Skip to content

Commit

Permalink
Build Interop testing image
Browse files Browse the repository at this point in the history
  • Loading branch information
liswang89 committed Nov 22, 2024
1 parent f9210df commit 8df2fdc
Show file tree
Hide file tree
Showing 9 changed files with 745 additions and 0 deletions.
54 changes: 54 additions & 0 deletions ods_ci/build/Dockerfile_interop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
FROM quay.io/centos/centos:stream9

# Use this build arg to set any default test script arguments
ENV RUN_SCRIPT_ARGS=${RUN_SCRIPT_ARGS}
ENV ROBOT_EXTRA_ARGS=''
ENV SET_ENVIRONMENT=0
ENV RETURN_PW=0
ENV OC_HOST=${OC_HOST}
ENV RUN_FROM_CONTAINER=1
ENV SE_BROWSER_PATH=/usr/bin/chromium-browser
ARG OC_VERSION=4.13
ARG OC_CHANNEL=stable
ARG PYTHON_VERSION=3.11

ENV ODS_VENV="/ods_venv" \
HOME="/ods_venv" \
PATH="ods_venv/bin:${PATH}" \
AM_I_IN_CONTAINER="Yes" \
PYTHONUNBUFFERED="True"

WORKDIR /ods_venv

COPY . ${ODS_VENV}
COPY ods_ci/test-variables.yml.example ${ODS_VENV}/ods_ci/test-variables.yml

RUN dnf install epel-release -y &&\
dnf -y update &&\
dnf install -y jq git unzip chromium chromedriver httpd-tools gcc \
python3 python3-devel python3-distro python-pip python${PYTHON_VERSION} python${PYTHON_VERSION}-devel &&\
dnf clean all && rm -rf /var/cache/yum &&\
curl --proto "=https" -L https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -o /usr/bin/yq &&\
chmod +x /usr/bin/yq &&\
curl --proto "=https" -L https://mirror.openshift.com/pub/openshift-v$(echo ${OC_VERSION} | cut -d'.' -f 1)/x86_64/clients/ocp/${OC_CHANNEL}-${OC_VERSION}/openshift-client-linux.tar.gz -o ${HOME}/oc_client.tar.gz && \
tar xvf ${HOME}/oc_client.tar.gz -C /usr/local/bin/ && \
rm -rf ${HOME}/oc_client.tar.gz && rm /usr/local/bin/README.md && chmod 755 /usr/local/bin/oc && oc version --client && \
curl --proto "=https" -L https://github.com/openshift-online/ocm-cli/releases/download/v0.1.62/ocm-linux-amd64 -o ${HOME}/ocm && \
mv ${HOME}/ocm /usr/local/bin/ && chmod 755 /usr/local/bin/ocm && ocm version

RUN alternatives --install /usr/local/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 1
RUN python3 --version
RUN curl -sSL https://install.python-poetry.org | python3 -
ENV PATH="${PATH}:${HOME}/.local/bin"
RUN poetry install

ENV REQUESTS_CA_BUNDLE="/etc/pki/tls/certs/ca-bundle.crt"
RUN curl -L https://certs.corp.redhat.com/certs/Current-IT-Root-CAs.pem \
-o /etc/pki/ca-trust/source/anchors/Current-IT-Root-CAs.pem && \
update-ca-trust

RUN chgrp -R 0 ${ODS_VENV} && \
chmod -R g+rwX ${ODS_VENV}

USER 1001
WORKDIR ${ODS_VENV}/ods_ci
22 changes: 22 additions & 0 deletions ods_ci/build/htpasswd/htpasswd_generator.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#!/bin/bash
touch users.txt
function generate_htpasswd_user(){
for i in {1..20}
do
htpasswd -b -B users.txt $1$i $2
done
}
generate_htpasswd_user htpasswd-admin rhodsPW#1
generate_htpasswd_user htpasswd-user rhodsPW#1
generate_htpasswd_user htpasswd-noaccess rhodsPW#1
htpasswd -b -B users.txt htpasswd-cluster-admin-user rhodsPW#123456
htpasswd -b -B users.txt collision-user rhodsPW#1

function generate_special_user(){
declare -a StringArray=("." "^" "$" "*" "+" "?" "(" ")" "[" "]" "{" "}" "\\" "|" "@" ";" "<" ">")
for char in "${StringArray[@]}";
do
htpasswd -b -B users.txt $1$char $2
done
}
generate_special_user htpasswd-special rhodsPW#1
6 changes: 6 additions & 0 deletions ods_ci/build/htpasswd/htpasswd_installation.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/bin/bash
HTPASSWD_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
./$HTPASSWD_PATH/htpasswd_generator.sh
oc create secret generic htpasswd-bind-password --from-file=htpasswd=$HTPASSWD_PATH/users.txt -n openshift-config || echo "htpasswd secret exists"

rm $HTPASSWD_PATH/users.txt
1 change: 1 addition & 0 deletions ods_ci/build/htpasswd/oauth-htpasswd.idp.json
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"name":"htpasswd-cluster-admin","mappingMethod":"claim","type":"HTPasswd","htpasswd":{"fileData":{"name":"htpasswd-bind-password"}}, "comment": "notsecret"}
127 changes: 127 additions & 0 deletions ods_ci/build/install_idp_interop.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
#!/bin/bash

PROVIDER_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
OAUTH_HTPASSWD_JSON="$(cat $PROVIDER_PATH/htpasswd/oauth-htpasswd.idp.json)"
OAUTH_LDAP_JSON="$(cat $PROVIDER_PATH/ldap/oauth-ldap.idp.json)"
TEST_VARIABLES_FILE="test-variables.yml"

install_htpasswd_identity_provider(){

# Test if any oauth identityProviders exists. If not, initialize the identityProvider list
CURRENT_IDP_LIST=$(oc get oauth cluster -o json | jq -e '.spec.identityProviders')
if [[ -z "${CURRENT_IDP_LIST}" ]] || [[ "${CURRENT_IDP_LIST}" == "null" ]]; then
echo 'No oauth identityProvider exists. Initializing oauth .spec.identityProviders = []'
oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders", "value": []}]'
fi

# Patch in the HTPASSWD identityProviders
oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders/-", "value": '"$OAUTH_HTPASSWD_JSON"'}]'

$PROVIDER_PATH/htpasswd/htpasswd_installation.sh
}

install_ldap_identity_provider(){

# Test if any oauth identityProviders exists. If not, initialize the identityProvider list
CURRENT_IDP_LIST=$(oc get oauth cluster -o json | jq -e '.spec.identityProviders')
if [[ -z "${CURRENT_IDP_LIST}" ]] || [[ "${CURRENT_IDP_LIST}" == "null" ]]; then
echo 'No oauth identityProvider exists. Initializing oauth .spec.identityProviders = []'
oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders", "value": []}]'
fi

# Patch in the LDAP identityProviders
oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders/-", "value": '"$OAUTH_LDAP_JSON"'}]'

$PROVIDER_PATH/ldap/ldap_installation.sh
}

add_groups_users() {
# create groups
oc adm groups new rhods-admins
oc adm groups new rhods-users
oc adm groups new rhods-noaccess
oc adm groups new dedicated-admins
# add users to groups
function add_users_to_groups(){
for i in {1..10}
do
oc adm groups add-users $1 $2$i
done
}
add_users_to_groups rhods-admins htpasswd-admin
add_users_to_groups rhods-users htpasswd-user
add_users_to_groups rhods-noaccess htpasswd-noaccess
add_users_to_groups rhods-admins ldap-admin
add_users_to_groups dedicated-admins ldap-admin
add_users_to_groups rhods-users ldap-user
add_users_to_groups rhods-noaccess ldap-noaccess
oc adm groups add-users dedicated-admins htpasswd-cluster-admin-user

oc adm groups add-users rhods-admins kubeadmin
oc adm policy add-cluster-role-to-group view rhods-admins
oc adm policy add-cluster-role-to-group cluster-admin dedicated-admins

oc describe oauth.config.openshift.io/cluster
}

function htpasswd_installation(){
chk_htpasswd=1

while read -r line; do

if [[ $line == *"htpasswd-cluster-admin"* ]]; then
echo -e "\033[0;33m Htpasswd Identity provider is installed. Skipping installation \033[0m"
chk_htpasswd=0
break
fi
done < <(oc get oauth -o yaml)

if [[ $chk_htpasswd == 1 ]]; then
install_htpasswd_identity_provider
fi
}

function ldap_installation(){
chk_ldap=1
while read -r line; do
if [[ $line == *"ldap-provider-qe"* ]]; then
echo -e "\033[0;33m LDAP Identity provider is installed. Skipping installation \033[0m"
chk_ldap=0
break
fi
done < <(oc get oauth -o yaml)
if [[ $chk_ldap == 1 ]]; then
install_ldap_identity_provider
fi
}

function updateTestConfig(){
ldap_pass="rhodsPW#1"
export ldap_pass=$ldap_pass

yq -i '.OCP_ADMIN_USER.AUTH_TYPE="htpasswd-cluster-admin"' ${TEST_VARIABLES_FILE}
yq -i '.OCP_ADMIN_USER.USERNAME="htpasswd-cluster-admin-user"' ${TEST_VARIABLES_FILE}
yq -i '.OCP_ADMIN_USER.PASSWORD="rhodsPW#123456"' ${TEST_VARIABLES_FILE}

yq -i '.TEST_USER.AUTH_TYPE="ldap-provider-qe"' ${TEST_VARIABLES_FILE}
yq -i '.TEST_USER.USERNAME="ldap-admin1"' ${TEST_VARIABLES_FILE}
yq -i '.TEST_USER.PASSWORD=env(ldap_pass)' ${TEST_VARIABLES_FILE}

yq -i '.TEST_USER_2.AUTH_TYPE="ldap-provider-qe"' ${TEST_VARIABLES_FILE}
yq -i '.TEST_USER_2.USERNAME="ldap-admin2"' ${TEST_VARIABLES_FILE}
yq -i '.TEST_USER_2.PASSWORD=env(ldap_pass)' ${TEST_VARIABLES_FILE}

yq -i '.TEST_USER_3.AUTH_TYPE="ldap-provider-qe"' ${TEST_VARIABLES_FILE}
yq -i '.TEST_USER_3.USERNAME="ldap-user2"' ${TEST_VARIABLES_FILE}
yq -i '.TEST_USER_3.PASSWORD=env(ldap_pass)' ${TEST_VARIABLES_FILE}

yq -i '.TEST_USER_4.AUTH_TYPE="ldap-provider-qe"' ${TEST_VARIABLES_FILE}
yq -i '.TEST_USER_4.USERNAME="ldap-user9"' ${TEST_VARIABLES_FILE}
yq -i '.TEST_USER_4.PASSWORD=env(ldap_pass)' ${TEST_VARIABLES_FILE}
}

htpasswd_installation
ldap_installation
add_groups_users
updateTestConfig
sleep 60
67 changes: 67 additions & 0 deletions ods_ci/build/ldap/ldap.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
apiVersion: v1
kind: Service
metadata:
name: openldap
namespace: openldap
labels:
app.kubernetes.io/name: openldap
spec:
type: ClusterIP
ports:
- name: tcp-ldap
port: 1389
targetPort: tcp-ldap
selector:
app.kubernetes.io/name: openldap
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: openldap
namespace: openldap
labels:
app.kubernetes.io/name: openldap
spec:
selector:
matchLabels:
app.kubernetes.io/name: openldap
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: openldap
spec:
automountServiceAccountToken: false
containers:
- name: openldap
image: quay.io/croberts/openldapserver@sha256:9d4ec0a31b48e165cbef6950c29a0a71a9508cee74fbca2b9df8a9b36f776be1
imagePullPolicy: "Always"
resources:
requests:
memory: "256Mi"
cpu: '1'
ephemeral-storage: "2Gi"
limits:
memory: "512Mi"
ephemeral-storage: "2Gi"
env:
- name: LDAP_ADMIN_USERNAME
value: "admin"
- name: LDAP_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: adminpassword
name: openldap
- name: LDAP_USERS
valueFrom:
secretKeyRef:
key: users
name: openldap
- name: LDAP_PASSWORDS
valueFrom:
secretKeyRef:
key: passwords
name: openldap
ports:
- name: tcp-ldap
containerPort: 1389
30 changes: 30 additions & 0 deletions ods_ci/build/ldap/ldap_installation.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/bin/bash
user_list=""
password_list=""

function add_users_to_file(){
for i in {1..10}
do
user_list+="$1$i,"
password_list+="rhodsPW#1,"
done
}

add_users_to_file ldap-admin
add_users_to_file ldap-user
add_users_to_file ldap-noaccess

echo "${user_list%,}" > users.txt
echo "${password_list%,}" > password.txt

oc create ns openldap
oc create secret generic openldap \
-n openldap \
--from-literal=adminpassword=adminpassword \
--from-file=passwords=password.txt \
--from-file=users=users.txt

LDAP_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
oc create secret generic ldap-bind-password --from-literal=bindPassword=adminpassword -n openshift-config || echo "ldap secret exists"
oc apply -f $LDAP_PATH/ldap.yaml
sleep 25s
1 change: 1 addition & 0 deletions ods_ci/build/ldap/oauth-ldap.idp.json
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"ldap":{"attributes":{"email":[],"id":["dn"],"name":["cn"],"preferredUsername":["uid"]},"insecure":true,"bindDN":"cn=admin,dc=example,dc=org","bindPassword":{"name":"ldap-bind-password"},"url":"ldap://openldap.openldap.svc.cluster.local:1389/dc=example,dc=org?uid"},"mappingMethod":"claim","name":"ldap-provider-qe","type":"LDAP"}
Loading

0 comments on commit 8df2fdc

Please sign in to comment.