Merge pull request #3278 from magento/ds_MAGEDOC-3232_mftf-credentials

Add the MFTF Credentials topic

Author: dshevtsov

_data/toc/magento-functional-testing-framework-guide-2_3.yml

@@ -1,5 +1,4 @@
 label: Magento Functional Testing Framework Guide version 2.3
-versionless: true
 pages:
 
   - label: Introduction
@@ -72,6 +71,10 @@ pages:
     url: /mftf/2.3/reporting.html
     versionless: true
 
+  - label: Credentials
+    url: /mftf/2.3/credentials.html
+    versionless: true
+
   - label: Configuration
     url: /mftf/2.3/configuration.html
     versionless: true

mftf/2.3/credentials.md

@@ -0,0 +1,101 @@
+---
+---
+
+# Credentials
+
+When you test functionality that involves external services such as UPS, FedEx, PayPal, or SignifyD, use the MFTF credentials feature to hide sensitive [data][] like integration tokens and API keys.
+
+## Define sensitive data in `.credentials`
+
+The MFTF creates a sample file for credentials during [initial setup][]: `magento2/dev/tests/acceptance/.credentials.example`.
+The file contains an example list of keys for fields that can require credentials.
+
+### Create `.credentials`
+
+To make the MFTF process the file with credentials, change directories to `magento2/dev/tests/acceptance/` and copy `.credentials.example` to `.credentials`.
+
+```bash
+cd dev/tests/acceptance/
+```
+
+```bash
+cp .credentials.example .credentials
+```
+
+### Add `.credentials` to `.gitignore`
+
+Verify that the file is excluded from tracking by `.gitignore` (unless you need this behavior):
+
+```bash
+git check-ignore .credentials
+```
+
+The command outputs the path if the file is excluded:
+
+```terminal
+.credentials
+```
+
+### Define sensitive data
+
+Open the `.credentials` file, uncomment the fields you want to use, and add your values:
+
+```config
+...
+# Credentials for the USPS service
+carriers_usps_userid=test_user
+carriers_usps_password=Lmgxvrq89uPwECeV
+
+# Credentials for the DHL service
+#carriers/dhl/id_us=
+#carriers/dhl/password_us=
+....
+```
+
+{: .bs-callout .bs-callout-info }
+The `/` symbol is not supported in a key name.
+
+You are free to use any other keys you like, as they are merely the keys to reference from your tests.
+
+```conf
+# Credentials for the MyAwesome service
+my_awesome_service_token=rRVSVnh3cbDsVG39oTMz4A
+
+# Credentials for the USPS service
+carriers_usps_userid=test_user
+carriers_usps_password=Lmgxvrq89uPwECeV
+....
+```
+
+## Use credentials in a test
+
+<!--{% raw %}-->
+Access the data defined in the `.credentials` file using the [`fillField`][] action with the `userInput` attribute.
+Define the value as a reference to the corresponding key in the credentials file such as `{{_CREDS.my_data_key}}`:
+
+- `_CREDS` is an environment constant pointing to the `.credentials` file
+- `my_data_key` is a key in the the `.credentials` file that contains the value to be used in a test step
+
+For example:
+
+```xml
+<fillField stepKey="FillApiToken" selector=".api-token" userInput="{{_CREDS.my_data_key}}" />
+```
+
+## Implementation details
+
+The generated tests do not contain credentials values.
+The MFTF dynamically retrieves, encrypts, and decrypts the sensitive data during test execution.
+Decrypted credentials do not appear in the console, error logs, or [test reports][].
+The decrypted values are only available in the `.credentials` file.
+
+{: .bs-callout .bs-callout-info }
+The MFTF tests delivered with Magento application do not use credentials and do not cover external services, because of sensitivity of the data.
+
+<!--{% endraw %}-->
+
+<!-- Link definitions -->
+[`fillField`]: test/actions.html#fillfield
+[data]: data.html
+[initial setup]: getting-started.html
+[test reports]: reporting.html

mftf/2.3/data.md

@@ -8,15 +8,13 @@ redirect_from: /guides/v2.3/magento-functional-testing-framework/2.3/data.html
 _This topic was updated due to the {{page.mftf-release}} MFTF release._
 {: style="text-align: right"}
 
-Tests require data to function properly.
-
-The MFTF allows you to specify and use `<data>` entities defined in XML. Default `<data>` entities are provided for use and as templates for entity creation and manipulation.
-
+The MFTF enables you to specify and use `<data>` entities defined in XML. Default `<data>` entities are provided for use and as templates for entity creation and manipulation.
 The following diagram shows the XML structure of an MFTF data object:
 
 {%include_relative img/data-dia.svg%}
 
-### Supply data to test by reference to a data entity
+## Supply data to test by reference to a data entity
+
 {%raw%}
 Test steps requiring `<data>` input in an action, like filling a field with a string, may reference an attribute from a data entity:
 
@@ -29,8 +27,7 @@ In this example:
 * `SimpleSubCategory` is an entity name.
 * `name` is a `<data>` key of the entity. The corresponding value will be assigned to `userInput` as a result.
 
-****
-#### Environmental data
+### Environmental data
 
 ```xml
 userInput="{{_ENV.MAGENTO_ADMIN_USERNAME}}"
@@ -40,23 +37,24 @@ In this example:
 
 * `_ENV` is a reference to the `dev/tests/acceptance/.env` file, where basic environment variables are set.
 * `MAGENTO_ADMIN_USERNAME` is a name of an environment variable.
-The corresponding value will be assigned to `userInput` as a result.
+   The corresponding value will be assigned to `userInput` as a result.
 
-#### Sensitive data
+### Sensitive data
 
 ```xml
-userInput="{{_CREDS.MY_SECRET_TOKEN}}"
+userInput="{{_CREDS.my_secret_token}}"
 ```
 
 In this example:
 
-* `_CREDS` is a reference to the `dev/tests/acceptance/.credentials` file, where sensitive data and secrets are stored for use in a test.
+* `_CREDS` is a constant to reference to the `dev/tests/acceptance/.credentials` file, where sensitive data and secrets are stored for use in a test.
 * `MY_SECRET_TOKEN` is the name of a key in the credentials variable.
-The corresponding value of the credential will be assigned to `userInput` as a result.
-* Credential values are not generated into a test. Instead, they are dynamically retrieved, encrypted and decrypted when used by a specific action during the test's execution.
-* References to credentials do not appear decrypted in the console, error logs or test reports, their values can only be seen decrypted in the .credentials file in which they are stored.
+  The corresponding value of the credential will be assigned to `userInput` as a result.
+* The decrypted values are only available in the `.credentials` file in which they are stored.
 
-### Persist a data entity as a prerequisite of a test
+Learn more in [Credentials][].
+
+## Persist a data entity as a prerequisite of a test
 
 A test can specify an entity to be persisted (created in the database) so that the test actions could operate on the existing known data.
 
@@ -84,7 +82,8 @@ The current scope is preferred, then widening to _test > hook > suite_ or _hook
 This emphasizes the practice for the `stepKey` of `createData` to be descriptive and unique, as a duplicated `stepKey` in both a `<test>` and `<before>` prefers the `<test>` data.'
 %}
 
-### Use data returned by test actions
+## Use data returned by test actions
+
 {%raw%}
 A test can also reference data that was returned as a result of [test actions](./test/actions.html#actions-returning-a-variable), like the action `<grabValueFrom selector="someSelector" stepKey="grabStepKey>`.
 
@@ -97,7 +96,7 @@ The following example shows the usage of `grabValueFrom` in testing, where the r
 <fillField selector=".functionalTestSelector" userInput="{$grabStepKey}" stepKey="fillFieldKey1"/>
 ```
 
-### Hard-coded data input
+## Hard-coded data input
 
 The data to operate against can be included as literals in a test. Hard-coded data input can be useful in assertions.
 

mftf/2.3/reporting.md

@@ -354,7 +354,7 @@ Refer to the [Reporting section][] for more Allure CLI details.
 
 <!-- Link definitions -->
 
-[`after`]: test#after-tag
+[`after`]: test.html#after-tag
 [`run:group`]: commands/mftf.html#rungroup
 [`run:test`]: commands/mftf.html#runtest
 [Allure Framework]: https://docs.qameta.io/allure/