-
Notifications
You must be signed in to change notification settings - Fork 82
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
374 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
FROM quay.io/centos/centos:stream9 | ||
|
||
# Use this build arg to set any default test script arguments | ||
ENV RUN_SCRIPT_ARGS=${RUN_SCRIPT_ARGS} | ||
ENV ROBOT_EXTRA_ARGS='' | ||
ENV SET_ENVIRONMENT=0 | ||
ENV RETURN_PW=0 | ||
ENV OC_HOST=${OC_HOST} | ||
ENV RUN_FROM_CONTAINER=1 | ||
ENV SE_BROWSER_PATH=/usr/bin/chromium-browser | ||
ARG OC_VERSION=4.13 | ||
ARG OC_CHANNEL=stable | ||
ARG PYTHON_VERSION=3.11 | ||
|
||
ENV ODS_VENV="/ods_venv" \ | ||
HOME="/ods_venv" \ | ||
PATH="ods_venv/bin:${PATH}" \ | ||
AM_I_IN_CONTAINER="Yes" \ | ||
PYTHONUNBUFFERED="True" | ||
|
||
WORKDIR /ods_venv | ||
|
||
COPY . ${ODS_VENV} | ||
COPY ods_ci/test-variables.yml.example ${ODS_VENV}/ods_ci/test-variables.yml | ||
|
||
RUN dnf install epel-release -y &&\ | ||
dnf -y update &&\ | ||
dnf install -y jq git unzip chromium chromedriver httpd-tools gcc \ | ||
python3 python3-devel python3-distro python-pip python${PYTHON_VERSION} python${PYTHON_VERSION}-devel &&\ | ||
dnf clean all && rm -rf /var/cache/yum &&\ | ||
curl --proto "=https" -L https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -o /usr/bin/yq &&\ | ||
chmod +x /usr/bin/yq &&\ | ||
curl --proto "=https" -L https://mirror.openshift.com/pub/openshift-v$(echo ${OC_VERSION} | cut -d'.' -f 1)/x86_64/clients/ocp/${OC_CHANNEL}-${OC_VERSION}/openshift-client-linux.tar.gz -o ${HOME}/oc_client.tar.gz && \ | ||
tar xvf ${HOME}/oc_client.tar.gz -C /usr/local/bin/ && \ | ||
rm -rf ${HOME}/oc_client.tar.gz && rm /usr/local/bin/README.md && chmod 755 /usr/local/bin/oc && oc version --client && \ | ||
curl --proto "=https" -L https://github.com/openshift-online/ocm-cli/releases/download/v0.1.62/ocm-linux-amd64 -o ${HOME}/ocm && \ | ||
mv ${HOME}/ocm /usr/local/bin/ && chmod 755 /usr/local/bin/ocm && ocm version | ||
|
||
RUN alternatives --install /usr/local/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 1 | ||
RUN python3 --version | ||
RUN curl -sSL https://install.python-poetry.org | python3 - | ||
ENV PATH="${PATH}:${HOME}/.local/bin" | ||
RUN poetry install | ||
|
||
RUN chgrp -R 0 ${ODS_VENV} && \ | ||
chmod -R g+rwX ${ODS_VENV} | ||
|
||
USER 1001 | ||
WORKDIR ${ODS_VENV}/ods_ci |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
#!/bin/bash | ||
HTPASSWD_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" | ||
|
||
cd $HTPASSWD_PATH | ||
|
||
touch users.txt | ||
function generate_htpasswd_user(){ | ||
for i in {1..10} | ||
do | ||
htpasswd -b -B users.txt $1$i $2 | ||
done | ||
} | ||
|
||
generate_htpasswd_user $HTTP_USER_ADMIN $TEST_PASSWD | ||
generate_htpasswd_user $HTTP_USER_USER $TEST_PASSWD | ||
generate_htpasswd_user $HTTP_USER_NOACCESS $TEST_PASSWD | ||
htpasswd -b -B users.txt $HTTP_CLUSTER_ADMIN $TEST_ADMIN_PASSWD | ||
|
||
function generate_special_user(){ | ||
declare -a StringArray=("." "^" "$" "*" "+" "?" "(" ")" "[" "]" "{" "}" "\\" "|" "@" ";" "<" ">") | ||
for char in "${StringArray[@]}"; | ||
do | ||
htpasswd -b -B users.txt $1$char $2 | ||
done | ||
} | ||
|
||
generate_special_user $HTTP_USER_SPECIAL $TEST_PASSWD | ||
|
||
oc create secret generic htpasswd-secret --from-file=htpasswd=$HTPASSWD_PATH/users.txt -n openshift-config || echo "htpasswd secret exists" | ||
rm $HTPASSWD_PATH/users.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,184 @@ | ||
#!/bin/bash | ||
|
||
PROVIDER_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" | ||
TEST_VARIABLES_FILE="test-variables.yml" | ||
|
||
HTTP_USER_PREFIX="http-interop-$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 4)" | ||
LDAP_USER_PREFIX="ldap-interop-$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 4)" | ||
HTTP_USER_ADMIN=$HTTP_USER_PREFIX-"admin" | ||
HTTP_USER_USER=$HTTP_USER_PREFIX-"user" | ||
HTTP_USER_NOACCESS=$HTTP_USER_PREFIX-"noaccess" | ||
HTTP_USER_SPECIAL=$HTTP_USER_PREFIX-"special" | ||
LDAP_USER_ADMIN=$LDAP_USER_PREFIX-"admin" | ||
LDAP_USER_USER=$LDAP_USER_PREFIX-"user" | ||
LDAP_USER_NOACCESS=$LDAP_USER_PREFIX-"noaccess" | ||
HTTP_CLUSTER_ADMIN=$HTTP_USER_PREFIX-"cluster-admin-user" | ||
TEST_PASSWD="rhods-$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 4)" | ||
TEST_ADMIN_PASSWD="rhods-$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 6)" | ||
|
||
export HTTP_USER_ADMIN | ||
export HTTP_USER_USER | ||
export HTTP_USER_NOACCESS | ||
export HTTP_USER_SPECIAL | ||
export LDAP_USER_ADMIN | ||
export LDAP_USER_USER | ||
export LDAP_USER_NOACCESS | ||
export HTTP_CLUSTER_ADMIN | ||
export TEST_PASSWD | ||
export TEST_ADMIN_PASSWD | ||
|
||
install_htpasswd_identity_provider(){ | ||
|
||
# Test if any oauth identityProviders exists. If not, initialize the identityProvider list | ||
CURRENT_IDP_LIST=$(oc get oauth cluster -o json | jq -e '.spec.identityProviders') | ||
if [[ -z "${CURRENT_IDP_LIST}" ]] || [[ "${CURRENT_IDP_LIST}" == "null" ]]; then | ||
echo 'No oauth identityProvider exists. Initializing oauth .spec.identityProviders = []' | ||
oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders", "value": []}]' | ||
fi | ||
|
||
$PROVIDER_PATH/htpasswd/htpasswd_installation.sh | ||
# Patch in the HTPASSWD identityProviders | ||
oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders/-", "value": {"name":"htpasswd-cluster-admin","mappingMethod":"claim","type":"HTPasswd","htpasswd":{"fileData":{"name":"htpasswd-secret"}}}}]' | ||
} | ||
|
||
install_ldap_identity_provider(){ | ||
|
||
# Test if any oauth identityProviders exists. If not, initialize the identityProvider list | ||
CURRENT_IDP_LIST=$(oc get oauth cluster -o json | jq -e '.spec.identityProviders') | ||
if [[ -z "${CURRENT_IDP_LIST}" ]] || [[ "${CURRENT_IDP_LIST}" == "null" ]]; then | ||
echo 'No oauth identityProvider exists. Initializing oauth .spec.identityProviders = []' | ||
oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders", "value": []}]' | ||
fi | ||
|
||
# Patch in the LDAP identityProviders | ||
oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders/-", "value": {"ldap":{"attributes":{"email":[],"id":["dn"],"name":["cn"],"preferredUsername":["uid"]},"insecure":true,"bindDN":"cn=admin,dc=example,dc=org","bindPassword":{"name":"ldap-bind-password"},"url":"ldap://openldap.openldap.svc.cluster.local:1389/dc=example,dc=org?uid"},"mappingMethod":"claim","name":"ldap-provider-qe","type":"LDAP"}}]' | ||
|
||
$PROVIDER_PATH/ldap/ldap_installation.sh | ||
} | ||
|
||
add_groups_users() { | ||
# create groups | ||
oc adm groups new rhods-admins | ||
oc adm groups new rhods-users | ||
oc adm groups new rhods-noaccess | ||
oc adm groups new dedicated-admins | ||
# add users to groups | ||
function add_users_to_groups(){ | ||
for i in {1..10} | ||
do | ||
oc adm groups add-users $1 $2$i | ||
done | ||
} | ||
add_users_to_groups rhods-admins $HTTP_USER_ADMIN | ||
add_users_to_groups rhods-users $HTTP_USER_USER | ||
add_users_to_groups rhods-noaccess $HTTP_USER_NOACCESS | ||
add_users_to_groups rhods-admins $LDAP_USER_ADMIN | ||
add_users_to_groups dedicated-admins $LDAP_USER_ADMIN | ||
add_users_to_groups rhods-users $LDAP_USER_USER | ||
add_users_to_groups rhods-noaccess $LDAP_USER_NOACCESS | ||
oc adm groups add-users dedicated-admins $HTTP_CLUSTER_ADMIN | ||
|
||
oc adm groups add-users rhods-admins kubeadmin | ||
oc adm policy add-cluster-role-to-group view rhods-admins | ||
oc adm policy add-cluster-role-to-group cluster-admin dedicated-admins | ||
|
||
oc describe oauth.config.openshift.io/cluster | ||
} | ||
|
||
function htpasswd_installation(){ | ||
chk_htpasswd=1 | ||
|
||
while read -r line; do | ||
|
||
if [[ $line == *"cluster-admin"* ]]; then | ||
echo -e "\033[0;33m Htpasswd Identity provider is installed. Skipping installation \033[0m" | ||
chk_htpasswd=0 | ||
break | ||
fi | ||
done < <(oc get oauth -o yaml) | ||
|
||
if [[ $chk_htpasswd == 1 ]]; then | ||
install_htpasswd_identity_provider | ||
fi | ||
} | ||
|
||
function ldap_installation(){ | ||
chk_ldap=1 | ||
while read -r line; do | ||
if [[ $line == *"ldap-provider-qe"* ]]; then | ||
echo -e "\033[0;33m LDAP Identity provider is installed. Skipping installation \033[0m" | ||
chk_ldap=0 | ||
break | ||
fi | ||
done < <(oc get oauth -o yaml) | ||
if [[ $chk_ldap == 1 ]]; then | ||
install_ldap_identity_provider | ||
fi | ||
} | ||
|
||
function update_testConfig(){ | ||
echo "Update test config file..." | ||
|
||
AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred" | ||
AWS_ACCESS_KEY_ID=$(cat $AWS_SHARED_CREDENTIALS_FILE | grep aws_access_key_id | tr -d ' ' | cut -d '=' -f 2) | ||
AWS_SECRET_ACCESS_KEY=$(cat $AWS_SHARED_CREDENTIALS_FILE | grep aws_secret_access_key | tr -d ' ' | cut -d '=' -f 2) | ||
|
||
LDAP_USER_ADMIN1=$LDAP_USER_ADMIN"1" | ||
LDAP_USER_ADMIN2=$LDAP_USER_ADMIN"2" | ||
LDAP_USER_USER2=$LDAP_USER_USER"2" | ||
LDAP_USER_USER9=$LDAP_USER_USER"9" | ||
|
||
export LDAP_USER_ADMIN1 | ||
export LDAP_USER_ADMIN2 | ||
export LDAP_USER_USER2 | ||
export LDAP_USER_USER9 | ||
export AWS_ACCESS_KEY_ID | ||
export AWS_SECRET_ACCESS_KEY | ||
|
||
yq -i '.OCP_ADMIN_USER.AUTH_TYPE="htpasswd-cluster-admin"' $TEST_VARIABLES_FILE | ||
yq -i '.OCP_ADMIN_USER.USERNAME=env(HTTP_CLUSTER_ADMIN)' $TEST_VARIABLES_FILE | ||
yq -i '.OCP_ADMIN_USER.PASSWORD=env(TEST_ADMIN_PASSWD)' $TEST_VARIABLES_FILE | ||
|
||
yq -i '.TEST_USER.AUTH_TYPE="ldap-provider-qe"' $TEST_VARIABLES_FILE | ||
yq -i '.TEST_USER.USERNAME=env(LDAP_USER_ADMIN1)' $TEST_VARIABLES_FILE | ||
yq -i '.TEST_USER.PASSWORD=env(TEST_PASSWD)' $TEST_VARIABLES_FILE | ||
|
||
yq -i '.TEST_USER_2.AUTH_TYPE="ldap-provider-qe"' $TEST_VARIABLES_FILE | ||
yq -i '.TEST_USER_2.USERNAME=env(LDAP_USER_ADMIN2)' $TEST_VARIABLES_FILE | ||
yq -i '.TEST_USER_2.PASSWORD=env(TEST_PASSWD)' $TEST_VARIABLES_FILE | ||
|
||
yq -i '.TEST_USER_3.AUTH_TYPE="ldap-provider-qe"' $TEST_VARIABLES_FILE | ||
yq -i '.TEST_USER_3.USERNAME=env(LDAP_USER_USER2)' $TEST_VARIABLES_FILE | ||
yq -i '.TEST_USER_3.PASSWORD=env(TEST_PASSWD)' $TEST_VARIABLES_FILE | ||
|
||
yq -i '.TEST_USER_4.AUTH_TYPE="ldap-provider-qe"' $TEST_VARIABLES_FILE | ||
yq -i '.TEST_USER_4.USERNAME=env(LDAP_USER_USER9)' $TEST_VARIABLES_FILE | ||
yq -i '.TEST_USER_4.PASSWORD=env(TEST_PASSWD)' $TEST_VARIABLES_FILE | ||
|
||
yq -i '.OCP_API_URL=env(OC_HOST)' $TEST_VARIABLES_FILE | ||
yq -i '.OCP_CONSOLE_URL=env(OCP_CONSOLE)' $TEST_VARIABLES_FILE | ||
yq -i '.ODH_DASHBOARD_URL=env(RHODS_DASHBOARD)' $TEST_VARIABLES_FILE | ||
yq -i '.BROWSER.NAME="firefox"' $TEST_VARIABLES_FILE | ||
yq -i '.S3.AWS_ACCESS_KEY_ID=env(AWS_ACCESS_KEY_ID)' $TEST_VARIABLES_FILE | ||
yq -i '.S3.AWS_SECRET_ACCESS_KEY=env(AWS_SECRET_ACCESS_KEY)' $TEST_VARIABLES_FILE | ||
|
||
echo "OCP Console URL set to: $OCP_CONSOLE" | ||
echo "RHODS API Server URL set to: $OC_HOST" | ||
echo "RHODS Dashboard URL set to: $RHODS_DASHBOARD" | ||
} | ||
|
||
htpasswd_installation | ||
ldap_installation | ||
add_groups_users | ||
update_testConfig | ||
sleep 120 | ||
|
||
echo "Performing oc login using username and password" | ||
oc login "$OC_HOST" --username $HTTP_CLUSTER_ADMIN --password $TEST_ADMIN_PASSWD --insecure-skip-tls-verify=true | ||
retVal=$? | ||
if [ $retVal -ne 0 ]; then | ||
echo "The oc login command seems to have failed" | ||
echo "Please review the content of $TEST_VARIABLES_FILE" | ||
exit "$retVal" | ||
fi | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: openldap | ||
namespace: openldap | ||
labels: | ||
app.kubernetes.io/name: openldap | ||
spec: | ||
type: ClusterIP | ||
ports: | ||
- name: tcp-ldap | ||
port: 1389 | ||
targetPort: tcp-ldap | ||
selector: | ||
app.kubernetes.io/name: openldap | ||
--- | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: openldap | ||
namespace: openldap | ||
labels: | ||
app.kubernetes.io/name: openldap | ||
spec: | ||
selector: | ||
matchLabels: | ||
app.kubernetes.io/name: openldap | ||
replicas: 1 | ||
template: | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: openldap | ||
spec: | ||
automountServiceAccountToken: false | ||
containers: | ||
- name: openldap | ||
image: quay.io/croberts/openldapserver@sha256:9d4ec0a31b48e165cbef6950c29a0a71a9508cee74fbca2b9df8a9b36f776be1 | ||
imagePullPolicy: "Always" | ||
resources: | ||
requests: | ||
memory: "256Mi" | ||
cpu: '1' | ||
ephemeral-storage: "2Gi" | ||
limits: | ||
memory: "512Mi" | ||
ephemeral-storage: "2Gi" | ||
env: | ||
- name: LDAP_ADMIN_USERNAME | ||
value: "admin" | ||
- name: LDAP_ADMIN_PASSWORD | ||
valueFrom: | ||
secretKeyRef: | ||
key: adminpassword | ||
name: openldap | ||
- name: LDAP_USERS | ||
valueFrom: | ||
secretKeyRef: | ||
key: users | ||
name: openldap | ||
- name: LDAP_PASSWORDS | ||
valueFrom: | ||
secretKeyRef: | ||
key: passwords | ||
name: openldap | ||
ports: | ||
- name: tcp-ldap | ||
containerPort: 1389 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
#!/bin/bash | ||
user_list="" | ||
password_list="" | ||
|
||
function add_users_to_list(){ | ||
for i in {1..10} | ||
do | ||
user_list+="$1$i," | ||
password_list+="${TEST_PASSWD}," | ||
done | ||
} | ||
|
||
add_users_to_list $LDAP_USER_ADMIN | ||
add_users_to_list $LDAP_USER_USER | ||
add_users_to_list $LDAP_USER_NOACCESS | ||
|
||
oc create ns openldap | ||
oc create secret generic openldap \ | ||
-n openldap \ | ||
--from-literal=adminpassword=adminpassword \ | ||
--from-literal=passwords=${password_list%,} \ | ||
--from-literal=users=${user_list%,} | ||
|
||
LDAP_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" | ||
oc create secret generic ldap-bind-password --from-literal=bindPassword=adminpassword -n openshift-config || echo "ldap secret exists" | ||
oc apply -f $LDAP_PATH/ldap.yaml | ||
sleep 25s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
TEST_CASE_FILE=tests/Tests | ||
TEST_VARIABLES_FILE=test-variables.yml | ||
|
||
echo "Install IDP users and map them to test config file" | ||
./build/install_idp_interop.sh | ||
|
||
if [[ -z "${TEST_SUITE}" ]]; then | ||
echo "Define TEST_SUITE" | ||
exit 1 | ||
fi | ||
|
||
if [[ -z "${ARTIFACT_DIR}" ]]; then | ||
echo "Define ARTIFACT_DIR" | ||
ARTIFACT_DIR=/logs/artifacts | ||
fi | ||
|
||
poetry run robot --include $TEST_SUITE -d ${ARTIFACT_DIR} -x xunit_test_result.xml -r test_report.html --variablefile ${TEST_VARIABLES_FILE} ${TEST_CASE_FILE} |