Add ability to reuse workspace across parallel test processes to speed up e2e

.devcontainer/devcontainer.json

@@ -101,21 +101,6 @@
                 "false"
               ]
             },
-            {
-              "name": "E2E Extended AAD",
-              "type": "python",
-              "request": "launch",
-              "module": "pytest",
-              "justMyCode": true,
-              "cwd": "${workspaceFolder}/e2e_tests/",
-              "preLaunchTask": "Copy_env_file_for_e2e_debug",
-              "args": [
-                "-m",
-                "extended_aad",
-                "--verify",
-                "false"
-              ]
-            },
             {
               "name": "E2E Shared Services",
               "type": "python",
@@ -223,12 +208,12 @@
           "tasks": [
             {
               "label": "Copy_env_file_for_api_debug",
-              "command": "./.devcontainer/scripts/consolidate_env.sh ${workspaceFolder} ${workspaceFolder}/api_app/.env",
+              "command": "./devops/scripts/consolidate_env.sh ${workspaceFolder} ${workspaceFolder}/api_app/.env",
               "type": "shell"
             },
             {
               "label": "Copy_env_file_for_e2e_debug",
-              "command": "./.devcontainer/scripts/consolidate_env.sh ${workspaceFolder} ${workspaceFolder}/e2e_tests/.env",
+              "command": "./devops/scripts/consolidate_env.sh ${workspaceFolder} ${workspaceFolder}/e2e_tests/.env",
               "type": "shell"
             },
             {

.github/actions/devcontainer_run_command/action.yml

@@ -292,12 +292,12 @@ runs:
             && inputs.ENABLE_CMK_ENCRYPTION) || 'false' }}" \
           -e TF_VAR_encryption_kv_name="${{ inputs.ENCRYPTION_KV_NAME }}" \
           -e TF_VAR_external_key_store_id="${{ inputs.EXTERNAL_KEY_STORE_ID }}" \
+          -e E2E_TESTS_NUMBER_PROCESSES="${{ inputs.E2E_TESTS_NUMBER_PROCESSES || 1 }}" \
           -e TF_VAR_user_management_enabled="${{ (inputs.USER_MANAGEMENT_ENABLED != '' && inputs.USER_MANAGEMENT_ENABLED) || 'false' }}" \
           -e USER_MANAGEMENT_ENABLED="${{ inputs.USER_MANAGEMENT_ENABLED }}" \
           -e PRIVATE_AGENT_SUBNET_ID=${{ inputs.PRIVATE_AGENT_SUBNET_ID }} \
           -e TF_VAR_private_agent_subnet_id=${{ inputs.PRIVATE_AGENT_SUBNET_ID }} \
           -e TF_VAR_auto_grant_workspace_consent="${{ (inputs.AUTO_GRANT_WORKSPACE_CONSENT != '' && inputs.AUTO_GRANT_WORKSPACE_CONSENT) || 'false' }}" \
-          -e E2E_TESTS_NUMBER_PROCESSES="${{ inputs.E2E_TESTS_NUMBER_PROCESSES }}" \
           '${{ inputs.CI_CACHE_ACR_NAME }}${{ env.ACR_DOMAIN_SUFFIX }}/tredev:${{ inputs.DEVCONTAINER_TAG }}' \
         bash -c -x "./command.sh"
 

.github/workflows/deploy_tre.yml

@@ -33,10 +33,10 @@ jobs:
     with:
       ciGitRef: ${{ github.ref }}
       e2eTestsCustomSelector: >-
-        ${{ (github.event_name == 'push' && 'extended or extended_aad')
-        || 'extended or extended_aad or shared_services or airlock' }}
+        ${{ (github.event_name == 'push' && 'extended')
+        || 'extended or shared_services or airlock' }}
       environmentName: ${{ github.event.inputs.environment || 'CICD' }}
-      E2E_TESTS_NUMBER_PROCESSES: 1
+      E2E_TESTS_NUMBER_PROCESSES: ${{ fromJSON(vars.e2e_tests_number_processes) }}
       DEVCONTAINER_TAG: "latest"
     secrets:
       AAD_TENANT_ID: ${{ secrets.AAD_TENANT_ID }}

.github/workflows/deploy_tre_reusable.yml

@@ -864,6 +864,8 @@ jobs:
           TEST_WORKSPACE_APP_SECRET: "${{ secrets.TEST_WORKSPACE_APP_SECRET }}"
           TEST_ACCOUNT_CLIENT_ID: "${{ secrets.TEST_ACCOUNT_CLIENT_ID }}"
           TEST_ACCOUNT_CLIENT_SECRET: "${{ secrets.TEST_ACCOUNT_CLIENT_SECRET }}"
+          APPLICATION_ADMIN_CLIENT_ID: "${{ secrets.APPLICATION_ADMIN_CLIENT_ID }}"
+          APPLICATION_ADMIN_CLIENT_SECRET: "${{ secrets.APPLICATION_ADMIN_CLIENT_SECRET }}"
           TRE_ID: ${{ secrets.TRE_ID }}
           IS_API_SECURED: false
           WORKSPACE_APP_SERVICE_PLAN_SKU: ${{ vars.WORKSPACE_APP_SERVICE_PLAN_SKU }}

.github/workflows/pr_comment_bot.yml

@@ -160,11 +160,10 @@ jobs:
       ciGitRef: ${{ needs.pr_comment.outputs.ciGitRef }}
       e2eTestsCustomSelector: >-
         ${{ (needs.pr_comment.outputs.command == 'run-tests-extended' && 'extended') ||
-        (needs.pr_comment.outputs.command == 'run-tests-extended-aad' && 'extended_aad') ||
         (needs.pr_comment.outputs.command == 'run-tests-shared-services' && 'shared_services') ||
         (needs.pr_comment.outputs.command == 'run-tests' && '') }}
       environmentName: CICD
-      E2E_TESTS_NUMBER_PROCESSES: 1
+      E2E_TESTS_NUMBER_PROCESSES: ${{ fromJSON(vars.e2e_tests_number_processes) }}
       DEVCONTAINER_TAG: ${{ needs.pr_comment.outputs.prRefId }}
     secrets:
       AAD_TENANT_ID: ${{ secrets.AAD_TENANT_ID }}

Makefile

@@ -448,10 +448,13 @@ build-and-deploy-ui:
 # Example: make prepare-for-e2e
 prepare-for-e2e:
 	$(MAKE) workspace_bundle BUNDLE=base
+	$(MAKE) workspace_bundle BUNDLE=unrestricted
+	$(MAKE) workspace_bundle BUNDLE=airlock-import-review
 	$(MAKE) workspace_service_bundle BUNDLE=guacamole
 	$(MAKE) shared_service_bundle BUNDLE=gitea
 	$(MAKE) user_resource_bundle WORKSPACE_SERVICE=guacamole BUNDLE=guacamole-azure-windowsvm
 	$(MAKE) user_resource_bundle WORKSPACE_SERVICE=guacamole BUNDLE=guacamole-azure-linuxvm
+	$(MAKE) user_resource_bundle WORKSPACE_SERVICE=guacamole BUNDLE=guacamole-azure-import-reviewvm
 
 # Description: Run E2E smoke tests
 # The E2E smoke tests include:
@@ -475,13 +478,14 @@ test-e2e-extended: ## 🧪 Run E2E extended tests
 	$(call target_title, "Running E2E extended tests") && \
 	$(MAKE) test-e2e-custom SELECTOR=extended
 
-# Description: Run E2E extended AAD tests
-# # The E2E extended AAD tests include:
-# # - test_create_guacamole_service_into_aad_workspace: This test will create a Guacamole service but will create a workspace and automatically register the AAD Application
-# Example: make test-e2e-extended-aad
-test-e2e-extended-aad: ## 🧪 Run E2E extended AAD tests
-	$(call target_title, "Running E2E extended AAD tests") && \
-	$(MAKE) test-e2e-custom SELECTOR=extended_aad
+# Description: Run E2E airlock tests
+# # The E2E airlock tests include:
+# # - test_airlock_flow: test import request creation and approval flow
+# # - test_airlock_review_vm_flow: test import request creation and approval and creation of review VM
+test-e2e-airlock: ## 🧪 Run E2E airlock tests
+	$(call target_title, "Running E2E airlock tests") && \
+	$(MAKE) test-e2e-custom SELECTOR=airlock
+
 
 # Description: Run E2E shared service tests
 # # The E2E shared service tests include:
@@ -493,12 +497,18 @@ test-e2e-shared-services: ## 🧪 Run E2E shared service tests
 	$(call target_title, "Running E2E shared service tests") && \
 	$(MAKE) test-e2e-custom SELECTOR=shared_services
 
+test-e2e-workspace-services: ## 🧪 Run E2E workspace services tests
+	$(call target_title, "Running E2E workspace services tests") && \
+	$(MAKE) test-e2e-custom SELECTOR=workspace_services
+
+
 # Description: Run E2E tests with custom selector
 # Arguments: SELECTOR - the selector to run the tests with
 # Example: make test-e2e-custom SELECTOR=smoke
 test-e2e-custom: ## 🧪 Run E2E tests with custom selector (SELECTOR=)
 	$(call target_title, "Running E2E tests with custom selector ${SELECTOR}") \
 	&& . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh env,auth \
+	&& . ${MAKEFILE_DIR}/devops/scripts/consolidate_env.sh ${MAKEFILE_DIR} ${MAKEFILE_DIR}/e2e_tests/.env \
 	&& . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/e2e_tests/.env \
 	&& cd ${MAKEFILE_DIR}/e2e_tests \
 	&& \

config.sample.yaml

@@ -123,3 +123,12 @@ developer_settings:
 # If you want to use TRE_URL to point to your local TRE API instance or be configured to another cloud provider
 # uncomment and set this variable
 #  tre_url: __CHANGE_ME__
+
+e2e_tests:
+#   # The number of processes to start in the resource processor VMSS image
+#   e2e_tests_number_processes_per_instance: 5
+#   # Preexisting resource IDs to use for e2e tests
+#   test_workspace_id: __CHANGE_ME__
+#   test_airlock_import_review_workspace_id: __CHANGE_ME__
+#   test_airlock_import_review_workspace_service_id: __CHANGE_ME__
+#   test_guacamole_workspace_service_id: __CHANGE_ME__

core/version.txt

@@ -1 +1 @@
-__version__ = "0.16.0"
+__version__ = "0.16.1"

devops/scripts/consolidate_env.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+set -o errexit
+set -o pipefail
+set -o nounset
+# Uncomment this line to see each command for debugging (careful: this will show secrets!)
+# set -o xtrace
+
+# usage: consolidate_env.sh [workdir] [file]
+
+WORKDIR=${1:-"automatic"}
+FILE=${2:-"automatic"}
+
+if [ -z "${USE_ENV_VARS_NOT_FILES:-}" ]; then
+  # YQ query to get leaf keys
+  GET_LEAF_KEYS=".. | select(. == \"*\") | {(path | .[-1]): .} "
+  # YQ query to uppercase keys
+  UPCASE_KEYS="with_entries(.key |= upcase)"
+  # YQ query to map yaml entries to the following format: key=value
+  # needed for later env export
+  FORMAT_TO_ENV_FILE="to_entries| map(.key + \"=\" +  .value)|.[]"
+
+  # Export as UPPERCASE keys to file
+  yq e "$GET_LEAF_KEYS|$UPCASE_KEYS| $FORMAT_TO_ENV_FILE" config.yaml > "$FILE"
+
+  if [ -f "$WORKDIR/core/private.env" ]; then
+    cat "$WORKDIR/core/private.env" >> "$FILE"
+  fi
+fi

devops/scripts/get_access_token.sh

@@ -7,24 +7,14 @@ set -o pipefail
 
 activeDirectoryUri="$(az cloud show --query endpoints.activeDirectory --output tsv)"
 
-if [ -n "${TEST_ACCOUNT_CLIENT_ID:-}" ] && [ -n "${TEST_ACCOUNT_CLIENT_SECRET:-}" ] && [ -n "${AAD_TENANT_ID:-}" ] && [ -n "${API_CLIENT_ID:-}" ]
-then
-  # Use client credentials flow with TEST_ACCOUNT_CLIENT_ID/SECRET
-  echo "Using TEST_ACCOUNT_CLIENT_ID to get token via client credential flow"
-  token_response=$(curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \
-    "${activeDirectoryUri}/${AAD_TENANT_ID}"/oauth2/v2.0/token \
-    -d "client_id=${TEST_ACCOUNT_CLIENT_ID}"   \
-    -d 'grant_type=client_credentials'   \
-    -d "scope=api://${API_CLIENT_ID}/.default"   \
-    -d "client_secret=${TEST_ACCOUNT_CLIENT_SECRET}")
-elif [ -n "${API_CLIENT_ID:-}" ] && [ -n "${TEST_APP_ID:-}" ] && [ -n "${TEST_USER_NAME:-}" ] && [ -n "${TEST_USER_PASSWORD:-}" ] && [ -n "${AAD_TENANT_ID:-}" ]
-then
-  # Use resource owner password credentials flow with USERNAME/PASSWORD
-  echo "Using TEST_USER_NAME to get token via resource owner password credential flow"
-  token_response=$(curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d \
-    "grant_type=password&resource=""${API_CLIENT_ID}""&client_id=""${TEST_APP_ID}""&username=""${TEST_USER_NAME}""&password=""${TEST_USER_PASSWORD}""&scope=default)" \
-    "${activeDirectoryUri}/${AAD_TENANT_ID}"/oauth2/token)
-fi
+# Use client credentials flow with TEST_ACCOUNT_CLIENT_ID/SECRET
+echo "Using TEST_ACCOUNT_CLIENT_ID to get token via client credential flow"
+token_response=$(curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \
+  "${activeDirectoryUri}/${AAD_TENANT_ID}"/oauth2/v2.0/token \
+  -d "client_id=${TEST_ACCOUNT_CLIENT_ID}"   \
+  -d 'grant_type=client_credentials'   \
+  -d "scope=api://${API_CLIENT_ID}/.default"   \
+  -d "client_secret=${TEST_ACCOUNT_CLIENT_SECRET}")
 
 if [ -n "${token_response:-}" ]
 then

devops/scripts/setup_local_debugging.sh

@@ -162,6 +162,10 @@ sed -i '/ARM_CLIENT_SECRET/d' "${private_env_path}"
 sed -i '/AAD_TENANT_ID/d' "${private_env_path}"
 sed -i '/APPLICATION_ADMIN_CLIENT_ID/d' "${private_env_path}"
 sed -i '/APPLICATION_ADMIN_CLIENT_SECRET/d' "${private_env_path}"
+if [[ -z ${WORKSPACE_API_CLIENT_ID:-} ]]; then
+ sed -i '/WORKSPACE_API_CLIENT_ID/d' "${private_env_path}"
+ sed -i '/WORKSPACE_API_CLIENT_SECRET/d' "${private_env_path}"
+fi
 sed -i '/TEST_WORKSPACE_APP_ID/d' "${private_env_path}"
 sed -i '/TEST_WORKSPACE_APP_SECRET/d' "${private_env_path}"
 

docs/tre-admins/setup-instructions/workflows.md

@@ -79,18 +79,6 @@ Configure the TRE API and Swagger UI repository secrets
 | `API_CLIENT_ID` | The application (client) ID of the TRE API app. |
 | `API_CLIENT_SECRET` | The application password (client secret) of the TRE API app. |
 
-### Create an app registration and a user for the E2E tests
-
-Follow the instructions to [create an app registration and a test user for the E2E tests in the Authentication and Authorization](../auth.md#tre-e2e-test) document.
-
-Configure the E2E Test repository secrets
-
-| <div style="width: 230px">Secret name</div> | Description |
-| ----------- | ----------- |
-| `TEST_APP_ID` | The application (client) ID of the E2E Test app |
-| `TEST_USER_NAME` | The username of the E2E Test User |
-| `TEST_USER_PASSWORD` | The password of the E2E Test User |
-
 ### Create a workspace app registration for setting up workspaces (for the E2E tests)
 
 Follow the [instructions to create a workspace app registration](../auth.md#workspaces) (used for the E2E tests) - and make the E2E test user a **WorkspaceOwner** for the app registration.
@@ -143,6 +131,7 @@ Configure variables used in the deployment workflow:
 | `AZURE_ENVIRONMENT` | Optional. The name of the Azure environment. Supported values are `AzureCloud` and `AzureUSGovernment`. Default value is `AzureCloud`. |
 | `CORE_APP_SERVICE_PLAN_SKU` | Optional. The SKU used for AppService plan for core infrastructure. Default value is `P1v2`. |
 | `WORKSPACE_APP_SERVICE_PLAN_SKU` | Optional. The SKU used for AppService plan used in E2E tests. Default value is `P1v2`. |
+| `E2E_TESTS_NUMBER_PROCESSES` | Optional. The number of pytest processes to instantiate when the E2E tests start. Defaults to `1`. |
 | `RESOURCE_PROCESSOR_NUMBER_PROCESSES_PER_INSTANCE` | Optional. The number of processes to instantiate when the Resource Processor starts. Equates to the number of parallel deployment operations possible in your TRE. Defaults to `5`. |
 | `ENABLE_SWAGGER` | Optional. Determines whether the Swagger interface for the API will be available. Default value is `false`. |
 | `FIREWALL_SKU` | Optional. The SKU of the Azure Firewall instance. Default value is `Standard`. Allowed values [`Basic`, `Standard`, `Premium`]. See [Azure Firewall SKU feature comparison](https://learn.microsoft.com/en-us/azure/firewall/choose-firewall-sku). |

docs/tre-developers/end-to-end-tests.md

@@ -21,6 +21,6 @@ make prepare-for-e2e
 
 Use the "Run and Debug" panel within Visual Studio Code, select "E2E Extended", "E2E Smoke" or "E2E Performance" in the drop down box and click play.
 
-- This will copy `config.yaml` settings to `/workspaces/AzureTRE/e2e_tests/.env` for you which supplies your authentciation details
+- Values from `config.yaml` are copied to `/workspaces/AzureTRE/e2e_tests/.env`.
 
-- This will also use `/workspaces/AzureTRE/core/private.env` file for other values.
+- Outputs from the core deployment are read from `/workspaces/AzureTRE/core/private.env`.

e2e_tests/config.py

@@ -10,10 +10,9 @@
 TRE_ID: str = config("TRE_ID", default="")
 TRE_URL: str = config("TRE_URL", default="")
 API_CLIENT_ID: str = config("API_CLIENT_ID", default="")
-TEST_USER_NAME: str = config("TEST_USER_NAME", default="")
-TEST_USER_PASSWORD: str = config("TEST_USER_PASSWORD", default="")
-TEST_APP_ID: str = config("TEST_APP_ID", default="")
 AAD_TENANT_ID: str = config("AAD_TENANT_ID", default="")
+APPLICATION_ADMIN_CLIENT_ID: str = config("APPLICATION_ADMIN_CLIENT_ID", default="")
+APPLICATION_ADMIN_CLIENT_SECRET: str = config("APPLICATION_ADMIN_CLIENT_SECRET", default="")
 TEST_ACCOUNT_CLIENT_ID: str = config("TEST_ACCOUNT_CLIENT_ID", default="")
 TEST_ACCOUNT_CLIENT_SECRET: str = config("TEST_ACCOUNT_CLIENT_SECRET", default="")
 TEST_WORKSPACE_APP_ID: str = config("TEST_WORKSPACE_APP_ID", default="")
@@ -22,7 +21,6 @@
 
 # Set workspace id of an existing workspace to skip creation of a workspace during E2E tests
 TEST_WORKSPACE_ID: str = config("TEST_WORKSPACE_ID", default="")
-TEST_WORKSPACE_SERVICE_ID: str = config("TEST_WORKSPACE_SERVICE_ID", default="")
-TEST_AAD_WORKSPACE_ID: str = config("TEST_AAD_WORKSPACE_ID", default="")
+TEST_GUACAMOLE_WORKSPACE_SERVICE_ID: str = config("TEST_GUACAMOLE_WORKSPACE_SERVICE_ID", default="")
 TEST_AIRLOCK_IMPORT_REVIEW_WORKSPACE_ID: str = config("TEST_AIRLOCK_IMPORT_REVIEW_WORKSPACE_ID", default="")
 TEST_AIRLOCK_IMPORT_REVIEW_WORKSPACE_SERVICE_ID: str = config("TEST_AIRLOCK_IMPORT_REVIEW_WORKSPACE_SERVICE_ID", default="")