218 lines
7.1 KiB
TypeScript
218 lines
7.1 KiB
TypeScript
import { expect, test, type Page } from '@playwright/test';
|
|
|
|
import { policyAuthorSession } from '../../src/app/testing';
|
|
|
|
const shellSession = {
|
|
...policyAuthorSession,
|
|
scopes: [
|
|
...new Set([
|
|
...policyAuthorSession.scopes,
|
|
'ui.read',
|
|
'admin',
|
|
'ui.admin',
|
|
'orch:read',
|
|
'orch:operate',
|
|
'orch:quota',
|
|
'findings:read',
|
|
'vuln:view',
|
|
'vuln:investigate',
|
|
'vuln:operate',
|
|
'vuln:audit',
|
|
'authority:tenants.read',
|
|
'advisory:read',
|
|
'vex:read',
|
|
'exceptions:read',
|
|
'exceptions:approve',
|
|
'aoc:verify',
|
|
'policy:read',
|
|
'policy:author',
|
|
'policy:review',
|
|
'policy:approve',
|
|
'policy:simulate',
|
|
'policy:audit',
|
|
'health:read',
|
|
'notify:viewer',
|
|
'release:read',
|
|
'release:write',
|
|
'release:publish',
|
|
'sbom:read',
|
|
'signer:read',
|
|
]),
|
|
],
|
|
};
|
|
|
|
const mockConfig = {
|
|
authority: {
|
|
issuer: 'http://127.0.0.1:4400/authority',
|
|
clientId: 'stella-ops-ui',
|
|
authorizeEndpoint: 'http://127.0.0.1:4400/authority/connect/authorize',
|
|
tokenEndpoint: 'http://127.0.0.1:4400/authority/connect/token',
|
|
logoutEndpoint: 'http://127.0.0.1:4400/authority/connect/logout',
|
|
redirectUri: 'http://127.0.0.1:4400/auth/callback',
|
|
postLogoutRedirectUri: 'http://127.0.0.1:4400/',
|
|
scope:
|
|
'openid profile email ui.read authority:tenants.read advisory:read vex:read exceptions:read exceptions:approve aoc:verify findings:read orch:read vuln:view vuln:investigate vuln:operate vuln:audit',
|
|
audience: 'http://127.0.0.1:4400/gateway',
|
|
dpopAlgorithms: ['ES256'],
|
|
refreshLeewaySeconds: 60,
|
|
},
|
|
apiBaseUrls: {
|
|
authority: '/authority',
|
|
scanner: '/scanner',
|
|
policy: '/policy',
|
|
concelier: '/concelier',
|
|
attestor: '/attestor',
|
|
gateway: '/gateway',
|
|
},
|
|
quickstartMode: true,
|
|
setup: 'complete',
|
|
};
|
|
|
|
const oidcConfig = {
|
|
issuer: mockConfig.authority.issuer,
|
|
authorization_endpoint: mockConfig.authority.authorizeEndpoint,
|
|
token_endpoint: mockConfig.authority.tokenEndpoint,
|
|
jwks_uri: 'http://127.0.0.1:4400/authority/.well-known/jwks.json',
|
|
response_types_supported: ['code'],
|
|
subject_types_supported: ['public'],
|
|
id_token_signing_alg_values_supported: ['RS256'],
|
|
};
|
|
|
|
async function setupShell(page: Page): Promise<void> {
|
|
await page.addInitScript((session) => {
|
|
try {
|
|
window.sessionStorage.clear();
|
|
} catch {
|
|
// ignore storage access errors in restricted contexts
|
|
}
|
|
(window as { __stellaopsTestSession?: unknown }).__stellaopsTestSession = session;
|
|
}, shellSession);
|
|
|
|
await page.route('**/platform/envsettings.json', (route) =>
|
|
route.fulfill({
|
|
status: 200,
|
|
contentType: 'application/json',
|
|
body: JSON.stringify(mockConfig),
|
|
}),
|
|
);
|
|
await page.route('**/config.json', (route) =>
|
|
route.fulfill({
|
|
status: 200,
|
|
contentType: 'application/json',
|
|
body: JSON.stringify(mockConfig),
|
|
}),
|
|
);
|
|
await page.route('**/authority/.well-known/openid-configuration', (route) =>
|
|
route.fulfill({
|
|
status: 200,
|
|
contentType: 'application/json',
|
|
body: JSON.stringify(oidcConfig),
|
|
}),
|
|
);
|
|
await page.route('**/.well-known/openid-configuration', (route) =>
|
|
route.fulfill({
|
|
status: 200,
|
|
contentType: 'application/json',
|
|
body: JSON.stringify(oidcConfig),
|
|
}),
|
|
);
|
|
await page.route('**/authority/.well-known/jwks.json', (route) =>
|
|
route.fulfill({
|
|
status: 200,
|
|
contentType: 'application/json',
|
|
body: JSON.stringify({ keys: [] }),
|
|
}),
|
|
);
|
|
}
|
|
|
|
async function go(page: Page, path: string): Promise<void> {
|
|
await page.goto(path, { waitUntil: 'domcontentloaded' });
|
|
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => null);
|
|
}
|
|
|
|
async function ensureShell(page: Page): Promise<void> {
|
|
await expect(page.locator('aside.sidebar')).toHaveCount(1, { timeout: 15000 });
|
|
}
|
|
|
|
test.describe.configure({ mode: 'serial' });
|
|
|
|
test.describe('IA v2 accessibility and regression', () => {
|
|
test.beforeEach(async ({ page }) => {
|
|
await setupShell(page);
|
|
});
|
|
|
|
test('canonical roots expose landmarks and navigation controls', async ({ page }) => {
|
|
test.setTimeout(90_000);
|
|
const roots = ['/mission-control/board', '/releases', '/security', '/evidence', '/ops', '/setup'];
|
|
|
|
for (const path of roots) {
|
|
await go(page, path);
|
|
await ensureShell(page);
|
|
const landmarkCount = await page.locator('main, [role="main"], nav, [role="navigation"]').count();
|
|
expect(landmarkCount).toBeGreaterThan(1);
|
|
await expect(page.locator('aside.sidebar a, aside.sidebar button').first()).toBeVisible();
|
|
}
|
|
});
|
|
|
|
test('keyboard navigation moves focus across shell controls', async ({ page }) => {
|
|
await go(page, '/mission-control/board');
|
|
await ensureShell(page);
|
|
|
|
const focusedElements: string[] = [];
|
|
for (let i = 0; i < 10; i += 1) {
|
|
await page.keyboard.press('Tab');
|
|
const focused = await page.evaluate(() => {
|
|
const element = document.activeElement as HTMLElement | null;
|
|
if (!element) return 'none';
|
|
return `${element.tagName.toLowerCase()}::${element.className || element.id || 'no-id'}`;
|
|
});
|
|
focusedElements.push(focused);
|
|
}
|
|
|
|
expect(new Set(focusedElements).size).toBeGreaterThan(3);
|
|
});
|
|
|
|
test('deprecated root labels are absent from primary nav', async ({ page }) => {
|
|
await go(page, '/mission-control/board');
|
|
await ensureShell(page);
|
|
const navText = (await page.locator('aside.sidebar nav').textContent()) ?? '';
|
|
|
|
expect(navText).not.toContain('Security & Risk');
|
|
expect(navText).not.toContain('Evidence & Audit');
|
|
expect(navText).not.toContain('Platform Ops');
|
|
expect(navText).not.toContain('Administration');
|
|
expect(navText).not.toContain('Policy Studio');
|
|
});
|
|
|
|
test('breadcrumbs render canonical ownership on key shell routes', async ({ page }) => {
|
|
test.setTimeout(90_000);
|
|
const checks: Array<{ path: string; expected: string }> = [
|
|
{ path: '/mission-control/board', expected: 'Mission Board' },
|
|
{ path: '/releases/versions', expected: 'Release Versions' },
|
|
{ path: '/security/advisories-vex', expected: 'Advisories & VEX' },
|
|
{ path: '/evidence/verify-replay', expected: 'Verify & Replay' },
|
|
{ path: '/ops/operations/data-integrity', expected: 'Data Integrity' },
|
|
{ path: '/setup/topology/agents', expected: 'Agent Fleet' },
|
|
];
|
|
|
|
for (const check of checks) {
|
|
await go(page, check.path);
|
|
await ensureShell(page);
|
|
const breadcrumb = page.locator('app-breadcrumb nav.breadcrumb');
|
|
await expect(breadcrumb).toHaveCount(1);
|
|
await expect(breadcrumb).toContainText(check.expected);
|
|
}
|
|
});
|
|
|
|
test('mobile viewport keeps shell usable without horizontal overflow', async ({ page }) => {
|
|
await page.setViewportSize({ width: 390, height: 844 });
|
|
await go(page, '/mission-control/board');
|
|
await expect(page.locator('.topbar__menu-toggle')).toBeVisible();
|
|
|
|
const hasHorizontalScroll = await page.evaluate(
|
|
() => document.documentElement.scrollWidth > document.documentElement.clientWidth,
|
|
);
|
|
expect(hasHorizontalScroll).toBe(false);
|
|
});
|
|
});
|