From 124d16acbb27efdb76f8302c14d4fc257e548f92 Mon Sep 17 00:00:00 2001
From: Luciano Lo Giudice <luciano.logiudice@canonical.com>
Date: Mon, 4 Apr 2022 15:49:34 -0300
Subject: [PATCH 1/4] Add test for ceph-dashboard SAML functionality

---
 .../charm_tests/ceph/dashboard/tests.py       | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/zaza/openstack/charm_tests/ceph/dashboard/tests.py b/zaza/openstack/charm_tests/ceph/dashboard/tests.py
index 5b88c42..06fc4a5 100644
--- a/zaza/openstack/charm_tests/ceph/dashboard/tests.py
+++ b/zaza/openstack/charm_tests/ceph/dashboard/tests.py
@@ -18,6 +18,7 @@ import collections
 import json
 import logging
 import requests
+import tempfile
 import tenacity
 import uuid
 
@@ -26,6 +27,17 @@ import zaza.openstack.charm_tests.test_utils as test_utils
 import zaza.openstack.utilities.openstack as openstack_utils
 
 
+SAML_IDP_METADATA = '''
+<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:X509Data>
+        <ds:X509Certificate>
+            {}
+        </ds:X509Certificate>
+    </ds:X509Data>
+</ds:KeyInfo>
+'''
+
+
 class CephDashboardTest(test_utils.BaseCharmTest):
     """Class for `ceph-dashboard` tests."""
 
@@ -211,3 +223,23 @@ class CephDashboardTest(test_utils.BaseCharmTest):
                 'ceph-dashboard',
                 'ceph config-key exists {}'.format(key))
             self.assertEqual(check_out['Code'], '0')
+
+    def test_saml(self):
+        """Check that the dashboard is accessible with SAML enabled."""
+        if (openstack_utils.get_os_release() <
+                openstack_utils.get_os_release('focal_yoga')):
+            return
+
+        url = self.get_master_dashboard_url()
+        with tempfile.NamedTemporaryFile(mode='w') as tmp, \
+                open(self.local_ca_cert) as cert:
+            tmp.write(SAML_IDP_METADATA.format(cert.read()))
+            tmp.flush()
+            zaza.model.set_application_config(
+                'ceph-dashboard',
+                {
+                    'saml-base-url': url,
+                    'saml-idp-metadata': 'file://{}'.format(tmp.name),
+                }
+            )
+            self.access_dashboard(url)

From d1ad9f7a2a7a95f5638aeef226d6332dad56e944 Mon Sep 17 00:00:00 2001
From: Luciano Lo Giudice <luciano.logiudice@canonical.com>
Date: Mon, 4 Apr 2022 18:21:31 -0300
Subject: [PATCH 2/4] Use an existing application for version fetching

---
 zaza/openstack/charm_tests/ceph/dashboard/tests.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/zaza/openstack/charm_tests/ceph/dashboard/tests.py b/zaza/openstack/charm_tests/ceph/dashboard/tests.py
index 06fc4a5..9710265 100644
--- a/zaza/openstack/charm_tests/ceph/dashboard/tests.py
+++ b/zaza/openstack/charm_tests/ceph/dashboard/tests.py
@@ -226,8 +226,9 @@ class CephDashboardTest(test_utils.BaseCharmTest):
 
     def test_saml(self):
         """Check that the dashboard is accessible with SAML enabled."""
-        if (openstack_utils.get_os_release() <
-                openstack_utils.get_os_release('focal_yoga')):
+        get_os_release = openstack_utils.get_os_release
+        if (get_os_release(application='vault') <
+                get_os_release('focal_yoga', application='vault')):
             return
 
         url = self.get_master_dashboard_url()

From 99b3cd6dec5b15771c5ce511947edaf9de778d86 Mon Sep 17 00:00:00 2001
From: Luciano Lo Giudice <luciano.logiudice@canonical.com>
Date: Mon, 4 Apr 2022 19:59:43 -0300
Subject: [PATCH 3/4] Use ceph-mon as application

---
 zaza/openstack/charm_tests/ceph/dashboard/tests.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/zaza/openstack/charm_tests/ceph/dashboard/tests.py b/zaza/openstack/charm_tests/ceph/dashboard/tests.py
index 9710265..d640ad7 100644
--- a/zaza/openstack/charm_tests/ceph/dashboard/tests.py
+++ b/zaza/openstack/charm_tests/ceph/dashboard/tests.py
@@ -227,8 +227,8 @@ class CephDashboardTest(test_utils.BaseCharmTest):
     def test_saml(self):
         """Check that the dashboard is accessible with SAML enabled."""
         get_os_release = openstack_utils.get_os_release
-        if (get_os_release(application='vault') <
-                get_os_release('focal_yoga', application='vault')):
+        if (get_os_release(application='ceph-mon') <
+                get_os_release('focal_yoga')):
             return
 
         url = self.get_master_dashboard_url()

From b7d7588f46b5f2cf88ea119f8cd3e0d305a0c738 Mon Sep 17 00:00:00 2001
From: Luciano Lo Giudice <luciano.logiudice@canonical.com>
Date: Tue, 5 Apr 2022 14:50:15 -0300
Subject: [PATCH 4/4] Test SAML redirect and presence of metadata

---
 zaza/openstack/charm_tests/ceph/dashboard/tests.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/zaza/openstack/charm_tests/ceph/dashboard/tests.py b/zaza/openstack/charm_tests/ceph/dashboard/tests.py
index d640ad7..4e0e5c2 100644
--- a/zaza/openstack/charm_tests/ceph/dashboard/tests.py
+++ b/zaza/openstack/charm_tests/ceph/dashboard/tests.py
@@ -243,4 +243,11 @@ class CephDashboardTest(test_utils.BaseCharmTest):
                     'saml-idp-metadata': 'file://{}'.format(tmp.name),
                 }
             )
-            self.access_dashboard(url)
+
+            # Login must be redirected.
+            resp = requests.get(url + '/auth/saml2/login')
+            self.assertTrue(resp.is_redirect)
+
+            # Check that metadata is present.
+            resp = requests.get(url + '/auth/saml2/metadata')
+            self.assertEqual(resp.status_code, requests.code.ok)