Set up Playwright E2E foundation and automate the Argo CD SSO authentication

Signed-off-by: Triona Doyle <bot@example.com>

Author: Triona Doyle

.gitignore

@@ -31,3 +31,4 @@ kuttl-test.json
 # ignore vendor
 vendor/
 .vscode/
+.DS_Store

test/ui-e2e/.auth/setup.ts

@@ -0,0 +1,65 @@
+import { test as setup } from '@playwright/test';
+
+const authFile = '.auth/storageState.json';
+
+setup('authenticate to OpenShift Cluster', async ({ page, baseURL }) => {
+  // Navigate to the OpenShift Console
+  const targetUrl = baseURL || process.env.CONSOLE_URL || process.env.BASE_URL;
+
+  if (!targetUrl) {
+    throw new Error("No Console URL provided! Ensure your bash script exports BASE_URL or CONSOLE_URL.");
+  }
+
+  console.log(`Navigating to OpenShift Console: ${targetUrl}`);
+  await page.goto(targetUrl); 
+
+  //set locators 
+  const idpScreenText = page.getByText(/Log in with/i);
+  const usernameInput = page.getByLabel(/Username/i)
+    .or(page.locator('input[name="username"]'))
+    .or(page.getByPlaceholder(/Username/i));
+
+  //wait for the IDP screen OR the Username field to appear
+  try {
+    await Promise.race([
+      idpScreenText.waitFor({ state: 'visible', timeout: 15000 }),
+      usernameInput.waitFor({ state: 'visible', timeout: 15000 })
+    ]);
+  } catch (e) {
+    console.log("Timed out waiting for OpenShift login page to render.");
+  }
+
+  const idpName = process.env.IDP || 'kube:admin'; 
+  const user = process.env.CLUSTER_USER || 'kubeadmin';
+
+  if (await idpScreenText.isVisible()) {
+    console.log(`IDP selection screen detected. Selecting provider: "${idpName}"`);
+    
+    // look for the specific IDP 
+    const idpLink = page.getByRole('link', { name: new RegExp(idpName, 'i') });
+    
+    await idpLink.waitFor({ state: 'visible', timeout: 5000 });
+    await idpLink.click();
+  } else {
+    console.log("No IDP screen detected (or already selected), proceeding to credentials...");
+  }
+
+  // fill in the Credentials
+  await usernameInput.waitFor({ state: 'visible', timeout: 10000 });
+  await usernameInput.fill(user); 
+
+  const passwordInput = page.getByLabel(/Password/i)
+    .or(page.locator('input[name="password"]'))
+    .or(page.getByPlaceholder(/Password/i));
+
+  if (!process.env.CLUSTER_PASSWORD) {
+      throw new Error("CLUSTER_PASSWORD is not set in the environment!");
+  }
+
+  await passwordInput.fill(process.env.CLUSTER_PASSWORD);
+  await page.getByRole('button', { name: /Log in/i }).click();
+
+  //save the auth state
+  await page.waitForLoadState('networkidle');
+  await page.context().storageState({ path: authFile });
+});

test/ui-e2e/.gitignore

@@ -0,0 +1,10 @@
+
+# Playwright
+node_modules/
+/test-results/
+/playwright-report/
+/blob-report/
+/playwright/.cache/
+/playwright/.auth/
+.auth/storageState.json
+.env

test/ui-e2e/README.md

@@ -0,0 +1,65 @@
+# GitOps Operator - UI End-to-End Tests
+
+This suite validates the OpenShift GitOps Operator UI, focusing on Argo CD and SSO integration.
+
+##  Prerequisites
+1. **Node.js** (v18+)
+2. **OpenShift CLI (oc)**: Installed and in your PATH.
+3. **Install Dependencies:** Navigate to this directory and install required packages:
+   ```bash
+   cd test/ui-e2e
+   npm install
+   npx playwright install chromium
+   ```
+
+##  Environment Variables
+You must provide cluster credentials before running tests. You can either `export` these in your terminal (or pipeline), or create a `.env` file in the `test/ui-e2e` directory:
+
+```text
+# .env file example
+CLUSTER_PASSWORD=your_openshift_admin_password
+OC_API_URL=[https://api.cluster.com:6443](https://api.cluster.com:6443)
+CLUSTER_USER=kubeadmin  # (Optional) Defaults to kubeadmin
+IDP=kube:admin          # (Optional) Defaults to kube:admin
+```
+
+##  Execution Commands
+
+All commands use the `./run-ui-tests.sh` wrapper which handles auth, OpenShift token generation, and URL discovery. **Ensure you are in the `test/ui-e2e` directory.**
+
+**Run All Tests (Headless):**
+```bash
+./run-ui-tests.sh --project=chromium 
+```
+
+**Run All Tests (Headed + Trace):**
+```bash
+./run-ui-tests.sh --project=chromium --headed --reporter=list --trace on
+```
+
+**Run Single Test (Headed + Trace):**
+```bash
+./run-ui-tests.sh tests/login.spec.ts --project=chromium --headed --trace on
+```
+
+**View Trace Results:**
+```bash
+npx playwright show-trace test-results/**/*/trace.zip
+```
+
+** Helpful Flags Explained** 
+* `--headed`: Runs tests in a visible browser. Without this, tests run in "headless" mode (invisible background).
+* `--reporter=list`: Changes console output to a clean, line-by-line list so you can see exactly which test is running in real-time.
+* `--trace on`: Captures a full "recording" (DOM snapshots, network, actions) of the test for debugging.
+
+## Architecture 
+
+**Global Setup:**
+`.auth/setup.ts` logs into the OCP console to generate a reusable session (`storageState.json`). This prevents having to log in repeatedly for every test file.
+
+**Spec Isolation:**
+`login.spec.ts` explicitly clears session cookies to force a full SSO UI validation from a fresh state.
+
+## Troubleshooting
+
+* **"Invalid login or password" during automated login:** If you are testing against multiple clusters sequentially, your terminal's `oc` CLI might be holding onto a sticky session from an older cluster. Run `oc logout` before running the bash script to force a clean authentication.

test/ui-e2e/package-lock.json

@@ -0,0 +1,15 @@
+{
+  "name": "ui-e2e",
+  "version": "1.0.0",
+  "main": "index.js",
+  "scripts": {},
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "description": "",
+  "devDependencies": {
+    "@playwright/test": "^1.59.1",
+    "@types/node": "^25.6.0",
+    "dotenv": "^17.4.2"
+  }
+}

test/ui-e2e/package.json

@@ -0,0 +1,77 @@
+import { defineConfig, devices } from '@playwright/test';
+
+/**
+ * Read environment variables from file.
+ * https://github.com/motdotla/dotenv
+ */
+
+// top of playwright.config.ts
+import dotenv from 'dotenv';
+import path from 'path';
+dotenv.config({ path: path.resolve(__dirname, '.env') });
+
+/**
+ * See https://playwright.dev/docs/test-configuration.
+ */
+export default defineConfig({
+  testDir: './tests',
+  /* Run tests in files in parallel */
+  fullyParallel: true,
+  /* Fail the build on CI if you accidentally left test.only in the source code. */
+  forbidOnly: !!process.env.CI,
+  /* Retry on CI only */
+  retries: process.env.CI ? 2 : 0,
+  /* Opt out of parallel tests on CI. */
+  workers: process.env.CI ? 1 : undefined,
+  /* Reporter to use. See https://playwright.dev/docs/test-reporters */
+  reporter: [
+    ['list'],
+    ['html', { open: process.env.CI ? 'never' : 'on-failure' }]
+  ],
+
+/* GLOBAL FOUNDATION: These apply to everything */
+  use: {
+    baseURL: process.env.ARGOCD_URL, 
+    ignoreHTTPSErrors: true,
+    trace: 'on-first-retry',
+  },
+  
+  /* Configure for major browsers */
+  projects: [
+    {
+      name: 'setup',
+      testDir: './',
+      testMatch: '**/.auth/setup.ts',
+      /* Only changes the URL for this specific project */
+      use: {
+        baseURL: process.env.CONSOLE_URL,       },
+    },
+
+    // Update chromium project
+    {
+      name: 'chromium',
+      dependencies: ['setup'],
+      use: { 
+        ...devices['Desktop Chrome'],
+        storageState: '.auth/storageState.json',
+        // project still has ignoreHTTPSErrors: true from above
+      },
+    },
+
+    {
+      name: 'firefox',
+      use: { 
+        ...devices['Desktop Firefox'],
+        // storageState and dependencies here later if we want to run Firefox tests but for now just focus on Chromium
+      },
+    },
+    // ... webkit etc ...
+  ],
+
+  /* Run your local dev server before starting the tests */
+  // webServer: {
+  //   command: 'npm run start',
+  //   url: 'http://localhost:3000',
+  //   reuseExistingServer: !process.env.CI,
+  // },
+});

test/ui-e2e/playwright.config.ts

@@ -0,0 +1,41 @@
+#!/bin/bash
+
+#making sure we are in the correct dir
+cd "$(dirname "$0")" || exit 1
+
+# username (might be something different for rosa - can be overwritten with export CLUSTER_USER)
+export CLUSTER_USER=${CLUSTER_USER:-"kubeadmin"}
+export IDP=${IDP:-"kube:admin"}
+
+#check auth state first
+echo "Checking cluster authentication..."
+if ! oc whoami > /dev/null 2>&1; then
+    if [ -n "$OC_API_URL" ] && [ -n "$CLUSTER_PASSWORD" ]; then
+        echo "Attempting automated login..."
+        oc login "$OC_API_URL" -u "$CLUSTER_USER" -p "$CLUSTER_PASSWORD" --insecure-skip-tls-verify=true
+    else
+        echo "Error: Not logged in. Missing OC_API_URL or CLUSTER_PASSWORD."
+        exit 1
+    fi
+fi
+
+#find the URLs for console and argocd 
+echo "Discovering component URLs..."
+export ARGOCD_URL=$(oc get route openshift-gitops-server -n openshift-gitops -o jsonpath='{"https://"}{.spec.host}')
+export CONSOLE_URL=$(oc whoami --show-console)
+
+if [ -z "$ARGOCD_URL" ] || [ -z "$CONSOLE_URL" ]; then
+    echo "Error: Could not find Argo CD or Console routes."
+    exit 1
+fi
+
+echo "OpenShift Console: $CONSOLE_URL"
+echo " Argo CD UI:        $ARGOCD_URL"
+
+#clean up any old Playwright state
+echo "Getting rid of any old browser sessions..."
+rm -f .auth/storageState.json || true 
+
+#run Playwright 
+echo " Starting Playwright tests..."
+npx playwright test "$@"