MQE-1006: Handling secure/sensitive data in MFTF test

- add new credential manager
- add new credentials example file
- modify build project command to copy in credentials file

Author: imeron2433

dev/tests/verification/Resources/PersistedReplacementTest.txt

@@ -52,6 +52,7 @@ class PersistedReplacementTestCest
 		$I->fillField("#selector", "StringBefore " . $createdData->getCreatedDataByName('firstname') . " StringAfter");
 		$I->fillField("#" . $createdData->getCreatedDataByName('firstname'), "input");
 		$I->fillField("#" . getenv("MAGENTO_BASE_URL") . "#" . $createdData->getCreatedDataByName('firstname'), "input");
+		$I->fillField("#" . CredentialStore::getInstance()->getSecret("SECRET_PARAM") . "#" . $createdData->getCreatedDataByName('firstname'), "input");
 		$I->dragAndDrop("#" . $createdData->getCreatedDataByName('firstname'), $createdData->getCreatedDataByName('lastname'));
 		$I->conditionalClick($createdData->getCreatedDataByName('lastname'), "#" . $createdData->getCreatedDataByName('firstname'), true);
 		$I->amOnUrl($createdData->getCreatedDataByName('firstname') . ".html");

dev/tests/verification/TestModule/Test/PersistedReplacementTest.xml

@@ -17,6 +17,7 @@
         <fillField stepKey="inputReplace" selector="#selector" userInput="StringBefore $createdData.firstname$ StringAfter"/>
         <fillField stepKey="selectorReplace" selector="#$createdData.firstname$" userInput="input"/>
         <fillField stepKey="selectorReplace2" selector="#{{_ENV.MAGENTO_BASE_URL}}#$createdData.firstname$" userInput="input"/>
+        <fillField stepKey="selectorReplace3" selector="#{{_CREDS.SECRET_PARAM}}#$createdData.firstname$" userInput="input"/>
         <dragAndDrop stepKey="selector12Replace" selector1="#$createdData.firstname$" selector2="$createdData.lastname$"/>
         <conditionalClick stepKey="dependentSelectorReplace" dependentSelector="#$createdData.firstname$" selector="$createdData.lastname$" visible="true"/>
         <amOnUrl stepKey="urlReplace" url="$createdData.firstname$.html"/>

etc/config/.credentials.example

@@ -0,0 +1,75 @@
+#carriers/fedex/account=
+#carriers/fedex/meter_number=
+#carriers/fedex/key=
+#carriers/fedex/password=
+
+#carriers/ups/password=
+#carriers/ups/username=
+#carriers/ups/access_license_number=
+#carriers/ups/shipper_number=
+
+#carriers/usps/userid=
+#carriers/usps/password=
+
+#carriers_dhl_id_us=
+#carriers_dhl_password_us=
+#carriers_dhl_account_us=
+
+#carriers_dhl_id_eu=
+#carriers_dhl_password_eu=
+#carriers_dhl_account_eu=
+
+
+#payment_authorizenet_login=
+#payment_authorizenet_trans_key=
+#payment_authorizenet_trans_md5=
+
+#authorizenet_fraud_review_login=
+#authorizenet_fraud_review_trans_key=
+#authorizenet_fraud_review_md5=
+
+#braintree_enabled_fraud_merchant_account_id=
+#braintree_enabled_fraud_merchant_id=
+#braintree_enabled_fraud_public_key=
+#braintree_enabled_fraud_private_key=
+
+#braintree_disabled_fraud_merchant_account_id=
+#braintree_disabled_fraud_merchant_id=
+#braintree_disabled_fraud_public_key=
+#braintree_disabled_fraud_private_key=
+
+#payment/paypal_group_all_in_one/wpp_usuk/wpp_required_settings/wpp_and_express_checkout/business_account=
+#payment/paypal_group_all_in_one/wpp_usuk/wpp_required_settings/wpp_and_express_checkout/api_username=
+#payment/paypal_group_all_in_one/wpp_usuk/wpp_required_settings/wpp_and_express_checkout/api_password=
+#payment/paypal_group_all_in_one/wpp_usuk/wpp_required_settings/wpp_and_express_checkout/api_signature=
+#payment/paypal_express/merchant_id=
+
+#payflow_pro_fraud_protection_enabled_business_account=
+#payflow_pro_fraud_protection_enabled_partner=
+#payflow_pro_fraud_protection_enabled_user=
+#payflow_pro_fraud_protection_enabled_pwd=
+#payflow_pro_fraud_protection_enabled_vendor=
+
+#payflow_pro_business_account=
+#payflow_pro_partner=
+#payflow_pro_user=
+#payflow_pro_pwd=
+#payflow_pro_vendor=
+
+#payflow_link_business_account_email=
+#payflow_link_partner=
+#payflow_link_user=
+#payflow_link_password=
+#payflow_link_vendor=
+
+#payment/paypal_group_all_in_one/payments_pro_hosted_solution_with_express_checkout/pphs_required_settings/pphs_required_settings_pphs/business_account=
+#payment/paypal_group_all_in_one/payments_pro_hosted_solution_with_express_checkout/pphs_required_settings/pphs_required_settings_pphs/api_username=
+#payment/paypal_group_all_in_one/payments_pro_hosted_solution_with_express_checkout/pphs_required_settings/pphs_required_settings_pphs/api_password=
+#payment/paypal_group_all_in_one/payments_pro_hosted_solution_with_express_checkout/pphs_required_settings/pphs_required_settings_pphs/api_signature=
+
+#payment/paypal_alternative_payment_methods/express_checkout_us/express_checkout_required/express_checkout_required_express_checkout/business_account=
+#payment/paypal_alternative_payment_methods/express_checkout_us/express_checkout_required/express_checkout_required_express_checkout/api_username=
+#payment/paypal_alternative_payment_methods/express_checkout_us/express_checkout_required/express_checkout_required_express_checkout/api_password=
+#payment/paypal_alternative_payment_methods/express_checkout_us/express_checkout_required/express_checkout_required_express_checkout/api_signature=
+
+#fraud_protection/signifyd/api_key=

src/Magento/FunctionalTestingFramework/Console/BuildProjectCommand.php

@@ -21,6 +21,7 @@
 class BuildProjectCommand extends Command
 {
     const DEFAULT_YAML_INLINE_DEPTH = 10;
+    const CREDENTIALS_FILE_PATH = TESTS_BP . DIRECTORY_SEPARATOR . '.credentials.example';
 
     /**
      * Env processor manages .env files.
@@ -72,6 +73,7 @@ protected function execute(InputInterface $input, OutputInterface $output)
         $setupEnvCommand->run($commandInput, $output);
 
 
+
         // TODO can we just import the codecept symfony command?
         $codeceptBuildCommand = realpath(PROJECT_ROOT . '/vendor/bin/codecept') .  ' build';
         $process = new Process($codeceptBuildCommand);
@@ -126,5 +128,12 @@ private function generateConfigFiles(OutputInterface $output)
             $output->writeln("functional.suite.yml applied to " .
                 TESTS_BP . DIRECTORY_SEPARATOR . 'tests' . DIRECTORY_SEPARATOR . 'functional.suite.yml');
         }
+
+        $fileSystem->copy(
+            FW_BP . '/etc/config/.credentials.example',
+            self::CREDENTIALS_FILE_PATH
+        );
+
+        $output->writeln('.credentials.example successfully applied.');
     }
 }

src/Magento/FunctionalTestingFramework/DataGenerator/Handlers/CredentialStore.php

@@ -0,0 +1,94 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\FunctionalTestingFramework\DataGenerator\Handlers;
+
+use Magento\FunctionalTestingFramework\Console\BuildProjectCommand;
+use Magento\FunctionalTestingFramework\Exceptions\TestFrameworkException;
+
+class CredentialStore
+{
+    /**
+     * Singletone instnace
+     *
+     * @var CredentialStore
+     */
+    private static $INSTANCE = null;
+
+    /**
+     * Key/Value paris of credential names and their corresponding values
+     *
+     * @var array
+     */
+    private $credentials = [];
+
+    /**
+     * Static singleton getter for CredentialStore Instance
+     *
+     * @return CredentialStore
+     */
+    public static function getInstance()
+    {
+        if (self::$INSTANCE == null) {
+            self::$INSTANCE = new CredentialStore();
+        }
+
+        return self::$INSTANCE;
+    }
+
+    /**
+     * CredentialStore constructor.
+     */
+    private function __construct()
+    {
+        $this->readInCredentialsFile();
+    }
+
+    /**
+     * Returns the value of a secret based on corresponding key
+     *
+     * @param string $key
+     * @return string|null
+     */
+    public function getSecret($key)
+    {
+        return $this->credentials[$key] ?? null;
+    }
+
+    /**
+     * Private function which reads in secret key/values from .credentials file and stores in memory as key/value pair.
+     *
+     * @return void
+     * @throws TestFrameworkException
+     */
+    private function readInCredentialsFile()
+    {
+        $credsFilePath = str_replace(
+            '.credentials.example',
+            '.credentials',
+            BuildProjectCommand::CREDENTIALS_FILE_PATH
+        );
+
+        if (!file_exists($credsFilePath)) {
+            throw new TestFrameworkException(
+                "Cannot find .credentials file, please create in "
+                . TESTS_BP . " in order to reference sensitive information"
+            );
+        }
+
+        $credContents = file($credsFilePath, FILE_IGNORE_NEW_LINES);
+        foreach ($credContents as $credValue) {
+            if (substr($credValue, 0, 1) === '#' || empty($credValue)) {
+                continue;
+            }
+
+            list($key, $value) = explode("=", $credValue);
+            if (!empty($value)) {
+                $this->credentials[$key] = $value;
+            }
+        }
+    }
+}

src/Magento/FunctionalTestingFramework/Test/Objects/ActionObject.php

@@ -23,6 +23,7 @@
 class ActionObject
 {
     const __ENV = "_ENV";
+    const __CREDS = "_CREDS";
     const DATA_ENABLED_ATTRIBUTES = [
         "userInput",
         "parameterArray",
@@ -500,7 +501,7 @@ private function findAndReplaceReferences($objectHandler, $inputString)
             $obj = $objectHandler->getObject($objName);
 
             // Leave {{_ENV.VARIABLE}} references to be replaced in TestGenerator with getenv("VARIABLE")
-            if ($objName === ActionObject::__ENV) {
+            if ($objName === ActionObject::__ENV || $objName === ActionObject::__CREDS) {
                 continue;
             }
 

src/Magento/FunctionalTestingFramework/Util/Env/EnvProcessor.php

@@ -106,11 +106,7 @@ public function putEnvFile(array $config = [])
             $envData .= $key . '=' . $value . PHP_EOL;
         }
 
-        if ($this->envExists) {
-            file_put_contents($this->envFile, $envData, FILE_APPEND);
-        } else {
-            file_put_contents($this->envFile, $envData);
-        }
+        file_put_contents($this->envFile, $envData);
     }
 
     /**

src/Magento/FunctionalTestingFramework/Util/TestGenerator.php

@@ -6,6 +6,7 @@
 
 namespace Magento\FunctionalTestingFramework\Util;
 
+use Magento\FunctionalTestingFramework\DataGenerator\Handlers\CredentialStore;
 use Magento\FunctionalTestingFramework\DataGenerator\Objects\EntityDataObject;
 use Magento\FunctionalTestingFramework\Exceptions\TestReferenceException;
 use Magento\FunctionalTestingFramework\Suite\Handlers\SuiteObjectHandler;
@@ -747,7 +748,7 @@ public function generateStepsPhp($actionObjects, $hookObject = false, $actor = "
                         $testSteps .= $contextSetter;
                         $testSteps .= $deleteEntityFunctionCall;
                     } else {
-                        $url = $this->resolveEnvReferences([$url])[0];
+                        $url = $this->resolveAllRuntimeReferences([$url])[0];
                         $url = $this->resolveTestVariable([$url], null)[0];
                         $output = sprintf(
                             "\t\t$%s->deleteEntityByUrl(%s);\n",
@@ -1675,7 +1676,7 @@ private function wrapFunctionCall($actor, $action, ...$args)
         if (!is_array($args)) {
             $args = [$args];
         }
-        $args = $this->resolveEnvReferences($args);
+        $args = $this->resolveAllRuntimeReferences($args);
         $args = $this->resolveTestVariable($args, $action->getActionOrigin());
         $output .= implode(", ", array_filter($args, function($value) { return $value !== null; })) . ");\n";
         return $output;
@@ -1706,7 +1707,7 @@ private function wrapFunctionCallWithReturnValue($returnVariable, $actor, $actio
         if (!is_array($args)) {
             $args = [$args];
         }
-        $args = $this->resolveEnvReferences($args);
+        $args = $this->resolveAllRuntimeReferences($args);
         $args = $this->resolveTestVariable($args, $action->getActionOrigin());
         $output .= implode(", ", array_filter($args, function($value) { return $value !== null; })) . ");\n";
         return $output;
@@ -1716,21 +1717,21 @@ private function wrapFunctionCallWithReturnValue($returnVariable, $actor, $actio
     /**
      * Resolves {{_ENV.variable}} into getenv("variable") for test-runtime ENV referencing.
      * @param array $args
+     * @param string $regex
+     * @param string $func
      * @return array
      */
-    private function resolveEnvReferences($args)
+    private function resolveRuntimeReference($args, $regex, $func)
     {
-        $envRegex = "/{{_ENV\.([\w]+)}}/";
-
         $newArgs = [];
 
         foreach ($args as $key => $arg) {
-            preg_match_all($envRegex, $arg, $matches);
+            preg_match_all($regex, $arg, $matches);
             if (!empty($matches[0])) {
                 $fullMatch = $matches[0][0];
-                $envVariable = $matches[1][0];
+                $refVariable = $matches[1][0];
                 unset($matches);
-                $replacement = "getenv(\"{$envVariable}\")";
+                $replacement = "{$func}(\"{$refVariable}\")";
 
                 $outputArg = $this->processQuoteBreaks($fullMatch, $arg, $replacement);
                 $newArgs[$key] = $outputArg;
@@ -1743,6 +1744,28 @@ private function resolveEnvReferences($args)
         return $newArgs;
     }
 
+    /**
+     * Takes a predefined list of potentially matching special paramts and they needed function replacement and performs
+     * replacements on the tests args.
+     *
+     * @param array $args
+     * @return array
+     */
+    private function resolveAllRuntimeReferences($args)
+    {
+        $runtimeReferenceRegex = [
+            "/{{_ENV\.([\w]+)}}/" => 'getenv',
+            "/{{_CREDS\.([\w]+)}}/" => 'CredentialStore::getInstance()->getSecret'
+        ];
+
+        $argResult = $args;
+        foreach ($runtimeReferenceRegex as $regex => $func) {
+            $argResult = $this->resolveRuntimeReference($argResult, $regex, $func);
+        }
+
+        return $argResult;
+    }
+
     /**
      * Validates parameter array format, making sure user has enclosed string with square brackets.
      *