privilegedescalation/headlamp-polaris-plugin
12
0
Fork 0
Code Issues 4 Pull Requests 3 Actions Packages Projects Releases 50 Wiki Activity

fix: use token auth in E2E workflow, handle direct /token redirect

Browse Source 
The E2E Headlamp instance is deployed without OIDC configuration, so
Headlamp redirects / → /token directly instead of / → /login. The
authenticateWithToken function was hardcoded to expect /login first,
causing a 60s timeout on every run.

- e2e.yaml: remove unused Setup Helm step (deploy script uses kubectl)
- e2e.yaml: remove AUTHENTIK_USERNAME/PASSWORD (no OIDC in E2E instance)
- auth.setup.ts: waitForURL accepts both /login and /token; only clicks
  "use a token" if landed on /login (OIDC-configured Headlamp)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Hugh Hackman
2026-03-21 20:55:44 +00:00
parent 7f115e0d6e
commit 00c270b0d4
2 changed files with 8 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/e2e.yaml
-5
View File
@@ -32,9 +32,6 @@ jobs:
- name: Setup kubectl
uses: azure/setup-kubectl@v4
- name: Setup Helm
uses: azure/setup-helm@v4
- name: Install dependencies
run: npm ci
@@ -61,8 +58,6 @@ jobs:
env:
HEADLAMP_URL: ${{ env.HEADLAMP_URL }}
HEADLAMP_TOKEN: ${{ env.HEADLAMP_TOKEN }}
AUTHENTIK_USERNAME: ${{ secrets.AUTHENTIK_USERNAME }}
AUTHENTIK_PASSWORD: ${{ secrets.AUTHENTIK_PASSWORD }}
- name: Teardown E2E instance
if: always()
e2e/auth.setup.ts
+8 -5
View File
@@ -39,13 +39,16 @@ async function authenticateWithOIDC(page: Page, username: string, password: stri
}
async function authenticateWithToken(page: Page, token: string): Promise<void> {
// Navigate to login — Headlamp redirects / to /c/main/login
await page.goto('/');
await page.waitForURL('**/login');
// Headlamp goes to /token directly when no OIDC is configured,
// or through /login when OIDC is configured
await page.waitForURL(/\/(login|token)$/);
// Click the token auth option
await page.getByRole('button', { name: /use a token/i }).click();
await page.waitForURL('**/token');
if (page.url().includes('/login')) {
// OIDC login page — click "use a token" to reach token auth
await page.getByRole('button', { name: /use a token/i }).click();
await page.waitForURL('**/token');
}
// Fill the "ID token" field and submit
await page.getByRole('textbox', { name: /id token/i }).fill(token);