-
Notifications
You must be signed in to change notification settings - Fork 83
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
9 changed files
with
745 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
FROM quay.io/centos/centos:stream9 | ||
|
||
# Use this build arg to set any default test script arguments | ||
ENV RUN_SCRIPT_ARGS=${RUN_SCRIPT_ARGS} | ||
ENV ROBOT_EXTRA_ARGS='' | ||
ENV SET_ENVIRONMENT=0 | ||
ENV RETURN_PW=0 | ||
ENV OC_HOST=${OC_HOST} | ||
ENV RUN_FROM_CONTAINER=1 | ||
ENV SE_BROWSER_PATH=/usr/bin/chromium-browser | ||
ARG OC_VERSION=4.13 | ||
ARG OC_CHANNEL=stable | ||
ARG PYTHON_VERSION=3.11 | ||
|
||
ENV ODS_VENV="/ods_venv" \ | ||
HOME="/ods_venv" \ | ||
PATH="ods_venv/bin:${PATH}" \ | ||
AM_I_IN_CONTAINER="Yes" \ | ||
PYTHONUNBUFFERED="True" | ||
|
||
WORKDIR /ods_venv | ||
|
||
COPY . ${ODS_VENV} | ||
COPY ods_ci/test-variables.yml.example ${ODS_VENV}/ods_ci/test-variables.yml | ||
|
||
RUN dnf install epel-release -y &&\ | ||
dnf -y update &&\ | ||
dnf install -y jq git unzip chromium chromedriver httpd-tools gcc \ | ||
python3 python3-devel python3-distro python-pip python${PYTHON_VERSION} python${PYTHON_VERSION}-devel &&\ | ||
dnf clean all && rm -rf /var/cache/yum &&\ | ||
curl --proto "=https" -L https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -o /usr/bin/yq &&\ | ||
chmod +x /usr/bin/yq &&\ | ||
curl --proto "=https" -L https://mirror.openshift.com/pub/openshift-v$(echo ${OC_VERSION} | cut -d'.' -f 1)/x86_64/clients/ocp/${OC_CHANNEL}-${OC_VERSION}/openshift-client-linux.tar.gz -o ${HOME}/oc_client.tar.gz && \ | ||
tar xvf ${HOME}/oc_client.tar.gz -C /usr/local/bin/ && \ | ||
rm -rf ${HOME}/oc_client.tar.gz && rm /usr/local/bin/README.md && chmod 755 /usr/local/bin/oc && oc version --client && \ | ||
curl --proto "=https" -L https://github.com/openshift-online/ocm-cli/releases/download/v0.1.62/ocm-linux-amd64 -o ${HOME}/ocm && \ | ||
mv ${HOME}/ocm /usr/local/bin/ && chmod 755 /usr/local/bin/ocm && ocm version | ||
|
||
RUN alternatives --install /usr/local/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 1 | ||
RUN python3 --version | ||
RUN curl -sSL https://install.python-poetry.org | python3 - | ||
ENV PATH="${PATH}:${HOME}/.local/bin" | ||
RUN poetry install | ||
|
||
ENV REQUESTS_CA_BUNDLE="/etc/pki/tls/certs/ca-bundle.crt" | ||
RUN curl -L https://certs.corp.redhat.com/certs/Current-IT-Root-CAs.pem \ | ||
-o /etc/pki/ca-trust/source/anchors/Current-IT-Root-CAs.pem && \ | ||
update-ca-trust | ||
|
||
RUN chgrp -R 0 ${ODS_VENV} && \ | ||
chmod -R g+rwX ${ODS_VENV} | ||
|
||
USER 1001 | ||
WORKDIR ${ODS_VENV}/ods_ci |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
#!/bin/bash | ||
touch users.txt | ||
function generate_htpasswd_user(){ | ||
for i in {1..20} | ||
do | ||
htpasswd -b -B users.txt $1$i $2 | ||
done | ||
} | ||
generate_htpasswd_user htpasswd-admin rhodsPW#1 | ||
generate_htpasswd_user htpasswd-user rhodsPW#1 | ||
generate_htpasswd_user htpasswd-noaccess rhodsPW#1 | ||
htpasswd -b -B users.txt htpasswd-cluster-admin-user rhodsPW#123456 | ||
htpasswd -b -B users.txt collision-user rhodsPW#1 | ||
|
||
function generate_special_user(){ | ||
declare -a StringArray=("." "^" "$" "*" "+" "?" "(" ")" "[" "]" "{" "}" "\\" "|" "@" ";" "<" ">") | ||
for char in "${StringArray[@]}"; | ||
do | ||
htpasswd -b -B users.txt $1$char $2 | ||
done | ||
} | ||
generate_special_user htpasswd-special rhodsPW#1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
#!/bin/bash | ||
HTPASSWD_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" | ||
./$HTPASSWD_PATH/htpasswd_generator.sh | ||
oc create secret generic htpasswd-bind-password --from-file=htpasswd=$HTPASSWD_PATH/users.txt -n openshift-config || echo "htpasswd secret exists" | ||
|
||
rm $HTPASSWD_PATH/users.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{"name":"htpasswd-cluster-admin","mappingMethod":"claim","type":"HTPasswd","htpasswd":{"fileData":{"name":"htpasswd-bind-password"}}, "comment": "notsecret"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,127 @@ | ||
#!/bin/bash | ||
|
||
PROVIDER_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" | ||
OAUTH_HTPASSWD_JSON="$(cat $PROVIDER_PATH/htpasswd/oauth-htpasswd.idp.json)" | ||
OAUTH_LDAP_JSON="$(cat $PROVIDER_PATH/ldap/oauth-ldap.idp.json)" | ||
TEST_VARIABLES_FILE="test-variables.yml" | ||
|
||
install_htpasswd_identity_provider(){ | ||
|
||
# Test if any oauth identityProviders exists. If not, initialize the identityProvider list | ||
CURRENT_IDP_LIST=$(oc get oauth cluster -o json | jq -e '.spec.identityProviders') | ||
if [[ -z "${CURRENT_IDP_LIST}" ]] || [[ "${CURRENT_IDP_LIST}" == "null" ]]; then | ||
echo 'No oauth identityProvider exists. Initializing oauth .spec.identityProviders = []' | ||
oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders", "value": []}]' | ||
fi | ||
|
||
# Patch in the HTPASSWD identityProviders | ||
oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders/-", "value": '"$OAUTH_HTPASSWD_JSON"'}]' | ||
|
||
$PROVIDER_PATH/htpasswd/htpasswd_installation.sh | ||
} | ||
|
||
install_ldap_identity_provider(){ | ||
|
||
# Test if any oauth identityProviders exists. If not, initialize the identityProvider list | ||
CURRENT_IDP_LIST=$(oc get oauth cluster -o json | jq -e '.spec.identityProviders') | ||
if [[ -z "${CURRENT_IDP_LIST}" ]] || [[ "${CURRENT_IDP_LIST}" == "null" ]]; then | ||
echo 'No oauth identityProvider exists. Initializing oauth .spec.identityProviders = []' | ||
oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders", "value": []}]' | ||
fi | ||
|
||
# Patch in the LDAP identityProviders | ||
oc patch oauth cluster --type json -p '[{"op": "add", "path": "/spec/identityProviders/-", "value": '"$OAUTH_LDAP_JSON"'}]' | ||
|
||
$PROVIDER_PATH/ldap/ldap_installation.sh | ||
} | ||
|
||
add_groups_users() { | ||
# create groups | ||
oc adm groups new rhods-admins | ||
oc adm groups new rhods-users | ||
oc adm groups new rhods-noaccess | ||
oc adm groups new dedicated-admins | ||
# add users to groups | ||
function add_users_to_groups(){ | ||
for i in {1..10} | ||
do | ||
oc adm groups add-users $1 $2$i | ||
done | ||
} | ||
add_users_to_groups rhods-admins htpasswd-admin | ||
add_users_to_groups rhods-users htpasswd-user | ||
add_users_to_groups rhods-noaccess htpasswd-noaccess | ||
add_users_to_groups rhods-admins ldap-admin | ||
add_users_to_groups dedicated-admins ldap-admin | ||
add_users_to_groups rhods-users ldap-user | ||
add_users_to_groups rhods-noaccess ldap-noaccess | ||
oc adm groups add-users dedicated-admins htpasswd-cluster-admin-user | ||
|
||
oc adm groups add-users rhods-admins kubeadmin | ||
oc adm policy add-cluster-role-to-group view rhods-admins | ||
oc adm policy add-cluster-role-to-group cluster-admin dedicated-admins | ||
|
||
oc describe oauth.config.openshift.io/cluster | ||
} | ||
|
||
function htpasswd_installation(){ | ||
chk_htpasswd=1 | ||
|
||
while read -r line; do | ||
|
||
if [[ $line == *"htpasswd-cluster-admin"* ]]; then | ||
echo -e "\033[0;33m Htpasswd Identity provider is installed. Skipping installation \033[0m" | ||
chk_htpasswd=0 | ||
break | ||
fi | ||
done < <(oc get oauth -o yaml) | ||
|
||
if [[ $chk_htpasswd == 1 ]]; then | ||
install_htpasswd_identity_provider | ||
fi | ||
} | ||
|
||
function ldap_installation(){ | ||
chk_ldap=1 | ||
while read -r line; do | ||
if [[ $line == *"ldap-provider-qe"* ]]; then | ||
echo -e "\033[0;33m LDAP Identity provider is installed. Skipping installation \033[0m" | ||
chk_ldap=0 | ||
break | ||
fi | ||
done < <(oc get oauth -o yaml) | ||
if [[ $chk_ldap == 1 ]]; then | ||
install_ldap_identity_provider | ||
fi | ||
} | ||
|
||
function updateTestConfig(){ | ||
ldap_pass="rhodsPW#1" | ||
export ldap_pass=$ldap_pass | ||
|
||
yq -i '.OCP_ADMIN_USER.AUTH_TYPE="htpasswd-cluster-admin"' ${TEST_VARIABLES_FILE} | ||
yq -i '.OCP_ADMIN_USER.USERNAME="htpasswd-cluster-admin-user"' ${TEST_VARIABLES_FILE} | ||
yq -i '.OCP_ADMIN_USER.PASSWORD="rhodsPW#123456"' ${TEST_VARIABLES_FILE} | ||
|
||
yq -i '.TEST_USER.AUTH_TYPE="ldap-provider-qe"' ${TEST_VARIABLES_FILE} | ||
yq -i '.TEST_USER.USERNAME="ldap-admin1"' ${TEST_VARIABLES_FILE} | ||
yq -i '.TEST_USER.PASSWORD=env(ldap_pass)' ${TEST_VARIABLES_FILE} | ||
|
||
yq -i '.TEST_USER_2.AUTH_TYPE="ldap-provider-qe"' ${TEST_VARIABLES_FILE} | ||
yq -i '.TEST_USER_2.USERNAME="ldap-admin2"' ${TEST_VARIABLES_FILE} | ||
yq -i '.TEST_USER_2.PASSWORD=env(ldap_pass)' ${TEST_VARIABLES_FILE} | ||
|
||
yq -i '.TEST_USER_3.AUTH_TYPE="ldap-provider-qe"' ${TEST_VARIABLES_FILE} | ||
yq -i '.TEST_USER_3.USERNAME="ldap-user2"' ${TEST_VARIABLES_FILE} | ||
yq -i '.TEST_USER_3.PASSWORD=env(ldap_pass)' ${TEST_VARIABLES_FILE} | ||
|
||
yq -i '.TEST_USER_4.AUTH_TYPE="ldap-provider-qe"' ${TEST_VARIABLES_FILE} | ||
yq -i '.TEST_USER_4.USERNAME="ldap-user9"' ${TEST_VARIABLES_FILE} | ||
yq -i '.TEST_USER_4.PASSWORD=env(ldap_pass)' ${TEST_VARIABLES_FILE} | ||
} | ||
|
||
htpasswd_installation | ||
ldap_installation | ||
add_groups_users | ||
updateTestConfig | ||
sleep 60 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: openldap | ||
namespace: openldap | ||
labels: | ||
app.kubernetes.io/name: openldap | ||
spec: | ||
type: ClusterIP | ||
ports: | ||
- name: tcp-ldap | ||
port: 1389 | ||
targetPort: tcp-ldap | ||
selector: | ||
app.kubernetes.io/name: openldap | ||
--- | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: openldap | ||
namespace: openldap | ||
labels: | ||
app.kubernetes.io/name: openldap | ||
spec: | ||
selector: | ||
matchLabels: | ||
app.kubernetes.io/name: openldap | ||
replicas: 1 | ||
template: | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: openldap | ||
spec: | ||
automountServiceAccountToken: false | ||
containers: | ||
- name: openldap | ||
image: quay.io/croberts/openldapserver@sha256:9d4ec0a31b48e165cbef6950c29a0a71a9508cee74fbca2b9df8a9b36f776be1 | ||
imagePullPolicy: "Always" | ||
resources: | ||
requests: | ||
memory: "256Mi" | ||
cpu: '1' | ||
ephemeral-storage: "2Gi" | ||
limits: | ||
memory: "512Mi" | ||
ephemeral-storage: "2Gi" | ||
env: | ||
- name: LDAP_ADMIN_USERNAME | ||
value: "admin" | ||
- name: LDAP_ADMIN_PASSWORD | ||
valueFrom: | ||
secretKeyRef: | ||
key: adminpassword | ||
name: openldap | ||
- name: LDAP_USERS | ||
valueFrom: | ||
secretKeyRef: | ||
key: users | ||
name: openldap | ||
- name: LDAP_PASSWORDS | ||
valueFrom: | ||
secretKeyRef: | ||
key: passwords | ||
name: openldap | ||
ports: | ||
- name: tcp-ldap | ||
containerPort: 1389 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
#!/bin/bash | ||
user_list="" | ||
password_list="" | ||
|
||
function add_users_to_file(){ | ||
for i in {1..10} | ||
do | ||
user_list+="$1$i," | ||
password_list+="rhodsPW#1," | ||
done | ||
} | ||
|
||
add_users_to_file ldap-admin | ||
add_users_to_file ldap-user | ||
add_users_to_file ldap-noaccess | ||
|
||
echo "${user_list%,}" > users.txt | ||
echo "${password_list%,}" > password.txt | ||
|
||
oc create ns openldap | ||
oc create secret generic openldap \ | ||
-n openldap \ | ||
--from-literal=adminpassword=adminpassword \ | ||
--from-file=passwords=password.txt \ | ||
--from-file=users=users.txt | ||
|
||
LDAP_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" | ||
oc create secret generic ldap-bind-password --from-literal=bindPassword=adminpassword -n openshift-config || echo "ldap secret exists" | ||
oc apply -f $LDAP_PATH/ldap.yaml | ||
sleep 25s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{"ldap":{"attributes":{"email":[],"id":["dn"],"name":["cn"],"preferredUsername":["uid"]},"insecure":true,"bindDN":"cn=admin,dc=example,dc=org","bindPassword":{"name":"ldap-bind-password"},"url":"ldap://openldap.openldap.svc.cluster.local:1389/dc=example,dc=org?uid"},"mappingMethod":"claim","name":"ldap-provider-qe","type":"LDAP"} |
Oops, something went wrong.