feat(oxauth-key-rotation): add schedule property (#654) #1393
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: microk8s | |
| # This builds, packages and tests pygluu-kubernetes | |
| on: | |
| push: | |
| paths: | |
| - "pygluu/**" | |
| - "tests/**" | |
| - "setup.py" | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| max-parallel: 6 | |
| matrix: | |
| gluu-version: ['"4.5"'] | |
| test-cases: ["install", "helm-install"] | |
| # add '"pgsql" when supported | |
| persistence-backends: ['"ldap"','"couchbase"','"sql"'] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Lint with flake8 | |
| run: | | |
| sudo apt-get update | |
| sudo pip3 install flake8 | |
| # stop the build if there are Python syntax errors or undefined names | |
| sudo flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics | |
| # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide | |
| sudo flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics | |
| - name: Build Zipapp | |
| run: | | |
| sudo apt-get install build-essential | |
| sudo pip3 install -U shiv wheel setuptools | |
| mkdir /home/runner/work/test | |
| cp -r ./* /home/runner/work/test/ | |
| cd /home/runner/work/test/ | |
| sudo make zipapp | |
| - name: Test 1 settings(LDAP) | |
| id: test1_settings | |
| run: | | |
| ip=$(curl ipinfo.io/ip) | |
| cat <<EOF > /home/runner/work/test/settings.json | |
| { | |
| "ACCEPT_GLUU_LICENSE": "Y", | |
| "TEST_ENVIRONMENT": "Y", | |
| "GLUU_VERSION": ${{ matrix.gluu-version }}, | |
| "GLUU_UPGRADE_TARGET_VERSION": "", | |
| "NGINX_INGRESS_NAMESPACE": "ingress-nginx", | |
| "GLUU_HELM_RELEASE_NAME": "gluu", | |
| "NGINX_INGRESS_RELEASE_NAME": "ningress", | |
| "INSTALL_POSTGRES": "", | |
| "POSTGRES_NAMESPACE": "", | |
| "POSTGRES_URL": "", | |
| "USE_ISTIO": "N", | |
| "USE_ISTIO_INGRESS": "", | |
| "MIGRATION_ENABLED": "N", | |
| "ISTIO_SYSTEM_NAMESPACE": "", | |
| "NODES_IPS": [ | |
| "$ip" | |
| ], | |
| "NODES_ZONES": [], | |
| "NODES_NAMES": [], | |
| "NODE_SSH_KEY": "", | |
| "HOST_EXT_IP": "$ip", | |
| "VERIFY_EXT_IP": "", | |
| "AWS_LB_TYPE": "", | |
| "USE_ARN": "", | |
| "ARN_AWS_IAM": "", | |
| "LB_ADD": "", | |
| "REDIS_URL": "", | |
| "REDIS_TYPE": "", | |
| "REDIS_PW": "", | |
| "REDIS_USE_SSL": "false", | |
| "DEPLOYMENT_ARCH": "microk8s", | |
| "PERSISTENCE_BACKEND": ${{ matrix.persistence-backends }}, | |
| "INSTALL_JACKRABBIT": "N", | |
| "JACKRABBIT_STORAGE_SIZE": "", | |
| "JACKRABBIT_URL": "", | |
| "JACKRABBIT_ADMIN_ID": "", | |
| "JACKRABBIT_ADMIN_PASSWORD": "", | |
| "JACKRABBIT_CLUSTER": "", | |
| "JACKRABBIT_PG_USER": "", | |
| "JACKRABBIT_PG_PASSWORD": "", | |
| "JACKRABBIT_DATABASE": "", | |
| "INSTALL_COUCHBASE": "Y", | |
| "COUCHBASE_NAMESPACE": "cbns", | |
| "COUCHBASE_VOLUME_TYPE": "io1", | |
| "COUCHBASE_CLUSTER_NAME": "cbgluu", | |
| "COUCHBASE_URL": "cbgluu.cbns.svc.cluster.local", | |
| "COUCHBASE_INDEX_NUM_REPLICA": "0", | |
| "COUCHBASE_USER": "gluu", | |
| "COUCHBASE_SUPERUSER": "admin", | |
| "COUCHBASE_BUCKET_PREFIX": "test", | |
| "COUCHBASE_PASSWORD": "nTB5#|", | |
| "COUCHBASE_SUPERUSER_PASSWORD": "nTB5#2", | |
| "COUCHBASE_CRT": "", | |
| "COUCHBASE_CN": "Couchbase CN", | |
| "COUCHBASE_SUBJECT_ALT_NAME": "", | |
| "COUCHBASE_CLUSTER_FILE_OVERRIDE": "N", | |
| "COUCHBASE_USE_LOW_RESOURCES": "Y", | |
| "COUCHBASE_DATA_NODES": "", | |
| "COUCHBASE_QUERY_NODES": "", | |
| "COUCHBASE_INDEX_NODES": "", | |
| "COUCHBASE_SEARCH_EVENTING_ANALYTICS_NODES": "", | |
| "COUCHBASE_GENERAL_STORAGE": "", | |
| "COUCHBASE_DATA_STORAGE": "", | |
| "COUCHBASE_INDEX_STORAGE": "", | |
| "COUCHBASE_QUERY_STORAGE": "", | |
| "COUCHBASE_ANALYTICS_STORAGE": "", | |
| "COUCHBASE_BACKUP_SCHEDULE": "*/30 * * * *", | |
| "COUCHBASE_BACKUP_RESTORE_POINTS": 1, | |
| "LDAP_BACKUP_SCHEDULE": "*/30 * * * *", | |
| "NUMBER_OF_EXPECTED_USERS": "", | |
| "EXPECTED_TRANSACTIONS_PER_SEC": "", | |
| "USING_CODE_FLOW": "", | |
| "USING_SCIM_FLOW": "", | |
| "USING_RESOURCE_OWNER_PASSWORD_CRED_GRANT_FLOW": "", | |
| "DEPLOY_MULTI_CLUSTER": "", | |
| "HYBRID_LDAP_HELD_DATA": "", | |
| "LDAP_JACKRABBIT_VOLUME": "", | |
| "APP_VOLUME_TYPE": 1, | |
| "LDAP_STATIC_VOLUME_ID": "", | |
| "LDAP_STATIC_DISK_URI": "", | |
| "GLUU_CACHE_TYPE": "NATIVE_PERSISTENCE", | |
| "GLUU_NAMESPACE": "gluu", | |
| "GLUU_FQDN": "demoexample.gluu.org", | |
| "COUNTRY_CODE": "US", | |
| "STATE": "TX", | |
| "EMAIL": "[email protected]", | |
| "CITY": "Austin", | |
| "ORG_NAME": "Gluu", | |
| "GMAIL_ACCOUNT": "", | |
| "GOOGLE_NODE_HOME_DIR": "", | |
| "IS_GLUU_FQDN_REGISTERED": "N", | |
| "LDAP_PW": "nTB5#|", | |
| "ADMIN_PW": "@4n,Js", | |
| "OXD_SERVER_PW": "n8H0NKuGTXsn", | |
| "OXD_APPLICATION_KEYSTORE_CN": "oxd-server", | |
| "OXD_ADMIN_KEYSTORE_CN": "oxd-server", | |
| "OXD_SERVER_STORAGE": "h2", | |
| "LDAP_STORAGE_SIZE": "4Gi", | |
| "OXAUTH_REPLICAS": 1, | |
| "OXTRUST_REPLICAS": 1, | |
| "LDAP_REPLICAS": 1, | |
| "FIDO2_REPLICAS": 1, | |
| "SCIM_REPLICAS": 1, | |
| "OXSHIBBOLETH_REPLICAS": 1, | |
| "OXPASSPORT_REPLICAS": 1, | |
| "OXD_SERVER_REPLICAS": 1, | |
| "CASA_REPLICAS": 1, | |
| "ENABLE_OXTRUST_API": "N", | |
| "ENABLE_OXTRUST_TEST_MODE": "N", | |
| "ENABLE_CACHE_REFRESH": "N", | |
| "ENABLE_OXD": "Y", | |
| "ENABLE_OXPASSPORT": "Y", | |
| "ENABLE_OXSHIBBOLETH": "Y", | |
| "ENABLE_FIDO2": "Y", | |
| "ENABLE_SCIM": "Y", | |
| "ENABLE_CASA": "Y", | |
| "OXAUTH_KEYS_LIFE": 48, | |
| "ENABLE_OXAUTH_KEY_ROTATE": "Y", | |
| "ENABLE_OXTRUST_API_BOOLEAN": "true", | |
| "ENABLE_OXTRUST_TEST_MODE_BOOLEAN": "false", | |
| "ENABLE_OXPASSPORT_BOOLEAN": "true", | |
| "ENABLE_CASA_BOOLEAN": "true", | |
| "ENABLE_SAML_BOOLEAN": "true", | |
| "EDIT_IMAGE_NAMES_TAGS": "N", | |
| "CONFIRM_PARAMS": "Y", | |
| "GLUU_LDAP_MULTI_CLUSTER": "N", | |
| "GLUU_INSTALL_SQL": "N", | |
| "GLUU_SQL_DB_DIALECT": "mysql", | |
| "GLUU_SQL_DB_NAMESPACE": "sql", | |
| "GLUU_SQL_DB_HOST": "gluu-mysql.sql.svc.cluster.local", | |
| "GLUU_SQL_DB_PORT": 3306, | |
| "GLUU_SQL_DB_NAME": "gluu", | |
| "GLUU_SQL_DB_USER": "gluu", | |
| "GLUU_SQL_DB_PASSWORD": "Test1234#", | |
| "GLUU_SCIM_PROTECTION_MODE": "OAUTH", | |
| "NGINX_LEGACY": "N", | |
| "SPANNER_EMULATOR_HOST": "", | |
| "CONTAINER_REGISTRY_SECRET_NAME": "regcred", | |
| "USE_CUSTOM_SALT": "N", | |
| "SALT": "", | |
| "DOCUMENT_STORE_TYPE": "DB" | |
| } | |
| EOF | |
| - name: Install microk8s | |
| run: | | |
| sudo snap install microk8s --classic | |
| sudo microk8s.status --wait-ready | |
| sudo microk8s.enable dns registry ingress helm3 | |
| sudo snap alias microk8s.kubectl kubectl | |
| sudo snap alias microk8s.helm3 helm | |
| sudo helm version | |
| - name: Install Couchbase | |
| if: ${{ matrix.persistence-backends == '"couchbase"' }} | |
| run: | | |
| cd /home/runner/work/test/ | |
| wget ${{ secrets.cbpackage }} | |
| sudo ./pygluu-kubernetes.pyz install-couchbase || { sudo rm -rf ./couchbase; sudo ./pygluu-kubernetes.pyz install-couchbase; } | |
| COUCHBASE_IP=$(sudo microk8s.kubectl get po cbgluu-0000 -n cbns --template={{.status.podIP}}) | |
| cat settings.json | sed 's/"INSTALL_COUCHBASE": "Y"/"INSTALL_COUCHBASE": "N"/g' | sed -s "[email protected]@$COUCHBASE_IP@g" > tmpfile.py && mv tmpfile.py settings.json | |
| - name: SQL | |
| if: ${{ matrix.persistence-backends == '"sql"' }} | |
| run: | | |
| cd /home/runner/work/test/ | |
| sudo microk8s config > config | |
| cat settings.json | sed 's/"INSTALL_COUCHBASE": "Y"/"INSTALL_COUCHBASE": "N"/g' | sed -s "[email protected]@$COUCHBASE_IP@g" > tmpfile.py && mv tmpfile.py settings.json | |
| cat settings.json | sed 's/"GLUU_INSTALL_SQL": "N"/"GLUU_INSTALL_SQL": "Y"/g' > tmpfile.py && mv tmpfile.py settings.json | |
| touch sqlfile | |
| # - name: PostGRE | |
| # if: ${{ matrix.persistence-backends == '"pgsql"' }} | |
| # run: | | |
| # cd /home/runner/work/test/ | |
| # cat settings.json | sed 's/"INSTALL_COUCHBASE": "Y"/"INSTALL_COUCHBASE": "N"/g' | sed -s "[email protected]@$COUCHBASE_IP@g" > tmpfile.py && mv tmpfile.py settings.json | |
| # cat settings.json | sed 's/"GLUU_INSTALL_SQL": "N"/"GLUU_INSTALL_SQL": "Y"/g' > tmpfile.py && mv tmpfile.py settings.json | |
| # cat settings.json | sed 's/"GLUU_SQL_DB_DIALECT": "mysql"/"GLUU_SQL_DB_DIALECT": "pgsql"/g' > tmpfile.py && mv tmpfile.py settings.json | |
| # cat settings.json | sed 's/"PERSISTENCE_BACKEND": "pgsql"/"PERSISTENCE_BACKEND": "sql"/g' > tmpfile.py && mv tmpfile.py settings.json | |
| # touch sqlfile | |
| - name: Test Pygluu kubernetes | |
| id: test_kubernetes | |
| run: | | |
| cd /home/runner/work/test/ | |
| INSTALL=TRUE | |
| [[ -f sqlfile && "${{ matrix.test-cases }}" == "install" ]] && INSTALL=FALSE | |
| [[ "$INSTALL" == "TRUE" ]] && sudo ./pygluu-kubernetes.pyz ${{ matrix.test-cases }} | |
| sleep 30 | |
| sudo microk8s.kubectl get po -n cbns | |
| sudo microk8s.kubectl get po -n gluu | |
| cat /home/runner/work/test/settings.json | |
| sudo kubectl -n gluu wait --for=condition=available --timeout=600s deploy/gluu-oxauth || sudo kubectl logs -l app=oxauth -c oxauth -n gluu || echo "Not Found" | |
| sudo kubectl -n gluu wait --for=condition=ready pod --timeout=300s -l statefulset.kubernetes.io/pod-name=gluu-oxtrust-0 || sudo kubectl logs -l app=oxtrust -c oxtrust -n gluu || echo "Not Found" | |
| sudo kubectl -n gluu wait --for=condition=available --timeout=300s deploy/gluu-oxd-server || sudo kubectl logs -l app=oxd-server -c oxd-server -n gluu || echo "Not Found" | |
| sudo kubectl -n gluu wait --for=condition=ready pod --timeout=300s -l statefulset.kubernetes.io/pod-name=gluu-oxshibboleth-0 || sudo kubectl logs -l app=oxshiboleth -c oxshiboleth -n gluu || echo "Not Found" | |
| sudo kubectl -n gluu wait --for=condition=available --timeout=300s deploy/gluu-casa || sudo kubectl logs -l app=casa -c casa -n gluu || echo "Not Found" | |
| sudo kubectl -n gluu wait --for=condition=available --timeout=300s deploy/gluu-oxpassport || sudo kubectl logs -l app=oxpassport -c oxpassport -n gluu || echo "Not Found" |