ACM-34734 Add token session injection to playwright template

[fxiang1]

📝 Summary

Ticket Summary (Title):
story-implementation-workflow

Ticket Link:
https://redhat.atlassian.net/browse/ACM-34734

Type of Change:

• 🐞 Bug Fix
• ✨ Feature
• 🔧 Refactor
• 💸 Tech Debt
• 🧪 Test-related
• 📄 Docs

---

✅ Checklist

General

• PR title follows the convention (e.g. ACM-12340 Fix bug with...)
• Code builds and runs locally without errors
• No console logs, commented-out code, or unnecessary files
• All commits are meaningful and well-labeled
• All new display strings are externalized for localization (English only)
• (Nice to have) JSDoc comments added for new functions and interfaces

If Feature

• UI/UX reviewed (if applicable)
• All acceptance criteria met
• Unit test coverage added or updated
• Relevant documentation or comments included

If Bugfix

• Root cause and fix summary are documented in the ticket (for future reference / errata)
• Fix tested thoroughly and resolves the issue
• Test(s) added to prevent regression

---

🗒️ Notes for Reviewers

Summary by CodeRabbit

• Documentation

  • Added a Playwright Sanity Check guide to the README, including setup and how to run the checks (and clarifying it doesn’t require a running app/cluster).

• Tests

  • Added a Playwright sanity test suite and configuration to verify the Playwright toolchain independently.
  • Improved the e2e template authentication flow by using OAuth-based session setup with cached browser state, with UI login as a fallback.

• Chores

  • Updated .gitignore for Playwright e2e-template artifacts.
  • Added a playwright:sanity npm script to run the sanity checks.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fxiang1

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [fxiang1]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: e2f027a4-e68b-47dd-a356-723d1063936e

📥 Commits

Reviewing files that changed from the base of the PR and between 4be1b86 and 0b7c4fc.

📒 Files selected for processing (1)

• package.json

✅ Files skipped from review due to trivial changes (1)

• package.json

---

📝 Walkthrough

Walkthrough

Adds a standalone Playwright sanity-check suite (playwright-sanity.config.ts, playwright-sanity.spec.ts, npm run playwright:sanity) to validate the Playwright toolchain without a running app. Separately, refactors playwright-template.ts to implement a three-strategy OCP login sequence: OAuth token injection, cached storage-state reuse, then UI-based fallback.

Changes

Playwright Sanity Check Suite

Layer / File(s)	Summary
Sanity suite config and tests e2e-template/playwright-sanity.config.ts, e2e-template/playwright-sanity.spec.ts	Playwright sanity configuration targets playwright-sanity.spec.ts with Chromium-only headless settings and list reporter. Spec defines four isolated browser tests: page rendering with text assertion, JavaScript evaluation via page.evaluate, network request interception with JSON response, and selector-based assertions and interactions.
Sanity script, docs, and ignores package.json, README.md, .gitignore	Package.json adds playwright:sanity script invoking the sanity config. README documents the upgrade workflow and clarifies that the sanity check validates the Playwright toolchain independently and is excluded from npm test. .gitignore replaces the e2e-template/*.spec.ts glob with specific e2e-template/.auth-state.json and .playwright-mcp ignores.

OCP Auth Strategy Refactor

Layer / File(s)	Summary
Auth helpers and strategies e2e-template/playwright-template.ts	Introduces environment variable validation for OCP credentials, HTTP GET utilities with optional TLS bypass, OAuth token retrieval via OCP API with redirect-hash access_token parsing, cookie injection with navigation handling, age-based .auth-state.json cache invalidation logic, and a Promise.race-based UI fallback that detects either an already-authenticated sidebar or an identity-provider entry point. Header comment updated to document the ordered strategy sequence and API configuration requirements.
loginToOCP orchestration and persistence e2e-template/playwright-template.ts	Refactors loginToOCP entrypoint to orchestrate the three auth strategies in sequence (token injection, cached auth, UI fallback). Positions the OAuth approve button handler inside the UI fallback flow and persists authenticated storage state to .auth-state.json after successful UI login.

Sequence Diagram

sequenceDiagram
  participant Test as E2E Test
  participant loginToOCP
  participant OCPAPI as OCP OAuth API
  participant Browser
  participant FSCache as .auth-state.json

  Test->>loginToOCP: call loginToOCP(page)
  loginToOCP->>OCPAPI: GET /oauth/authorize (with credentials)
  OCPAPI-->>loginToOCP: redirect with access_token in hash
  loginToOCP->>Browser: inject openshift-session-token cookie
  Browser-->>loginToOCP: sidebar visible → success
  alt token injection fails
    loginToOCP->>FSCache: read .auth-state.json (age check)
    FSCache-->>loginToOCP: restore cookies/localStorage if fresh
    alt cache stale or missing
      loginToOCP->>Browser: navigate to console URL
      Browser-->>loginToOCP: Promise.race(sidebar | IDP entry)
      loginToOCP->>Browser: select provider, fill credentials, approve
      Browser-->>loginToOCP: sidebar visible
      loginToOCP->>FSCache: write storage state
    end
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• stolostron/console#6320: Directly modifies e2e-template/playwright-template.ts's loginToOCP flow with overlapping OAuth/login handling, sidebar/IDP detection, and conditional permission approval logic.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is a blank template with unchecked checkboxes and no actual information about the changes, implementation details, or type of change selected.	Complete the description by selecting a change type, filling in the ticket summary with actual details, and checking relevant checklist items. Provide rationale for the token injection approach and note any testing performed.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title accurately describes the main change: adding token session injection to the Playwright template, as evidenced by the playwright-template.ts changes implementing OAuth session token injection.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@e2e-template/playwright-template.ts`:
- Around line 51-65: The httpGet function has two reliability issues that need
fixing. First, add a socket timeout to the HTTP request options (via the opts
object or directly on the request) to prevent stalled connections from hanging
indefinitely until the Playwright hook timeout fires. Second, when handling 301
or 302 redirect responses, call res.resume() to drain the response stream before
resolving, which ensures the socket is properly released back to the agent pool
instead of leaking it. Both fixes should be applied to the httpGet function to
improve its robustness.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 6e6d691b-8161-401d-bf9e-91f7cadcb1a6

📥 Commits

Reviewing files that changed from the base of the PR and between e1e894e and 4be1b86.

📒 Files selected for processing (6)

• .gitignore
• README.md
• e2e-template/playwright-sanity.config.ts
• e2e-template/playwright-sanity.spec.ts
• e2e-template/playwright-template.ts
• package.json

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud