LicenseExport feature CDX

Author: a-oren

e2e/tests/ui/features/@license-export_cdx/license-export_cdx.feature

@@ -0,0 +1,116 @@
+Feature: License Explorer
+	As a Platform Eng
+	I want to be able to download the licenses in a CSV file format from a specific SBOM
+
+Background:
+
+Scenario: Verify Download Licences option on SBOM Search Results page for CycloneDX SBOM
+	Given User Searches for CycloneDX SBOM "<sbomName>" using Search Text box
+	When User Selects CycloneDX SBOM "<sbomName>" from the Search Results
+	And User Clicks on SBOM name hyperlink from the Search Results
+	And User Clicks "Action" button
+	Then "Download License Report" Option should be visible
+
+   Examples:
+            | sbomName |
+            | liboqs |
+
+Scenario Outline: User Downloads license information for CycloneDX SBOM from SBOM Search Results page
+	Given User Searches for CycloneDX SBOM "<sbomName>" using Search Text box
+	When User Selects CycloneDX SBOM "<sbomName>" from the Search Results
+	And User Clicks on SBOM name hyperlink from the Search Results
+	And User Clicks "Action" button
+	And Selects "Download License Report" option
+	Then Licenses associated with the SBOM should be downloaded in TAR.GZ format using the SBOM name
+
+   Examples:
+            | sbomName |
+            | liboqs |
+
+Scenario: Verify Download Licences option on SBOM Explorer page for CycloneDX SBOM
+	Given User Searches for CycloneDX SBOM "<sbomName>" using Search Text box and Navigates to Search results page
+	When User Selects CycloneDX SBOM "<sbomName>" from the Search Results
+	And User Clicks on SBOM name hyperlink from the Search Results
+	Then Application Navigates to SBOM Explorer page
+	And User Clicks "Action" button
+	And "Download License Report" Option should be visible
+
+  Examples:
+            | sbomName |
+            | liboqs |
+
+Scenario: User Downloads license information for CycloneDX SBOM from SBOM Explorer page
+	Given User is on SBOM Explorer page for the CycloneDX SBOM "<sbomName>"
+	And User Clicks on "Download License Report" button
+	Then Licenses associated with the SBOM should be downloaded in TAR.GZ format using the SBOM name
+
+  Examples:
+            | sbomName |
+            | liboqs |
+
+Scenario: Verify the files on downloaded CycloneDX SBOM license TAR.GZ
+	Given User has Downloaded the License information for CycloneDX SBOM "<sbomName>"
+	When User extracts the Downloaded license TAR.GZ file
+	Then Extracted files should contain two CSVs, one for Package license information and another one for License reference
+
+  Examples:
+            | sbomName |
+            | liboqs |
+
+Scenario: Verify the headers on CycloneDX SBOM package License CSV file
+	Given User extracted the CycloneDX SBOM "<sbomName>" license compressed file
+	When User Opens the package license information file
+	Then The file should have the following headers - SBOM name, SBOM id, package name, package group, package version, package purl, package cpe and license
+
+  Examples:
+            | sbomName |
+            | liboqs |
+
+Scenario: Verify the headers on CycloneDX SBOM License reference CSV file
+	Given User extracted the CycloneDX SBOM "<sbomName>" license compressed file
+	When User Opens the license reference file
+	Then The file should have the following headers - licenseId, name, extracted text and comment
+
+  Examples:
+            | sbomName |
+            | liboqs |
+
+Scenario: Verify the contents on CycloneDX SBOM license reference CSV file
+	Given User is on license reference "<sbomName>" file
+	Then The License reference CSV should be empty
+
+  Examples:
+            | sbomName |
+            | liboqs |
+
+Scenario: Verify the license information for a package on the CycloneDX SBOM with single license id
+	Given User is on SBOM license information file for "<sbomName>"
+	When User selects the package "<packageName>" with Single license id
+	Then "SBOM name" column should match "<name>" from SBOM
+	And "SBOM id" column should match "<id>" from SBOM
+	And "package name" column should match "<packageName>" from SBOM
+	And "package group" column should match "<packageGroup>" from SBOM
+	And "package version" column should match "<packageVersion>" from SBOM
+	And "package purl" column should match "<packagePurl>" from SBOM
+	And "license" column should match "<license>" from SBOM
+	And "package cpe" column should be empty
+
+  Examples:
+            | sbomName                 | packageName | name                     | id                                              | packageGroup                | packageVersion          | packagePurl                                                                                                                                                                                                                  | license    |
+            | Red Hat build of Quarkus | quarkus-bom | Red Hat build of Quarkus | urn:uuid:ed823a98-ef10-395b-a95d-eea9ef659984/1 | com.redhat.quarkus.platform | 2.13.9.SP2-redhat-00003 | pkg:maven/com.redhat.quarkus.platform/quarkus-bom@2.13.9.SP2-redhat-00003?type=pom pkg:maven/com.redhat.quarkus.platform/quarkus-bom@2.13.9.SP2-redhat-00003?repository_url=https://maven.repository.redhat.com/ga/&type=pom | Apache-2.0 |
+
+Scenario: Verify the license information for a package on the CycloneDX SBOM with single license id with alternate package reference
+	Given User is on SBOM license information file for "<sbomName>"
+	When User selects a package "<packageName>" with Single license id with cpe information
+	Then "SBOM name" column should match "<name>" from SBOM
+	And "SBOM id" column should match "<id>" from SBOM
+	And "package name" column should match "<packageName>" from SBOM
+	And "package group" column should match "<packageGroup>" from SBOM
+	And "package version" column should match "<packageVersion>" from SBOM
+	And "package purl" column should match "<packagePurl>" from SBOM
+	And "license" column should match "<license>" from SBOM
+	And "package cpe" column should match "<cpe>" from SBOM
+
+  Examples:
+            | sbomName                       | packageName | name                           | id                                                                               | packageGroup                | packageVersion          | packagePurl                                                                                                                          | license    | cpe |
+            | quarkus-bom-3.8.3.redhat-00003 | quarkus-bom | quarkus-bom-3.8.3.redhat-00003 | https://access.redhat.com/security/data/sbom/spdx/quarkus-bom-3.8.3.redhat-00003 |                             | 3.8.3.redhat-00003      | pkg:maven/com.redhat.quarkus.platform/quarkus-bom@3.8.3.redhat-00003?repository_url=https://maven.repository.redhat.com/ga/&type=pom | Apache-2.0 | cpe:/a:redhat:quarkus:3.8:*:el8:* |

e2e/tests/ui/features/@license-export_cdx/license-export_cdx.step.ts

@@ -0,0 +1,250 @@
+import { createBdd } from "playwright-bdd";
+import * as fs from "node:fs";
+
+import { test } from "../../fixtures";
+
+import { expect } from "../../assertions";
+
+import { SbomListPage } from "../../pages/sbom-list/SbomListPage";
+import { SbomDetailsPage } from "../../pages/sbom-details/SbomDetailsPage";
+import { DetailsPage } from "../../helpers/DetailsPage";
+import { SearchPage } from "../../helpers/SearchPage";
+import { clickAndVerifyDownload } from "../../pages/Helpers";
+import {
+  downloadLicenseReport,
+  extractLicenseReport,
+  findCsvWithHeader,
+  findPackageRow,
+} from "../../pages/LicenseExportHelpers";
+
+export const { Given, When, Then } = createBdd(test);
+
+let downloadedFilename: string;
+let downloadedFilePath: string;
+let extractionPath: string;
+let packageLicenseFilePath: string;
+let licenseReferenceFilePath: string;
+let selectedPackageRow: Record<string, string>;
+
+Given(
+  "User Searches for CycloneDX SBOM {string} using Search Text box",
+  async ({ page }, sbomName: string) => {
+    const listPage = await SbomListPage.build(page);
+    const toolbar = await listPage.getToolbar();
+    await toolbar.applyFilter({ "Filter text": sbomName });
+  },
+);
+
+Given(
+  "User Searches for CycloneDX SBOM {string} using Search Text box and Navigates to Search results page",
+  async ({ page }, sbomName: string) => {
+    const searchPage = new SearchPage(page, "Search");
+    await searchPage.generalSearch("SBOMs", sbomName);
+  },
+);
+
+When(
+  "User Selects CycloneDX SBOM {string} from the Search Results",
+  async ({ page }, sbomName: string) => {
+    const listPage = await SbomListPage.fromCurrentPage(page);
+    const table = await listPage.getTable();
+    await table.waitUntilDataIsLoaded();
+
+    await expect(table).toHaveColumnWithValue("Name", sbomName);
+  },
+);
+
+When(
+  "User Clicks on SBOM name hyperlink from the Search Results",
+  async ({ page }) => {
+    const listPage = await SbomListPage.fromCurrentPage(page);
+    const table = await listPage.getTable();
+    const rows = await table.getRows();
+    await rows.first().getByRole("link").click();
+  },
+);
+
+Then("Application Navigates to SBOM Explorer page", async ({ page }) => {
+  await expect(page).toHaveURL(/\/sboms\/[^/]+/);
+});
+
+When('User Clicks "Action" button', async ({ page }) => {
+  const detailsPage = new DetailsPage(page);
+  await detailsPage.openActionsMenu();
+});
+
+Then('"Download License Report" Option should be visible', async ({ page }) => {
+  const detailsPage = new DetailsPage(page);
+  await detailsPage.verifyActionIsVisibleInMenu("Download License Report");
+});
+
+When('Selects "Download License Report" option', async ({ page }) => {
+  const detailsPage = new DetailsPage(page);
+  downloadedFilename = await clickAndVerifyDownload(
+    page,
+    async () =>
+      await detailsPage.page
+        .getByRole("menuitem", { name: "Download License Report" })
+        .click(),
+  );
+});
+
+Then(
+  "Licenses associated with the SBOM should be downloaded in TAR.GZ format using the SBOM name",
+  async ({ page }) => {
+    const sbomName = await page.getByRole("heading").first().innerText();
+    expect(downloadedFilename).toContain(sbomName);
+    expect(downloadedFilename.endsWith(".tar.gz")).toBeTruthy();
+  },
+);
+
+Given(
+  "User is on SBOM Explorer page for the CycloneDX SBOM {string}",
+  async ({ page }, sbomName: string) => {
+    await SbomDetailsPage.build(page, sbomName);
+  },
+);
+
+When('User Clicks on "Download License Report" button', async ({ page }) => {
+  const detailsPage = new DetailsPage(page);
+  await detailsPage.openActionsMenu();
+
+  downloadedFilename = await clickAndVerifyDownload(
+    page,
+    async () =>
+      await detailsPage.page
+        .getByRole("menuitem", { name: "Download License Report" })
+        .click(),
+  );
+});
+
+Given(
+  "User has Downloaded the License information for CycloneDX SBOM {string}",
+  async ({ page }, sbomName: string) => {
+    await SbomDetailsPage.build(page, sbomName);
+    downloadedFilePath = await downloadLicenseReport(page);
+  },
+);
+
+When("User extracts the Downloaded license TAR.GZ file", async () => {
+  extractionPath = await extractLicenseReport(downloadedFilePath);
+});
+
+Then(
+  "Extracted files should contain two CSVs, one for Package license information and another one for License reference",
+  async () => {
+    const files = fs.readdirSync(extractionPath);
+    const csvFiles = files.filter((file) => file.endsWith(".csv"));
+    expect(csvFiles.length).toBe(2);
+  },
+);
+
+Given(
+  "User extracted the CycloneDX SBOM {string} license compressed file",
+  async ({ page }, sbomName: string) => {
+    await SbomDetailsPage.build(page, sbomName);
+    downloadedFilePath = await downloadLicenseReport(page);
+    extractionPath = await extractLicenseReport(downloadedFilePath);
+  },
+);
+
+When("User Opens the package license information file", async () => {
+  packageLicenseFilePath = findCsvWithHeader(
+    extractionPath,
+    "SBOM name",
+    "Package license information file",
+  );
+});
+
+Then(
+  "The file should have the following headers - SBOM name, SBOM id, package name, package group, package version, package purl, package cpe and license",
+  async () => {
+    const content = fs.readFileSync(packageLicenseFilePath, "utf-8");
+    const headers = content.split("\n")[0].trim();
+    const expectedHeaders =
+      '"SBOM name"\t"SBOM id"\t"package name"\t"package group"\t"package version"\t"package purl"\t"package cpe"\t"license"\t"license type"';
+    expect(headers).toBe(expectedHeaders);
+  },
+);
+
+When("User Opens the license reference file", async () => {
+  licenseReferenceFilePath = findCsvWithHeader(
+    extractionPath,
+    "licenseId",
+    "License reference file",
+  );
+});
+
+Then(
+  "The file should have the following headers - licenseId, name, extracted text and comment",
+  async () => {
+    const content = fs.readFileSync(licenseReferenceFilePath, "utf-8");
+    const headers = content.split("\n")[0].trim();
+    const expectedHeaders = '"licenseId"\t"name"\t"extracted text"\t"comment"';
+    expect(headers).toBe(expectedHeaders);
+  },
+);
+
+Given(
+  "User is on license reference {string} file",
+  async ({ page }, sbomName: string) => {
+    await SbomDetailsPage.build(page, sbomName);
+    downloadedFilePath = await downloadLicenseReport(page);
+    extractionPath = await extractLicenseReport(downloadedFilePath);
+    licenseReferenceFilePath = findCsvWithHeader(
+      extractionPath,
+      "licenseId",
+      "License reference file",
+    );
+  },
+);
+
+Then("The License reference CSV should be empty", async () => {
+  const content = fs.readFileSync(licenseReferenceFilePath, "utf-8");
+  const lines = content.trim().split("\n");
+  // Only header should be present
+  expect(lines.length).toBe(1);
+});
+
+Given(
+  "User is on SBOM license information file for {string}",
+  async ({ page }, sbomName: string) => {
+    await SbomDetailsPage.build(page, sbomName);
+    downloadedFilePath = await downloadLicenseReport(page);
+    extractionPath = await extractLicenseReport(downloadedFilePath);
+    packageLicenseFilePath = findCsvWithHeader(
+      extractionPath,
+      "SBOM name",
+      "Package license information file",
+    );
+  },
+);
+
+When(
+  "User selects the package {string} with Single license id",
+  async ({ page: _page }, packageName: string) => {
+    selectedPackageRow = findPackageRow(packageLicenseFilePath, packageName);
+  },
+);
+
+When(
+  "User selects a package {string} with Single license id with cpe information",
+  async ({ page: _page }, packageName: string) => {
+    selectedPackageRow = findPackageRow(packageLicenseFilePath, packageName);
+  },
+);
+
+Then(
+  "{string} column should match {string} from SBOM",
+  async ({ page: _page }, columnName: string, expectedValue: string) => {
+    const actual = selectedPackageRow[columnName].replace(/\n/g, " ");
+    expect(actual).toBe(expectedValue);
+  },
+);
+
+Then(
+  "{string} column should be empty",
+  async ({ page: _page }, columnName: string) => {
+    expect(selectedPackageRow[columnName]).toBe("");
+  },
+);

e2e/tests/ui/helpers/DetailsPage.ts

@@ -22,6 +22,12 @@ export class DetailsPage {
     await this.page.getByRole("menuitem", { name: actionName }).click();
   }
 
+  async openActionsMenu() {
+    const actionsButton = this.page.getByRole("button", { name: "Actions" });
+    await actionsButton.click();
+    await expect(actionsButton).toHaveAttribute("aria-expanded", "true");
+  }
+
   async clickOnPageButton(buttonName: string) {
     await this.page.getByRole("button", { name: buttonName }).click();
   }
@@ -37,6 +43,12 @@ export class DetailsPage {
     ).toBeVisible();
   }
 
+  async verifyActionIsVisibleInMenu(actionName: string) {
+    await expect(
+      this.page.getByRole("menuitem", { name: actionName }),
+    ).toBeVisible();
+  }
+
   async verifyButtonIsVisible(button: string) {
     await expect(this.page.getByRole("button", { name: button })).toBeVisible();
   }