forked from red-hat-data-services/ods-ci
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add option to use custom user settings in ods-ci image (red-hat-data-…
…services#841) * add function to read user configuration from json Signed-off-by: bdattoma <[email protected]> * add function to read conf from json Signed-off-by: bdattoma <[email protected]> * refactor to use use config file - to be finished Signed-off-by: bdattoma <[email protected]> * new default conf Signed-off-by: bdattoma <[email protected]> * final draft custom settings Signed-off-by: bdattoma <[email protected]> * re-enable oc commands + minor fixes Signed-off-by: bdattoma <[email protected]> * rename secret Signed-off-by: bdattoma <[email protected]> * add uppercase for special users test Signed-off-by: bdattoma <[email protected]> * update default template Signed-off-by: bdattoma <[email protected]> * copy tmplt files instead of overwriting Signed-off-by: bdattoma <[email protected]> * clean comment lines + improve logging msgs Signed-off-by: bdattoma <[email protected]> * add suffix len setting Signed-off-by: bdattoma <[email protected]> * add user config file documentation + minor changes Signed-off-by: bdattoma <[email protected]> * minor change Signed-off-by: bdattoma <[email protected]> * rename user config file Signed-off-by: bdattoma <[email protected]> * rename user config file in install script Signed-off-by: bdattoma <[email protected]> * mount user config secret to pods Signed-off-by: bdattoma <[email protected]> * add user config json file validation Signed-off-by: bdattoma <[email protected]> * remove json_pp check Signed-off-by: bdattoma <[email protected]> * reduce default n users Signed-off-by: bdattoma <[email protected]> * fix ocm htp setter + minor change Signed-off-by: bdattoma <[email protected]> * fix ded admin addition with OCM Signed-off-by: bdattoma <[email protected]> * minor changes Signed-off-by: bdattoma <[email protected]> * add user config file in dockerfile Signed-off-by: bdattoma <[email protected]> * misc fixes + improve logs Signed-off-by: bdattoma <[email protected]> * upgrade yq Signed-off-by: bdattoma <[email protected]> * update test variables example Signed-off-by: bdattoma <[email protected]> * change default Signed-off-by: bdattoma <[email protected]> * fix mount path Signed-off-by: bdattoma <[email protected]> * fix question mark support Signed-off-by: bdattoma <[email protected]> * fix special char asterisk Signed-off-by: bdattoma <[email protected]> * remove debug lines Signed-off-by: bdattoma <[email protected]> * remove debug lines (2) Signed-off-by: bdattoma <[email protected]> --------- Signed-off-by: bdattoma <[email protected]>
- Loading branch information
Showing
9 changed files
with
551 additions
and
135 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
{"name":"htpasswd","mappingMethod":"claim","type":"HTPasswd","htpasswd":{"fileData":{"name":"htpasswd-password"}}} | ||
{"name":"htpasswd","mappingMethod":"claim","type":"HTPasswd","htpasswd":{"fileData":{"name":"htpasswd-secret"}}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
{ | ||
"idp":{ | ||
"ldap": { | ||
"prefixes": [ | ||
"ldap-op-", | ||
"ldap-usr-", | ||
"ldap-noaccess-", | ||
"ldap-special" | ||
], | ||
"suffixes": { | ||
"ldap-op-": { | ||
"type": "incremental_with_rand_base", | ||
"rand_length": 20, | ||
"n_users": 5 | ||
}, | ||
"ldap-usr-": { | ||
"type": "incremental_with_rand_base", | ||
"rand_length": 20, | ||
"n_users": 5 | ||
}, | ||
"ldap-noaccess-": { | ||
"type": "incremental_with_rand_base", | ||
"rand_length": 20, | ||
"n_users": 5 | ||
}, | ||
"ldap-special": { | ||
"type": "custom", | ||
"rand_length": 20, | ||
"list": [".","^","$","*","?","(",")","[","]","{","}","|","@",";"] | ||
} | ||
}, | ||
"pw": "<GEN_RAMDOM_PW>", | ||
"TEST_USER": "ldap-op-<RAND_BASE>1", | ||
"TEST_USER_2": "ldap-op-<RAND_BASE>2", | ||
"TEST_USER_3": "ldap-usr-<RAND_BASE>3", | ||
"TEST_USER_4": "ldap-usr-<RAND_BASE>4", | ||
"groups_map":{ | ||
"ldap-op-": [ | ||
"rhods-admins", | ||
"dedicated-admins" | ||
], | ||
"ldap-usr-": [ | ||
"rhods-users" | ||
], | ||
"ldap-noaccess-": [ | ||
"rhods-noaccess" | ||
], | ||
"ldap-special": [ | ||
"rhods-users" | ||
] | ||
} | ||
}, | ||
"htpasswd": { | ||
"prefixes": [ | ||
"htp-user-", | ||
"htp-basic-user-" | ||
], | ||
"suffixes": { | ||
"htp-user-": { | ||
"type": "incremental_with_rand_base", | ||
"rand_length": 20, | ||
"n_users": 1 | ||
}, | ||
"htp-basic-user-": { | ||
"type": "incremental_with_rand_base", | ||
"rand_length": 20, | ||
"n_users": 2 | ||
} | ||
}, | ||
"pw": "<GEN_RAMDOM_PW>", | ||
"cluster_admin_username": "htp-user-<RAND_BASE>" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -14,8 +14,7 @@ $ podman build -t ods-ci:<mytag> -f ods_ci/build/Dockerfile . | |
|
||
# Mount a file volume to provide a test-variables.yml file at runtime | ||
# Mount a volume to preserve the test run artifacts | ||
$ podman run --rm -v $PWD/ods_ci/test-variables.yml:/tmp/ods-ci/ods_ci/test-variables.yml:Z | ||
-v $PWD/ods_ci/test-output:/tmp/ods-ci/ods_ci/test-output:Z | ||
$ podman run --rm -v $PWD/ods_ci/test-variables.yml:/tmp/ods-ci/ods_ci/test-variables.yml -v $PWD/ods_ci/test-output:/tmp/ods-ci/ods_ci/test-output:Z | ||
ods-ci:<mytag> | ||
``` | ||
Additional arguments for container build | ||
|
@@ -40,9 +39,84 @@ podman build -t ods-ci:master -f ods_ci/build/Dockerfile . | |
* If ```SET_ENVIRONMENT``` = 1: | ||
- ```OC_HOST```: it contains the OpenShift API URL of the test cluster where the Identity Providers are going to be installed and tests are going to be executed. | ||
- ```USE_OCM_IDP``` (default: 1): it sets the IDP creation script to use either OCM (OpenShift Cluster Manager) CLI and APIs or OC CLI to create the IDPs in the cluster. If it is sets to 0, OC CLI is used. | ||
* If ```USE_OCM_IDP``` = 1: | ||
- ```OCM_TOKEN```: it contains the authorization token to allow ODS-CI to install IDPs in the test cluster using OCM | ||
- ```OCM_ENV```: it contains the OCM environment name, e.g., staging vs production. If not set, OCM CLI assumes it is production | ||
- If ```USE_OCM_IDP``` = 1: | ||
- ```OCM_TOKEN```: it contains the authorization token to allow ODS-CI to install IDPs in the test cluster using OCM | ||
- ```OCM_ENV```: it contains the OCM environment name, e.g., staging vs production. If not set, OCM CLI assumes it is production. | ||
* ```RETURN_PW``` (default:1): | ||
- if ```RETURN_PW``` = 1: CLI will prints the user password and cluster admin username. It's recommended to use for Debug purposes only, where the CLI output is not made publicly available. | ||
* ```ods_ci/configs/templates/user_config.json```: this JSON file is necessary to instruct the image about desired user configuration. Check the dedicated section below. | ||
|
||
|
||
## User Configuration JSON File | ||
As mentioned in the previous paragraph, if you enable automatic IDP creation you need to either pass a custom configuration file or use the default one. | ||
|
||
You find field description inline in the below JSON file. Before reading it, there are a couple of notes: | ||
1. the install scripts assumes you want to install a LDAP and HTPASSWD identity provider. | ||
2. it assumes that the cluster-admin user is from HTP identity provider. | ||
3. it asusmes the users in test-variables.yml are mapped to LDAP users only. | ||
|
||
```json | ||
{ | ||
"idp":{ | ||
"ldap": { | ||
// prefix is the first part of the usernames, e.g., professor-xyzxyzxyzxyz10 | ||
"prefixes": [ | ||
"professor-", | ||
"student-", | ||
"operator-" | ||
], | ||
// suffix is the part(s) after the prefix: it accepts: | ||
// - "incremental": adds a numeric suffix after the prefix, the range is [1, "n_users"] | ||
// - "incremental_with_rand_base": it adds a randomly generate portion before the numeric suffix. The number of random chars is controled by "rand_length" attribute | ||
// - "custom": it adds to the suffix a custom suffix extracted from the passed "list" attribute. The number of users is controled by the length of the given list. | ||
// - "custom_with_rand_base": t adds a randomly generate portion before the custom suffix. The number of random chars is controled by "rand_length" attribute. | ||
"suffixes": { | ||
"professor-": { | ||
"type": "incremental", | ||
"rand_length": null, | ||
"n_users": 5 | ||
}, | ||
"student-": { | ||
"type": "incremental_with_rand_base", | ||
"rand_length": 20, | ||
"n_users": 20 | ||
} | ||
}, | ||
// this is the pw for ldap users. If it is sets to "<GEN_RANDOM_PW>" it generates an alphanumeric random password. | ||
"pw": "<GEN_RAMDOM_PW>", | ||
// this is the mapping to the users in test-variables.yml file, which are used by automated tests. if you used random generated suffix, you can use the placeholder "<RAND_BASE>" to let script handling it. | ||
"TEST_USER": "professor-<RAND_BASE>11", | ||
"TEST_USER_2": "student-<RAND_BASE>2", | ||
"TEST_USER_3": "student-<RAND_BASE>3", | ||
"TEST_USER_4": "student-<RAND_BASE>4", | ||
// all the user with the same prefix will be added to the mapped group. | ||
"groups_map":{ | ||
"professor-": [ | ||
"professors" | ||
], | ||
"student-": [ | ||
"users" | ||
] | ||
} | ||
}, | ||
"htpasswd": { | ||
"prefixes": [ | ||
"operator-" | ||
], | ||
"suffixes": { | ||
"operator-": { | ||
"type": "custom_with_rand_base", | ||
"rand_length": 20, | ||
"list": ["A","B","C"] | ||
} | ||
}, | ||
"pw": "<GEN_RAMDOM_PW>", | ||
// assignes cluster admin permissions to one of the given htp users | ||
"cluster_admin_username": "operator-<RAND_BASE>B" | ||
} | ||
} | ||
} | ||
``` | ||
|
||
## Running the ODS-CI container image from terminal | ||
|
||
|
@@ -107,6 +181,9 @@ oc apply -f ods_ci_rbac.yaml -n ods-ci | |
# create a secret with test variables that can be mounted in ODS-CI container | ||
oc create secret generic ods-ci-test-variables --from-file ods_ci/test-variables.yml -n ods-ci | ||
|
||
# Optional: create a secret with user_config.json that can be mounted in ODS-CI container | ||
oc create secret generic ods-ci-user-config --from-file ods_ci/user_config.json -n ods-ci | ||
|
||
# Optional: create registry pull secret and patch SA | ||
oc create secret docker-registry ods-ci-pull-secret --docker-server='quay.io' --docker-username='my-username' --docker-password='my-pw' --docker-email='[email protected]' -n ods-ci | ||
|
||
|
@@ -153,6 +230,9 @@ test execution using the container in a OpenShift pod - minimum configuration, e | |
- name: ROBOT_EXTRA_ARGS | ||
value: "-i Smoke --dryrun" | ||
volumeMounts: | ||
- mountPath: /tmp/ods-ci/ods_ci/configs/templates/user_config.json | ||
name: ods-ci-user-config | ||
subPath: user_config.json | ||
- mountPath: /tmp/ods-ci/test-output | ||
name: ods-ci-test-output | ||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters