-
Notifications
You must be signed in to change notification settings - Fork 130
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Switch testing over to oci-env (#1773)
* add make targets for running tests with oci-env * add make targets for running gh action integration tests * enable testing for LDAP and Keycloak * switch gh actions pipeline over to use oci-env Issue: AAH-2393 --------- Co-authored-by: Christian <[email protected]>
- Loading branch information
1 parent
b4e6e7e
commit 620cc50
Showing
108 changed files
with
1,539 additions
and
739 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
--- | ||
name: OCI Env Integration | ||
on: | ||
pull_request: | ||
branches: | ||
- '**' | ||
paths-ignore: | ||
- 'docs/**' | ||
- 'mkdocs.yml' | ||
- 'CHANGES/**' | ||
push: | ||
branches: | ||
- '**' | ||
workflow_dispatch: | ||
|
||
jobs: | ||
integration: | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
env: | ||
- TEST_PROFILE: ldap | ||
- TEST_PROFILE: keycloak | ||
- TEST_PROFILE: standalone | ||
- TEST_PROFILE: rbac | ||
- TEST_PROFILE: certified-sync | ||
- TEST_PROFILE: insights | ||
- TEST_PROFILE: iqe_rbac | ||
- TEST_PROFILE: x_repo_search | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
|
||
- uses: actions/setup-python@v2 | ||
with: | ||
python-version: "3.10" | ||
|
||
# Note: COMPOSE_INTERACTIVE_NO_CLI=1 is required for oci-env to work correctly when there's no interactive terminal | ||
- name: Set environment variables | ||
run: | | ||
echo "OCI_ENV_PATH=${HOME}/work/galaxy_ng/oci_env" >> $GITHUB_ENV | ||
echo "COMPOSE_INTERACTIVE_NO_CLI=1" >> $GITHUB_ENV | ||
- name: Update apt | ||
run: sudo apt -y update | ||
|
||
- name: Install LDAP requirements | ||
run: sudo apt-get install -y libsasl2-dev python3 libldap2-dev libssl-dev build-essential | ||
|
||
- name: Install docker-compose | ||
run: pip3 install --upgrade docker-compose | ||
|
||
- name: setup oci-env | ||
run: | | ||
git clone https://github.com/pulp/oci_env.git $OCI_ENV_PATH | ||
pip install -e $OCI_ENV_PATH/client/ | ||
mkdir $OCI_ENV_PATH/db_backup/ | ||
- name: run integration tests | ||
run: make gh-action/${{ matrix.env.TEST_PROFILE }} |
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Refactor integration tests to use oci-env. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,120 +1,78 @@ | ||
from django.contrib.contenttypes.models import ContentType | ||
from pulpcore.plugin.models.role import GroupRole, Role | ||
from pulpcore.plugin.util import assign_role | ||
from pulp_ansible.app.models import CollectionRemote | ||
from rest_framework.authtoken.models import Token | ||
|
||
from galaxy_ng.app.models import Namespace | ||
from galaxy_ng.app.models.auth import Group, User | ||
|
||
from galaxy_ng.tests.integration.constants import CREDENTIALS, PROFILES | ||
|
||
|
||
""" | ||
Setup test data used in integration tests. | ||
""" | ||
|
||
print("Add a group that has namespace permissions") | ||
test_group, _ = Group.objects.get_or_create(name="ns_group_for_tests") | ||
|
||
print("Ensure partner-engineers group created and has roles assigned") | ||
PE_GROUP_NAME = "system:partner-engineers" | ||
pe_group, _ = Group.objects.get_or_create(name=PE_GROUP_NAME) | ||
pe_roles = [ | ||
"galaxy.group_admin", | ||
"galaxy.user_admin", | ||
"galaxy.collection_admin", | ||
] | ||
roles_in_group = [group_role.role.name for group_role in pe_group.object_roles.all()] | ||
for role in pe_roles: | ||
if role not in roles_in_group: | ||
assign_role(rolename=role, entity=pe_group) | ||
|
||
print("Add a group that has registry and registry remote roles assigned") | ||
ee_group, _ = Group.objects.get_or_create(name="ee_group_for_tests") | ||
ee_role = 'galaxy.execution_environment_admin' | ||
roles_in_ee_group = [group_role.role.name for group_role in ee_group.object_roles.all()] | ||
if ee_role not in roles_in_ee_group: | ||
assign_role(rolename=ee_role, entity=ee_group) | ||
|
||
print("Get or create test users to match keycloak passwords") | ||
|
||
# in ephemeral keycloak this user is part of customer account: 6089723 | ||
basic_user, _ = User.objects.get_or_create(username="iqe_normal_user") | ||
basic_user.set_password("redhat") | ||
basic_user.groups.add(test_group) | ||
basic_user.save() | ||
|
||
# in ephemeral keycloak this user is part of customer account: 6089719 | ||
partner_engineer, _ = User.objects.get_or_create(username="jdoe") | ||
partner_engineer.set_password("redhat") | ||
partner_engineer.groups.add(test_group) | ||
partner_engineer.groups.add(pe_group) | ||
partner_engineer.save() | ||
|
||
# in ephemeral keycloak this user is part of customer account: 6089720 | ||
org_admin, _ = User.objects.get_or_create(username="org-admin") | ||
org_admin.set_password("redhat") | ||
org_admin.groups.add(test_group) | ||
org_admin.save() | ||
|
||
# in ephemeral keycloak this user is part of customer account: 6089726 | ||
admin, _ = User.objects.get_or_create(username="notifications_admin") | ||
admin.set_password("redhat") | ||
admin.is_superuser = True | ||
admin.is_staff = True | ||
admin.save() | ||
|
||
# in ephemeral keycloak this user is part of customer account: 6089726 | ||
iqe_admin, _ = User.objects.get_or_create(username="iqe_admin") | ||
iqe_admin.set_password("redhat") | ||
iqe_admin.is_superuser = True | ||
iqe_admin.is_staff = True | ||
iqe_admin.save() | ||
|
||
# Note: this user is not a part of ephemeral keycloak users | ||
ee_admin, _ = User.objects.get_or_create(username="ee_admin") | ||
ee_admin.set_password("redhat") | ||
ee_admin.groups.add(ee_group) | ||
ee_admin.save() | ||
|
||
# Note: User not used for integration tests, not part of ephemeral keycloak users | ||
legacy_admin, _ = User.objects.get_or_create(username="admin") | ||
legacy_admin.set_password("admin") | ||
legacy_admin.email = "[email protected]" | ||
legacy_admin.is_superuser = True | ||
legacy_admin.is_staff = True | ||
legacy_admin.save() | ||
|
||
|
||
print("Get or create tokens for test users") | ||
Token.objects.get_or_create(user=basic_user, key="abcdefghijklmnopqrstuvwxyz1234567891") | ||
Token.objects.get_or_create(user=partner_engineer, key="abcdefghijklmnopqrstuvwxyz1234567892") | ||
Token.objects.get_or_create(user=org_admin, key="abcdefghijklmnopqrstuvwxyz1234567893") | ||
Token.objects.get_or_create(user=admin, key="abcdefghijklmnopqrstuvwxyz1234567894") | ||
Token.objects.get_or_create(user=ee_admin, key="abcdefghijklmnopqrstuvwxyz1234567895") | ||
|
||
|
||
print("Get or create namespaces + add object permissions to group") | ||
for nsname in ["autohubtest2", "autohubtest3"]: | ||
TEST_NAMESPACES = {} | ||
|
||
print("Create test namespaces") | ||
for nsname in ["autohubtest2", "autohubtest3", "signing"]: | ||
ns, _ = Namespace.objects.get_or_create(name=nsname) | ||
# connect group to role for this namespace object | ||
GroupRole.objects.get_or_create( | ||
role=Role.objects.get(name="galaxy.collection_namespace_owner"), | ||
group=test_group, | ||
content_type=ContentType.objects.get(model="namespace"), | ||
object_id=ns.id, | ||
) | ||
|
||
print("Create a signing namespace and roles") | ||
signing_ns, _ = Namespace.objects.get_or_create(name="signing") | ||
# connect group to role for this namespace object | ||
GroupRole.objects.get_or_create( | ||
role=Role.objects.get(name="galaxy.collection_namespace_owner"), | ||
group=pe_group, | ||
content_type=ContentType.objects.get(model="namespace"), | ||
object_id=signing_ns.id, | ||
) | ||
|
||
print("Add a group that exists in the testing LDAP container") | ||
ldap_group, _ = Group.objects.get_or_create(name="admin_staff") | ||
TEST_NAMESPACES[nsname] = ns | ||
|
||
|
||
def _init_group(credentials, profile): | ||
if g := credentials.get("group"): | ||
group, _ = Group.objects.get_or_create(name=g) | ||
|
||
# add namespace ownership to the group | ||
if namespaces := profile.get("namespaces"): | ||
for ns in namespaces: | ||
ns = TEST_NAMESPACES[ns] | ||
|
||
# assign_role creates duplicate entries, so we'll use this directly. | ||
GroupRole.objects.get_or_create( | ||
role=Role.objects.get(name="galaxy.collection_namespace_owner"), | ||
group=group, | ||
content_type=ContentType.objects.get(model="namespace"), | ||
object_id=ns.id, | ||
) | ||
|
||
if roles := profile.get("roles"): | ||
for role in roles: | ||
GroupRole.objects.get_or_create( | ||
role=Role.objects.get(name=role), | ||
group=group, | ||
) | ||
|
||
return group | ||
|
||
|
||
def _init_token(user, credentials): | ||
if token := credentials.get("token"): | ||
Token.objects.get_or_create(user=user, key=token) | ||
|
||
|
||
for profile_name in PROFILES: | ||
profile = PROFILES[profile_name] | ||
if ldap_user := profile["username"].get("ldap"): | ||
print(f"Initializing ldap user for test profile: {profile_name}") | ||
credentials = CREDENTIALS[ldap_user] | ||
_init_group(credentials, profile) | ||
|
||
if galaxy_user := profile["username"].get("galaxy"): | ||
print(f"Initializing galaxy user for test profile: {profile_name}") | ||
u, _ = User.objects.get_or_create(username=galaxy_user) | ||
credentials = CREDENTIALS[galaxy_user] | ||
|
||
u.set_password(credentials["password"]) | ||
u.is_superuser = profile.get("is_superuser", False) | ||
|
||
if group := _init_group(credentials, profile): | ||
u.groups.add(group) | ||
u.save() | ||
|
||
_init_token(u, credentials) | ||
|
||
|
||
print("CollectionRemote community url points to beta-galaxy.ansible.com") | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
Oops, something went wrong.