🤩
PostmanでGithub Actionsのintegration-testをやってみた
の続き
Newman
Newmanは、PostmanのCLIツールです。 PostmanのGUIでテストを作成し、そのテストをexportし、Newmanで実行するという流れです。
トークンを生成して渡すところで苦労したので、やり方をメモしておきます
環境変数の設定
Postmanでテストを実装する際に、環境変数を利用してテストを作成するために、まず環境変数を設定します
API呼び出し
環境変数に設定した変数は{{BASEURL}}のように囲みます
Test作成
Testsのタグで、右のスペニットを選択し、少し編集して、テストが通るようにします
Sendボタンでテスト実行します
Test ResultsでPASSするようになったら、Exportします
生成されたjsonをtests/integration-test/にそのままコミットします
hello.postman_collection.json
{
"info": {
"_postman_id": "xxxxxxxx",
"name": "hello",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "New Request",
"event": [
{
"listen": "prerequest",
"script": {
"exec": [
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"exec": [
"",
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});",
"",
"pm.test(\"body check\", function () {",
" var jsonData = pm.response.json();",
" pm.expect(jsonData).to.eql({",
" \"message\": \"hello world\"",
" })",
"});",
""
],
"type": "text/javascript"
}
}
],
"request": {
"auth": {
"type": "noauth"
},
"method": "GET",
"header": [
{
"key": "Content-Type",
"value": "application/json; charset=UTF-8",
"type": "text"
},
{
"key": "Authorization",
"value": "{{ID_TOKEN}}",
"type": "text"
}
],
"url": {
"raw": "{{BASEURL}}hello",
"host": [
"{{BASEURL}}hello"
]
}
},
"response": []
}
]
}
pipeline.yaml編集
で未実装だった、integration-testの部分を下記のようにします
pipeline.yaml
integration-test:
if: github.ref == 'refs/heads/master'
needs: [deploy-testing]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install Dependencies
run: npm install -g newman
- name: Assume the testing pipeline user role
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ env.TESTING_REGION }}
role-to-assume: ${{ env.TESTING_PIPELINE_EXECUTION_ROLE }}
role-session-name: integration-test
role-duration-seconds: 3600
role-skip-session-tagging: true
- name: Set env
run: |
BASEURL=$(aws cloudformation describe-stacks --stack-name ${TESTING_STACK_NAME} | jq -r '.Stacks[] | .Outputs[] | select(.OutputKey == "HttpApiUrl") | .OutputValue')
echo "BASEURL=${BASEURL}" >> $GITHUB_ENV
USERPOOL=$(aws cloudformation describe-stacks --stack-name ${TESTING_STACK_NAME} | jq -r '.Stacks[] | .Outputs[] | select(.OutputKey == "UserPoolId") | .OutputValue')
echo "USERPOOL=${USERPOOL}" >> $GITHUB_ENV
USERPOOL_CLIENT=$(aws cloudformation describe-stacks --stack-name ${TESTING_STACK_NAME} | jq -r '.Stacks[] | .Outputs[] | select(.OutputKey == "UserPoolClientId") | .OutputValue')
echo "USERPOOL_CLIENT=${USERPOOL_CLIENT}" >> $GITHUB_ENV
- name: Create testuser
run: |
aws cognito-idp sign-up --client-id ${USERPOOL_CLIENT} --username testuser --password password
# user confirme
aws cognito-idp admin-confirm-sign-up --user-pool-id ${USERPOOL} --username testuser
- name: Create id_token
run: |
ID_TOKEN=$(aws cognito-idp admin-initiate-auth --user-pool-id ${USERPOOL} --client-id ${USERPOOL_CLIENT} --auth-flow ADMIN_NO_SRP_AUTH --auth-parameters USERNAME=testuser,PASSWORD=password | jq -r '.AuthenticationResult | .IdToken')
echo "ID_TOKEN=${ID_TOKEN}" >> $GITHUB_ENV
- name: Hello Api test
run: |
newman run tests/integration-test/hello.postman_collection.json --env-var "BASEURL=${BASEURL}" --env-var "ID_TOKEN=${ID_TOKEN}"
- name: Delete testuser
run: |
aws cognito-idp admin-delete-user --user-pool-id ${USERPOOL} --username testuser
まず、newmanを実行するために、npmでnewmanを入れています。
npm install -g newman
その後、pipelineユーザーにAssume Roleして、
CloudFormationのOutputの情報を取得し、環境変数に保存します
環境変数はそのままではstepをまたげないので、$GITHUB_ENVに書き出すことで、引き継ぎできるようになります
testuserを作成し、IdTokenを生成し、環境変数経由で渡すようにしています。
最後に次回実行のためにtestuserを削除しています
権限追加
そのままだと下記のエラーが出るので、PipelineExecutionRolePermissionsのポリシーに権限追加します
AdminConfirmSignUp権限不足
An error occurred (AccessDeniedException) when calling the AdminConfirmSignUp operation: User: arn:aws:sts::***:assumed-role/aws-sam-cli-managed-develop-PipelineExecutionRole-124710FBH2EXG/integration-test is not authorized to perform: cognito-idp:AdminConfirmSignUp on resource: arn:aws:cognito-idp:ap-northeast-1:***:userpool/ap-northeast-1_nDXupMdct because no identity-based policy allows the cognito-idp:AdminConfirmSignUp action
AdminInitiateAuth権限不足
An error occurred (AccessDeniedException) when calling the AdminInitiateAuth operation: User: arn:aws:sts::***:assumed-role/aws-sam-cli-managed-develop-PipelineExecutionRole-124710FBH2EXG/integration-test is not authorized to perform: cognito-idp:AdminInitiateAuth on resource: arn:aws:cognito-idp:ap-northeast-1:***:userpool/ap-northeast-1_nDXupMdct because no identity-based policy allows the cognito-idp:AdminInitiateAuth action
AdminDeleteUser権限不足
An error occurred (AccessDeniedException) when calling the AdminDeleteUser operation: User: arn:aws:sts::***:assumed-role/aws-sam-cli-managed-develop-PipelineExecutionRole-124710FBH2EXG/integration-test is not authorized to perform: cognito-idp:AdminDeleteUser on resource: arn:aws:cognito-idp:ap-northeast-1:***:userpool/ap-northeast-1_nDXupMdct because no identity-based policy allows the cognito-idp:AdminDeleteUser action
PipelineExecutionRolePermissionsの修正
cognito-idp:AdminConfirmSignUp
cognito-idp:AdminInitiateAuth
cognito-idp:AdminDeleteUser
実行
masterにpushするか、featureブランチをmasterにマージした際にAPIのテストが実行できるようになりました!
Discussion