From ccd0a323a0ba396a93a292205f27800e411f57e4 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 21 Nov 2024 16:38:14 -0700
Subject: [PATCH] chore(deps): update neuvector to 5.4.0 (#778)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
|
[cgr.dev/du-uds-defenseunicorns/neuvector-controller-fips](https://images.chainguard.dev/directory/image/neuvector-controller-fips/overview)
([source](https://redirect.github.com/chainguard-images/images-private/tree/HEAD/images/neuvector-fips))
| minor | `5.3.4` -> `5.4.0` |
|
[cgr.dev/du-uds-defenseunicorns/neuvector-enforcer-fips](https://images.chainguard.dev/directory/image/neuvector-enforcer-fips/overview)
([source](https://redirect.github.com/chainguard-images/images-private/tree/HEAD/images/neuvector-fips))
| minor | `5.3.4` -> `5.4.0` |
|
[cgr.dev/du-uds-defenseunicorns/neuvector-manager](https://images.chainguard.dev/directory/image/neuvector-manager/overview)
([source](https://redirect.github.com/chainguard-images/images-private/tree/HEAD/images/neuvector))
| minor | `5.3.4` -> `5.4.0` |
|
[cgr.dev/du-uds-defenseunicorns/neuvector-updater-fips](https://images.chainguard.dev/directory/image/neuvector-updater-fips/overview)
([source](https://redirect.github.com/chainguard-images/images-private/tree/HEAD/images/neuvector-fips))
| minor | `8.10.1-dev` -> `8.11.0-dev` |
| [core](https://neuvector.com)
([source](https://redirect.github.com/neuvector/neuvector-helm)) | minor
| `2.7.9` -> `2.8.3` |
| [crd](https://neuvector.com) | minor | `2.7.9` -> `2.8.3` |
|
[docker.io/neuvector/controller](https://www.suse.com/products/base-container-images/)
([source](https://sources.suse.com/SUSE:SLE-15-SP6:Update:CR/micro-image/19856e79d950c4baf0d9cc9c3e07c2f3/))
| minor | `5.3.4` -> `5.4.0` |
|
[docker.io/neuvector/enforcer](https://www.suse.com/products/base-container-images/)
([source](https://sources.suse.com/SUSE:SLE-15-SP6:Update:CR/micro-image/19856e79d950c4baf0d9cc9c3e07c2f3/))
| minor | `5.3.4` -> `5.4.0` |
|
[docker.io/neuvector/manager](https://www.suse.com/products/base-container-images/)
([source](https://sources.suse.com/SUSE:SLE-15-SP6:Update:CR/micro-image/19856e79d950c4baf0d9cc9c3e07c2f3/))
| minor | `5.3.4` -> `5.4.0` |
| [monitor](https://neuvector.com) | minor | `2.7.9` -> `2.8.3` |
|
[registry1.dso.mil/ironbank/neuvector/neuvector/controller](https://open-docs.neuvector.com/)
([source](https://repo1.dso.mil/dsop/neuvector/neuvector/controller)) |
minor | `5.3.4` -> `5.4.0` |
|
[registry1.dso.mil/ironbank/neuvector/neuvector/enforcer](https://open-docs.neuvector.com/)
([source](https://repo1.dso.mil/dsop/neuvector/neuvector/enforcer)) |
minor | `5.3.4` -> `5.4.0` |
|
[registry1.dso.mil/ironbank/neuvector/neuvector/manager](https://open-docs.neuvector.com/)
([source](https://repo1.dso.mil/dsop/neuvector/neuvector/manager)) |
minor | `5.3.4` -> `5.4.0` |
|
[registry1.dso.mil/ironbank/redhat/ubi/ubi9-minimal](https://catalog.redhat.com/software/container-stacks/detail/5ec53f50ef29fd35586d9a56)
([source](https://repo1.dso.mil/dsop/redhat/ubi/9.x/ubi9-minimal)) |
minor | `9.4` -> `9.5` |
---
### Release Notes
neuvector/neuvector-helm (core)
###
[`v2.8.3`](https://redirect.github.com/neuvector/neuvector-helm/releases/tag/v2.8.3):
Release 2.8.3
[Compare
Source](https://redirect.github.com/neuvector/neuvector-helm/compare/2.8.2...v2.8.3)
##### What's Changed
- fix: NVSHAS-9624 rewrite gh-page publish flow by
[@holyspectral](https://redirect.github.com/holyspectral) in
[https://github.com/neuvector/neuvector-helm/pull/455](https://redirect.github.com/neuvector/neuvector-helm/pull/455)
- fix: NVSHAS-8682 remove misplaced resc from crds by
[@holyspectral](https://redirect.github.com/holyspectral) in
[https://github.com/neuvector/neuvector-helm/pull/453](https://redirect.github.com/neuvector/neuvector-helm/pull/453)
- Bump version for 2.8.3 by
[@holyspectral](https://redirect.github.com/holyspectral) in
[https://github.com/neuvector/neuvector-helm/pull/459](https://redirect.github.com/neuvector/neuvector-helm/pull/459)
##### Known issues
In 2.8.3 chart release, we move a previously mislocated resource from
crds to core. If you use both crds and core charts, you might see issues
during upgrade if you deploy core first.
To resolve this, upgrade crds first and then core charts.
**Full Changelog**:
https://github.com/neuvector/neuvector-helm/compare/2.8.2...v2.8.3
###
[`v2.8.2`](https://redirect.github.com/neuvector/neuvector-helm/releases/tag/2.8.2)
[Compare
Source](https://redirect.github.com/neuvector/neuvector-helm/compare/2.8.1...2.8.2)
#### What's Changed
- NVSHAS-9451: support separate network mode and Process and File mode
in CRD (helm) by
[@williamlin-suse](https://redirect.github.com/williamlin-suse)
in
[https://github.com/neuvector/neuvector-helm/pull/443](https://redirect.github.com/neuvector/neuvector-helm/pull/443)
- feat: add CODEOWNERS by
[@holyspectral](https://redirect.github.com/holyspectral) in
[https://github.com/neuvector/neuvector-helm/pull/449](https://redirect.github.com/neuvector/neuvector-helm/pull/449)
- fix: NVSHAS-9546 make scanner not load cert by
[@holyspectral](https://redirect.github.com/holyspectral) in
[https://github.com/neuvector/neuvector-helm/pull/450](https://redirect.github.com/neuvector/neuvector-helm/pull/450)
- fix: NVSHAS-9546 make scanner not load cert by
[@holyspectral](https://redirect.github.com/holyspectral) in
[https://github.com/neuvector/neuvector-helm/pull/451](https://redirect.github.com/neuvector/neuvector-helm/pull/451)
- feat: increment version to 2.8.2 by
[@holyspectral](https://redirect.github.com/holyspectral) in
[https://github.com/neuvector/neuvector-helm/pull/452](https://redirect.github.com/neuvector/neuvector-helm/pull/452)
#### New Contributors
- [@williamlin-suse](https://redirect.github.com/williamlin-suse)
made their first contribution in
[https://github.com/neuvector/neuvector-helm/pull/443](https://redirect.github.com/neuvector/neuvector-helm/pull/443)
**Full Changelog**:
https://github.com/neuvector/neuvector-helm/compare/2.8.0...2.8.2
###
[`v2.8.1`](https://redirect.github.com/neuvector/neuvector-helm/compare/2.8.0...2.8.1)
[Compare
Source](https://redirect.github.com/neuvector/neuvector-helm/compare/2.8.0...2.8.1)
###
[`v2.8.0`](https://redirect.github.com/neuvector/neuvector-helm/releases/tag/2.8.0)
[Compare
Source](https://redirect.github.com/neuvector/neuvector-helm/compare/2.7.9...2.8.0)
##### What's Changed
- Fix an issue where cert-upgrader pod created by cronjob has no effect
by [@holyspectral](https://redirect.github.com/holyspectral) in
[https://github.com/neuvector/neuvector-helm/pull/424](https://redirect.github.com/neuvector/neuvector-helm/pull/424)
- Adding support for CTRL_SEARCH_REGISTRIES env variable NVSHAS-9255 by
[@venkateshjayagopal](https://redirect.github.com/venkateshjayagopal)
in
[https://github.com/neuvector/neuvector-helm/pull/426](https://redirect.github.com/neuvector/neuvector-helm/pull/426)
- Removed Heritage by
[@holyspectral](https://redirect.github.com/holyspectral) in
[https://github.com/neuvector/neuvector-helm/pull/429](https://redirect.github.com/neuvector/neuvector-helm/pull/429)
- feat: NVSHAS-9382 allow providing TLS certificates by
[@holyspectral](https://redirect.github.com/holyspectral) in
[https://github.com/neuvector/neuvector-helm/pull/427](https://redirect.github.com/neuvector/neuvector-helm/pull/427)
- prime compliance support by
[@selvamt94](https://redirect.github.com/selvamt94) in
[https://github.com/neuvector/neuvector-helm/pull/431](https://redirect.github.com/neuvector/neuvector-helm/pull/431)
- update bootstrap support by
[@selvamt94](https://redirect.github.com/selvamt94) in
[https://github.com/neuvector/neuvector-helm/pull/438](https://redirect.github.com/neuvector/neuvector-helm/pull/438)
- Merge 5.4 changes to master by
[@holyspectral](https://redirect.github.com/holyspectral) in
[https://github.com/neuvector/neuvector-helm/pull/437](https://redirect.github.com/neuvector/neuvector-helm/pull/437)
- Bump version up for helm charts 2.8.0 release by
[@holyspectral](https://redirect.github.com/holyspectral) in
[https://github.com/neuvector/neuvector-helm/pull/439](https://redirect.github.com/neuvector/neuvector-helm/pull/439)
**Full Changelog**:
https://github.com/neuvector/neuvector-helm/compare/2.7.9...2.8.0
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
â™» **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/defenseunicorns/uds-core).
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Micah Nagel
Co-authored-by: Noah Birrer
---
packages/runtime-security/tasks.yaml | 1 +
.../chart/templates/uds-package.yaml | 10 +++
src/neuvector/common/zarf.yaml | 6 +-
src/neuvector/tasks.yaml | 18 +++-
src/neuvector/values/registry1-values.yaml | 4 +-
src/neuvector/values/unicorn-values.yaml | 4 +-
src/neuvector/values/upstream-values.yaml | 2 +-
src/neuvector/values/values.yaml | 3 +
src/neuvector/zarf.yaml | 22 ++---
src/pepr/patches/index.ts | 25 ++++++
test/playwright/neuvector.test.ts | 89 +++++++++++++++++++
11 files changed, 164 insertions(+), 20 deletions(-)
create mode 100644 test/playwright/neuvector.test.ts
diff --git a/packages/runtime-security/tasks.yaml b/packages/runtime-security/tasks.yaml
index 9cf0cec0a..81cdf7fa8 100644
--- a/packages/runtime-security/tasks.yaml
+++ b/packages/runtime-security/tasks.yaml
@@ -8,3 +8,4 @@ tasks:
- name: validate
actions:
- task: neuvector:validate
+ - task: neuvector:e2e-test
diff --git a/src/neuvector/chart/templates/uds-package.yaml b/src/neuvector/chart/templates/uds-package.yaml
index 484b6866e..ff645dd34 100644
--- a/src/neuvector/chart/templates/uds-package.yaml
+++ b/src/neuvector/chart/templates/uds-package.yaml
@@ -81,6 +81,16 @@ spec:
selector:
app: neuvector-updater-pod
+ - direction: Egress
+ remoteGenerated: KubeAPI
+ selector:
+ app: neuvector-cert-upgrader-pod
+
+ - direction: Egress
+ remoteGenerated: KubeAPI
+ selector:
+ app: neuvector-scanner-pod
+
- direction: Egress
remoteGenerated: KubeAPI
selector:
diff --git a/src/neuvector/common/zarf.yaml b/src/neuvector/common/zarf.yaml
index 730e0310f..fa46c34d0 100644
--- a/src/neuvector/common/zarf.yaml
+++ b/src/neuvector/common/zarf.yaml
@@ -14,7 +14,7 @@ components:
charts:
- name: crd
url: https://neuvector.github.io/neuvector-helm/
- version: 2.7.9
+ version: 2.8.2
namespace: neuvector
gitPath: charts/crd
- name: uds-neuvector-config
@@ -23,14 +23,14 @@ components:
localPath: ../chart
- name: core
url: https://neuvector.github.io/neuvector-helm/
- version: 2.7.9
+ version: 2.8.2
namespace: neuvector
gitPath: charts/core
valuesFiles:
- ../values/values.yaml
# - name: monitor
# url: https://neuvector.github.io/neuvector-helm/
- # version: 2.7.9
+ # version: 2.8.2
# namespace: neuvector
# gitPath: charts/monitor
# valuesFiles:
diff --git a/src/neuvector/tasks.yaml b/src/neuvector/tasks.yaml
index 1609e8b94..2f66394ec 100644
--- a/src/neuvector/tasks.yaml
+++ b/src/neuvector/tasks.yaml
@@ -1,6 +1,9 @@
# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+includes:
+ - utils: ../../tasks/utils.yaml
+
tasks:
- name: validate
actions:
@@ -41,4 +44,17 @@ tasks:
- name: e2e-test
actions:
- - description: "Run Neuvector E2E tests"
+ - description: "Setup the Keycloak admin user if needed"
+ task: utils:keycloak-admin-user
+ - description: "Setup the Doug User for testing"
+ # Self-reference this task file to avoid https://github.com/defenseunicorns/maru-runner/issues/144
+ cmd: uds run -f tasks/test.yaml common-setup:create-doug-user --set KEYCLOAK_GROUP="/UDS Core/Admin" --no-progress # Adds the test doug user
+ - description: E2E Test for NeuVector
+ cmd: |
+ # renovate: datasource=docker depName=mcr.microsoft.com/playwright versioning=docker
+ docker run --rm --ipc=host -e FULL_CORE="${FULL_CORE}" --net=host --mount type=bind,source="$(pwd)",target=/app mcr.microsoft.com/playwright:v1.49.0-noble sh -c " \
+ cd app && \
+ npm ci && \
+ npx playwright test neuvector.test.ts \
+ "
+ dir: test/playwright
diff --git a/src/neuvector/values/registry1-values.yaml b/src/neuvector/values/registry1-values.yaml
index 436d488d7..c3f34fc57 100644
--- a/src/neuvector/values/registry1-values.yaml
+++ b/src/neuvector/values/registry1-values.yaml
@@ -3,7 +3,7 @@
registry: registry1.dso.mil
# renovate: datasource=docker depName=registry1.dso.mil/ironbank/neuvector/neuvector/controller versioning=docker
-tag: "5.3.4"
+tag: "5.4.0"
manager:
image:
repository: ironbank/neuvector/neuvector/manager
@@ -47,7 +47,7 @@ cve:
image:
repository: ironbank/redhat/ubi/ubi9-minimal
# renovate: datasource=docker depName=registry1.dso.mil/ironbank/redhat/ubi/ubi9-minimal versioning=docker
- tag: "9.4"
+ tag: "9.5"
containerSecurityContext:
capabilities:
drop:
diff --git a/src/neuvector/values/unicorn-values.yaml b/src/neuvector/values/unicorn-values.yaml
index f34c5c87a..bd22a04a6 100644
--- a/src/neuvector/values/unicorn-values.yaml
+++ b/src/neuvector/values/unicorn-values.yaml
@@ -6,7 +6,7 @@ autoGenerateCert: true
registry: cgr.dev
# renovate: datasource=docker depName=cgr.dev/du-uds-defenseunicorns/neuvector-controller-fips versioning=docker
-tag: "5.3.4"
+tag: "5.4.0"
manager:
image:
repository: du-uds-defenseunicorns/neuvector-manager
@@ -41,4 +41,4 @@ cve:
image:
repository: du-uds-defenseunicorns/neuvector-updater-fips
# renovate: datasource=docker depName=cgr.dev/du-uds-defenseunicorns/neuvector-updater-fips versioning=docker
- tag: 8.10.1-dev
+ tag: 8.11.0-dev
diff --git a/src/neuvector/values/upstream-values.yaml b/src/neuvector/values/upstream-values.yaml
index 0391ab7a2..fe0b33014 100644
--- a/src/neuvector/values/upstream-values.yaml
+++ b/src/neuvector/values/upstream-values.yaml
@@ -3,7 +3,7 @@
registry: docker.io
# renovate: datasource=docker depName=docker.io/neuvector/controller versioning=docker
-tag: "5.3.4"
+tag: "5.4.0"
manager:
image:
repository: neuvector/manager
diff --git a/src/neuvector/values/values.yaml b/src/neuvector/values/values.yaml
index a11c8d823..473e78a24 100644
--- a/src/neuvector/values/values.yaml
+++ b/src/neuvector/values/values.yaml
@@ -10,6 +10,9 @@ manager:
svc:
type: ClusterIP
+internal:
+ autoRotateCert: true
+
controller:
apisvc:
type: ClusterIP
diff --git a/src/neuvector/zarf.yaml b/src/neuvector/zarf.yaml
index 2bb8ccc13..9e7198f67 100644
--- a/src/neuvector/zarf.yaml
+++ b/src/neuvector/zarf.yaml
@@ -25,11 +25,11 @@ components:
valuesFiles:
- values/upstream-values.yaml
images:
- - docker.io/neuvector/controller:5.3.4
- - docker.io/neuvector/manager:5.3.4
+ - docker.io/neuvector/controller:5.4.0
+ - docker.io/neuvector/manager:5.4.0
- docker.io/neuvector/updater:latest
- docker.io/neuvector/scanner:latest
- - docker.io/neuvector/enforcer:5.3.4
+ - docker.io/neuvector/enforcer:5.4.0
- name: neuvector
description: "Deploy Neuvector"
@@ -43,11 +43,11 @@ components:
valuesFiles:
- values/registry1-values.yaml
images:
- - registry1.dso.mil/ironbank/neuvector/neuvector/controller:5.3.4
- - registry1.dso.mil/ironbank/neuvector/neuvector/manager:5.3.4
- - registry1.dso.mil/ironbank/redhat/ubi/ubi9-minimal:9.4
+ - registry1.dso.mil/ironbank/neuvector/neuvector/controller:5.4.0
+ - registry1.dso.mil/ironbank/neuvector/neuvector/manager:5.4.0
+ - registry1.dso.mil/ironbank/redhat/ubi/ubi9-minimal:9.5
- registry1.dso.mil/ironbank/neuvector/neuvector/scanner:5
- - registry1.dso.mil/ironbank/neuvector/neuvector/enforcer:5.3.4
+ - registry1.dso.mil/ironbank/neuvector/neuvector/enforcer:5.4.0
- name: neuvector
description: "Deploy Neuvector"
@@ -64,8 +64,8 @@ components:
valuesFiles:
- values/unicorn-values.yaml
images:
- - cgr.dev/du-uds-defenseunicorns/neuvector-manager:5.3.4
- - cgr.dev/du-uds-defenseunicorns/neuvector-enforcer-fips:5.3.4
- - cgr.dev/du-uds-defenseunicorns/neuvector-controller-fips:5.3.4
+ - cgr.dev/du-uds-defenseunicorns/neuvector-manager:5.4.0
+ - cgr.dev/du-uds-defenseunicorns/neuvector-enforcer-fips:5.4.0
+ - cgr.dev/du-uds-defenseunicorns/neuvector-controller-fips:5.4.0
- docker.io/neuvector/scanner:latest
- - cgr.dev/du-uds-defenseunicorns/neuvector-updater-fips:8.10.1-dev
+ - cgr.dev/du-uds-defenseunicorns/neuvector-updater-fips:8.11.0-dev
diff --git a/src/pepr/patches/index.ts b/src/pepr/patches/index.ts
index 78a99c277..a27dd0a5a 100644
--- a/src/pepr/patches/index.ts
+++ b/src/pepr/patches/index.ts
@@ -40,3 +40,28 @@ When(a.Service)
grpcPort.appProtocol = "tcp";
}
});
+
+/**
+ * Mutate the Neuvector Enforcer DaemonSet to add a livenessProbe
+ * Temporary until fixed upstream
+ */
+
+When(a.DaemonSet)
+ .IsCreatedOrUpdated()
+ .InNamespace("neuvector")
+ .WithName("neuvector-enforcer-pod")
+ .Mutate(async ds => {
+ const enforcerContainer = ds.Raw.spec?.template.spec?.containers.find(
+ container => container.name === "neuvector-enforcer-pod",
+ );
+
+ if (enforcerContainer && enforcerContainer.livenessProbe === undefined) {
+ log.debug("Patching NeuVector Enforcer Daemonset to add livenessProbe");
+ const livenessProbe = {
+ exec: { command: ["curl", "--no-progress-meter", "127.0.0.1:8500"] },
+ periodSeconds: 10,
+ failureThreshold: 2,
+ };
+ enforcerContainer.livenessProbe = livenessProbe;
+ }
+ });
diff --git a/test/playwright/neuvector.test.ts b/test/playwright/neuvector.test.ts
new file mode 100644
index 000000000..2d800d306
--- /dev/null
+++ b/test/playwright/neuvector.test.ts
@@ -0,0 +1,89 @@
+/**
+ * Copyright 2024 Defense Unicorns
+ * SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+ */
+
+import { expect, test } from "@playwright/test";
+import { domain } from "./uds.config";
+
+const url = `https://neuvector.admin.${domain}`
+test.use({ baseURL: url });
+
+test("validate system health", async ({ page }) => {
+ await test.step("check sso", async () => {
+ await page.goto('/#/login');
+ await page.waitForLoadState("domcontentloaded");
+
+ await expect(page.getByRole('button', { name: 'Login with OpenID' })).toBeVisible();
+ const termsCheckbox = await page.locator('.mat-checkbox-inner-container');
+ if (await termsCheckbox.isVisible()) {
+ await termsCheckbox.click();
+ }
+ await page.getByRole('button', { name: 'Login with OpenID' }).click();
+ await expect(page).toHaveURL('/#/dashboard');
+ await expect(page.locator('.navbar-header')).toBeVisible();
+ });
+
+ // Expect counts for scanner, controller, enforcer are based on chart defaults
+ await test.step("check system components", async () => {
+ await page.goto('/#/controllers');
+ await page.waitForLoadState("domcontentloaded");
+
+ // Ensure at least three scanners are connected and at least one scan complete
+ await page.getByRole('tab', { name: 'Scanners' }).click();
+ await page.waitForLoadState("domcontentloaded");
+ const scannerPromise = page.waitForResponse(`${url}/scanner`);
+ await page.getByLabel('Scanners').getByRole('button', { name: 'refresh Refresh' }).click();
+ const scannerResponse = await scannerPromise;
+ const scannerData = await scannerResponse.json();
+
+ expect(scannerData).toHaveProperty('scanners');
+ expect(Array.isArray(scannerData.scanners)).toBe(true);
+ expect(scannerData.scanners.length).toBeGreaterThanOrEqual(3);
+ const hasScannedContainers = scannerData.scanners.some(
+ (scanner: { scanned_containers: number }) => scanner.scanned_containers > 0
+ );
+ expect(hasScannedContainers).toBe(true);
+
+ // Ensure at least three controller exists and all are connected
+ await page.getByRole('tab', { name: 'Controllers' }).click();
+ await page.waitForLoadState("domcontentloaded");
+ const controllerPromise = page.waitForResponse(`${url}/controller`);
+ await page.getByLabel('Controllers').getByRole('button', { name: 'refresh Refresh' }).click();
+ const controllerResponse = await controllerPromise;
+ const controllerData = await controllerResponse.json();
+
+ expect(controllerData).toHaveProperty('controllers');
+ expect(Array.isArray(controllerData.controllers)).toBe(true);
+ expect(controllerData.controllers.length).toBeGreaterThanOrEqual(3);
+ controllerData.controllers.forEach((controller: { connection_state: string }) => {
+ expect(controller.connection_state).toBe('connected');
+ });
+
+ // Ensure at least one enforcer exists and all are connected
+ await page.getByRole('tab', { name: 'Enforcers' }).click();
+ await page.waitForLoadState("domcontentloaded");
+ const enforcerPromise = page.waitForResponse(`${url}/enforcer`);
+ await page.getByLabel('Enforcers').getByRole('button', { name: 'refresh Refresh' }).click();
+ const enforcerResponse = await enforcerPromise;
+ const enforcerData = await enforcerResponse.json();
+
+ expect(enforcerData).toHaveProperty('enforcers');
+ expect(Array.isArray(enforcerData.enforcers)).toBe(true);
+ expect(enforcerData.enforcers.length).toBeGreaterThanOrEqual(1);
+ enforcerData.enforcers.forEach((enforcer: { connection_state: string }) => {
+ expect(enforcer.connection_state).toBe('connected');
+ });
+ });
+});
+
+test("validate local login is blocked", async ({ page }) => {
+ await test.step("check local login", async () => {
+ await page.goto('/#/login');
+ await page.locator('.mat-checkbox-inner-container').click();
+ await page.locator('#Email1').fill('admin');
+ await page.locator('#password1').fill('admin');
+ await page.getByRole('button', { name: 'Login', exact: true }).click();
+ await expect(page.getByText('RBAC: access denied')).toBeVisible();
+ });
+});