From e49f2082d4cddff4b09a788f304b203a66a49b8e Mon Sep 17 00:00:00 2001 From: lisa Date: Thu, 31 Oct 2024 06:42:09 -0400 Subject: [PATCH] Build Interop testing image --- ods_ci/build/Dockerfile_interop | 49 +++++ .../build/htpasswd/htpasswd_installation.sh | 30 +++ ods_ci/build/install_idp_interop.sh | 187 ++++++++++++++++++ ods_ci/build/ldap/ldap.yaml | 79 ++++++++ ods_ci/build/ldap/ldap_installation.sh | 47 +++++ ods_ci/build/ldap/oauth-ldap.idp.json | 1 + ods_ci/run_interop.sh | 17 ++ 7 files changed, 410 insertions(+) create mode 100644 ods_ci/build/Dockerfile_interop create mode 100755 ods_ci/build/htpasswd/htpasswd_installation.sh create mode 100755 ods_ci/build/install_idp_interop.sh create mode 100644 ods_ci/build/ldap/ldap.yaml create mode 100755 ods_ci/build/ldap/ldap_installation.sh create mode 100644 ods_ci/build/ldap/oauth-ldap.idp.json create mode 100755 ods_ci/run_interop.sh diff --git a/ods_ci/build/Dockerfile_interop b/ods_ci/build/Dockerfile_interop new file mode 100644 index 000000000..54ea55659 --- /dev/null +++ b/ods_ci/build/Dockerfile_interop @@ -0,0 +1,49 @@ +FROM quay.io/centos/centos:stream9 + +# Use this build arg to set any default test script arguments +ENV RUN_SCRIPT_ARGS=${RUN_SCRIPT_ARGS} +ENV ROBOT_EXTRA_ARGS='' +ENV SET_ENVIRONMENT=0 +ENV RETURN_PW=0 +ENV OC_HOST=${OC_HOST} +ENV RUN_FROM_CONTAINER=1 +ENV SE_BROWSER_PATH=/usr/bin/chromium-browser +ARG OC_VERSION=4.13 +ARG OC_CHANNEL=stable +ARG PYTHON_VERSION=3.11 + +ENV ODS_VENV="/ods_venv" \ + HOME="/ods_venv" \ + PATH="ods_venv/bin:${PATH}" \ + AM_I_IN_CONTAINER="Yes" \ + PYTHONUNBUFFERED="True" + +WORKDIR /ods_venv + +COPY . ${ODS_VENV} +COPY ods_ci/test-variables.yml.example ${ODS_VENV}/ods_ci/test-variables.yml + +RUN dnf install epel-release -y &&\ + dnf -y update &&\ + dnf install -y jq git unzip chromium chromedriver httpd-tools gcc \ + python3 python3-devel python3-distro python-pip python${PYTHON_VERSION} python${PYTHON_VERSION}-devel &&\ + dnf clean all && rm -rf /var/cache/yum &&\ + curl --proto "=https" -L https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -o /usr/bin/yq &&\ + chmod +x /usr/bin/yq &&\ + curl --proto "=https" -L https://mirror.openshift.com/pub/openshift-v$(echo ${OC_VERSION} | cut -d'.' -f 1)/x86_64/clients/ocp/${OC_CHANNEL}-${OC_VERSION}/openshift-client-linux.tar.gz -o ${HOME}/oc_client.tar.gz && \ + tar xvf ${HOME}/oc_client.tar.gz -C /usr/local/bin/ && \ + rm -rf ${HOME}/oc_client.tar.gz && rm /usr/local/bin/README.md && chmod 755 /usr/local/bin/oc && oc version --client && \ + curl --proto "=https" -L https://github.com/openshift-online/ocm-cli/releases/download/v0.1.62/ocm-linux-amd64 -o ${HOME}/ocm && \ + mv ${HOME}/ocm /usr/local/bin/ && chmod 755 /usr/local/bin/ocm && ocm version + +RUN alternatives --install /usr/local/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 1 +RUN python3 --version +RUN curl -sSL https://install.python-poetry.org | python3 - +ENV PATH="${PATH}:${HOME}/.local/bin" +RUN poetry install + +RUN chgrp -R 0 ${ODS_VENV} && \ + chmod -R g+rwX ${ODS_VENV} + +USER 1001 +WORKDIR ${ODS_VENV}/ods_ci \ No newline at end of file diff --git a/ods_ci/build/htpasswd/htpasswd_installation.sh b/ods_ci/build/htpasswd/htpasswd_installation.sh new file mode 100755 index 000000000..efa2b7eb8 --- /dev/null +++ b/ods_ci/build/htpasswd/htpasswd_installation.sh @@ -0,0 +1,30 @@ +#!/bin/bash +HTPASSWD_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" + +cd $HTPASSWD_PATH + +touch users.txt +function generate_htpasswd_user(){ +for i in {1..20} + do + htpasswd -b -B users.txt $1$i $2 + done +} + +generate_htpasswd_user htpasswd-$RAND-admin $TEST_PASSWD +generate_htpasswd_user htpasswd-$RAND-user $TEST_PASSWD +generate_htpasswd_user htpasswd-$RAND-noaccess $TEST_PASSWD +htpasswd -b -B users.txt htpasswd-$RAND-cluster-admin-user $TEST_ADMIN_PASSWD + +function generate_special_user(){ +declare -a StringArray=("." "^" "$" "*" "+" "?" "(" ")" "[" "]" "{" "}" "\\" "|" "@" ";" "<" ">") +for char in "${StringArray[@]}"; + do + htpasswd -b -B users.txt $1$char $2 + done +} + +generate_special_user htpasswd-$RAND-special $TEST_PASSWD + +oc create secret generic htpasswd-secret --from-file=htpasswd=$HTPASSWD_PATH/users.txt -n openshift-config || echo "htpasswd secret exists" +rm $HTPASSWD_PATH/users.txt \ No newline at end of file diff --git a/ods_ci/build/install_idp_interop.sh b/ods_ci/build/install_idp_interop.sh new file mode 100755 index 000000000..326d58b88 --- /dev/null +++ b/ods_ci/build/install_idp_interop.sh @@ -0,0 +1,187 @@ +#!/bin/bash + +PROVIDER_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +OAUTH_LDAP_JSON="$(cat $PROVIDER_PATH/ldap/oauth-ldap.idp.json)" +TEST_VARIABLES_FILE="test-variables.yml" + +RAND="interop-$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 4)" +TEST_PASSWD="rhods-$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 4)" +TEST_ADMIN_PASSWD="rhods-$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 6)" + +export RAND +export TEST_PASSWD +export TEST_ADMIN_PASSWD + +install_htpasswd_identity_provider(){ + +# Test if any oauth identityProviders exists. If not, initialize the identityProvider list +CURRENT_IDP_LIST=$(oc get oauth cluster -o json | jq -e '.spec.identityProviders') +if [[ -z "${CURRENT_IDP_LIST}" ]] || [[ "${CURRENT_IDP_LIST}" == "null" ]]; then + echo 'No oauth identityProvider exists. Initializing oauth .spec.identityProviders = []' + oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders", "value": []}]' +fi + +$PROVIDER_PATH/htpasswd/htpasswd_installation.sh +# Patch in the HTPASSWD identityProviders +oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders/-", "value": {"name":"htpasswd-cluster-admin","mappingMethod":"claim","type":"HTPasswd","htpasswd":{"fileData":{"name":"htpasswd-secret"}}}}]' +} + +install_ldap_identity_provider(){ + +# Test if any oauth identityProviders exists. If not, initialize the identityProvider list +CURRENT_IDP_LIST=$(oc get oauth cluster -o json | jq -e '.spec.identityProviders') +if [[ -z "${CURRENT_IDP_LIST}" ]] || [[ "${CURRENT_IDP_LIST}" == "null" ]]; then + echo 'No oauth identityProvider exists. Initializing oauth .spec.identityProviders = []' + oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders", "value": []}]' +fi + +# Patch in the LDAP identityProviders +oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders/-", "value": '"$OAUTH_LDAP_JSON"'}]' + +$PROVIDER_PATH/ldap/ldap_installation.sh +} + +add_groups_users() { +# create groups +oc adm groups new rhods-admins +oc adm groups new rhods-users +oc adm groups new rhods-noaccess +oc adm groups new dedicated-admins +# add users to groups +function add_users_to_groups(){ +for i in {1..20} + do + oc adm groups add-users $1 $2$i + done +} +add_users_to_groups rhods-admins htpasswd-$RAND-admin +add_users_to_groups rhods-users htpasswd-$RAND-user +add_users_to_groups rhods-noaccess htpasswd-$RAND-noaccess +add_users_to_groups rhods-admins ldap-$RAND-admin +add_users_to_groups dedicated-admins ldap-$RAND-admin +add_users_to_groups rhods-users ldap-$RAND-user +add_users_to_groups rhods-noaccess ldap-$RAND-noaccess +oc adm groups add-users dedicated-admins htpasswd-$RAND-cluster-admin-user + +function add_special_users_to_groups(){ +declare -a StringArray=("." "^" "$" "*" "+" "?" "(" ")" "[" "]" "{" "}" "|" "@" ";" "<" ">") +for char in "${StringArray[@]}"; + do + oc adm groups add-users $1 $2$char + done +} +add_special_users_to_groups rhods-users htpasswd-$RAND-special +add_special_users_to_groups rhods-users ldap-$RAND-special + +oc adm groups add-users rhods-admins kubeadmin +oc adm groups add-users jupyterhub-users kubeadmin +oc adm policy add-cluster-role-to-group view rhods-admins +oc adm policy add-cluster-role-to-group cluster-admin dedicated-admins + +oc describe oauth.config.openshift.io/cluster +} + +function htpasswd_installation(){ + chk_htpasswd=1 + + while read -r line; do + + if [[ $line == *"cluster-admin"* ]]; then + echo -e "\033[0;33m Htpasswd Identity provider is installed. Skipping installation \033[0m" + chk_htpasswd=0 + break + fi + done < <(oc get oauth -o yaml) + + if [[ $chk_htpasswd == 1 ]]; then + install_htpasswd_identity_provider + fi +} + +function ldap_installation(){ + chk_ldap=1 + while read -r line; do + if [[ $line == *"ldap-provider-qe"* ]]; then + echo -e "\033[0;33m LDAP Identity provider is installed. Skipping installation \033[0m" + chk_ldap=0 + break + fi + done < <(oc get oauth -o yaml) + if [[ $chk_ldap == 1 ]]; then + install_ldap_identity_provider + fi +} + +function update_test_config(){ + echo "Update test config file..." + + AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred" + AWS_ACCESS_KEY_ID=$(cat $AWS_SHARED_CREDENTIALS_FILE | grep aws_access_key_id | tr -d ' ' | cut -d '=' -f 2) + AWS_SECRET_ACCESS_KEY=$(cat $AWS_SHARED_CREDENTIALS_FILE | grep aws_secret_access_key | tr -d ' ' | cut -d '=' -f 2) + + LDAP_USER_ADMIN1=ldap-$RAND-admin"1" + LDAP_USER_ADMIN2=ldap-$RAND-admin"2" + LDAP_USER_USER2=ldap-$RAND-user"2" + LDAP_USER_USER9=ldap-$RAND-user"9" + HTTP_CLUSTER_ADMIN=htpasswd-$RAND-cluster-admin-user + + export LDAP_USER_ADMIN1 + export LDAP_USER_ADMIN2 + export LDAP_USER_USER2 + export LDAP_USER_USER9 + export HTTP_CLUSTER_ADMIN + export AWS_ACCESS_KEY_ID + export AWS_SECRET_ACCESS_KEY + + yq -i '.OCP_ADMIN_USER.AUTH_TYPE="htpasswd-cluster-admin"' $TEST_VARIABLES_FILE + yq -i '.OCP_ADMIN_USER.USERNAME=env(HTTP_CLUSTER_ADMIN)' $TEST_VARIABLES_FILE + yq -i '.OCP_ADMIN_USER.PASSWORD=env(TEST_ADMIN_PASSWD)' $TEST_VARIABLES_FILE + + yq -i '.TEST_USER.AUTH_TYPE="ldap-provider-qe"' $TEST_VARIABLES_FILE + yq -i '.TEST_USER.USERNAME=env(LDAP_USER_ADMIN1)' $TEST_VARIABLES_FILE + yq -i '.TEST_USER.PASSWORD=env(TEST_PASSWD)' $TEST_VARIABLES_FILE + + yq -i '.TEST_USER_2.AUTH_TYPE="ldap-provider-qe"' $TEST_VARIABLES_FILE + yq -i '.TEST_USER_2.USERNAME=env(LDAP_USER_ADMIN2)' $TEST_VARIABLES_FILE + yq -i '.TEST_USER_2.PASSWORD=env(TEST_PASSWD)' $TEST_VARIABLES_FILE + + yq -i '.TEST_USER_3.AUTH_TYPE="ldap-provider-qe"' $TEST_VARIABLES_FILE + yq -i '.TEST_USER_3.USERNAME=env(LDAP_USER_USER2)' $TEST_VARIABLES_FILE + yq -i '.TEST_USER_3.PASSWORD=env(TEST_PASSWD)' $TEST_VARIABLES_FILE + + yq -i '.TEST_USER_4.AUTH_TYPE="ldap-provider-qe"' $TEST_VARIABLES_FILE + yq -i '.TEST_USER_4.USERNAME=env(LDAP_USER_USER9)' $TEST_VARIABLES_FILE + yq -i '.TEST_USER_4.PASSWORD=env(TEST_PASSWD)' $TEST_VARIABLES_FILE + + yq -i '.OCP_API_URL=env(OC_HOST)' $TEST_VARIABLES_FILE + yq -i '.OCP_CONSOLE_URL=env(OCP_CONSOLE)' $TEST_VARIABLES_FILE + yq -i '.ODH_DASHBOARD_URL=env(RHODS_DASHBOARD)' $TEST_VARIABLES_FILE + yq -i '.BROWSER.NAME="firefox"' $TEST_VARIABLES_FILE + yq -i '.S3.AWS_ACCESS_KEY_ID=env(AWS_ACCESS_KEY_ID)' $TEST_VARIABLES_FILE + yq -i '.S3.AWS_SECRET_ACCESS_KEY=env(AWS_SECRET_ACCESS_KEY)' $TEST_VARIABLES_FILE + + echo "OCP Console URL set to: $OCP_CONSOLE" + echo "RHODS API Server URL set to: $OC_HOST" + echo "RHODS Dashboard URL set to: $RHODS_DASHBOARD" +} + +htpasswd_installation +ldap_installation +add_groups_users +update_test_config +sleep 120 + +echo "Performing oc login using username and password" + +echo "USER: $LDAP_USER_ADMIN1" +echo "PASS: $TEST_PASSWD" +oc login "$OC_HOST" --username $LDAP_USER_ADMIN1 --password $TEST_PASSWD --insecure-skip-tls-verify=true || true +echo "login as cluster admin" +oc login "$OC_HOST" --username $HTTP_CLUSTER_ADMIN --password $TEST_ADMIN_PASSWD --insecure-skip-tls-verify=true +retVal=$? +if [ $retVal -ne 0 ]; then + echo "The oc login command seems to have failed" + echo "Please review the content of $TEST_VARIABLES_FILE" + exit "$retVal" +fi + diff --git a/ods_ci/build/ldap/ldap.yaml b/ods_ci/build/ldap/ldap.yaml new file mode 100644 index 000000000..a8a588f3f --- /dev/null +++ b/ods_ci/build/ldap/ldap.yaml @@ -0,0 +1,79 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: openldap +--- +apiVersion: v1 +data: + adminpassword: FOO_ADMIN + passwords: FOO_PASSWORD + users: FOO_USER +kind: Secret +metadata: + name: openldap + namespace: openldap +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + name: openldap + namespace: openldap + labels: + app.kubernetes.io/name: openldap +spec: + type: ClusterIP + ports: + - name: tcp-ldap + port: 1389 + targetPort: tcp-ldap + selector: + app.kubernetes.io/name: openldap +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: openldap + namespace: openldap + labels: + app.kubernetes.io/name: openldap +spec: + selector: + matchLabels: + app.kubernetes.io/name: openldap + replicas: 1 + template: + metadata: + labels: + app.kubernetes.io/name: openldap + spec: + containers: + - name: openldap + image: quay.io/croberts/openldapserver@sha256:9d4ec0a31b48e165cbef6950c29a0a71a9508cee74fbca2b9df8a9b36f776be1 + imagePullPolicy: "Always" + resources: + requests: + memory: "256Mi" + limits: + memory: "512Mi" + env: + - name: LDAP_ADMIN_USERNAME + value: "admin" + - name: LDAP_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: adminpassword + name: openldap + - name: LDAP_USERS + valueFrom: + secretKeyRef: + key: users + name: openldap + - name: LDAP_PASSWORDS + valueFrom: + secretKeyRef: + key: passwords + name: openldap + ports: + - name: tcp-ldap + containerPort: 1389 \ No newline at end of file diff --git a/ods_ci/build/ldap/ldap_installation.sh b/ods_ci/build/ldap/ldap_installation.sh new file mode 100755 index 000000000..1aaed33bc --- /dev/null +++ b/ods_ci/build/ldap/ldap_installation.sh @@ -0,0 +1,47 @@ +#!/bin/bash +LDAP_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +oc create secret generic ldap-bind-password --from-literal=bindPassword=adminpassword -n openshift-config || echo "ldap secret exists" +oc create ns openldap + +LDAP_USERS="" +LDAP_PASSWORDS="" + +function add_ldap_users(){ +for i in {1..20} + do + LDAP_USERS+="$1$i," + LDAP_PASSWORDS+="${TEST_PASSWD}," + done +} + +add_ldap_users ldap-$RAND-admin +add_ldap_users ldap-$RAND-user +add_ldap_users ldap-$RAND-noaccess + +function add_special_user(){ +declare -a StringArray=("." "^" "$" "*" "+" "?" "(" ")" "[" "]" "{" "}" "|" "@" ";" "<" ">") +for char in "${StringArray[@]}"; + do + LDAP_USERS+="$1$char," + LDAP_PASSWORDS+="${TEST_PASSWD}," + done +} +add_special_user ldap-$RAND-special + +LDAP_USERS=${LDAP_USERS::-1} +LDAP_PASSWORDS=${LDAP_PASSWORDS::-1} +LDAP_ADMIN_PASS="adminpass-$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 6)" + +echo "LDAP_USERS: $LDAP_USERS" +echo "LDAP_PASSWORDS: $LDAP_PASSWORDS" +ENCODED_USERS=$(echo -n $LDAP_USERS | base64 -w 0) +ENCODED_PASSWORDS=$(echo -n $LDAP_PASSWORDS | base64 -w 0) +ENCODED_ADMINPASS=$(echo -n $LDAP_ADMIN_PASS | base64 -w 0) + +sed -i'' -e "s|FOO_USER|$ENCODED_USERS|g" $LDAP_PATH/ldap.yaml +sed -i'' -e "s/FOO_PASSWORD/$ENCODED_PASSWORDS/g" $LDAP_PATH/ldap.yaml +sed -i'' -e "s/FOO_ADMIN/$ENCODED_ADMINPASS/g" $LDAP_PATH/ldap.yaml + +oc apply -f $LDAP_PATH/ldap.yaml + +sleep 60s diff --git a/ods_ci/build/ldap/oauth-ldap.idp.json b/ods_ci/build/ldap/oauth-ldap.idp.json new file mode 100644 index 000000000..ab7ac9e0c --- /dev/null +++ b/ods_ci/build/ldap/oauth-ldap.idp.json @@ -0,0 +1 @@ +{"ldap":{"attributes":{"email":[],"id":["dn"],"name":["cn"],"preferredUsername":["uid"]},"insecure":true,"bindDN":"cn=admin,dc=example,dc=org","bindPassword":{"name":"ldap-bind-password"},"url":"ldap://openldap.openldap.svc.cluster.local:1389/dc=example,dc=org?uid"},"mappingMethod":"claim","name":"ldap-provider-qe","type":"LDAP"} diff --git a/ods_ci/run_interop.sh b/ods_ci/run_interop.sh new file mode 100755 index 000000000..bc4c54afd --- /dev/null +++ b/ods_ci/run_interop.sh @@ -0,0 +1,17 @@ +TEST_CASE_FILE=tests/Tests +TEST_VARIABLES_FILE=test-variables.yml + +echo "Install IDP users and map them to test config file" +./build/install_idp_interop.sh + +if [[ -z "${TEST_SUITE}" ]]; then + echo "Define TEST_SUITE" + exit 1 +fi + +if [[ -z "${ARTIFACT_DIR}" ]]; then + echo "Define ARTIFACT_DIR" + ARTIFACT_DIR=/tmp +fi + +poetry run robot --include $TEST_SUITE -d ${ARTIFACT_DIR} -x xunit_test_result.xml -r test_report.html --variablefile ${TEST_VARIABLES_FILE} ${TEST_CASE_FILE}