Skip to content

ROX-33599: Migrate sensitive Cypress.env() to cy.env() #19965

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sachaudh wants to merge 7 commits into
base: master
Choose a base branch
from
Open

ROX-33599: Migrate sensitive Cypress.env() to cy.env() #19965

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
ea6e895
ROX-33599: Migrate sensitive Cypress.env() to cy.env()
sachaudh Apr 13, 2026
38c1204
ROX-33599: Type CRS response in Cypress helper to replace `any`
sachaudh Apr 13, 2026
b1e1573
ROX-33599: Hide OCP password from Cypress command log
sachaudh Apr 13, 2026
427479c
ROX-33599: Log warning when ROX_AUTH_TOKEN is missing in basicAuth
sachaudh Apr 13, 2026
0f0737b
ROX-33599: Fix prettier formatting in CRS helpers
sachaudh Apr 16, 2026
fa5ade6
ROX-33599: Return cy.env() chain from tryDeleteReportConfiguration
sachaudh Apr 16, 2026
86e1914
ROX-33599: Return cy.env() chain from helper functions
sachaudh Apr 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 8 additions & 5 deletions ui/apps/platform/cypress/helpers/basicAuth.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,12 @@
// This function sets up auth headers for each test in the current test group.
export default () => {
const token = Cypress.env('ROX_AUTH_TOKEN');
if (token) {
beforeEach(() => {
localStorage.setItem('access_token', token);
beforeEach(() => {
cy.env(['ROX_AUTH_TOKEN']).then(({ ROX_AUTH_TOKEN }) => {
if (ROX_AUTH_TOKEN) {
localStorage.setItem('access_token', ROX_AUTH_TOKEN);
} else {
cy.log('WARNING: ROX_AUTH_TOKEN is not set, tests will run unauthenticated');
}
});
}
});
};
38 changes: 26 additions & 12 deletions ui/apps/platform/cypress/helpers/ocpAuth.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,20 +1,34 @@
export function withOcpAuth() {
// Establish a cookie based session for the OCP web console
cy.session('ocp-session-auth', () => {
cy.visit('/');
cy.env([
'OCP_BRIDGE_AUTH_DISABLED',
'OPENSHIFT_CONSOLE_USERNAME',
'OPENSHIFT_CONSOLE_PASSWORD',
]).then(
({
OCP_BRIDGE_AUTH_DISABLED,
OPENSHIFT_CONSOLE_USERNAME,
OPENSHIFT_CONSOLE_PASSWORD,
}) => {
cy.visit('/');

if (!Cypress.env('OCP_BRIDGE_AUTH_DISABLED')) {
cy.url().should('contain', '/login?');
cy.get('input[name="username"]').type(Cypress.env('OPENSHIFT_CONSOLE_USERNAME'));
cy.get('input[name="password"]').type(Cypress.env('OPENSHIFT_CONSOLE_PASSWORD'));
cy.get('button[type="submit"]').click();
}
if (!OCP_BRIDGE_AUTH_DISABLED) {
cy.url().should('contain', '/login?');
cy.get('input[name="username"]').type(OPENSHIFT_CONSOLE_USERNAME);
cy.get('input[name="password"]').type(OPENSHIFT_CONSOLE_PASSWORD, {
log: false,
});
cy.get('button[type="submit"]').click();
}

// Wait for the page to load
cy.url().should('contain', '/dashboards');
cy.get('h1:contains("Overview")');
// Wait for the page to load
cy.url().should('contain', '/dashboards');
cy.get('h1:contains("Overview")');

// Pressing Escape closes the welcome modal if it exists, and silently does nothing if it doesn't
cy.get('body').type('{esc}');
// Pressing Escape closes the welcome modal if it exists, and silently does nothing if it doesn't
cy.get('body').type('{esc}');
}
);
});
}
30 changes: 16 additions & 14 deletions ui/apps/platform/cypress/helpers/policies.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,19 +170,21 @@ export function importPolicyFromFixture(fileName, contentsInterceptor = (c) => c
}

export function deletePolicyIfExists(policyName) {
const auth = { bearer: Cypress.env('ROX_AUTH_TOKEN') };

cy.request({
url: api.policies.policies,
auth,
}).as('listPolicies');

cy.get('@listPolicies').then((res) => {
const policy = res.body.policies.find(({ name }) => name === policyName);
if (policy) {
const { id } = policy;
const url = `/v1/policies/${id}`;
cy.request({ url, auth, method: 'DELETE' });
}
cy.env(['ROX_AUTH_TOKEN']).then(({ ROX_AUTH_TOKEN }) => {
const auth = { bearer: ROX_AUTH_TOKEN };

cy.request({
url: api.policies.policies,
auth,
}).as('listPolicies');

cy.get('@listPolicies').then((res) => {
const policy = res.body.policies.find(({ name }) => name === policyName);
if (policy) {
const { id } = policy;
const url = `/v1/policies/${id}`;
cy.request({ url, auth, method: 'DELETE' });
}
});
});
}
23 changes: 17 additions & 6 deletions ...s/integration/clusters/cluster-registration-secrets/ClusterRegistrationSecrets.helpers.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,23 @@
import type { ClusterRegistrationSecret } from 'services/ClustersService';

export function cleanupClusterRegistrationSecretsWithName(nameToDelete: string) {
// Clean up existing CRSs, if they exist
const auth = { bearer: Cypress.env('ROX_AUTH_TOKEN') };
return cy.env(['ROX_AUTH_TOKEN']).then(({ ROX_AUTH_TOKEN }) => {
const auth = { bearer: ROX_AUTH_TOKEN };

cy.request({ url: '/v1/cluster-init/crs', auth }).as('listCrs');
cy.request({ url: '/v1/cluster-init/crs', auth }).as('listCrs');

return cy.get('@listCrs').then((res: any) => {
const automationTokens = res.body.items.filter(({ name }) => name === nameToDelete);
const body = { ids: automationTokens.map(({ id }) => id) };
return cy.request({ url: '/v1/cluster-init/crs/revoke', body, auth, method: 'PATCH' });
return cy
.get('@listCrs')
.then((res: Cypress.Response<{ items: ClusterRegistrationSecret[] }>) => {
const automationTokens = res.body.items.filter(({ name }) => name === nameToDelete);
const body = { ids: automationTokens.map(({ id }) => id) };
return cy.request({
url: '/v1/cluster-init/crs/revoke',
body,
auth,
method: 'PATCH',
});
});
});
}
70 changes: 37 additions & 33 deletions ui/apps/platform/cypress/integration/collections/Collections.helpers.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,44 +53,48 @@ export function tryCreateCollection(
embeddedCollectionIds = [],
resourceSelectors = []
) {
const auth = { bearer: Cypress.env('ROX_AUTH_TOKEN') };

cy.request({
url: `${baseApiUrl}?query.query=Collection Name:"${name}"`,
auth,
}).as('listCollections');

cy.get('@listCollections').then((res) => {
if (res.body.collections.some((c) => c.name === name)) {
// Collection already exists
return;
}
const body = {
name,
description,
embeddedCollectionIds,
resourceSelectors,
};
cy.request({ url: baseApiUrl, body, auth, method: 'POST' });
cy.env(['ROX_AUTH_TOKEN']).then(({ ROX_AUTH_TOKEN }) => {
const auth = { bearer: ROX_AUTH_TOKEN };

cy.request({
url: `${baseApiUrl}?query.query=Collection Name:"${name}"`,
auth,
}).as('listCollections');

cy.get('@listCollections').then((res) => {
if (res.body.collections.some((c) => c.name === name)) {
// Collection already exists
return;
}
const body = {
name,
description,
embeddedCollectionIds,
resourceSelectors,
};
cy.request({ url: baseApiUrl, body, auth, method: 'POST' });
});
});
}

// Cleanup an existing collection via API call
export function tryDeleteCollection(collectionName) {
const auth = { bearer: Cypress.env('ROX_AUTH_TOKEN') };

cy.request({
url: `${baseApiUrl}?query.query=Collection Name:"${collectionName}"`,
auth,
}).as('listCollections');

cy.get('@listCollections').then((res) => {
const collection = res.body.collections.find(({ name }) => name === collectionName);
if (collection) {
const { id } = collection;
const url = `${baseApiUrl}/${id}`;
cy.request({ url, auth, method: 'DELETE' });
}
cy.env(['ROX_AUTH_TOKEN']).then(({ ROX_AUTH_TOKEN }) => {
const auth = { bearer: ROX_AUTH_TOKEN };

cy.request({
url: `${baseApiUrl}?query.query=Collection Name:"${collectionName}"`,
auth,
}).as('listCollections');

cy.get('@listCollections').then((res) => {
const collection = res.body.collections.find(({ name }) => name === collectionName);
if (collection) {
const { id } = collection;
const url = `${baseApiUrl}/${id}`;
cy.request({ url, auth, method: 'DELETE' });
}
});
});
}

Expand Down
42 changes: 22 additions & 20 deletions ui/apps/platform/cypress/integration/exceptionConfiguration/ExceptionConfig.helpers.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,27 +27,29 @@ export function visitExceptionConfigWithPermissions(category, resourceToAccess)
* Sets the exception config to the expected default as defined in the requirements document.
*/
export function resetExceptionConfig() {
const auth = { bearer: Cypress.env('ROX_AUTH_TOKEN') };
const config = {
expiryOptions: {
dayOptions: [
{ numDays: 14, enabled: true },
{ numDays: 30, enabled: true },
{ numDays: 90, enabled: true },
],
fixableCveOptions: {
allFixable: true,
anyFixable: true,
cy.env(['ROX_AUTH_TOKEN']).then(({ ROX_AUTH_TOKEN }) => {
const auth = { bearer: ROX_AUTH_TOKEN };
const config = {
expiryOptions: {
dayOptions: [
{ numDays: 14, enabled: true },
{ numDays: 30, enabled: true },
{ numDays: 90, enabled: true },
],
fixableCveOptions: {
allFixable: true,
anyFixable: true,
},
customDate: false,
indefinite: false,
},
customDate: false,
indefinite: false,
},
};
};

cy.request({
url: `/v1/config/private/exception/vulnerabilities`,
auth,
method: 'PUT',
body: { config },
cy.request({
url: `/v1/config/private/exception/vulnerabilities`,
auth,
method: 'PUT',
body: { config },
});
});
}
31 changes: 0 additions & 31 deletions ui/apps/platform/cypress/integration/integrations/integrations.helpers.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -605,34 +605,3 @@ export function testIntegrationInFormWithoutStoredCredentials(
staticResponseForTest
);
}

/**
* Attempts to delete an integration via the API given a source and name, if it exists.
* @param {'notifiers'} integrationSource The type of integration
* @param {string} integrationName The name of the integration
*/
export function tryDeleteIntegration(integrationSource, integrationName) {
// This list is not complete - add other integration sources as needed
const integrationResponseKeys = {
notifiers: 'notifiers',
};
if (!integrationResponseKeys[integrationSource]) {
throw new Error(
`A JSON response key for ${integrationSource} was not defined in Cypress test helper.`
);
}
const baseUrl = `/v1/${integrationSource}`;
const auth = { bearer: Cypress.env('ROX_AUTH_TOKEN') };

cy.request({ url: baseUrl, auth }).as('listIntegrations');

cy.get('@listIntegrations').then((res) => {
const jsonKey = integrationResponseKeys[integrationSource];
res.body[jsonKey].forEach(({ id, name }) => {
if (name === integrationName) {
const url = `${baseUrl}/${id}`;
cy.request({ url, auth, method: 'DELETE' });
}
});
});
}
35 changes: 20 additions & 15 deletions ...ress/integration/vulnerabilities/VulnerabilityReporting/VulnerabilityReporting.helpers.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,20 +103,25 @@ export function assertNextDisabledAndHelperTextError(text) {

export function tryDeleteReportConfiguration(reportConfigName) {
const baseApiUrl = '/v2/reports/configurations';
const auth = { bearer: Cypress.env('ROX_AUTH_TOKEN') };

cy.request({
url: `${baseApiUrl}?query=Report Name:${reportConfigName}`,
auth,
}).as('listReports');

return cy.get('@listReports').then((res) => {
const reportConfig = res.body.reportConfigs.find(({ name }) => name === reportConfigName);
if (reportConfig) {
const { id } = reportConfig;
const url = `${baseApiUrl}/${id}`;
return cy.request({ url, auth, method: 'DELETE' });
}
return Promise.resolve();

return cy.env(['ROX_AUTH_TOKEN']).then(({ ROX_AUTH_TOKEN }) => {
const auth = { bearer: ROX_AUTH_TOKEN };

cy.request({
url: `${baseApiUrl}?query=Report Name:${reportConfigName}`,
auth,
}).as('listReports');

return cy.get('@listReports').then((res) => {
const reportConfig = res.body.reportConfigs.find(
({ name }) => name === reportConfigName
);
if (reportConfig) {
const { id } = reportConfig;
const url = `${baseApiUrl}/${id}`;
return cy.request({ url, auth, method: 'DELETE' });
}
return Promise.resolve();
});
});
}
Loading
Loading