determined-ai · JComins000 · Oct 28, 2024 · Oct 9, 2024 · Oct 10, 2024 · Oct 10, 2024
@@ -0,0 +1,50 @@
+temp_dir: /tmp/priority_scheduler
+
+stages:
+  - db:
+      name: db
+
+  - master:
+      pre:
+        - sh: make -C tools prep-root
+      config_file:
+        security:
+          initial_user_password: $INITIAL_USER_PASSWORD
+          authz:
+            rbac_ui_enabled: true
+            workspace_creator_assign_role:
+              enabled: true
+              role_id: 1
+        port: 8082
+        db:
+          host: localhost
+          port: 5432
+          password: postgres
+          user: postgres
+          name: determined
+        checkpoint_storage:
+          type: shared_fs
+          host_path: /tmp
+          storage_path: determined-cp
+        log:
+          level: debug
+        root: tools/build
+        cache: 
+          cache_dir: /tmp/determined-cache
+        launch_error: false
+        telemetry:
+          enabled: false
+        resource_manager:
+          default_aux_resource_pool: default
+          default_compute_resource_pool: default
+          type: agent
+
+  - agent:
+      name: agent1
+      config_file:
+        master_host: 127.0.0.1
+        master_port: 8082
+        agent_id: agent1
+        container_master_host: $DOCKER_LOCALHOST
+        agent_reconnect_attempts: 24
+        agent_reconnect_backoff: 5
@@ -2019,6 +2019,12 @@ jobs:
 
   test-e2e-react:
     parameters:
+      devcluster-config:
+        type: enum
+        enum:
+          - react.devcluster.yaml
+          - react-rbac.devcluster.yaml
+          - react-sso.devcluster.yaml
       ee:
         type: boolean
         default: false
@@ -2051,7 +2057,7 @@ jobs:
       - run: make -C agent get-deps
       - install-devcluster
       - start-devcluster:
-          devcluster-config: react.devcluster.yaml
+          devcluster-config: <<parameters.devcluster-config>>
       - run: make -C webui/react get-playwright-ci
       - run: SERVER_ADDRESS=${PW_SERVER_ADDRESS} npm run build --prefix webui/react
       - wait-for-master:
@@ -4012,6 +4018,7 @@ workflows:
           dev-mode: true
       - test-e2e-react:
           name: test-e2e-react-oss
+          devcluster-config: react.devcluster.yaml
           requires:
             - build-go-oss
           context:
@@ -4101,13 +4108,27 @@ workflows:
       - test-e2e-react:
           name: test-e2e-react-ee
           ee: true
+          devcluster-config: react-rbac.devcluster.yaml
           requires:
             - build-go-ee
           context:
             - playwright
             - github-read
             - dev-ci-cluster-default-user-credentials
           filters: *any-upstream
+      # this will be used once sso tests are prioritized (after rbac tests)
+      # - test-e2e-react:
+      #     name: test-e2e-react-ee-sso
+      #     ee: true
+      #     devcluster-config: react-sso.devcluster.yaml
+      #     playwright-options: "-g sso"
+      #     requires:
+      #       - build-go-ee
+      #     context:
+      #       - playwright
+      #       - github-read
+      #       - dev-ci-cluster-default-user-credentials
+      #     filters: *any-upstream
       - build-docs:
           requires:
             - build-helm
@@ -5471,6 +5492,7 @@ workflows:
           context: github-read
       - test-e2e-react:
           ee: << pipeline.parameters.ee >>
+          devcluster-config: react.devcluster.yaml
           playwright-options: << pipeline.parameters.e2e-react >>
           requires:
             - build-go

@@ -0,0 +1,51 @@
+import streamConsumers from 'stream/consumers';
+
+import _ from 'lodash';
+
+import { RBACApi, V1AssignRolesRequest, V1AssignRolesResponse } from 'services/api-ts-sdk/api';
+
+import { ApiAuthFixture } from './api.auth.fixture';
+
+export class ApiRoleFixture {
+  readonly apiAuth: ApiAuthFixture;
+  constructor(apiAuth: ApiAuthFixture) {
+    this.apiAuth = apiAuth;
+  }
+
+  new({ roleProps = {} } = {}): V1AssignRolesRequest {
+    const defaults = {};
+    return {
+      ...defaults,
+      ...roleProps,
+    };
+  }
+
+  private static normalizeUrl(url: string): string {
+    if (url.endsWith('/')) {
+      return url.substring(0, url.length - 1);
+    }
+    return url;
+  }
+
+  private async startRoleRequest(): Promise<RBACApi> {
+    return new RBACApi(
+      { apiKey: await this.apiAuth.getBearerToken() },
+      ApiRoleFixture.normalizeUrl(this.apiAuth.baseURL),
+      fetch,
+    );
+  }
+
+  async createAssignment(req: V1AssignRolesRequest): Promise<V1AssignRolesResponse> {
+    const roleResp = await (await this.startRoleRequest())
+      .assignRoles(req, {})
+      .catch(async function (error) {
+        const respBody = await streamConsumers.text(error.body);
+        throw new Error(
+          `Create Assignment Failed: ${error.status} Request: ${JSON.stringify(
+            req,
+          )} Response: ${respBody}`,
+        );
+      });
+    return _.merge(req, roleResp);
+  }
+}
@@ -15,6 +15,7 @@ import {
 
 import { ApiAuthFixture } from './api.auth.fixture';
 import { ApiProjectFixture } from './api.project.fixture';
+import { ApiRoleFixture } from './api.roles.fixture';
 import { ApiUserFixture } from './api.user.fixture';
 import { ApiWorkspaceFixture } from './api.workspace.fixture';
 import { AuthFixture } from './auth.fixture';
@@ -39,6 +40,7 @@ type CustomWorkerFixtures = {
   newProject: { request: V1PostProjectRequest; response: V1PostProjectResponse };
   backgroundApiAuth: ApiAuthFixture;
   backgroundApiUser: ApiUserFixture;
+  backgroundApiRole: ApiRoleFixture;
   backgroundApiWorkspace: ApiWorkspaceFixture;
   backgroundApiProject: ApiProjectFixture;
   backgroundAuthedPage: Page;
@@ -128,6 +130,13 @@ export const test = baseTest.extend<CustomFixtures, CustomWorkerFixtures>({
     },
     { scope: 'worker' },
   ],
+  backgroundApiRole: [
+    async ({ backgroundApiAuth }, use) => {
+      const backgroundApiRole = new ApiRoleFixture(backgroundApiAuth);
+      await use(backgroundApiRole);
+    },
+    { scope: 'worker' },
+  ],
   /**
    * Allows calling the user api without a page so that it can run in beforeAll(). You will need to get a bearer
    * token by calling backgroundApiUser.apiAuth.loginAPI(). This will also provision a page in the background which
@@ -181,7 +190,7 @@ export const test = baseTest.extend<CustomFixtures, CustomWorkerFixtures>({
    * Creates an admin and logs in as that admin for the duraction of the test suite
    */
   newAdmin: [
-    async ({ backgroundApiUser }, use, workerInfo) => {
+    async ({ backgroundApiUser, backgroundApiRole }, use, workerInfo) => {
       const request = backgroundApiUser.new({
         userProps: {
           user: {
@@ -192,6 +201,11 @@ export const test = baseTest.extend<CustomFixtures, CustomWorkerFixtures>({
         },
       });
       const adminUser = await backgroundApiUser.createUser(request);
+      await backgroundApiRole.createAssignment({
+        userRoleAssignments: [
+          { roleAssignment: { role: { roleId: 1 } }, userId: adminUser.user!.id! },
+        ],
+      });
       await use({ request, response: adminUser });
       await backgroundApiUser.patchUser(adminUser.user!.id!, { active: false });
     },