Overview
Architecture

Architecture

The architecture of the GobletQA Platform is designed to provide a robust and secure environment for creating and executing tests or automation. This section provides an overview of the key components and technologies involved in the platform's architecture.

Cloud Infrastructure

The GobletQA Platform runs on cloud infrastructure, leveraging the scalability and flexibility of cloud computing services. Backed by kubernetes, it allows for seamless management of resources and ensures high availability of the platform.

Session Container

When a user logs into the GobletQA Platform, a session container is created for them. The session container is a short-lived virtual machine that runs in the cloud and is tightly coupled with the user's active session. It serves as an isolated execution environment for the user's tests and automation.

See the Session Container section for more information

Feature Files

The core building blocks of the GobletQA Platform are feature files written in the Gherkin syntax. These files define the test scenarios, including the steps to be executed and the expected outcomes. Feature files are stored within the user's selected repository and are responsible for driving the execution of tests.

See the Feature File section for more information

Step Definitions

Step definitions provide the implementation details for the steps specified in the feature files. The GobletQA Platform includes a set of predefined step definitions that cover various areas such as API calls, browser automation, and script execution. Users can also create their own custom step definitions to extend the functionality of the platform.

Git Integration

The GobletQA Platform integrates with supported Git providers, such as GitHub and GitLab, for authentication and repository management. Users authenticate with their Git provider, granting permission for the platform to access their repositories. The platform utilizes authentication tokens and APIs provided by the Git provider to synchronize repository changes.

See the Git Provider section for more information

Proxy

To ensure security and controlled access, all requests to the session container are routed through a proxy. The proxy validates each request using JWT (JSON Web Token) authentication generated from the user's encrypted authentication token received during sign-in. This adds an additional layer of protection against unauthorized access to the session container.

Automation

When creating feature files that automate web browsers, the GobletQA Platform utilizes the Playwright framework (opens in a new tab). Playwright allows full interaction with the browser, enabling actions such as clicking, scrolling, dragging, DOM manipulation, and more. It ensures reliable and comprehensive browser automation capabilities for the platform.

Kubernetes and Docker

For running the session conatiner as well as executing user-supplied scripts or functions, the platform utilizes Kubernetes (opens in a new tab) and Docker (opens in a new tab) to create isolated virtual machines. These virtual machines provide a secure environment for executing custom code, ensuring that scripts run independently and do not impact the overall platform stability.

Security Measures

The architecture of the GobletQA Platform is designed with security, scalability, and flexibility in mind, enabling users to create and execute tests in a reliable and protected environment. The platform incorporates several security measures to protect user data and ensure a secure testing environment:

  • Never Publicly Exposed
    The session containers are never publicly exposed. All access to them must go through the authenticated proxy, which validates each request using JWT authentication.

  • Encrypted Authentication Tokens
    User authentication tokens are encrypted and NEVER permenently stored.

  • Double JWT validation
    Both the proxy and session containers authenticate requests using JWT authentication. This ensures that even if a request is able to bypass the proxy, a valid JWT is still required adding an extra layer of protection.

  • JWT limited lifespan
    JWT tokens have a limited lifespan, expiring after one hour, upon user sign-out, or after an extended period of inactivity.

  • Permanent Removal
    When a user session ends, the session container is automatically shut down and removed, ensuring that all traces of the container, including repository files, are PERMANENTLY deleted.

OverviewGit Providers