hashicorp · hashishaw · Apr 10, 2024 · Apr 2, 2024 · Apr 2, 2024 · Apr 2, 2024
diff --git a/ui/app/helpers/supported-auth-backends.js b/ui/app/helpers/supported-auth-backends.js
@@ -90,7 +90,7 @@ const ENTERPRISE_AUTH_METHODS = [
 ];
 
 export function supportedAuthBackends() {
-  return SUPPORTED_AUTH_BACKENDS;
+  return [...SUPPORTED_AUTH_BACKENDS];
 }
 
 export function allSupportedAuthBackends() {

diff --git a/ui/app/serializers/clients/activity.js b/ui/app/serializers/clients/activity.js
@@ -8,7 +8,7 @@ import { formatISO } from 'date-fns';
 import { formatByMonths, formatByNamespace, destructureClientCounts } from 'core/utils/client-count-utils';
 import timestamp from 'core/utils/timestamp';
 
-// see tests/helpers/clients for sample API response (ACTIVITY_RESPONSE_STUB)
+// see tests/helpers/clients/client-count-helpers for sample API response (ACTIVITY_RESPONSE_STUB)
 // and transformed by_namespace and by_month examples (SERIALIZED_ACTIVITY_RESPONSE)
 export default class ActivitySerializer extends ApplicationSerializer {
   normalizeResponse(store, primaryModelClass, payload, id, requestType) {

diff --git a/ui/docs/tests.md b/ui/docs/tests.md
@@ -0,0 +1,35 @@
+# Test Helpers Organization
+
+Our test are constantly evolving, but here's a general overview of how we set up and organize tests.
+
+## Folder organization
+
+### /acceptance
+
+Acceptance tests should test the overall workflows and navigation within Vault. When possible, they should use the real API instead of mocked so that breaking changes from the backend can be caught. Reasons you may opt to use a mocked backend instead of the real one:
+
+- Using the real backend would cause instability in concurrently-running tests (eg. seal/unseal flow)
+- There isn't a way to set up a 3rd party dependency that the backend needs to run correctly (Database Secrets Engine, Sync Secrets)
+
+### /helpers
+
+Shared helpers such as selectors, common interactions, WebREPL commands, and API response stubs live in this folder. When selectors are only used for a single test, they should be defined on the same file where they are used for the test. Once the selectors are being used for multiple tests, they should be moved to this folder so they can be defined in a single place and shared to wherever they are needed.
+
+Often we will need a set of selectors for "workflow" tests, or acceptance tests that navigate through an area of the app. For these, the helpers should be organized as such:
+
+- `/helpers/<area>/<area>-selectors.ts` - exports selector consts (never default) for each page -- eg. for PKI we would have PKI_OVERVIEW, PKI_ROLE, etc.
+- `/helpers/<area>/<area>-interactions.js` - exports methods and consts which are otherwise helpful in the tests -- eg. example API responses, common interactions (eg. writeVersionedSecret for KV v2)
+
+Whenever possible we should try to use the general selectors exported from `/helpers/general-selectors.ts`.
+
+### integration
+
+Integration tests are most often used to test specific components out of context from the rest of the app. Be sure to mock anything that the component needs to work correctly -- for example, if the component has a certain behavior in enterprise than community edition, in your tests for each scenario it should not assume that the underlying Vault binary is in one state or the other, and mock the enterprise/community state in all the scenarios. The exports in `helpers/stubs.js` might be helpful for these tests, particularly when the component uses a model which fetches capabilities.
+
+### pages
+
+[DEPRECATED] This file should be removed in favor of selectors within the "helpers" folder. We are moving away from ember-page-object selectors toward simple strings
+
+### unit
+
+Unit tests are most often used to test utils, adapters, serializers, routes, and services functionality.
diff --git a/ui/tests/acceptance/access/identity/entities/index-test.js b/ui/tests/acceptance/access/identity/entities/index-test.js
@@ -9,7 +9,7 @@ import { setupApplicationTest } from 'ember-qunit';
 import page from 'vault/tests/pages/access/identity/index';
 import authPage from 'vault/tests/pages/auth';
 import { runCmd } from 'vault/tests/helpers/commands';
-import { SELECTORS as GENERAL } from 'vault/tests/helpers/general-selectors';
+import { GENERAL } from 'vault/tests/helpers/general-selectors';
 import { v4 as uuidv4 } from 'uuid';
 
 const SELECTORS = {

diff --git a/ui/tests/acceptance/auth-list-test.js b/ui/tests/acceptance/auth-list-test.js
@@ -73,109 +73,95 @@ module('Acceptance | auth backend list', function (hooks) {
     assert.dom(SELECTORS.listItem).hasText(this.user1, 'user1 exists in the list');
   });
 
-  test('auth methods are linkable and link to correct view', async function (assert) {
-    assert.expect(45);
-    const uid = uuidv4();
-    await visit('/vault/access');
+  module('auth methods are linkable and link to correct view', function (hooks) {
+    hooks.beforeEach(async function () {
+      this.uid = uuidv4();
+      await visit('/vault/access');
+    });
 
-    const supportManaged = supportedManagedAuthBackends();
     // Test all auth methods, not just those you can log in with
-    const backends = methods().map((backend) => backend.type);
-    assert.deepEqual(
-      backends,
-      [
-        'alicloud',
-        'approle',
-        'aws',
-        'azure',
-        'gcp',
-        'github',
-        'jwt',
-        'oidc',
-        'kubernetes',
-        'ldap',
-        'okta',
-        'radius',
-        'cert',
-        'userpass',
-      ],
-      'non-enterprise auth methods are available'
-    );
-    for (const type of backends) {
-      const path = type === 'token' ? 'token' : `auth-list-${type}-${uid}`;
-      if (type !== 'token') {
-        await enablePage.enable(type, path);
-      }
-      await settled();
+    methods()
+      .map((backend) => backend.type)
+      .forEach((type) => {
+        test(`${type} auth method`, async function (assert) {
+          const supportManaged = supportedManagedAuthBackends();
+          const path = type === 'token' ? 'token' : `auth-list-${type}-${this.uid}`;
+          if (type !== 'token') {
+            await enablePage.enable(type, path);
+          }
+          await settled();
+          await visit('/vault/access');
+
+          // check popup menu
+          const itemCount = type === 'token' ? 2 : 3;
+          await click(`[data-test-auth-backend-link="${path}"] [data-test-popup-menu-trigger]`);
+          assert
+            .dom('.hds-dropdown-list-item')
+            .exists({ count: itemCount }, `shows ${itemCount} dropdown items for ${type}`);
+
+          // all auth methods should be linkable
+          await click(`[data-test-auth-backend-link="${path}"]`);
+          if (!supportManaged.includes(type)) {
+            assert.dom('[data-test-auth-section-tab]').exists({ count: 1 });
+            assert
+              .dom('[data-test-auth-section-tab]')
+              .hasText('Configuration', `only shows configuration tab for ${type} auth method`);
+            assert.dom('[data-test-doc-link] .doc-link').exists(`includes doc link for ${type} auth method`);
+          } else {
+            let expectedTabs = 2;
+            if (type === 'ldap' || type === 'okta') {
+              expectedTabs = 3;
+            }
+            assert
+              .dom('[data-test-auth-section-tab]')
+              .exists({ count: expectedTabs }, `has management tabs for ${type} auth method`);
+          }
+          if (type !== 'token') {
+            // cleanup method
+            await runCmd(deleteAuthCmd(path));
+          }
+        });
+      });
+  });
+
+  module('enterprise', function () {
+    test('ent-only auth methods are linkable and link to correct view', async function (assert) {
+      assert.expect(3);
+      const uid = uuidv4();
       await visit('/vault/access');
 
-      // check popup menu
-      const itemCount = type === 'token' ? 2 : 3;
-      await click(`[data-test-auth-backend-link="${path}"] [data-test-popup-menu-trigger]`);
-      assert
-        .dom('.hds-dropdown-list-item')
-        .exists({ count: itemCount }, `shows ${itemCount} dropdown items for ${type}`);
+      // Only SAML is enterprise-only for now
+      const type = 'saml';
+      const path = `auth-list-${type}-${uid}`;
+      await enablePage.enable(type, path);
+      await settled();
+      await visit('/vault/access');
 
       // all auth methods should be linkable
       await click(`[data-test-auth-backend-link="${path}"]`);
-      if (!supportManaged.includes(type)) {
-        assert.dom('[data-test-auth-section-tab]').exists({ count: 1 });
-        assert
-          .dom('[data-test-auth-section-tab]')
-          .hasText('Configuration', `only shows configuration tab for ${type} auth method`);
-        assert.dom('[data-test-doc-link] .doc-link').exists(`includes doc link for ${type} auth method`);
-      } else {
-        let expectedTabs = 2;
-        if (type == 'ldap' || type === 'okta') {
-          expectedTabs = 3;
-        }
-        assert
-          .dom('[data-test-auth-section-tab]')
-          .exists({ count: expectedTabs }, `has management tabs for ${type} auth method`);
-      }
-      if (type !== 'token') {
-        // cleanup method
-        await runCmd(deleteAuthCmd(path));
-      }
-    }
-  });
-
-  test('enterprise: auth methods are linkable and link to correct view', async function (assert) {
-    assert.expect(3);
-    const uid = uuidv4();
-    await visit('/vault/access');
-
-    // Only SAML is enterprise-only for now
-    const type = 'saml';
-    const path = `auth-list-${type}-${uid}`;
-    await enablePage.enable(type, path);
-    await settled();
-    await visit('/vault/access');
-
-    // all auth methods should be linkable
-    await click(`[data-test-auth-backend-link="${path}"]`);
-    assert.dom('[data-test-auth-section-tab]').exists({ count: 1 });
-    assert
-      .dom('[data-test-auth-section-tab]')
-      .hasText('Configuration', `only shows configuration tab for ${type} auth method`);
-    assert.dom('[data-test-doc-link] .doc-link').exists(`includes doc link for ${type} auth method`);
-    await runCmd(deleteAuthCmd(path));
-  });
-
-  test('enterprise: token config within namespace', async function (assert) {
-    const ns = 'ns-wxyz';
-    await runCmd(createNS(ns), false);
-    await settled();
-    await authPage.loginNs(ns);
-    // go directly to token configure route
-    await visit('/vault/settings/auth/configure/token/options');
-    await fillIn('[data-test-input="description"]', 'My custom description');
-    await click('[data-test-save-config="true"]');
-    assert.strictEqual(currentURL(), '/vault/access', 'successfully saves and navigates away');
-    await click('[data-test-auth-backend-link="token"]');
-    assert
-      .dom('[data-test-row-value="Description"]')
-      .hasText('My custom description', 'description was saved');
-    await runCmd(`delete sys/namespaces/${ns}`);
+      assert.dom('[data-test-auth-section-tab]').exists({ count: 1 });
+      assert
+        .dom('[data-test-auth-section-tab]')
+        .hasText('Configuration', `only shows configuration tab for ${type} auth method`);
+      assert.dom('[data-test-doc-link] .doc-link').exists(`includes doc link for ${type} auth method`);
+      await runCmd(deleteAuthCmd(path));
+    });
+
+    test('token config within namespace', async function (assert) {
+      const ns = 'ns-wxyz';
+      await runCmd(createNS(ns), false);
+      await settled();
+      await authPage.loginNs(ns);
+      // go directly to token configure route
+      await visit('/vault/settings/auth/configure/token/options');
+      await fillIn('[data-test-input="description"]', 'My custom description');
+      await click('[data-test-save-config="true"]');
+      assert.strictEqual(currentURL(), '/vault/access', 'successfully saves and navigates away');
+      await click('[data-test-auth-backend-link="token"]');
+      assert
+        .dom('[data-test-row-value="Description"]')
+        .hasText('My custom description', 'description was saved');
+      await runCmd(`delete sys/namespaces/${ns}`);
+    });
   });
 });