorization: optimizeBearerToken },
+            });
+            (0, test_1.expect)([400, 500]).toContain(response.status());
+        });
+    });
+});
+_8_9_1.test.describe('API optimize SaaS Tests - Export edge cases', () => {
+    let optimizeBearerToken;
+    let optimizeCookie;
+    let collectionId;
+    let dashboardId1;
+    let dashboardId2;
+    let reportId1;
+    let reportId2;
+    let baseUrl;
+    _8_9_1.test.beforeAll(async ({ browser, request }) => {
+        const page = await browser.newPage();
+        optimizeCookie = await (0, apiHelpers_1.getOptimizeCoockie)(page);
+        await page.close();
+        optimizeBearerToken = await (0, apiHelpers_1.authSaasAPI)(process.env.OPTIMIZE_API_TOKEN_AUDIENCE);
+        baseUrl = process.env.CAMUNDA_OPTIMIZE_BASE_URL;
+        collectionId = await (0, apiHelpers_1.createCollection)(request, {
+            name: await (0, randomName_1.randomNameAgregator)('Export Edge Cases Collection'),
+            optimizeCookie,
+        });
+        dashboardId1 = await (0, apiHelpers_1.createDashboard)(request, {
+            name: await (0, randomName_1.randomNameAgregator)('Export Dashboard 1'),
+            optimizeCookie,
+            collectionId,
+        });
+        dashboardId2 = await (0, apiHelpers_1.createDashboard)(request, {
+            name: await (0, randomName_1.randomNameAgregator)('Export Dashboard 2'),
+            optimizeCookie,
+            collectionId,
+        });
+        reportId1 = await (0, apiHelpers_1.createSingleProcessReport)(request, {
+            optimizeCookie,
+            collectionId,
+            name: await (0, randomName_1.randomNameAgregator)('Export Report 1'),
+            definitions: [
+                {
+                    key: 'aProcess',
+                    filter: [],
+                    groupBy: { type: 'none', value: null },
+                    distributedBy: { type: 'none', value: null },
+                    view: { entity: 'processInstance', properties: ['frequency'] },
+                },
+            ],
+        });
+        reportId2 = await (0, apiHelpers_1.createSingleProcessReport)(request, {
+            optimizeCookie,
+            collectionId,
+            name: await (0, randomName_1.randomNameAgregator)('Export Report 2'),
+            definitions: [
+                {
+                    key: 'aProcess',
+                    filter: [],
+                    groupBy: { type: 'none', value: null },
+                    distributedBy: { type: 'none', value: null },
+                    view: { entity: 'processInstance', properties: ['frequency'] },
+                },
+            ],
+        });
+    });
+    _8_9_1.test.afterAll(async ({ request }) => {
+        if (collectionId) {
+            await request.delete(`${baseUrl}/api/public/collection/${collectionId}`, {
+                headers: { Authorization: optimizeBearerToken },
+            });
+        }
+    });
+    (0, _8_9_1.test)('Export multiple dashboards in a single call returns 200 with all definitions', async ({ request, }) => {
+        await _8_9_1.test.step('POST export with two dashboard IDs returns array of 2', async () => {
+            const response = await request.post(`${baseUrl}/api/public/export/dashboard/definition/json`, {
+                headers: {
+                    Authorization: optimizeBearerToken,
+                    'Content-Type': 'application/json',
+                },
+                data: [dashboardId1, dashboardId2],
+            });
+            await (0, apiHelpers_1.assertResponseStatus)(response, 200);
+            const body = await response.json();
+            (0, test_1.expect)(Array.isArray(body)).toBeTruthy();
+            (0, test_1.expect)(body.length).toBeGreaterThanOrEqual(2);
+        });
+    });
+    (0, _8_9_1.test)('Export multiple reports in a single call returns 200 with all definitions', async ({ request, }) => {
+        await _8_9_1.test.step('POST export with two report IDs returns array of 2', async () => {
+            const response = await request.post(`${baseUrl}/api/public/export/report/definition/json`, {
+                headers: {
+                    Authorization: optimizeBearerToken,
+                    'Content-Type': 'application/json',
+                },
+                data: [reportId1, reportId2],
+            });
+            await (0, apiHelpers_1.assertResponseStatus)(response, 200);
+            const body = await response.json();
+            (0, test_1.expect)(Array.isArray(body)).toBeTruthy();
+            (0, test_1.expect)(body.length).toBeGreaterThanOrEqual(2);
+        });
+    });
+    (0, _8_9_1.test)('Export reports with empty array body returns 200 with empty array', async ({ request, }) => {
+        await _8_9_1.test.step('POST export/report with empty array body returns 200 []', async () => {
+            const response = await request.post(`${baseUrl}/api/public/export/report/definition/json`, {
+                headers: {
+                    Authorization: optimizeBearerToken,
+                    'Content-Type': 'application/json',
+                },
+                data: [],
+            });
+            await (0, apiHelpers_1.assertResponseStatus)(response, 200);
+            const body = await response.json();
+            (0, test_1.expect)(Array.isArray(body)).toBeTruthy();
+            (0, test_1.expect)(body.length).toBe(0);
+        });
+    });
+    (0, _8_9_1.test)('Export dashboards with empty array body returns 200 with empty array', async ({ request, }) => {
+        await _8_9_1.test.step('POST export/dashboard with empty array body returns 200 []', async () => {
+            const response = await request.post(`${baseUrl}/api/public/export/dashboard/definition/json`, {
+                headers: {
+                    Authorization: optimizeBearerToken,
+                    'Content-Type': 'application/json',
+                },
+                data: [],
+            });
+            await (0, apiHelpers_1.assertResponseStatus)(response, 200);
+            const body = await response.json();
+            (0, test_1.expect)(Array.isArray(body)).toBeTruthy();
+            (0, test_1.expect)(body.length).toBe(0);
+        });
+    });
+});
+_8_9_1.test.describe('API optimize SaaS Tests - Auth edge cases', () => {
+    let baseUrl;
+    _8_9_1.test.beforeAll(async () => {
+        baseUrl = process.env.CAMUNDA_OPTIMIZE_BASE_URL;
+    });
+    (0, _8_9_1.test)('Expired JWT token returns 401 on dashboard endpoint', async ({ request, }) => {
+        const expiredToken = 'Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.' +
+            'eyJzdWIiOiJ0ZXN0IiwiZXhwIjoxfQ.' +
+            'invalidsignature';
+        await _8_9_1.test.step('GET /api/public/dashboard with expired token returns 401', async () => {
+            const response = await request.get(`${baseUrl}/api/public/dashboard?collectionId=any`, { headers: { Authorization: expiredToken } });
+            (0, test_1.expect)(response.status()).toBe(401);
+        });
+    });
+    (0, _8_9_1.test)('Malformed Bearer value (empty string) returns 401 on dashboard endpoint', async ({ request, }) => {
+        await _8_9_1.test.step('GET /api/public/dashboard with empty Bearer value returns 401', async () => {
+            const response = await request.get(`${baseUrl}/api/public/dashboard?collectionId=any`, { headers: { Authorization: 'Bearer ' } });
+            (0, test_1.expect)(response.status()).toBe(401);
+        });
+    });
+    (0, _8_9_1.test)('Token with wrong audience returns 401 on dashboard endpoint', async ({ request, }) => {
+        await _8_9_1.test.step('Use a Zeebe-audience token against Optimize API and expect 401', async () => {
+            const wrongAudienceToken = await (0, apiHelpers_1.authSaasAPI)();
+            const response = await request.get(`${baseUrl}/api/public/dashboard?collectionId=any`, { headers: { Authorization: wrongAudienceToken } });
+            (0, test_1.expect)(response.status()).toBe(401);
+        });
+    });
+});
+_8_9_1.test.describe('API V2 tests on SaaS cluster', () => {
+    let bearerToken;
+    const apiUrl = () => process.env.ZEEBE_API_URL;
+    _8_9_1.test.beforeAll(async () => {
+        bearerToken = await (0, apiHelpers_1.authSaasAPI)();
+    });
+    (0, _8_9_1.test)('GET /v2/topology returns 200', async ({ request }) => {
+        const response = await request.get(`${apiUrl()}/v2/topology`, {
+            headers: { Authorization: bearerToken, 'Content-Type': 'application/json' },
+        });
+        await (0, apiHelpers_1.assertResponseStatus)(response, 200);
+    });
+    (0, _8_9_1.test)('GET /v2/topology without token returns 401', async ({ request }) => {
+        const response = await request.get(`${apiUrl()}/v2/topology`, {
+            headers: { 'Content-Type': 'application/json' },
+        });
+        (0, test_1.expect)(response.status()).toBe(401);
+    });
+    (0, _8_9_1.test)('POST /v2/process-definitions/search returns 200 with items array', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/process-definitions/search`, {
+            headers: {
+                Authorization: bearerToken,
+                'Content-Type': 'application/json',
+            },
+            data: { filter: {}, page: { limit: 10 } },
+        });
+        (0, test_1.expect)([200, 400, 405]).toContain(response.status());
+        if (response.status() === 200) {
+            const body = await response.json();
+            (0, test_1.expect)(body).toHaveProperty('items');
+            (0, test_1.expect)(Array.isArray(body.items)).toBeTruthy();
+        }
+    });
+    (0, _8_9_1.test)('POST /v2/process-definitions/search without token returns 401', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/process-definitions/search`, {
+            headers: { 'Content-Type': 'application/json' },
+            data: { filter: {}, size: 10 },
+        });
+        (0, test_1.expect)(response.status()).toBe(401);
+    });
+    (0, _8_9_1.test)('POST /v2/process-definitions/search with invalid token returns 401', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/process-definitions/search`, {
+            headers: {
+                Authorization: 'Bearer invalid_token',
+                'Content-Type': 'application/json',
+            },
+            data: { filter: {}, size: 10 },
+        });
+        (0, test_1.expect)(response.status()).toBe(401);
+    });
+    (0, _8_9_1.test)('POST /v2/process-definitions/search with size 1 returns pagination cursor', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/process-definitions/search`, {
+            headers: {
+                Authorization: bearerToken,
+                'Content-Type': 'application/json',
+            },
+            data: { filter: {}, page: { limit: 1 } },
+        });
+        (0, test_1.expect)([200, 400, 405]).toContain(response.status());
+        if (response.status() === 200) {
+            const body = await response.json();
+            (0, test_1.expect)(body).toHaveProperty('items');
+            (0, test_1.expect)(body.items.length).toBeLessThanOrEqual(1);
+            if (body.page?.totalItems > 1) {
+                (0, test_1.expect)(body).toHaveProperty('page');
+            }
+        }
+    });
+    (0, _8_9_1.test)('POST /v2/process-instances/search returns 200 with items array', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/process-instances/search`, {
+            headers: {
+                Authorization: bearerToken,
+                'Content-Type': 'application/json',
+            },
+            data: { filter: {}, page: { limit: 10 } },
+        });
+        (0, test_1.expect)([200, 400, 405]).toContain(response.status());
+        if (response.status() === 200) {
+            const body = await response.json();
+            (0, test_1.expect)(body).toHaveProperty('items');
+            (0, test_1.expect)(Array.isArray(body.items)).toBeTruthy();
+        }
+    });
+    (0, _8_9_1.test)('POST /v2/process-instances/search filtered by state ACTIVE returns 200', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/process-instances/search`, {
+            headers: {
+                Authorization: bearerToken,
+                'Content-Type': 'application/json',
+            },
+            data: { filter: { state: 'ACTIVE' }, page: { limit: 10 } },
+        });
+        (0, test_1.expect)([200, 400, 405]).toContain(response.status());
+        if (response.status() === 200) {
+            const body = await response.json();
+            (0, test_1.expect)(body).toHaveProperty('items');
+        }
+    });
+    (0, _8_9_1.test)('POST /v2/process-instances/search without token returns 401', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/process-instances/search`, {
+            headers: { 'Content-Type': 'application/json' },
+            data: { filter: {}, size: 10 },
+        });
+        (0, test_1.expect)(response.status()).toBe(401);
+    });
+    (0, _8_9_1.test)('POST /v2/process-instances/search with invalid token returns 401', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/process-instances/search`, {
+            headers: {
+                Authorization: 'Bearer invalid_token',
+                'Content-Type': 'application/json',
+            },
+            data: { filter: {}, size: 10 },
+        });
+        (0, test_1.expect)(response.status()).toBe(401);
+    });
+    (0, _8_9_1.test)('POST /v2/user-tasks/search returns 200 with items array', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/user-tasks/search`, {
+            headers: { Authorization: bearerToken, 'Content-Type': 'application/json' },
+            data: { filter: {}, page: { limit: 10 } },
+        });
+        (0, test_1.expect)([200, 400, 405]).toContain(response.status());
+        if (response.status() === 200) {
+            const body = await response.json();
+            (0, test_1.expect)(body).toHaveProperty('items');
+            (0, test_1.expect)(Array.isArray(body.items)).toBeTruthy();
+        }
+    });
+    (0, _8_9_1.test)('POST /v2/user-tasks/search without token returns 401', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/user-tasks/search`, {
+            headers: { 'Content-Type': 'application/json' },
+            data: { filter: {}, size: 10 },
+        });
+        (0, test_1.expect)(response.status()).toBe(401);
+    });
+    (0, _8_9_1.test)('POST /v2/user-tasks/search with invalid token returns 401', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/user-tasks/search`, {
+            headers: {
+                Authorization: 'Bearer invalid_token',
+                'Content-Type': 'application/json',
+            },
+            data: { filter: {}, size: 10 },
+        });
+        (0, test_1.expect)(response.status()).toBe(401);
+    });
+    (0, _8_9_1.test)('POST /v2/variables/search returns 200 with items array', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/variables/search`, {
+            headers: { Authorization: bearerToken, 'Content-Type': 'application/json' },
+            data: { filter: {}, page: { limit: 10 } },
+        });
+        (0, test_1.expect)([200, 400, 405]).toContain(response.status());
+        if (response.status() === 200) {
+            const body = await response.json();
+            (0, test_1.expect)(body).toHaveProperty('items');
+            (0, test_1.expect)(Array.isArray(body.items)).toBeTruthy();
+        }
+    });
+    (0, _8_9_1.test)('POST /v2/variables/search without token returns 401', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/variables/search`, {
+            headers: { 'Content-Type': 'application/json' },
+            data: { filter: {}, size: 10 },
+        });
+        (0, test_1.expect)(response.status()).toBe(401);
+    });
+    (0, _8_9_1.test)('POST /v2/variables/search with invalid token returns 401', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/variables/search`, {
+            headers: {
+                Authorization: 'Bearer invalid_token',
+                'Content-Type': 'application/json',
+            },
+            data: { filter: {}, size: 10 },
+        });
+        (0, test_1.expect)(response.status()).toBe(401);
+    });
+    (0, _8_9_1.test)('POST /v2/incidents/search returns 200 with items array', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/incidents/search`, {
+            headers: { Authorization: bearerToken, 'Content-Type': 'application/json' },
+            data: { filter: {}, page: { limit: 10 } },
+        });
+        (0, test_1.expect)([200, 400, 405]).toContain(response.status());
+        if (response.status() === 200) {
+            const body = await response.json();
+            (0, test_1.expect)(body).toHaveProperty('items');
+            (0, test_1.expect)(Array.isArray(body.items)).toBeTruthy();
+        }
+    });
+    (0, _8_9_1.test)('POST /v2/incidents/search without token returns 401', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/incidents/search`, {
+            headers: { 'Content-Type': 'application/json' },
+            data: { filter: {}, size: 10 },
+        });
+        (0, test_1.expect)(response.status()).toBe(401);
+    });
+    (0, _8_9_1.test)('POST /v2/incidents/search with invalid token returns 401', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/incidents/search`, {
+            headers: {
+                Authorization: 'Bearer invalid_token',
+                'Content-Type': 'application/json',
+            },
+            data: { filter: {}, size: 10 },
+        });
+        (0, test_1.expect)(response.status()).toBe(401);
+    });
+    (0, _8_9_1.test)('POST /v2/decision-definitions/search returns 200 with items array', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/decision-definitions/search`, {
+            headers: {
+                Authorization: bearerToken,
+                'Content-Type': 'application/json',
+            },
+            data: { filter: {}, page: { limit: 10 } },
+        });
+        (0, test_1.expect)([200, 400, 405]).toContain(response.status());
+        if (response.status() === 200) {
+            const body = await response.json();
+            (0, test_1.expect)(body).toHaveProperty('items');
+            (0, test_1.expect)(Array.isArray(body.items)).toBeTruthy();
+        }
+    });
+    (0, _8_9_1.test)('POST /v2/decision-definitions/search without token returns 401', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/decision-definitions/search`, {
+            headers: { 'Content-Type': 'application/json' },
+            data: { filter: {}, size: 10 },
+        });
+        (0, test_1.expect)(response.status()).toBe(401);
+    });
+    (0, _8_9_1.test)('POST /v2/decision-definitions/search with invalid token returns 401', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/decision-definitions/search`, {
+            headers: {
+                Authorization: 'Bearer invalid_token',
+                'Content-Type': 'application/json',
+            },
+            data: { filter: {}, size: 10 },
+        });
+        (0, test_1.expect)(response.status()).toBe(401);
+    });
+    (0, _8_9_1.test)('POST /v2/decision-instances/search returns 200 with items array', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/decision-instances/search`, {
+            headers: {
+                Authorization: bearerToken,
+                'Content-Type': 'application/json',
+            },
+            data: { filter: {}, page: { limit: 10 } },
+        });
+        (0, test_1.expect)([200, 400, 405]).toContain(response.status());
+        if (response.status() === 200) {
+            const body = await response.json();
+            (0, test_1.expect)(body).toHaveProperty('items');
+            (0, test_1.expect)(Array.isArray(body.items)).toBeTruthy();
+        }
+    });
+    (0, _8_9_1.test)('POST /v2/decision-instances/search without token returns 401', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/decision-instances/search`, {
+            headers: { 'Content-Type': 'application/json' },
+            data: { filter: {}, size: 10 },
+        });
+        (0, test_1.expect)(response.status()).toBe(401);
+    });
+    (0, _8_9_1.test)('POST /v2/decision-instances/search with invalid token returns 401', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/decision-instances/search`, {
+            headers: {
+                Authorization: 'Bearer invalid_token',
+                'Content-Type': 'application/json',
+            },
+            data: { filter: {}, size: 10 },
+        });
+        (0, test_1.expect)(response.status()).toBe(401);
+    });
+    (0, _8_9_1.test)('POST /v2/flownode-instances/search returns 200 with items array', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/flownode-instances/search`, {
+            headers: {
+                Authorization: bearerToken,
+                'Content-Type': 'application/json',
+            },
+            data: { filter: {}, page: { limit: 10 } },
+        });
+        (0, test_1.expect)([200, 404, 405]).toContain(response.status());
+        if (response.status() === 200) {
+            const body = await response.json();
+            (0, test_1.expect)(body).toHaveProperty('items');
+            (0, test_1.expect)(Array.isArray(body.items)).toBeTruthy();
+        }
+    });
+    (0, _8_9_1.test)('POST /v2/flownode-instances/search without token returns 401', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/flownode-instances/search`, {
+            headers: { 'Content-Type': 'application/json' },
+            data: { filter: {}, size: 10 },
+        });
+        (0, test_1.expect)(response.status()).toBe(401);
+    });
+    (0, _8_9_1.test)('POST /v2/flownode-instances/search with invalid token returns 401', async ({ request, }) => {
+        const response = await request.post(`${apiUrl()}/v2/flownode-instances/search`, {
+            headers: {
+                Authorization: 'Bearer invalid_token',
+                'Content-Type': 'application/json',
+            },
+            data: { filter: {}, size: 10 },
+        });
+        (0, test_1.expect)(response.status()).toBe(401);
+    });
+});

package/dist/utils/apiHelpers.js CHANGED Viewed

@@ -410,14 +410,48 @@ async function createStringClusterVariable(authToken, environment = 'saas', cust
 }
 exports.createStringClusterVariable = createStringClusterVariable;
 async function getOptimizeCoockie(page) {
-    await (0, utils_1.loginToApp)(process.env.CAMUNDA_OPTIMIZE_BASE_URL, page);
+    const optimizeUrl = process.env.CAMUNDA_OPTIMIZE_BASE_URL;
+    const maxLoginAttempts = 3;
+    // Auth0 can fail or rate-limit concurrent logins. Retry the whole flow if
+    // loginToApp throws (e.g. waitForURL times out after a bad Auth0 redirect).
+    for (let loginAttempt = 0; loginAttempt < maxLoginAttempts; loginAttempt++) {
+        try {
+            await page.goto('about:blank');
+            await page.context().clearCookies();
+            await (0, utils_1.loginToApp)(optimizeUrl, page);
+            break;
+        }
+        catch (error) {
+            if (loginAttempt < maxLoginAttempts - 1) {
+                console.warn(`getOptimizeCoockie: login attempt ${loginAttempt + 1} failed, retrying after backoff...`, error);
+                await page.goto('about:blank');
+                await page.waitForTimeout(5000 * (loginAttempt + 1));
+            }
+            else {
+                throw error;
+            }
+        }
+    }
     const context = page.context();
-    const tempFile = path_1.default.join(os_1.default.tmpdir(), `.auth_optimize_${Date.now()}_${Math.random().toString(36).slice(2)}`);
-    await context.storageState({ path: tempFile });
-    const authData = JSON.parse(fs_1.default.readFileSync(tempFile, 'utf8'));
-    fs_1.default.unlinkSync(tempFile);
-    const serviceTokenCookie = authData.cookies.find((cookie) => cookie.name === 'X-Optimize-Service-Token_0');
-    const authTokenCookie = authData.cookies.find((cookie) => cookie.name === 'X-Optimize-Authorization_0');
+    // Optimize sets its session cookies asynchronously after the Auth0 redirect.
+    // Poll storage state until both cookies are present (up to ~30 s).
+    let serviceTokenCookie;
+    let authTokenCookie;
+    for (let i = 0; i < 10; i++) {
+        const tempFile = path_1.default.join(os_1.default.tmpdir(), `.auth_optimize_${Date.now()}_${Math.random().toString(36).slice(2)}`);
+        await context.storageState({ path: tempFile });
+        const authData = JSON.parse(fs_1.default.readFileSync(tempFile, 'utf8'));
+        fs_1.default.unlinkSync(tempFile);
+        serviceTokenCookie = authData.cookies.find((cookie) => cookie.name === 'X-Optimize-Service-Token_0');
+        authTokenCookie = authData.cookies.find((cookie) => cookie.name === 'X-Optimize-Authorization_0');
+        if (serviceTokenCookie?.value && authTokenCookie?.value) {
+            break;
+        }
+        if (i < 9) {
+            console.warn(`getOptimizeCoockie: cookies not ready yet (attempt ${i + 1}/10), retrying in 3 s...`);
+            await page.waitForTimeout(3000);
+        }
+    }
     const optimizeServiceToken = serviceTokenCookie?.value || '';
     const optimizeAuthToken = authTokenCookie?.value || '';
     const optimizeCookie = `X-Optimize-Service-Token_0=${optimizeServiceToken}; X-Optimize-Authorization_0=${optimizeAuthToken}`;

package/dist/utils/utils.js CHANGED Viewed

@@ -12,9 +12,9 @@ async function loginToApp(appName, page) {
     await (0, test_1.expect)(loginPage.usernameInput).toHaveValue(process.env.C8_USERNAME);
     await (0, test_1.expect)(loginPage.loginMessage).toBeVisible();
     await loginPage.clickContinueButton();
-    await (0, test_1.expect)(loginPage.passwordInput).toBeVisible({ timeout: 60000 });
+    await (0, test_1.expect)(loginPage.passwordInput).toBeVisible({ timeout: 90000 });
     await loginPage.fillPassword(process.env.C8_PASSWORD);
-    await (0, test_1.expect)(loginPage.passwordHeading).toBeVisible();
+    await (0, test_1.expect)(loginPage.passwordHeading).toBeVisible({ timeout: 90000 });
     await loginPage.clickLoginButton();
     await page.waitForURL((url) => url.toString().startsWith(appName), {
         timeout: 60000,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@camunda/e2e-test-suite",
-  "version": "0.0.572",
+  "version": "0.0.573",
   "description": "End-to-end test helpers for Camunda 8",
   "repository": {
     "type": "git",