Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[QA-543] JWT signing in SPOT script #766

Open
wants to merge 21 commits into
base: main
Choose a base branch
from
Open

[QA-543] JWT signing in SPOT script #766

wants to merge 21 commits into from

Conversation

abhinaysrivastavaperf
Copy link
Collaborator

@abhinaysrivastavaperf abhinaysrivastavaperf commented Jul 24, 2024
edited by Tom-Dann
Loading

QA-543

What?

Added dynamic creation and signing of JWT payloads for the SPOT scenario

Changes:

  • .github/workflows/pre-merge-checks.yml: Added Github packages as a registry
  • .github/workflows/typedoc-publish.yml: Added Github packages as a registry
  • deploy/scripts/package-lock.json: Generated package lock updates
  • deploy/scripts/package.json: Added @govuk-one-login/data-vocab package for types
  • deploy/scripts/src/common/utils/authentication/jwt.ts: Changes the string to ArrayBuffer conversion to use Uint8 over Uint16 to resolve a defect when signing JWTs causing invalid signatures
  • deploy/scripts/src/spot/[requestGenerator/spotReqGen.ts ↦ request/generator.ts]: Payload generator file containing the test data for JWT payloads and also the entire SPOT request payload
  • deploy/scripts/src/spot/request/types.ts: Added SpotRequestInfo as a new interface to hold details of the SPOT request, used in generating the pairwise subs in each of the payloads
  • deploy/scripts/src/spot/test.ts:
    • Added imports for private keys in JWK format through environment variables
    • Added code to generate the pairwise subs as specified in ADR-24 and in code here
    • Added signing of JWT payloads using the common JWT signing library

Why?

To facilitate more complex test data for the SPOT scenario

Related

@abhinaysrivastavaperf abhinaysrivastavaperf added dependencies Pull requests that update a dependency file k6 Pull requests that make changes to k6 scripts or the k6 application labels Jul 24, 2024
@Tom-Dann Tom-Dann changed the title [QA-543]: Implement JWT signing capability in SPOT [QA-543] JWT signing in SPOT script Oct 14, 2024
@Tom-Dann Tom-Dann marked this pull request as ready for review October 14, 2024 09:33
@Tom-Dann Tom-Dann requested review from a team as code owners October 14, 2024 09:33
@Tom-Dann Tom-Dann added the typescript Pull requests that update TypeScript code label Oct 14, 2024
@govuk-one-login govuk-one-login deleted a comment from sonarqubecloud bot Oct 14, 2024
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file k6 Pull requests that make changes to k6 scripts or the k6 application typescript Pull requests that update TypeScript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@abhinaysrivastavaperf @Tom-Dann