Adding test infrastructure

.github/workflows/continuous-integration-workflow.yml

@@ -0,0 +1,72 @@
+name: Continous Integration Tests
+on:
+  pull_request:
+    branches:
+      - master
+jobs:
+  test:
+    name: ODS resources setup and provisioning tests
+    runs-on: ubuntu-16.04
+    steps:
+      -
+        name: GitHub context
+        env:
+          GITHUB_CONTEXT: ${{ toJson(github) }}
+        run: jq . <<< "${GITHUB_CONTEXT}"
+      -
+        name: Checkout repository
+        uses: actions/[email protected]
+        with:
+          fetch-depth: 0
+      -
+        name: Setup Go 1.13
+        uses: actions/[email protected]
+        with:
+          version: 1.13
+      -
+        name: Download OpenShift Client
+        run: |
+          wget https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz
+          tar -xzvf openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz
+          sudo mv openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit/oc /usr/local/bin/oc
+      -
+        name: Download Tailor
+        run: |
+          curl -LO "https://github.com/opendevstack/tailor/releases/download/v0.11.0/tailor-linux-amd64"
+          chmod +x tailor-linux-amd64
+          sudo mv tailor-linux-amd64 /usr/local/bin/tailor
+      -
+         name: Tailor version
+         run: tailor version
+      -
+         name: OpenShift client version
+         run: oc version
+      -
+         name: jq version
+         run: jq --version
+      -
+         name: golang version
+         run: go version
+      -
+         name: Docker version
+         run: docker --version
+      -
+         name: Network before changes
+         run: ifconfig
+      -
+         name: Configure docker network and insecure registries
+         run: ./tests/scripts/apply-docker-settings.sh
+      -
+         name: Start OC cluster
+         run: oc cluster up --base-dir=${HOME}/openshift.local.clusterup --routing-suffix 172.17.0.1.nip.io --public-hostname 172.17.0.1 --enable=centos-imagestreams --enable=persistent-volumes --enable=registry --enable=router
+      -
+         name: Login into the cluster
+         run: oc login -u system:admin
+      -
+         name: Create test infrastructure
+         run: |
+          mkdir -p ods-config
+          ./tests/scripts/recreate-test-infrastructure.sh
+      -
+         name: Run tests
+         run: make -C tests test

.travis.yml

@@ -2,16 +2,16 @@
 # https://stackoverflow.com/questions/27644586/how-to-set-up-travis-ci-with-multiple-languages
 
 matrix:
-  include:
-    - language: go
-      go:
-        - "1.11.x"
-      before_install:
-        - go get golang.org/x/tools/cmd/goimports
-        - curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.17.1
+    include:
+        - language: go
+          go:
+              - "1.11.x"
+          before_install:
+              - go get golang.org/x/tools/cmd/goimports
+              - curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.17.1
 
-      before_script:
-        - cd jenkins/webhook-proxy
-      script:
-        - env GO111MODULE=on make lint
-        - env GO111MODULE=on make test
+          before_script:
+              - cd jenkins/webhook-proxy
+          script:
+              - env GO111MODULE=on make lint
+              - env GO111MODULE=on make test

create-projects/create-cd-jenkins.sh

@@ -17,9 +17,11 @@ function usage {
    printf "\t-h|--help\tPrints the usage\n"
    printf "\t-v|--verbose\tVerbose output\n"
    printf "\t-t|--tailor\tChanges the executable of tailor. Default: tailor\n"
+   printf "\tods-namespace\tThe namespace where all ODS resources reside. Default: cd\n"
 
 }
 
+ODS_NAMESPACE="cd"
 
 while [[ "$#" -gt 0 ]]; do case $1 in
    --status) STATUS=true;;
@@ -33,6 +35,9 @@ while [[ "$#" -gt 0 ]]; do case $1 in
    -t=*|--tailor=*) TAILOR="${1#*=}";;
    -t|--tailor) TAILOR="$2"; shift;;
 
+   --ods-namespace=*) ODS_NAMESPACE="${1#*=}";;
+   --ods-namespace)   ODS_NAMESPACE="$2"; shift;;
+
    *) echo "Unknown parameter passed: $1"; usage; exit 1;;
  esac; shift; done
 
@@ -82,5 +87,6 @@ tailor_update_in_dir "${SCRIPT_DIR}/ocp-config/cd-jenkins" \
   "--param=PROXY_TRIGGER_SECRET_B64=${PIPELINE_TRIGGER_SECRET}" \
   "--param=PROJECT=${PROJECT_ID}" \
   "--param=CD_USER_ID_B64=${CD_USER_ID_B64}" \
+  "--param=NAMESPACE=${ODS_NAMESPACE}" \
   $cdUserPwdParam \
   --selector "template=cd-jenkins-template"

create-projects/create-projects.sh

@@ -1,4 +1,4 @@
-#!/bin/#!/usr/bin/env bash
+#!/usr/bin/env bash
 set -ex
 
 # check required parameters

docs/antora.yml

@@ -7,3 +7,4 @@ nav:
 - modules/infrastructure-setup/nav.adoc
 - modules/jenkins/nav.adoc
 - modules/sonarqube/nav.adoc
+- modules/keycloak/nav.adoc

docs/modules/keycloak/nav.adoc

@@ -0,0 +1 @@
+* xref:index.adoc[Keycloak]

docs/modules/keycloak/pages/index.adoc

@@ -0,0 +1,59 @@
+= Keycloak
+:experimental:
+:page-layout: documentation
+:toc:
+
+Keycloak is an open source identity and access managment tool.
+
+OpenDevStack uses eigther _Atlassian Crowd_ or  _OpenID Connect / OAuth 2.0_ protocol for authentication users of provisioning app.
+
+IMPORTANT: The usage of Keycloak is optional. Instead of keycloak, _Atlassian Crowd_ can still be used for
+authentication. See documentation under _ODS-Components_ -> _Provisioning App_ -> _Configuration Guide_ regarding
+the configuration of provisioning app.
+
+
+Setup of keycloak for local-installation is all done without further manual setup actions
+by starting the vagrant-box _idmanager_.
+
+== Realm _master_
+
+=== Users
+
+
+|===
+| User | Password | Roles
+
+|admin | admin | keycloak admin
+
+|===
+
+== Realm _opendevstack_
+There is (beside the master realm) one single OpenDevStack-specific realm: _opendevstack_.
+
+=== Groups
+There are two OpenDevStack-specific groups inside the _opendevstack_ realm:
+
+- opendevstack-administrators
+- opendevstack-users
+
+
+=== Users
+
+|===
+| User | Password | Groups
+
+|admin1 
+|admin1
+a|- opendevstack-administrators
+- opendevstack-users
+
+|user1
+| user1
+a|- opendevstack-users
+
+|===
+
+=== Client _ods-provisioning-app_
+There is one OpenDevStack-specific client inside the _opendevstack_ realm: _ods-provisioning-app_.
+
+There is a protocoll mapper called _Group Mapper_ that maps the user's group membership to a token claim with name _roles_.

infrastructure-setup/ansible/requirements.yml

@@ -6,7 +6,7 @@
 - src: geerlingguy.docker
   version: 2.0.4
 - src: geerlingguy.git
-  version: 2.0.4
+  version: 2.1.0
 
 # modified -> modified neel.rundeck
 #- src: neel.rundeck

infrastructure-setup/ansible/roles/geerlingguy.git/.ansible-lint

@@ -0,0 +1,2 @@
+skip_list:
+  - '204'

infrastructure-setup/ansible/roles/geerlingguy.git/.gitignore

@@ -1,2 +1,3 @@
 *.retry
-tests/test.sh
+*/__pycache__
+*.pyc

infrastructure-setup/ansible/roles/geerlingguy.git/.travis.yml

@@ -1,56 +1,34 @@
 ---
+language: python
 services: docker
 
 env:
-  # Test source install on latest supported OSes.
-  - distro: centos7
-    playbook: test-source.yml
-    GIT_VERSION: 2.9.3
-  - distro: ubuntu1604
-    playbook: test-source.yml
-    GIT_VERSION: 2.9.3
-
-  # Test package install on all supported OSes.
-  - distro: centos7
-    playbook: test.yml
-    GIT_VERSION: 1.8.3.1
-  - distro: centos6
-    playbook: test.yml
-    GIT_VERSION: 1.7.1
-  - distro: fedora24
-    playbook: test.yml
-    GIT_VERSION: 2.7.4
-  - distro: ubuntu1604
-    playbook: test.yml
-    GIT_VERSION: 2.7.4
-  - distro: ubuntu1404
-    playbook: test.yml
-    GIT_VERSION: 1.9.1
-  - distro: ubuntu1204
-    playbook: test.yml
-    GIT_VERSION: 1.7.9.5
-  - distro: debian8
-    playbook: test.yml
-    GIT_VERSION: 2.1.4
+  global:
+    - ROLE_NAME: git
+  matrix:
+    - MOLECULE_DISTRO: centos7
+      MOLECULE_PLAYBOOK: playbook-source.yml
+    - MOLECULE_DISTRO: ubuntu1804
+      MOLECULE_PLAYBOOK: playbook-source.yml
+    - MOLECULE_DISTRO: centos7
+    - MOLECULE_DISTRO: centos6
+    - MOLECULE_DISTRO: ubuntu1804
+    - MOLECULE_DISTRO: ubuntu1604
+    - MOLECULE_DISTRO: debian9
+
+install:
+  # Install test dependencies.
+  - pip install molecule docker
+
+before_script:
+  # Use actual Ansible Galaxy role name for the project directory.
+  - cd ../
+  - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
+  - cd geerlingguy.$ROLE_NAME
 
 script:
-  # Configure test script so we can run extra tests after playbook is run.
-  - export container_id=$(date +%s)
-  - export cleanup=false
-
-  # Download test shim.
-  - wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/
-  - chmod +x ${PWD}/tests/test.sh
-
   # Run tests.
-  - ${PWD}/tests/test.sh
-
-  # Ensure Git is installed and at the right version.
-  - 'docker exec --tty ${container_id} env TERM=xterm which git'
-  - 'docker exec --tty ${container_id} env TERM=xterm test -x /usr/bin/git'
-
-  - 'docker exec --tty ${container_id} env TERM=xterm git --version'
-  - 'docker exec --tty ${container_id} env TERM=xterm /usr/bin/git --version | grep -qF "$GIT_VERSION"'
+  - molecule test
 
 notifications:
   webhooks: https://galaxy.ansible.com/api/v1/notifications/

infrastructure-setup/ansible/roles/geerlingguy.git/README.md

@@ -28,7 +28,7 @@ The specific Git packages that will be installed. By default, `git-svn` is inclu
 
     git_install_from_source: false
     git_install_path: "/usr"
-    git_version: "2.1.0"
+    git_version: "2.16.2"
 
 Whether to install Git from source; if set to `true`, `git_version` is required and will be used to install a particular version of git (see all available versions here: https://www.kernel.org/pub/software/scm/git/), and `git_install_path` defines where git should be installed.
 

infrastructure-setup/ansible/roles/geerlingguy.git/defaults/main.yml

@@ -13,7 +13,7 @@ git_packages:
 # the 'git_version' variable instead of using a package.
 git_install_from_source: false
 git_install_path: "/usr"
-git_version: "2.9.3"
+git_version: "2.16.2"
 
 # If git is already installed at and older version, force a new source build.
 # Only applies if git_install_from_source is `true`.

infrastructure-setup/ansible/roles/geerlingguy.git/meta/.galaxy_install_info

@@ -1 +1 @@
-{install_date: 'Thu Apr 27 15:29:48 2017', version: 1.3.0}
+{install_date: 'Thu Jan  9 08:54:43 2020', version: 2.1.0}

infrastructure-setup/ansible/roles/geerlingguy.git/meta/main.yml

@@ -6,20 +6,24 @@ galaxy_info:
   description: Git version control software
   company: "Midwestern Mac, LLC"
   license: "license (BSD, MIT)"
-  min_ansible_version: 2.2
+  min_ansible_version: 2.5
   platforms:
-  - name: EL
-    versions:
-    - all
-  - name: Fedora
-    versions:
-    - all
-  - name: Debian
-    versions:
-    - all
-  - name: Ubuntu
-    versions:
-    - all
+    - name: EL
+      versions:
+        - all
+    - name: Fedora
+      versions:
+        - all
+    - name: Debian
+      versions:
+        - all
+    - name: Ubuntu
+      versions:
+        - all
   galaxy_tags:
     - development
     - system
+    - git
+    - vcs
+    - source
+    - code

infrastructure-setup/ansible/roles/geerlingguy.git/molecule/default/molecule.yml

@@ -0,0 +1,29 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint:
+  name: yamllint
+  options:
+    config-file: molecule/default/yaml-lint.yml
+platforms:
+  - name: instance
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  lint:
+    name: ansible-lint
+  playbooks:
+    converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
+scenario:
+  name: default
+verifier:
+  name: testinfra
+  lint:
+    name: flake8