WPB-2970 Update dependencies, cleanup, add unit test (#25)

.envrc

@@ -0,0 +1 @@
+use nix

.github/workflows/ci.yml

@@ -8,41 +8,75 @@ on:
     tags:
     - 'v*'
 
+# INFO: The following configuration block ensures that only one build runs per branch,
+# which may be desirable for projects with a costly build process.
+# Remove this block from the CI workflow to let each CI job run to completion.
+concurrency:
+  group: build-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   build:
-    name: ghc ${{ matrix.ghc }}
-    runs-on: ubuntu-18.04
+    name: GHC ${{ matrix.ghc-version }} on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
     strategy:
+      fail-fast: false
       matrix:
-        cabal: ["2.4"]
-        ghc:
-          - "8.8.3"
-    if: "!startsWith(github.ref, 'refs/tags/v')"
+        os: [ubuntu-latest]
+        ghc-version: ['9.4']
+        cabal: ['3.10.2.1']
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
       if: github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.ref == 'refs/heads/master'
 
-    - uses: actions/setup-haskell@v1
-      name: Setup Haskell
+    - name: Set up GHC ${{ matrix.ghc-version }}
+      uses: haskell-actions/setup@v2
+      id: setup
       with:
-        ghc-version: ${{ matrix.ghc }}
+        ghc-version: ${{ matrix.ghc-version }}
+        # Defaults, added for clarity:
         cabal-version: ${{ matrix.cabal }}
+        cabal-update: true
+
+    - name: Configure the build
+      run: |
+        cabal configure --enable-tests --enable-benchmarks --disable-documentation
+        cabal build all --dry-run
+      # The last step generates dist-newstyle/cache/plan.json for the cache key.
+
+    - name: Restore cached dependencies
+      uses: actions/cache/restore@v3
+      id: cache
+      env:
+        key: ${{ runner.os }}-ghc-${{ steps.setup.outputs.ghc-version }}-cabal-${{ steps.setup.outputs.cabal-version }}
+      with:
+        path: ${{ steps.setup.outputs.cabal-store }}
+        key: ${{ env.key }}-plan-${{ hashFiles('**/plan.json') }}
+        restore-keys: ${{ env.key }}-
+
+    - name: Install dependencies
+      # If we had an exact cache hit, the dependencies will be up to date.
+      if: steps.cache.outputs.cache-hit != 'true'
+      run: cabal build all --only-dependencies
 
-    - uses: actions/cache@v1
-      name: Cache ~/.cabal/store
+    # Cache dependencies already here, so that we do not have to rebuild them should the subsequent steps fail.
+    - name: Save cached dependencies
+      uses: actions/cache/save@v3
+      # If we had an exact cache hit, trying to save the cache would error because of key clash.
+      if: steps.cache.outputs.cache-hit != 'true'
       with:
-        path: ~/.cabal/store
-        key: ${{ runner.os }}-${{ matrix.ghc }}-cabal
+        path: ${{ steps.setup.outputs.cabal-store }}
+        key: ${{ steps.cache.outputs.cache-primary-key }}
 
     - name: Build
-      run: |
-        cabal v2-update
-        cabal v2-build --enable-tests --enable-benchmarks
+      run: cabal build all
 
-    - name: Test
-      run: |
-        echo 'No tests'
+    - name: Run tests
+      run: cabal test all
+
+    - name: Check cabal file
+      run: cabal check
 
   publish:
     # needs : build

.gitignore

@@ -52,3 +52,6 @@ TAGS
 
 # other
 .DS_Store
+
+# nix
+.direnv

Dockerfile

@@ -1,9 +1,10 @@
-FROM haskell:8.10.7-buster
+FROM haskell:9.4.8-buster
 
 WORKDIR /opt/ldap-scim-bridge
 
 # Add just the .cabal file to capture dependencies
 COPY ./ldap-scim-bridge.cabal /opt/ldap-scim-bridge/ldap-scim-bridge.cabal
+COPY ./cabal.project /opt/ldap-scim-bridge/cabal.project
 
 RUN cabal v2-update
 

cabal.project

@@ -0,0 +1,8 @@
+-- currently the latest tinylog version is not compatible with bytestring > 0.11
+-- we're using our own patch for tinylog until https://gitlab.com/twittner/tinylog/-/merge_requests/8 or similar has been merged into the upstream repo
+source-repository-package
+  type: git
+  location: https://gitlab.com/leif.battermann/tinylog.git
+  tag: c570eaec033766b49ed394feb9638bfc0bd247e2
+
+packages: ldap-scim-bridge.cabal

examples/wire-server/run.sh

@@ -28,11 +28,13 @@ export WIRE_TEAMID
 export SCIM_TOKEN
 export SCIM_TOKEN_ID
 export SCIM_TOKEN_FULL
-export WIRE_SERVER_PATH=~/src/wire-server
+export WIRE_SAMLIDP
+export WIRE_SERVER_PATH="${WIRE_SERVER_PATH:=~/src/wire-server}"
 export SPAR_URL=http://localhost:8088
-export BRIG_URL=http://localhost:8088
+export BRIG_URL=http://localhost:8082
 export GALLEY_URL=http://localhost:8085
 
+# FUTUREWORK: install ldap with nix (https://nixos.wiki/wiki/OpenLDAP) or docker
 function install() {
   sudo apt-get install ldapscripts ldap-utils slapd
 }
@@ -62,23 +64,23 @@ function scaffolding2() {
 
 function scaffolding_spar() {
   if ( curl -s $BRIG_URL/i/status ); then
-    WIRE_USER=$(${WIRE_SERVER_PATH}/deploy/services-demo/create_test_team_admins.sh -c)
-    WIRE_USERID=$(echo $WIRE_USER | sed 's/^\([^,]\+\),\([^,]\+\),\([^,]\+\)$/\1/')
-    WIRE_PASSWD=$(echo $WIRE_USER | sed 's/^\([^,]\+\),\([^,]\+\),\([^,]\+\)$/\3/')
-    WIRE_TEAMID=$(curl -s -H'content-type: application/json' -H'Z-User: '"${WIRE_USERID}" http://localhost:8082/self | jq .team | xargs echo)
+    WIRE_USER=$("${WIRE_SERVER_PATH}"/hack/bin/create_test_team_admins.sh -c)
+    WIRE_USERID=$(echo "$WIRE_USER" | sed 's/^\([^,]\+\),\([^,]\+\),\([^,]\+\)$/\1/')
+    WIRE_PASSWD=$(echo "$WIRE_USER" | sed 's/^\([^,]\+\),\([^,]\+\),\([^,]\+\)$/\3/')
+    WIRE_TEAMID=$(curl -s -H'content-type: application/json' -H'Z-User: '"${WIRE_USERID}" "$BRIG_URL/self" | jq .team | xargs echo)
 
     # create a saml idp (if we don't, users will not be created, but invitated, which would make the following more awkward to write down).
     curl -s -X PUT \
       --header "Z-User: $WIRE_USERID" \
       --header 'Content-Type: application/json;charset=utf-8' \
       -d '{"status": "enabled"}' \
-      ${GALLEY_URL}/i/teams/$WIRE_TEAMID/features/sso >/dev/null
-    export WIRE_SAMLIDP=$(curl -X POST \
+      ${GALLEY_URL}/i/teams/"$WIRE_TEAMID"/features/sso >/dev/null
+    WIRE_SAMLIDP=$(curl -X POST \
       --header "Z-User: $WIRE_USERID" \
       --header 'Content-Type: application/xml;charset=utf-8' \
-      -d "<EntityDescriptor xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:samla=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:samlm=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" ID=\"_0c29ba62-a541-11e8-8042-873ef87bdcba\" entityID=\"https://issuer.net/_"`uuid`"\" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"><IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><KeyDescriptor use=\"signing\"><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIBOTCBxKADAgECAg4TIFmNatMeqaAE8BWQBTANBgkqhkiG9w0BAQsFADAAMB4XDTIxMDkwMzEzMjUyMVoXDTQxMDgyOTEzMjUyMVowADB6MA0GCSqGSIb3DQEBAQUAA2kAMGYCYQDPAqTk/nq2B/J0WH2FtiRh6nB8BvOc6M7d4K2KV0kXrePjeRPh+cDDf9mYrpntnjBa2LGAc0S4gjUXdvnt1Fxg2YYXYJ+N7+jxV36jUng7cGz1tEOB5RIj28Mv8/eXnjUCAREwDQYJKoZIhvcNAQELBQADYQBaIWDz832gg5jZPIy5z0CV1rWbUQALy6SUodWMezbzVF86hycUvZqAzd5Pir8084Mk/6FQK2Hbbml2LaHS8JnZpYxlgNIRNNonzScAUFclDi4NNmcxPuB6ycu9kK/0l+A=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></KeyDescriptor><SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://requri.net/fb9e3c14-25eb-482a-8df3-c71e3e83110b\"/></IDPSSODescriptor></EntityDescriptor>" \
+      -d "<EntityDescriptor xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:samla=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:samlm=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" ID=\"_0c29ba62-a541-11e8-8042-873ef87bdcba\" entityID=\"https://issuer.net/_$(uuidgen)\" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"><IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><KeyDescriptor use=\"signing\"><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIBOTCBxKADAgECAg4TIFmNatMeqaAE8BWQBTANBgkqhkiG9w0BAQsFADAAMB4XDTIxMDkwMzEzMjUyMVoXDTQxMDgyOTEzMjUyMVowADB6MA0GCSqGSIb3DQEBAQUAA2kAMGYCYQDPAqTk/nq2B/J0WH2FtiRh6nB8BvOc6M7d4K2KV0kXrePjeRPh+cDDf9mYrpntnjBa2LGAc0S4gjUXdvnt1Fxg2YYXYJ+N7+jxV36jUng7cGz1tEOB5RIj28Mv8/eXnjUCAREwDQYJKoZIhvcNAQELBQADYQBaIWDz832gg5jZPIy5z0CV1rWbUQALy6SUodWMezbzVF86hycUvZqAzd5Pir8084Mk/6FQK2Hbbml2LaHS8JnZpYxlgNIRNNonzScAUFclDi4NNmcxPuB6ycu9kK/0l+A=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></KeyDescriptor><SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://requri.net/fb9e3c14-25eb-482a-8df3-c71e3e83110b\"/></IDPSSODescriptor></EntityDescriptor>" \
       ${SPAR_URL}/identity-providers | jq .)
-    if [ "$(echo $WIRE_SAMLIDP | jq .id)" == "null" ]; then
+    if [ "$(echo "$WIRE_SAMLIDP" | jq .id)" == "null" ]; then
         echo "could not create idp: $WIRE_SAMLIDP"
         false
     fi
@@ -87,24 +89,25 @@ function scaffolding_spar() {
     SCIM_TOKEN_FULL=$(curl -X POST \
       --header "Z-User: $WIRE_USERID" \
       --header 'Content-Type: application/json;charset=utf-8' \
-      -d '{ "description": "test '"`date`"'", "password": "'"$WIRE_PASSWD"'" }' \
+      -d '{ "description": "test '"$(date)"'", "password": "'"$WIRE_PASSWD"'" }' \
       ${SPAR_URL}/scim/auth-tokens)
-    SCIM_TOKEN_ID=$(echo $SCIM_TOKEN_FULL | jq -r .info.id)
-    SCIM_TOKEN=$(echo $SCIM_TOKEN_FULL | jq -r .token)
-    ESCAPED_SCIM_TOKEN=$(echo $SCIM_TOKEN | sed 's/\+/\\\+/g;s_/_\\/_g;s/\=/\\=/g')
+    SCIM_TOKEN_ID=$(echo "$SCIM_TOKEN_FULL" | jq -r .info.id)
+    SCIM_TOKEN=$(echo "$SCIM_TOKEN_FULL" | jq -r .token)
+    ESCAPED_SCIM_TOKEN=$(echo "$SCIM_TOKEN" | sed 's/\+/\\\+/g;s_/_\\/_g;s/\=/\\=/g')
     sed -i 's/^  token: \"Bearer .*$/  token: \"Bearer '"${ESCAPED_SCIM_TOKEN}"'"/' $BRIDGE_CONF1
     sed -i 's/^  token: \"Bearer .*$/  token: \"Bearer '"${ESCAPED_SCIM_TOKEN}"'"/' $BRIDGE_CONF2
   else
     # no wire-server running?
-    echo "${WIRE_SERVER_PATH}/deploy/dockerephemeral/run.sh"
-    echo "${WIRE_SERVER_PATH}/services/start-services-only.sh"
+    echo "start wire service by going to the wire-server directory and running:"
+    echo "./deploy/dockerephemeral/run.sh"
+    echo "make cr"
     false
   fi
 }
 
 function assert_num_members() {
     sleep 2 # mitigate race conditions (increase the time if this function fails)
-    if [ "$(curl -s -H'content-type: application/json' -H'Z-User: '"${WIRE_USERID}" http://localhost:8085/teams/${WIRE_TEAMID}/members | jq '.members|length')" != "$1" ]; then
+    if [ "$(curl -s -H'content-type: application/json' -H'Z-User: '"${WIRE_USERID}" http://localhost:8085/teams/"${WIRE_TEAMID}"/members | jq '.members|length')" != "$1" ]; then
       echo "$2"
       false
     fi
@@ -116,16 +119,16 @@ function assert_num_members() {
 clear
 
 scaffolding_spar
-echo WIRE_USERID: $WIRE_USERID
-echo WIRE_TEAMID: $WIRE_TEAMID
-echo SCIM_TOKEN: $SCIM_TOKEN
+echo WIRE_USERID: "$WIRE_USERID"
+echo WIRE_TEAMID: "$WIRE_TEAMID"
+echo SCIM_TOKEN: "$SCIM_TOKEN"
 
 scaffolding1
 sudo slapcat
-cabal run ldap-scim-bridge $BRIDGE_CONF1
+cabal run ldap-scim-bridge "$BRIDGE_CONF1"
 assert_num_members 2 "user could not be created!"
 
 scaffolding2
 sudo slapcat
-cabal run ldap-scim-bridge $BRIDGE_CONF2
+cabal run ldap-scim-bridge "$BRIDGE_CONF2"
 assert_num_members 1 "user could not be deleted!"