Build Interop testing image

ods_ci/build/Dockerfile_interop

@@ -0,0 +1,54 @@
+FROM quay.io/centos/centos:stream9
+
+# Use this build arg to set any default test script arguments
+ENV RUN_SCRIPT_ARGS=${RUN_SCRIPT_ARGS}
+ENV ROBOT_EXTRA_ARGS=''
+ENV SET_ENVIRONMENT=0
+ENV RETURN_PW=0
+ENV OC_HOST=${OC_HOST}
+ENV RUN_FROM_CONTAINER=1
+ENV SE_BROWSER_PATH=/usr/bin/chromium-browser
+ARG OC_VERSION=4.13
+ARG OC_CHANNEL=stable
+ARG PYTHON_VERSION=3.11
+
+ENV ODS_VENV="/ods_venv" \
+    HOME="/ods_venv" \
+    PATH="ods_venv/bin:${PATH}" \
+    AM_I_IN_CONTAINER="Yes" \
+    PYTHONUNBUFFERED="True"
+
+WORKDIR /ods_venv
+
+COPY . ${ODS_VENV}
+COPY ods_ci/test-variables.yml.example ${ODS_VENV}/ods_ci/test-variables.yml
+
+RUN dnf install epel-release -y &&\
+    dnf -y update &&\
+    dnf install -y jq git unzip chromium chromedriver httpd-tools gcc \
+                   python3 python3-devel python3-distro python-pip python${PYTHON_VERSION} python${PYTHON_VERSION}-devel &&\
+    dnf clean all && rm -rf /var/cache/yum &&\
+    curl --proto "=https" -L https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -o /usr/bin/yq &&\
+    chmod +x /usr/bin/yq &&\
+    curl --proto "=https" -L https://mirror.openshift.com/pub/openshift-v$(echo ${OC_VERSION} | cut -d'.' -f 1)/x86_64/clients/ocp/${OC_CHANNEL}-${OC_VERSION}/openshift-client-linux.tar.gz -o ${HOME}/oc_client.tar.gz && \
+    tar xvf ${HOME}/oc_client.tar.gz -C /usr/local/bin/ && \
+    rm -rf ${HOME}/oc_client.tar.gz && rm /usr/local/bin/README.md && chmod 755 /usr/local/bin/oc && oc version --client && \
+    curl --proto "=https" -L https://github.com/openshift-online/ocm-cli/releases/download/v0.1.62/ocm-linux-amd64 -o ${HOME}/ocm && \
+    mv ${HOME}/ocm /usr/local/bin/ && chmod 755 /usr/local/bin/ocm && ocm version
+
+RUN alternatives --install /usr/local/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 1
+RUN python3 --version
+RUN curl -sSL https://install.python-poetry.org | python3 -
+ENV PATH="${PATH}:${HOME}/.local/bin"
+RUN poetry install
+
+ENV REQUESTS_CA_BUNDLE="/etc/pki/tls/certs/ca-bundle.crt"
+RUN curl -L https://certs.corp.redhat.com/certs/Current-IT-Root-CAs.pem \
+         -o /etc/pki/ca-trust/source/anchors/Current-IT-Root-CAs.pem && \
+    update-ca-trust
+
+RUN chgrp -R 0 ${ODS_VENV} && \
+    chmod -R g+rwX ${ODS_VENV}
+
+USER 1001
+WORKDIR ${ODS_VENV}/ods_ci

ods_ci/build/htpasswd/htpasswd_installation.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+HTPASSWD_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+oc create secret generic htpasswd-bind-password --from-file=htpasswd=$HTPASSWD_PATH/users.txt -n openshift-config || echo "htpasswd secret exists"

ods_ci/build/htpasswd/oauth-htpasswd.idp.json

@@ -0,0 +1 @@
+{"name":"htpasswd-cluster-admin","mappingMethod":"claim","type":"HTPasswd","htpasswd":{"fileData":{"name":"htpasswd-bind-password"}}, "comment": "notsecret"}

ods_ci/build/install_idp_interop.sh

@@ -0,0 +1,144 @@
+#!/bin/bash
+
+PROVIDER_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+OAUTH_HTPASSWD_JSON="$(cat $PROVIDER_PATH/htpasswd/oauth-htpasswd.idp.json)"
+OAUTH_LDAP_JSON="$(cat $PROVIDER_PATH/ldap/oauth-ldap.idp.json)"
+ARTIFACT_DIR="."
+TEST_VARIABLES_FILE="test-variables.yml"
+
+install_htpasswd_identity_provider(){
+
+# Test if any oauth identityProviders exists. If not, initialize the identityProvider list
+CURRENT_IDP_LIST=$(oc get oauth cluster -o json | jq -e '.spec.identityProviders')
+if [[ -z "${CURRENT_IDP_LIST}" ]] || [[  "${CURRENT_IDP_LIST}" == "null" ]]; then
+  echo 'No oauth identityProvider exists. Initializing oauth .spec.identityProviders = []'
+  oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders", "value": []}]'
+fi
+
+# Patch in the HTPASSWD identityProviders
+oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders/-", "value": '"$OAUTH_HTPASSWD_JSON"'}]'
+
+$PROVIDER_PATH/htpasswd/htpasswd_installation.sh
+}
+
+install_ldap_identity_provider(){
+
+# Test if any oauth identityProviders exists. If not, initialize the identityProvider list
+CURRENT_IDP_LIST=$(oc get oauth cluster -o json | jq -e '.spec.identityProviders')
+if [[ -z "${CURRENT_IDP_LIST}" ]] || [[  "${CURRENT_IDP_LIST}" == "null" ]]; then
+  echo 'No oauth identityProvider exists. Initializing oauth .spec.identityProviders = []'
+  oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders", "value": []}]'
+fi
+
+# Patch in the LDAP identityProviders
+oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders/-", "value": '"$OAUTH_LDAP_JSON"'}]'
+
+$PROVIDER_PATH/ldap/ldap_installation.sh
+}
+
+add_groups_users() {
+# create groups
+oc adm groups new rhods-admins
+oc adm groups new rhods-users
+oc adm groups new rhods-noaccess
+oc adm groups new dedicated-admins
+# add users to groups
+function add_users_to_groups(){
+for i in {1..10}
+  do
+    oc adm groups add-users $1 $2$i 
+  done
+}
+add_users_to_groups rhods-admins htpasswd-admin
+add_users_to_groups rhods-users htpasswd-user
+add_users_to_groups rhods-noaccess htpasswd-noaccess
+add_users_to_groups rhods-admins ldap-admin
+add_users_to_groups dedicated-admins ldap-admin
+add_users_to_groups rhods-users ldap-user
+add_users_to_groups rhods-noaccess ldap-noaccess
+oc adm groups add-users dedicated-admins htpasswd-cluster-admin-user
+
+oc adm groups add-users rhods-admins kubeadmin
+oc adm policy add-cluster-role-to-group view rhods-admins
+oc adm policy add-cluster-role-to-group cluster-admin dedicated-admins
+
+oc describe oauth.config.openshift.io/cluster
+}
+
+function htpasswd_installation(){
+  chk_htpasswd=1
+
+  while read -r line; do
+
+    if [[ $line == *"htpasswd-cluster-admin"* ]]; then
+        echo -e "\033[0;33m Htpasswd Identity provider is installed. Skipping installation \033[0m"
+        chk_htpasswd=0
+        break
+    fi
+  done < <(oc get oauth -o yaml)
+
+  if [[ $chk_htpasswd == 1 ]]; then
+    install_htpasswd_identity_provider
+  fi
+}
+
+function ldap_installation(){
+  chk_ldap=1
+  while read -r line; do
+    if [[ $line == *"ldap-provider-qe"* ]]; then
+	    echo -e "\033[0;33m LDAP Identity provider is installed. Skipping installation \033[0m"
+	    chk_ldap=0
+        break
+    fi
+  done < <(oc get oauth -o yaml)
+  if [[ $chk_ldap == 1 ]]; then
+    install_ldap_identity_provider
+  fi
+}
+
+function createHtpasswdIDP(){
+    htpasswd -b -B -c $ARTIFACT_DIR/users.txt htpasswd-cluster-admin-user rhodsPW#123456
+    oc create secret generic htpasswd-bind-password --from-file=htpasswd=$ARTIFACT_DIR/users.txt -n openshift-config
+    oc delete identity htpasswd-cluster-admin:htpasswd-cluster-admin-user --ignore-not-found
+    oc patch oauth cluster --type json -p '[{op: add, path: /spec/identityProviders, value: []}]'
+    oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders/-", "value": {"name":"htpasswd-cluster-admin","mappingMethod":"claim","type":"HTPasswd","htpasswd":{"fileData":{"name":"htpasswd-bind-password"}}}}]'
+    oc delete groups dedicated-admins --ignore-not-found
+    oc adm groups new dedicated-admins
+    oc delete user htpasswd-cluster-admin-user --ignore-not-found -n openshift-config
+    oc create user htpasswd-cluster-admin-user
+    oc adm groups add-users dedicated-admins htpasswd-cluster-admin-user
+    oc adm policy add-cluster-role-to-group cluster-admin dedicated-admins
+    oc adm policy add-cluster-role-to-user cluster-admin htpasswd-cluster-admin-user
+}
+
+function updateTestConfig(){
+    ldap_pass="rhodsPW#1"
+    export ldap_pass=$ldap_pass
+
+    yq -i '.OCP_ADMIN_USER.AUTH_TYPE="htpasswd-cluster-admin"' ${TEST_VARIABLES_FILE}
+    yq -i '.OCP_ADMIN_USER.USERNAME="htpasswd-cluster-admin-user"' ${TEST_VARIABLES_FILE}
+    yq -i '.OCP_ADMIN_USER.PASSWORD="rhodsPW#123456"' ${TEST_VARIABLES_FILE}
+
+    yq -i '.TEST_USER.AUTH_TYPE="ldap-provider-qe"' ${TEST_VARIABLES_FILE}
+    yq -i '.TEST_USER.USERNAME="ldap-admin1"' ${TEST_VARIABLES_FILE}
+    yq -i '.TEST_USER.PASSWORD=env(ldap_pass)' ${TEST_VARIABLES_FILE}
+
+    yq -i '.TEST_USER_2.AUTH_TYPE="ldap-provider-qe"' ${TEST_VARIABLES_FILE}
+    yq -i '.TEST_USER_2.USERNAME="ldap-admin2"' ${TEST_VARIABLES_FILE}
+    yq -i '.TEST_USER_2.PASSWORD=env(ldap_pass)' ${TEST_VARIABLES_FILE}
+
+    yq -i '.TEST_USER_3.AUTH_TYPE="ldap-provider-qe"' ${TEST_VARIABLES_FILE}
+    yq -i '.TEST_USER_3.USERNAME="ldap-user2"' ${TEST_VARIABLES_FILE}
+    yq -i '.TEST_USER_3.PASSWORD=env(ldap_pass)' ${TEST_VARIABLES_FILE}
+
+    yq -i '.TEST_USER_4.AUTH_TYPE="ldap-provider-qe"' ${TEST_VARIABLES_FILE}
+    yq -i '.TEST_USER_4.USERNAME="ldap-user9"' ${TEST_VARIABLES_FILE}
+    yq -i '.TEST_USER_4.PASSWORD=env(ldap_pass)' ${TEST_VARIABLES_FILE}
+}
+
+createHtpasswdIDP
+htpasswd_installation
+ldap_installation
+add_groups_users
+updateTestConfig
+sleep 60

ods_ci/build/ldap/ldap.yaml

@@ -0,0 +1,86 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openldap
+---
+apiVersion: v1
+data:
+  #Password is “adminpassword”
+  adminpassword: YWRtaW5wYXNzd29yZA==
+  #Password is “rhodsPW#1”
+  passwords: cmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMSxyaG9kc1BXIzEscmhvZHNQVyMxLHJob2RzUFcjMQ==
+  users: bGRhcC1hZG1pbjEsbGRhcC1hZG1pbjIsbGRhcC1hZG1pbjMsbGRhcC1hZG1pbjQsbGRhcC1hZG1pbjUsbGRhcC1hZG1pbjYsbGRhcC1hZG1pbjcsbGRhcC1hZG1pbjgsbGRhcC1hZG1pbjksbGRhcC1hZG1pbjEwLGxkYXAtYWRtaW4xMSxsZGFwLWFkbWluMTIsbGRhcC1hZG1pbjEzLGxkYXAtYWRtaW4xNCxsZGFwLWFkbWluMTUsbGRhcC1hZG1pbjE2LGxkYXAtYWRtaW4xNyxsZGFwLWFkbWluMTgsbGRhcC1hZG1pbjE5LGxkYXAtYWRtaW4yMCxsZGFwLXVzZXIxLGxkYXAtdXNlcjIsbGRhcC11c2VyMyxsZGFwLXVzZXI0LGxkYXAtdXNlcjUsbGRhcC11c2VyNixsZGFwLXVzZXI3LGxkYXAtdXNlcjgsbGRhcC11c2VyOSxsZGFwLXVzZXIxMCxsZGFwLXVzZXIxMSxsZGFwLXVzZXIxMixsZGFwLXVzZXIxMyxsZGFwLXVzZXIxNCxsZGFwLXVzZXIxNSxsZGFwLXVzZXIxNixsZGFwLXVzZXIxNyxsZGFwLXVzZXIxOCxsZGFwLXVzZXIxOSxsZGFwLXVzZXIyMCxsZGFwLW5vYWNjZXNzMSxsZGFwLW5vYWNjZXNzMixsZGFwLW5vYWNjZXNzMyxsZGFwLW5vYWNjZXNzNCxsZGFwLW5vYWNjZXNzNSxsZGFwLW5vYWNjZXNzNixsZGFwLW5vYWNjZXNzNyxsZGFwLW5vYWNjZXNzOCxsZGFwLW5vYWNjZXNzOSxsZGFwLW5vYWNjZXNzMTAsbGRhcC1ub2FjY2VzczExLGxkYXAtbm9hY2Nlc3MxMixsZGFwLW5vYWNjZXNzMTMsbGRhcC1ub2FjY2VzczE0LGxkYXAtbm9hY2Nlc3MxNSxsZGFwLW5vYWNjZXNzMTYsbGRhcC1ub2FjY2VzczE3LGxkYXAtbm9hY2Nlc3MxOCxsZGFwLW5vYWNjZXNzMTksbGRhcC1ub2FjY2VzczIwLGNvbGxpc2lvbi11c2VyLCBsZGFwLXNwZWNpYWw/LGxkYXAtc3BlY2lhbC4sbGRhcC1zcGVjaWFsXixsZGFwLXNwZWNpYWwkLGxkYXAtc3BlY2lhbCosbGRhcC1zcGVjaWFsKCxsZGFwLXNwZWNpYWwpLGxkYXAtc3BlY2lhbFssbGRhcC1zcGVjaWFsXSxsZGFwLXNwZWNpYWx7LGxkYXAtc3BlY2lhbH0sbGRhcC1zcGVjaWFsfCxsZGFwLXNwZWNpYWxA
+kind: Secret
+metadata:
+  name: openldap
+  namespace: openldap
+type: Opaque
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: openldap
+  namespace: openldap
+  labels:
+    app.kubernetes.io/name: openldap
+spec:
+  type: ClusterIP
+  ports:
+    - name: tcp-ldap
+      port: 1389
+      targetPort: tcp-ldap
+  selector:
+    app.kubernetes.io/name: openldap
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: openldap
+  namespace: openldap
+  labels:
+    app.kubernetes.io/name: openldap
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: openldap
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: openldap
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - name: openldap
+          image: quay.io/croberts/openldapserver@sha256:9d4ec0a31b48e165cbef6950c29a0a71a9508cee74fbca2b9df8a9b36f776be1
+          imagePullPolicy: "Always"
+          resources:
+            limits:
+              cpu: 500m
+              memory: "512Mi"
+              ephemeral-storage: "512Mi"
+            requests:
+              cpu: 500m
+              memory: "256Mi"
+              ephemeral-storage: "256Mi"
+          env:
+            - name: LDAP_ADMIN_USERNAME
+              value: "admin"
+            - name: LDAP_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: adminpassword
+                  name: openldap
+            - name: LDAP_USERS
+              valueFrom:
+                secretKeyRef:
+                  key: users
+                  name: openldap
+            - name: LDAP_PASSWORDS
+              valueFrom:
+                secretKeyRef:
+                  key: passwords
+                  name: openldap
+          ports:
+            - name: tcp-ldap
+              containerPort: 1389

ods_ci/build/ldap/ldap_installation.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+LDAP_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+oc create secret generic ldap-bind-password --from-literal=bindPassword=adminpassword -n openshift-config || echo "ldap secret exists"
+oc apply -f $LDAP_PATH/ldap.yaml
+sleep 25s

ods_ci/build/ldap/oauth-ldap.idp.json

@@ -0,0 +1 @@
+{"ldap":{"attributes":{"email":[],"id":["dn"],"name":["cn"],"preferredUsername":["uid"]},"insecure":true,"bindDN":"cn=admin,dc=example,dc=org","bindPassword":{"name":"ldap-bind-password"},"url":"ldap://openldap.openldap.svc.cluster.local:1389/dc=example,dc=org?uid"},"mappingMethod":"claim","name":"ldap-provider-qe","type":"LDAP"}