@meshxdata/fops 0.1.48 → 0.1.50

package/src/plugins/bundled/fops-plugin-azure/lib/commands/test-cmds.js

@@ -3,7 +3,7 @@
  */
 import chalk from "chalk";
 import { resolveRemoteAuth, suppressTlsWarning } from "../azure-auth.js";
-import { parsePytestSummary, parsePytestDurations } from "../pytest-parse.js";
+import { parsePytestSummary, parsePytestDurations, parsePytestFailedTests } from "../pytest-parse.js";
 
 export function registerTestCommands(azure) {
   const test = azure
@@ -89,6 +89,39 @@ export function registerTestCommands(azure) {
         } catch { /* optional — tests still run without it */ }
       }
 
+      // Fetch QA_TEST_USER_PASSWORD for role-based test accounts
+      // Priority: local .env file → process.env → ~/.fops.json → remote VM .env
+      let qaTestUserPassword = "";
+      try {
+        const localEnv = await fsp.readFile(localEnvPath, "utf8");
+        const pwMatch = localEnv.match(/^QA_TEST_USER_PASSWORD=(.+)$/m);
+        if (pwMatch) qaTestUserPassword = pwMatch[1].trim().replace(/^["']|["']$/g, "");
+      } catch { /* no local .env */ }
+      if (!qaTestUserPassword) {
+        qaTestUserPassword = process.env.QA_TEST_USER_PASSWORD || "";
+      }
+      if (!qaTestUserPassword) {
+        try {
+          const os = await import("node:os");
+          const fopsJson = JSON.parse(await fsp.readFile(path.join(os.homedir(), ".fops.json"), "utf8"));
+          qaTestUserPassword = fopsJson?.plugins?.entries?.["fops-plugin-foundation"]?.config?.qaTestUserPassword || "";
+        } catch { /* no ~/.fops.json */ }
+      }
+      if (!qaTestUserPassword && ip) {
+        try {
+          const sshUser = state?.adminUser || "azureuser";
+          const { stdout: pwOut } = await sshCmd(execa, ip, sshUser,
+            "grep -E '^QA_TEST_USER_PASSWORD=' /opt/foundation-compose/.env",
+            10_000,
+          );
+          const pwMatch = (pwOut || "").match(/^QA_TEST_USER_PASSWORD=(.+)$/m);
+          if (pwMatch) {
+            qaTestUserPassword = pwMatch[1].trim().replace(/^["']|["']$/g, "");
+            console.log(chalk.green("  ✓ Got QA_TEST_USER_PASSWORD from VM"));
+          }
+        } catch { /* optional */ }
+      }
+
       if (!bearerToken && !qaUser) {
         console.error(chalk.red("\n  No credentials found (local or remote)."));
         console.error(chalk.dim("  Set BEARER_TOKEN or QA_USERNAME/QA_PASSWORD, or ensure the VM has Auth0 configured in .env\n"));
@@ -124,7 +157,7 @@ export function registerTestCommands(azure) {
       envContent = setVar(envContent, "ADMIN_PASSWORD", qaPass);
       envContent = setVar(envContent, "ADMIN_X_ACCOUNT", "root");
       envContent = setVar(envContent, "OWNER_EMAIL", qaUser);
-      envContent = setVar(envContent, "OWNER_NAME", "Foundation Operator");
+      envContent = setVar(envContent, "OWNER_NAME", '"Foundation Operator"');
       if (bearerToken) {
         envContent = setVar(envContent, "BEARER_TOKEN", bearerToken);
         envContent = setVar(envContent, "TOKEN_AUTH0", bearerToken);
@@ -133,6 +166,15 @@ export function registerTestCommands(azure) {
         envContent = setVar(envContent, "CF_ACCESS_CLIENT_ID", cfAccessClientId);
         envContent = setVar(envContent, "CF_ACCESS_CLIENT_SECRET", cfAccessClientSecret);
       }
+      if (qaTestUserPassword) {
+        envContent = setVar(envContent, "QA_TEST_USER_PASSWORD", `'${qaTestUserPassword}'`);
+      }
+
+      // Set URN values for policy creation (required by setup_user_role.py)
+      envContent = setVar(envContent, "ORG_ROOT_RESOURCE_PREFIX", "urn:meshx::data:root");
+      envContent = setVar(envContent, "ORG_A_RESOURCE_PREFIX", "urn:meshx::data:khoa");
+      envContent = setVar(envContent, "ORG_ROOT_URN", "urn:meshx::iam:root:organization:root");
+      envContent = setVar(envContent, "ORG_A_URN", "urn:meshx::iam:root:organization:khoa");
 
       await fsp.writeFile(envPath, envContent);
       console.log(chalk.green(`  ✓ Configured QA .env → ${apiUrl}`));
@@ -151,16 +193,13 @@ export function registerTestCommands(azure) {
 
       const authMode = useTokenMode ? "bearer token (--use-token)" : `user/pass (${qaUser})`;
       console.log(chalk.cyan(`\n  Running QA tests against ${state.vmName} (${vmUrl}) [${authMode}]…\n`));
-      let setupCmd = `./scripts/set_up_role.sh --env ${targetName}`;
-      let runCmd = `./scripts/run_all_tests.sh --env ${targetName} --role-priority p0`;
 
+      // Run pytest directly - role tests with P0 priority
+      let pytestArgs = `pytest tests/roles --env ${targetName} -v -x --tb=short`;
       if (useTokenMode) {
-        setupCmd += " --use-token";
-        runCmd += " --use-token";
+        pytestArgs += " --use-token";
       }
 
-      const pytestArgs = `${setupCmd} && ${runCmd}`;
-
       const testEnv = {
         ...process.env,
         API_URL: apiUrl,
@@ -192,7 +231,7 @@ export function registerTestCommands(azure) {
       const proc = execa(
         "bash",
         ["-c", `source venv/bin/activate && ${pytestArgs}`],
-        { cwd: qaDir, timeout: 600_000, reject: false, env: testEnv },
+        { cwd: qaDir, timeout: 1_800_000, reject: false, env: testEnv },  // 30 min timeout
       );
       let captured = "";
       proc.stdout?.on("data", (d) => { const s = d.toString(); captured += s; process.stdout.write(s); });
@@ -203,6 +242,7 @@ export function registerTestCommands(azure) {
 
       const counts = parsePytestSummary(captured);
       const timing = parsePytestDurations(captured);
+      const failedTests = parsePytestFailedTests(captured);
       const { writeVmState } = await import("../azure-state.js");
       const qaResult = {
         passed: actualExit === 0,
@@ -215,14 +255,35 @@ export function registerTestCommands(azure) {
         ...(counts.skipped != null && { numSkipped: counts.skipped }),
         durationSec: counts.durationSec || wallSec,
         ...(timing && { timing }),
+        ...(failedTests.length > 0 && { failedTests: failedTests.slice(0, 50) }),
       };
       writeVmState(state.vmName, { qa: qaResult });
 
       if (actualExit === 0) {
         console.log(chalk.green("\n  ✓ QA tests passed\n"));
       } else {
-        console.error(chalk.red(`\n  QA tests failed (exit ${actualExit}).`));
-        console.error(chalk.dim(`  Report: ${path.join(qaDir, "playwright-report")}\n`));
+        console.error(chalk.red(`\n  ✗ QA tests failed (exit ${actualExit})`));
+
+        // Parse and display failed tests summary
+        const failedTests = parsePytestFailedTests(captured);
+        if (failedTests.length > 0) {
+          console.error(chalk.red(`\n  Failed tests (${failedTests.length}):`));
+          for (const { test, reason } of failedTests.slice(0, 20)) {
+            const shortTest = test.replace(/^tests\//, "");
+            const reasonStr = reason ? chalk.dim(` - ${reason.slice(0, 60)}`) : "";
+            console.error(chalk.red(`    • ${shortTest}${reasonStr}`));
+          }
+          if (failedTests.length > 20) {
+            console.error(chalk.dim(`    ... and ${failedTests.length - 20} more`));
+          }
+        }
+
+        // Show summary counts
+        if (counts.passed != null || counts.failed != null) {
+          console.error(chalk.dim(`\n  Summary: ${counts.passed || 0} passed, ${counts.failed || 0} failed, ${counts.skipped || 0} skipped`));
+        }
+
+        console.error(chalk.dim(`\n  Report: ${path.join(qaDir, "playwright-report")}\n`));
         process.exitCode = 1;
       }
 
@@ -251,6 +312,161 @@ export function registerTestCommands(azure) {
       await resultsSetup({ account: opts.account });
     });
 
+  test
+    .command("setup-users [name]")
+    .description("Create/update QA test users on target environment")
+    .option("--vm-name <name>", "Target VM (default: active)")
+    .option("--env <name>", "Target environment name (staging, dev, etc.)")
+    .action(async (name, opts) => {
+      const { resolveCliSrc, lazyExeca, ensureAzCli, ensureAzAuth, resolvePublicIp } = await import("../azure-helpers.js");
+      const { requireVmState, knockForVm, sshCmd } = await import("../azure.js");
+      const { rootDir } = await import(resolveCliSrc("project.js"));
+      const { resolveRemoteAuth, suppressTlsWarning } = await import("../azure-auth.js");
+      const fsp = await import("node:fs/promises");
+      const path = await import("node:path");
+
+      const root = rootDir();
+      if (!root) {
+        console.error(chalk.red("\n  Foundation project root not found.\n"));
+        process.exit(1);
+      }
+
+      const qaDir = path.join(root, "foundation-qa-automation");
+      try {
+        await fsp.access(qaDir);
+      } catch {
+        console.error(chalk.red("\n  foundation-qa-automation/ not found."));
+        process.exit(1);
+      }
+
+      const execa = await lazyExeca();
+      let envName = opts.env;
+      let apiUrl;
+      let bearerToken;
+
+      if (!envName) {
+        // Resolve from VM
+        await ensureAzCli(execa);
+        await ensureAzAuth(execa);
+        const state = requireVmState(opts.vmName || name);
+        const ip = await resolvePublicIp(execa, state.resourceGroup, state.vmName, state.publicIp);
+        if (!ip) {
+          console.error(chalk.red("\n  No IP address. Is the VM running?\n"));
+          process.exit(1);
+        }
+        const vmUrl = state.publicUrl || `https://${ip}`;
+        apiUrl = `${vmUrl}/api`;
+        envName = opts.vmName || name || state.vmName;
+
+        const auth = await resolveRemoteAuth({
+          apiUrl, ip, vmState: state,
+          execaFn: execa, sshCmd, knockForVm, suppressTlsWarning,
+        });
+        bearerToken = auth.bearerToken;
+      } else {
+        // Use named environment - authenticate via Auth0 ROPC
+        const envUrls = {
+          staging: "https://staging.meshx.app/api",
+          dev: "https://dev.meshx.app/api",
+          demo: "https://demo.meshx.app/api",
+          integration: "https://integration.meshx.app/api",
+        };
+        apiUrl = envUrls[envName] || `https://${envName}.meshx.app/api`;
+
+        // Try to get bearer token for named environment
+        const { resolveFoundationCreds, resolveAuth0Config, isJwt, isJwtExpired } = await import("../azure-auth.js");
+        const creds = resolveFoundationCreds();
+
+        // Check for existing valid bearer token
+        if (creds?.bearerToken && isJwt(creds.bearerToken) && !isJwtExpired(creds.bearerToken)) {
+          bearerToken = creds.bearerToken;
+          console.log(chalk.green("  ✓ Using existing bearer token"));
+        } else if (creds?.user && creds?.password) {
+          // Authenticate via Auth0 ROPC
+          const auth0Cfg = resolveAuth0Config();
+          if (auth0Cfg) {
+            console.log(chalk.dim(`  Authenticating via Auth0 (${auth0Cfg.domain})…`));
+            const body = {
+              grant_type: "password",
+              client_id: auth0Cfg.clientId,
+              username: creds.user,
+              password: creds.password,
+              scope: "openid",
+            };
+            if (auth0Cfg.clientSecret) body.client_secret = auth0Cfg.clientSecret;
+            if (auth0Cfg.audience) body.audience = auth0Cfg.audience;
+
+            try {
+              const resp = await fetch(`https://${auth0Cfg.domain}/oauth/token`, {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify(body),
+                signal: AbortSignal.timeout(15_000),
+              });
+              if (resp.ok) {
+                const data = await resp.json();
+                if (data.access_token) {
+                  bearerToken = data.access_token;
+                  console.log(chalk.green(`  ✓ Authenticated as ${creds.user}`));
+                }
+              } else {
+                const errText = await resp.text().catch(() => "");
+                console.error(chalk.yellow(`  ⚠ Auth0 rejected credentials: HTTP ${resp.status}`));
+                if (errText) console.error(chalk.dim(`    ${errText.slice(0, 200)}`));
+              }
+            } catch (e) {
+              console.error(chalk.yellow(`  ⚠ Auth0 auth failed: ${e.message}`));
+            }
+          } else {
+            console.error(chalk.yellow("  ⚠ No Auth0 config found (check .env or ~/.fops.json)"));
+          }
+        }
+
+        if (!bearerToken) {
+          console.error(chalk.red("\n  No bearer token available for named environment."));
+          console.error(chalk.dim("  Set BEARER_TOKEN env var or ensure QA_USERNAME/QA_PASSWORD + Auth0 config are set.\n"));
+          process.exit(1);
+        }
+      }
+
+      console.log(chalk.cyan(`\n  Setting up QA test users on ${envName} (${apiUrl})…\n`));
+
+      // Ensure venv
+      try {
+        await fsp.access(path.join(qaDir, "venv"));
+      } catch {
+        console.log(chalk.cyan("  Setting up QA automation environment…"));
+        await execa("python3", ["-m", "venv", "venv"], { cwd: qaDir, stdio: "inherit" });
+        await execa("bash", ["-c", "source venv/bin/activate && pip install -r requirements.txt"], { cwd: qaDir, stdio: "inherit" });
+      }
+
+      const setupEnv = {
+        ...process.env,
+        TARGET_ENV: envName,
+        USE_TOKEN: bearerToken ? "1" : "0",
+        API_URL: apiUrl,
+      };
+      if (bearerToken) {
+        setupEnv.TOKEN_AUTH0 = bearerToken;
+        setupEnv.BEARER_TOKEN = bearerToken;
+      }
+
+      // Use the shell script which handles all setup
+      const useTokenFlag = bearerToken ? "--use-token" : "";
+      const { exitCode } = await execa(
+        "bash",
+        ["scripts/set_up_user_role.sh", "--env", envName, useTokenFlag].filter(Boolean),
+        { cwd: qaDir, stdio: "inherit", env: setupEnv, reject: false, timeout: 300_000 },
+      );
+
+      if (exitCode === 0) {
+        console.log(chalk.green("\n  ✓ QA test users created/updated\n"));
+      } else {
+        console.error(chalk.red(`\n  ✗ User setup failed (exit ${exitCode})\n`));
+        process.exitCode = 1;
+      }
+    });
+
   test
     .command("list [target]")
     .description("List stored test results across VMs (optionally filter by name)")

package/src/plugins/bundled/fops-plugin-azure/lib/commands/vm-cmds.js

@@ -166,9 +166,10 @@ export function registerVmCommands(azure, api, registry) {
     .option("--cost", "Show estimated cost per resource (queries Azure Cost Management)")
     .option("--days <days>", "Days to look back for cost (default: 30)", "30")
     .option("--versions", "Show service image version matrix")
+    .option("--json", "Output as JSON (for programmatic use)")
     .action(async (opts) => {
       const { azureList } = await import("../azure.js");
-      await azureList({ live: opts.live, verbose: opts.verbose, cost: opts.cost, days: parseInt(opts.days), versions: opts.versions });
+      await azureList({ live: opts.live, verbose: opts.verbose, cost: opts.cost, days: parseInt(opts.days), versions: opts.versions, json: opts.json });
     });
 
   // ── ip ─────────────────────────────────────────────────────────────────

package/src/plugins/bundled/fops-plugin-azure/lib/pytest-parse.js

@@ -25,6 +25,27 @@ export function parsePytestSummary(output) {
   return counts;
 }
 
+export function parsePytestFailedTests(output) {
+  const failed = [];
+  const lines = output.split("\n");
+
+  for (const line of lines) {
+    // Match "FAILED tests/path/test_file.py::test_name - reason"
+    const failMatch = line.match(/^FAILED\s+(\S+)(?:\s+-\s+(.*))?$/);
+    if (failMatch) {
+      failed.push({ test: failMatch[1], reason: failMatch[2] || "" });
+      continue;
+    }
+    // Match verbose format "tests/path::test_name FAILED"
+    const vMatch = line.match(/^(\S+::\S+)\s+FAILED/);
+    if (vMatch) {
+      failed.push({ test: vMatch[1], reason: "" });
+    }
+  }
+
+  return failed;
+}
+
 export function parsePytestDurations(output) {
   const durations = [];
   const lines = output.split("\n");