✨ feat(tests): Add test for forwardauth configuration in docker-compose-dev-vendors.yml

pcrespov · pcrespov · commit 3c0f8e167ea2 · 2025-07-21T16:36:38.000+02:00
diff --git a/packages/pytest-simcore/src/pytest_simcore/repository_paths.py b/packages/pytest-simcore/src/pytest_simcore/repository_paths.py
@@ -85,6 +85,14 @@ def services_docker_compose_file(services_dir: Path) -> Path:
     return dcpath
 
 
+@pytest.fixture(scope="session")
+def services_docker_compose_dev_vendors_file(osparc_simcore_services_dir: Path) -> Path:
+    """Path to osparc-simcore/services/docker-compose-dev-vendors.yml file"""
+    dcpath = osparc_simcore_services_dir / "docker-compose-dev-vendors.yml"
+    assert dcpath.exists()
+    return dcpath
+
+
 @pytest.fixture(scope="session")
 def pylintrc(osparc_simcore_root_dir: Path) -> Path:
     pylintrc = osparc_simcore_root_dir / ".pylintrc"
diff --git a/services/docker-compose-dev-vendors.yml b/services/docker-compose-dev-vendors.yml
@@ -15,7 +15,7 @@ services:
         - traefik.enable=true
         - traefik.swarm.network=${SWARM_STACK_NAME}_default
         # auth: https://doc.traefik.io/traefik/middlewares/http/forwardauth
-        - traefik.http.middlewares.${SWARM_STACK_NAME}_manual-auth.forwardauth.address=http://${WEBSERVER_HOST}:${WEBSERVER_PORT}/v0/auth:check
+        - traefik.http.middlewares.${SWARM_STACK_NAME}_manual-auth.forwardauth.address=http://${WB_AUTH_WEBSERVER_HOST}:${WB_AUTH_WEBSERVER_PORT}/v0/auth:check
         - traefik.http.middlewares.${SWARM_STACK_NAME}_manual-auth.forwardauth.trustForwardHeader=true
         - traefik.http.middlewares.${SWARM_STACK_NAME}_manual-auth.forwardauth.authResponseHeaders=Set-Cookie,osparc-sc2
         # routing
diff --git a/services/web/server/tests/unit/with_dbs/03/test_login_auth_app.py b/services/web/server/tests/unit/with_dbs/03/test_login_auth_app.py
@@ -6,10 +6,12 @@
 
 import logging
 from collections.abc import Callable
+from pathlib import Path
 
 import pytest
 import pytest_asyncio
 import sqlalchemy as sa
+import yaml
 from aiohttp import web
 from aiohttp.test_utils import TestClient, TestServer
 from pytest_simcore.helpers.assert_checks import assert_status
@@ -151,3 +153,72 @@ async def test_check_endpoint_in_auth_app(client: TestClient, user: UserInfoDict
 
     response = await client.get("/v0/auth:check")
     await assert_status(response, status.HTTP_401_UNAUTHORIZED)
+
+
+def test_docker_compose_dev_vendors_forwardauth_configuration(
+    services_docker_compose_dev_vendors_file: Path,
+    app_environment_for_wb_authz_service_dict: EnvVarsDict,
+):
+    """Test that manual service forwardauth.address points to correct WB_AUTH_WEBSERVER_HOST and port."""
+
+    # Load docker-compose file
+    compose_config = yaml.safe_load(
+        services_docker_compose_dev_vendors_file.read_text()
+    )
+
+    # Get the manual service configuration
+    manual_service = compose_config.get("services", {}).get("manual")
+    assert (
+        manual_service is not None
+    ), "Manual service not found in docker-compose-dev-vendors.yml"
+
+    # Extract forwardauth.address from deploy labels
+    deploy_labels = manual_service.get("deploy", {}).get("labels", [])
+    forwardauth_address_label = None
+
+    for label in deploy_labels:
+        if "forwardauth.address=" in label:
+            forwardauth_address_label = label
+            break
+
+    assert (
+        forwardauth_address_label is not None
+    ), "forwardauth.address label not found in manual service"
+
+    # Parse the forwardauth address
+    # Expected format: traefik.http.middlewares.${SWARM_STACK_NAME}_manual-auth.forwardauth.address=http://${WB_AUTH_WEBSERVER_HOST}:${WB_AUTH_WEBSERVER_PORT}/v0/auth:check
+    address_part = forwardauth_address_label.split("forwardauth.address=")[1]
+
+    # Verify it contains the expected pattern
+    assert (
+        "${WB_AUTH_WEBSERVER_HOST}" in address_part
+    ), "forwardauth.address should reference WB_AUTH_WEBSERVER_HOST"
+    assert (
+        "${WB_AUTH_WEBSERVER_PORT}" in address_part
+    ), "forwardauth.address should reference WB_AUTH_WEBSERVER_PORT"
+    assert (
+        "/v0/auth:check" in address_part
+    ), "forwardauth.address should point to /v0/auth:check endpoint"
+
+    # Verify the full expected pattern
+    expected_pattern = (
+        "http://${WB_AUTH_WEBSERVER_HOST}:${WB_AUTH_WEBSERVER_PORT}/v0/auth:check"
+    )
+    assert (
+        address_part == expected_pattern
+    ), f"forwardauth.address should be '{expected_pattern}', got '{address_part}'"
+
+    # Verify that WB_AUTH_WEBSERVER_HOST and WB_AUTH_WEBSERVER_PORT are configured in the test environment
+    wb_auth_host = app_environment_for_wb_authz_service_dict.get(
+        "WB_AUTH_WEBSERVER_HOST"
+    )
+    wb_auth_port = app_environment_for_wb_authz_service_dict.get(
+        "WB_AUTH_WEBSERVER_PORT"
+    )
+
+    assert (
+        wb_auth_host is not None
+    ), "WB_AUTH_WEBSERVER_HOST should be configured in test environment"
+    assert (
+        wb_auth_port is not None
+    ), "WB_AUTH_WEBSERVER_PORT should be configured in test environment"
