Merge pull request #15293 from mozilla/FXA-7333

task(many): Investigate adding auth to redis connection
2023-05-17 11:28:49 -07:00 · 2023-05-17 11:28:49 -07:00 · e3300d6d52
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -101,10 +101,12 @@ executors:
      - image: jdlk7/firestore-emulator
      - image: memcached
      - image: redis
+        command: --requirepass fxa123
    environment:
      NODE_ENV: development
      FIRESTORE_EMULATOR_HOST: localhost:9090
      CUSTOMS_SERVER_URL: none
+      REDIS_PASSWORD: fxa123

  # For anything that needs a full stack to run and needs browsers available for
  # ui test automation. This image requires a restored workspace state.
@ -117,6 +119,7 @@ executors:
    docker:
      - image: mozilla/fxa-circleci:ci-functional-test-runner
      - image: redis
+        command: --requirepass fxa123
      - image: memcached
      - image: pafortin/goaws
      - image: cimg/mysql:8.0.28
@ -142,6 +145,7 @@ executors:
      REACT_CONVERSION_POST_VERIFY_OTHER_ROUTES: true
      REACT_CONVERSION_POST_VERIFY_CAD_VIA_QR_ROUTES: true
      CUSTOMS_SERVER_URL: none
+      REDIS_PASSWORD: fxa123

  # Contains a pre-installed fxa stack and browsers for doing ui test
  # automation. Perfect for running smoke tests against remote targets.
@ -311,6 +315,23 @@ commands:
      - run:
          command: ./.circleci/report-coverage.sh << parameters.list >>

+  run-playwright-tests:
+    parameters:
+      project:
+        type: string
+    steps:
+      - run:
+          name: Running Playwright tests
+          # Supports 'Re-run failed tests only'. See this for more info: https://circleci.com/docs/rerun-failed-tests-only/
+          command: |
+            cd packages/functional-tests
+            TEST_FILES=$(circleci tests glob "tests/**/*.spec.ts")
+            echo $TEST_FILES | circleci tests run --command="xargs yarn playwright test --project=<< parameters.project >>" --verbose --split-by=timings
+          environment:
+            NODE_OPTIONS: --dns-result-order=ipv4first
+            JEST_JUNIT_OUTPUT_DIR: ./artifacts/tests
+            JEST_JUNIT_ADD_FILE_ATTRIBUTE: true
+
  store-artifacts:
    steps:
      - run:
@ -624,26 +645,21 @@ jobs:
    steps:
      - git-checkout
      - provision
-      - run:
-          name: Running smoke tests
-          command: yarn workspace functional-tests test-production
+      - run-playwright-tests:
+          project: production
      - store-artifacts
-      # TODO: Is this actually needed?
-      - store_test_results:
-          path: artifacts/tests

  smoke-tests:
    parameters:
-      target:
+      project:
        type: string
-        default: test-production
+        default: production
    executor: smoke-test-executor
    steps:
      - git-checkout
      - provision
-      - run:
-          name: Running smoke tests
-          command: yarn workspace functional-tests << parameters.target >>
+      - run-playwright-tests:
+          project: << parameters.project >>
      - store-artifacts

  # Runs functional tests using playwright. These tests support splitting
@ -671,9 +687,8 @@ jobs:
      - run:
          name: Start services for playwright tests
          command: ./packages/functional-tests/scripts/start-services.sh
-      - run:
-          name: Running playwright tests
-          command: ./packages/functional-tests/scripts/test-ci.sh
+      - run-playwright-tests:
+          project: local
      - store-artifacts

  build-and-deploy-storybooks:
@ -839,7 +854,7 @@ workflows:
    # Note that we removed content server tests as it runs on Stage only
      - smoke-tests:
          name: Smoke Test Production - Playwright
-          target: test-production
+          project: production
          filters:
            branches:
              only: /.*/
@ -873,7 +888,7 @@ workflows:
              only: /.*/
      - smoke-tests:
          name: Smoke Test Stage - Playwright
-          target: test-stage
+          project: stage
          filters:
            branches:
              only: /.*/
--- a/_scripts/redis.sh
+++ b/_scripts/redis.sh
@ -1,3 +1,3 @@
 #!/bin/bash -ex

-docker run --rm --name redis-server --net fxa -p 6379:6379 redis
+docker run --rm --name redis-server --net fxa -p 6379:6379 redis --requirepass fxa123
--- a/packages/123done/server.js
+++ b/packages/123done/server.js
@ -11,7 +11,9 @@ const version = require('./version');
 const logger = morgan('short');

 // create a connection to the redis datastore
-let db = new Redis();
+let db = new Redis({
+  password: process.env.REDIS_PASSWORD || 'fxa123',
+});

 db.on('error', function () {
  // eslint-disable-line handle-callback-err
--- a/packages/functional-tests/scripts/start-services.sh
+++ b/packages/functional-tests/scripts/start-services.sh
@ -1,8 +1,7 @@
 #!/bin/bash -ex

-# This routine was formerly part of in test-ci.sh. It has been
-# split up so it can be run in separate steps in the CI,
-# resulting in more meaningful timing metrics.
+# This startup routine is seperate from the test command. This way it can be run in a
+# separate step in the CI, which results in more meaningful timing metrics.

 DIR=$(dirname "$0")

--- a/packages/functional-tests/scripts/test-ci.sh
+++ b/packages/functional-tests/scripts/test-ci.sh
@ -1,8 +0,0 @@
-#!/bin/bash -ex
-
-DIR=$(dirname "$0")
-
-cd "$DIR/../../../"
-
-circleci tests glob "packages/functional-tests/tests/**/*.spec.ts" | circleci tests split > tests-to-run.txt
-yarn workspace functional-tests test $(cat tests-to-run.txt|awk -F"/" '{ print $NF }')
--- a/packages/fxa-admin-server/src/database/database.service.ts
+++ b/packages/fxa-admin-server/src/database/database.service.ts
@ -103,8 +103,16 @@ export class DatabaseService implements OnModuleDestroy {
    this.connectedServicesDb = new ConnectedServicesDb(
      mySqlOAuthShared,
      new ConnectedServicesCache(
-        new RedisShared(redisConfig.accessTokens, logger, metrics),
-        new RedisShared(redisConfig.refreshTokens, logger, metrics),
+        new RedisShared(
+          { password: redisConfig.password, ...redisConfig.accessTokens },
+          logger,
+          metrics
+        ),
+        new RedisShared(
+          { password: redisConfig.password, ...redisConfig.refreshTokens },
+          logger,
+          metrics
+        ),
        new RedisShared(
          { ...redisConfig, ...redisConfig.sessionTokens },
          logger,
--- a/packages/fxa-auth-server/lib/oauth/db/redis.js
+++ b/packages/fxa-auth-server/lib/oauth/db/redis.js
@ -32,6 +32,7 @@ class OAuthRedis extends ConnectedServicesCache {
  constructor() {
    super(
      redis({
+        password: config.get('redis.password'),
        ...config.get('redis.accessTokens'),

        // TOOD: Once validated, rely values present in redis.accessTokens instead.
@ -39,6 +40,7 @@ class OAuthRedis extends ConnectedServicesCache {
        maxttl: config.get('oauthServer.expiration.accessToken'),
      }),
      redis({
+        password: config.get('redis.password'),
        ...config.get('redis.refreshTokens'),
      }),
      undefined,
--- a/packages/fxa-auth-server/test/local/payments/stripe.js
+++ b/packages/fxa-auth-server/test/local/payments/stripe.js
@ -145,6 +145,7 @@ const mockConfig = {
 const mockRedisConfig = {
  host: process.env.REDIS_HOST || 'localhost',
  port: process.env.REDIS_PORT || 6379,
+  password: process.env.REDIS_PASSWORD || 'fxa123',
  maxPending: 1000,
  retryCount: 5,
  initialBackoff: '100 milliseconds',
--- a/packages/fxa-auth-server/test/local/redis.js
+++ b/packages/fxa-auth-server/test/local/redis.js
@ -17,6 +17,7 @@ const redis = require('../../lib/redis')(
  {
    ...config.redis.accessTokens,
    ...config.redis.sessionTokens,
+    password: config.redis.password,
    prefix,
    recordLimit,
    maxttl,
--- a/packages/fxa-auth-server/test/remote/db_tests.js
+++ b/packages/fxa-auth-server/test/remote/db_tests.js
@ -77,6 +77,7 @@ describe('#integration - remote db', function () {
    redis = require('ioredis').createClient({
      host: config.redis.host,
      port: config.redis.port,
+      password: config.redis.password,
      prefix: config.redis.sessionTokens.prefix,
      enable_offline_queue: false,
    });
--- a/packages/fxa-content-server/server/lib/configuration.js
+++ b/packages/fxa-content-server/server/lib/configuration.js
@ -171,6 +171,13 @@ const conf = (module.exports = convict({
        env: 'FEATURE_FLAGS_REDIS_HOST',
        format: String,
      },
+      password: {
+        default: 'fxa123',
+        doc: 'Redis password',
+        env: 'REDIS_PASSWORD',
+        sensitive: true,
+        format: String,
+      },
      initialBackoff: {
        default: '100 milliseconds',
        doc: 'Initial backoff for feature-flagging Redis connection retries, increases exponentially with each attempt',
--- a/packages/fxa-profile-server/lib/config.js
+++ b/packages/fxa-profile-server/lib/config.js
@ -287,6 +287,13 @@ const conf = convict({
        format: 'port',
        doc: 'port for redis server',
      },
+      password: {
+        default: 'fxa123',
+        env: 'REDIS_PASSWORD',
+        format: String,
+        sensitive: true,
+        doc: 'Redis password',
+      },
    },
    useRedis: {
      default: true,
--- a/packages/fxa-profile-server/lib/server/web.js
+++ b/packages/fxa-profile-server/lib/server/web.js
@ -55,6 +55,7 @@ exports.create = async function createServer() {
    cacheProvider.options.host = config.serverCache.redis.host;
    cacheProvider.options.port = config.serverCache.redis.port;
    cacheProvider.options.partition = config.serverCache.redis.keyPrefix;
+    cacheProvider.options.password = config.serverCache.redis.password;
  }
  var isProd = config.env === 'production';
  var server = new Hapi.Server({
--- a/packages/fxa-shared/db/config.ts
+++ b/packages/fxa-shared/db/config.ts
@ -76,6 +76,13 @@ export function makeRedisConfig() {
      format: String,
      doc: 'IP address or host name for Redis server',
    },
+    password: {
+      default: 'fxa123',
+      env: 'REDIS_PASSWORD',
+      format: String,
+      sensitive: true,
+      doc: `Password for connecting to redis`,
+    },
    port: {
      default: 6379,
      env: 'REDIS_PORT',
--- a/packages/fxa-shared/scripts/feature-flags.js
+++ b/packages/fxa-shared/scripts/feature-flags.js
@ -10,6 +10,7 @@ const Ajv = require('ajv');
 const ajv = new Ajv();
 const Redis = require('ioredis');
 const redis = new Redis({
+  password: process.env.REDIS_PASSWORD || 'fxa123',
  host: process.env.REDIS_HOST || 'localhost',
  port: process.env.REDIS_PORT || 6379,
  keyPrefix: 'featureFlags:',
--- a/packages/fxa-shared/test/feature-flags/integration.js
+++ b/packages/fxa-shared/test/feature-flags/integration.js
@ -15,6 +15,7 @@ describe('#integration - featureFlags integration:', () => {
      interval: 10000,
      host: process.env.REDIS_HOST || 'localhost',
      port: process.env.REDIS_PORT || 6379,
+      password: process.env.REDIS_PASSWORD || 'fxa123',
    };
    log = { info() {}, warn() {}, error() {} };
    featureFlags = initialise(config, log, {});
--- a/packages/fxa-shared/test/scripts/feature-flags.js
+++ b/packages/fxa-shared/test/scripts/feature-flags.js
@ -37,6 +37,7 @@ describe('#integration - scripts/feature-flags:', function () {

  before(async () => {
    redis = new Redis({
+      password: process.env.REDIS_PASSWORD || 'fxa123',
      host: process.env.REDIS_HOST || 'localhost',
      port: process.env.REDIS_PORT || 6379,
      keyPrefix: 'featureFlags:',