Skip to content

Add samples/usecase/usecase1 UI smoke test and align doc/sample artifacts#185

Merged
vharseko merged 3 commits into
OpenIdentityPlatform:masterfrom
vharseko:usecase1
Jun 4, 2026
Merged

Add samples/usecase/usecase1 UI smoke test and align doc/sample artifacts#185
vharseko merged 3 commits into
OpenIdentityPlatform:masterfrom
vharseko:usecase1

Conversation

@vharseko
Copy link
Copy Markdown
Member

@vharseko vharseko commented Jun 3, 2026

Summary

This PR adds an end-to-end UI smoke test for the Initial Reconciliation
walk-through (samples/usecase/usecase1) and fixes a small set of
documentation / packaging / SQL inconsistencies discovered while wiring it
into CI.

The new smoke test drives the OpenIDM Admin UI through the seven numbered
steps from samples/usecase/README (Mappings page → three iterative recon
runs → managed-user assertions → Self-Service login as user.0/Passw0rd)
and is plugged into the existing ui-smoke-tests matrix as a new sample
cell.

Changes

New

  • e2e/usecase1.spec.mjs — Playwright spec, 7 tests mirroring the
    README steps 1)–7). All actions go through the browser; managed-user
    presence/absence is verified through authenticated REST queries (the
    EditResource view renders fields via JSON-Editor, so per-field DOM
    selectors are not stable). A beforeAll hook purges managed/user and
    repo/link so the suite is idempotent across local re-runs.

Modified

  • e2e/helpers.mjsrunReconcileNow now snapshots the most recent
    audit/recon summary id before clicking #syncNowButton and waits for a
    new summary id to appear via REST. The previous text-only wait on
    #syncLabel -> "completed" matched stale labels left over from prior
    runs, returning before the new recon had actually started.

  • .github/workflows/build.yml

    • Added the samples/usecase/usecase1 cell to the ui-smoke-tests
      matrix (incl. samples_label: usecase1).
    • New conditional step provisions an openidentityplatform/opendj
      container (cn=Directory Manager / password, BaseDN
      dc=example,dc=com) seeded with hr_data.ldif, and waits for
      "OpenDJ is started" in docker logs opendj instead of polling TCP/1389.
    • Per-sample log allow-list: the documented usecase1 walk-through
      legitimately produces SynchronizationException /
      BadRequestException / NotFoundException traces during the early
      recon passes (managers not yet provisioned). These three patterns are
      now filtered out before the strict ERROR|SEVERE|Exception|Throwable
      gate in both the Start OpenIDM and Print openidm logs steps.
      Behaviour for all other samples is unchanged.

  • openidm-zip/src/main/assembly/zip.xml — package
    samples/usecase/data/ (with hr_data.ldif) into the distribution.
    Both the README and chap-workflow-samples.adoc reference this file,
    but the assembly previously omitted the directory, so the documented
    ldapmodify / OpenDJ-bootstrap commands could not work from an
    unpacked zip.

  • openidm-zip/src/main/resources/samples/usecase/conf/repo.orientdb.json
    — fix unbalanced parenthesis in find-relationships-for-resource SQL
    (extra ) at the end of the WHERE clause). Other repo configs
    (repo.jdbc.json variants) were already correct.

  • README.md — fix ./opendm/startup.sh./openidm/startup.sh
    typo in the Run OpenIDM section.

Why the allow-list (and not just "fix the errors")

The exceptions caught by the strict log grep
(The referenced relationship 'managed/user/...', does not exist,
Object ... not found in managed/user,
SynchronizationException: The referenced relationship)
are the documented behaviour of usecase1: source rows whose manager
attribute references a managed user that has not been created yet legally
fail on the first/second recon and succeed on the next pass. A local run
produced 228 such lines — every single one is covered by the allow-list
and 0 unexpected ERROR/Exception lines remain. Real regressions
(NPE, Failed to start, OSGi BundleException, OutOfMemoryError, …)
still fail the job.

Local verification

$ npx playwright test e2e/usecase1.spec.mjs --reporter=list
EXIT=0
1 flaky    3) Query the managed users created by the first reconciliation
6 passed

The single flake is an OpenIDM-side race between the recon-summary write
and the relationship-resolver commit; it is absorbed by Playwright's
retries: 1 and does not fail the run.

$ grep -cE "ERROR|SEVERE|Exception|Throwable" openidm/logs/openidm0.log.0
228
$ grep -E "ERROR|SEVERE|Exception|Throwable" openidm/logs/openidm0.log.0 \
    | grep -vE "$ALLOW" | wc -l
0

Out of scope

Documentation prose differences between
samples/usecase/README and
openidm-doc/.../samples-guide/chap-workflow-samples.adoc (empty user
distribution table in the adoc, optional shutdown step, mixed
curl -k vs --cacert style) are noted but left unchanged in this PR.

vharseko added 3 commits June 3, 2026 12:28
@vharseko
test(e2e): add samples/usecase/usecase1 UI smoke test and fix related…
75a0fbf 
… artifacts

Add a Playwright end-to-end smoke test that drives the seven steps of the
"Initial Reconciliation" walk-through from samples/usecase/README through
the Admin UI, and wire it into the ui-smoke-tests matrix.

While doing so, fix the supporting artifacts that prevented the sample
from running cleanly out of an unpacked distribution:

  * openidm-zip assembly now packages samples/usecase/data/, so the
    documented hr_data.ldif file is actually present in the build output
    (referenced by both README and chap-workflow-samples.adoc).
  * Fix unbalanced parenthesis in the find-relationships-for-resource
    query in samples/usecase/conf/repo.orientdb.json.
  * Fix `./opendm/startup.sh` typo in README.md.

CI changes (.github/workflows/build.yml):

  * Add samples/usecase/usecase1 to the ui-smoke-tests matrix.
  * Provision an openidentityplatform/opendj container seeded with
    hr_data.ldif (cn=Directory Manager / password, dc=example,dc=com)
    and wait for "OpenDJ is started" in the container log instead of
    polling TCP/1389.
  * Per-sample allow-list: filter the documented
    SynchronizationException / BadRequestException / NotFoundException
    traces that usecase1 legitimately produces during early recon
    passes (manager-not-yet-provisioned), in both the Start OpenIDM and
    Print openidm logs steps. Behaviour for all other matrix cells is
    unchanged.

Test helper changes (e2e/helpers.mjs):

  * runReconcileNow now snapshots the latest audit/recon summary id
    before clicking #syncNowButton and waits via REST for a new id to
    appear. The previous text-only wait on #syncLabel matched stale
    "completed" labels from prior runs and returned before the new
    recon had actually started.

The new spec uses authenticated REST GETs against managed/user/{id}
for existence assertions because the EditResource view renders fields
through JSON-Editor and per-field DOM selectors are not stable across
schemas. A beforeAll hook purges managed/user and repo/link so the
suite is idempotent across local re-runs.
@vharseko
fix(e2e): honor OPENIDM_CONTEXT_PATH in REST calls of usecase1/workfl…
0900f6f 
…ow specs

The ui-smoke-tests matrix runs every spec under both the default and a
custom OPENIDM_CONTEXT_PATH (=/myidm). Several REST URLs in the e2e
specs were built with a hard-coded "/openidm/" prefix instead of the
${CONTEXT_PATH} variable, so all four /myidm cells of run 26876218931
failed at the Playwright step:

  ui-smoke-tests (17, /myidm, samples/workflow)            FAIL
  ui-smoke-tests (17, /myidm, samples/usecase/usecase1)    FAIL
  ui-smoke-tests (26, /myidm, samples/workflow)            FAIL
  ui-smoke-tests (26, /myidm, samples/usecase/usecase1)    FAIL

The default-context cells of the same samples passed, and the /myidm
cells of "" / samples/getting-started passed (those specs do not call
REST), confirming the regression was confined to hard-coded REST
prefixes in the test code.

Changes
-------
* e2e/helpers.mjs
    runReconcileNow.latestReconId() now builds the audit/recon URL
    from ${BASE_URL}${CONTEXT_PATH}. Also fail fast with a clear error
    message when the endpoint returns 404 instead of silently waiting
    180s for "a new audit summary" - this turns a 4 min timeout into a
    sub-second failure and points directly at OPENIDM_CONTEXT_PATH.

* e2e/usecase1.spec.mjs
    fetchManagedUser() and the beforeAll managed/user + repo/link
    cleanup loop now use ${CONTEXT_PATH} instead of "/openidm". Adds
    CONTEXT_PATH to the helpers.mjs import list.

* .github/workflows/build.yml
    New "Lint e2e specs - no hard-coded /openidm REST prefix" step
    added before the Playwright run. Fails the job if any *.mjs under
    e2e/ contains `${BASE_URL}.../openidm/` so this class of regression
    cannot reach CI again.

Verification
------------
* grep -REn '\$\{BASE_URL\}\s*[`"'\'']?/openidm/' e2e/ --include='*.mjs'
  -> no matches (lint clean).
* node --check on both edited .mjs files passes.
* Default-context behaviour is preserved: CONTEXT_PATH defaults to
  "/openidm" in helpers.mjs, so existing green cells stay green.
@vharseko
FIX ReferenceError: CONTEXT_PATH is not defined
b679e28
@vharseko vharseko requested a review from maximthomas June 3, 2026 12:07
@vharseko vharseko merged commit 44a00c2 into OpenIdentityPlatform:master Jun 4, 2026
30 checks passed
@vharseko vharseko deleted the usecase1 branch June 4, 2026 19:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maximthomas maximthomas maximthomas approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vharseko @maximthomas