-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1339 from kian99/merge-v3-feature-rebac-admin
Merge v3 feature rebac admin
- Loading branch information
Showing
361 changed files
with
3,610 additions
and
2,951 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# test-server | ||
An action to create a JIMM server with real dependencies for integration test purposes. | ||
|
||
This action requires Docker to be installed to start JIMM and its related services. | ||
|
||
The action performs the following steps: | ||
- Starts JIMM's docker compose test environment. | ||
- Uses https://github.com/charmed-kubernetes/actions-operator action to start a Juju controller and connects it to JIMM. | ||
- Ensures the local Juju CLI is setup to communicate with JIMM authenticating as a test user. | ||
|
||
Use the action by adding the following to a Github workflow: | ||
|
||
```yaml | ||
integration-test: | ||
runs-on: ubuntu-latest | ||
name: Integration testing with JIMM | ||
steps: | ||
- name: Setup JIMM environment | ||
uses: canonical/[email protected] | ||
with: | ||
jimm-version: "v3.1.7" | ||
juju-channel: "3/stable" | ||
ghcr-pat: ${{ secrets.GHCR_PAT }} | ||
``` | ||
Note that it's recommended to pin the action version to the same version as `jimm-version` to ensure the action works as expected for that specific version of JIMM. | ||
|
||
For full details on the inputs see `action.yaml`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,117 @@ | ||
name: JIMM Server Setup | ||
description: "Create a JIMM environment" | ||
|
||
inputs: | ||
jimm-version: | ||
description: > | ||
JIMM version tag to use. This will decide the version of JIMM to start e.g. v3.1.7 | ||
A special tag of "dev" can be provided to use the current development version of JIMM. | ||
required: true | ||
juju-channel: | ||
description: 'Juju snap channel to pass to charmed-kubernetes/actions-operator' | ||
required: false | ||
ghcr-pat: | ||
description: > | ||
PAT Token that has package:read access to canonical/JIMM | ||
The PAT token can be left empty when building the development version of JIMM. | ||
required: true | ||
|
||
outputs: | ||
url: | ||
description: 'URL where JIMM can be reached.' | ||
value: "https://jimm.localhost" | ||
client-id: | ||
description: 'Test client ID to login to JIMM with a service account.' | ||
value: "test-client-id" | ||
client-secret: | ||
description: 'Test client Secret to login to JIMM with a service account.' | ||
value: "2M2blFbO4GX4zfggQpivQSxwWX1XGgNf" | ||
ca-cert: | ||
description: 'The CA certificate used to genereate the JIMM server cert.' | ||
value: ${{ steps.fetch-cert.outputs.jimm-ca }} | ||
|
||
runs: | ||
using: "composite" | ||
steps: | ||
- name: Login to GitHub Container Registry | ||
if: ${{ inputs.jimm-version != 'dev' }} | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ inputs.ghcr-pat }} | ||
|
||
- name: Start server based on released version | ||
if: ${{ inputs.jimm-version != 'dev' }} | ||
run: make integration-test-env | ||
shell: bash | ||
env: | ||
JIMM_VERSION: ${{ inputs.jimm-version }} | ||
|
||
- name: Start server based on development version | ||
if: ${{ inputs.jimm-version == 'dev' }} | ||
run: make dev-env | ||
shell: bash | ||
|
||
- name: Retrieve server CA cert. | ||
id: fetch-cert | ||
run: | | ||
echo 'jimm-ca<<EOF' >> $GITHUB_OUTPUT | ||
cat ./local/traefik/certs/ca.crt >> $GITHUB_OUTPUT | ||
echo 'EOF' >> $GITHUB_OUTPUT | ||
shell: bash | ||
|
||
- name: Initialise LXD | ||
run: | | ||
sudo lxd waitready && \ | ||
sudo lxd init --auto && \ | ||
sudo chmod a+wr /var/snap/lxd/common/lxd/unix.socket && \ | ||
lxc network set lxdbr0 ipv6.address none && \ | ||
sudo usermod -a -G lxd $USER | ||
shell: bash | ||
|
||
- name: Setup cloud-init script for bootstraping Juju controllers | ||
run: ./local/jimm/setup-controller.sh | ||
shell: bash | ||
env: | ||
SKIP_BOOTSTRAP: true | ||
CLOUDINIT_FILE: "cloudinit.temp.yaml" | ||
|
||
- name: Setup Juju Controller | ||
uses: charmed-kubernetes/actions-operator@main | ||
with: | ||
provider: "lxd" | ||
channel: "5.19/stable" | ||
juju-channel: ${{ inputs.juju-channel }} | ||
bootstrap-options: "--config cloudinit.temp.yaml --config login-token-refresh-url=https://jimm.localhost/.well-known/jwks.json" | ||
|
||
# As described in https://github.com/charmed-kubernetes/actions-operator grab the newly setup controller name | ||
- name: Save LXD controller name | ||
id: lxd-controller | ||
run: echo "name=$CONTROLLER_NAME" >> $GITHUB_OUTPUT | ||
shell: bash | ||
|
||
- name: Install jimmctl, jaas plugin and yq | ||
run: | | ||
sudo snap install jimmctl --channel=3/stable && \ | ||
sudo snap install jaas --channel=3/stable && | ||
sudo snap install yq | ||
shell: bash | ||
|
||
- name: Authenticate Juju CLI | ||
run: chmod -R 666 ~/.local/share/juju/*.yaml && ./local/jimm/setup-cli-auth.sh | ||
shell: bash | ||
# Below is a hardcoded JWT using the same test-secret used in JIMM's docker compose and allows the CLI to authenticate as the [email protected] user. | ||
env: | ||
JWT: ZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKSVV6STFOaUo5LmV5SnBjM01pT2lKUGJteHBibVVnU2xkVUlFSjFhV3hrWlhJaUxDSnBZWFFpT2pFM01qUXlNamcyTmpBc0ltVjRjQ0k2TXprMk5EYzFNelEyTUN3aVlYVmtJam9pYW1sdGJTSXNJbk4xWWlJNkltcHBiVzB0ZEdWemRFQmpZVzV2Ym1sallXd3VZMjl0SW4wLkpTWVhXcGF6T0FnX1VFZ2hkbjlOZkVQdWxhWWlJQVdaX3BuSmRDbnJvWEk= | ||
|
||
- name: Add LXD Juju controller to JIMM | ||
run: ./local/jimm/add-controller.sh | ||
shell: bash | ||
env: | ||
JIMM_CONTROLLER_NAME: "jimm" | ||
CONTROLLER_NAME: ${{ steps.lxd-controller.outputs.name }} | ||
|
||
- name: Provide service account with cloud-credentials | ||
run: ./local/jimm/setup-service-account.sh | ||
shell: bash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
name: Cache on default branch | ||
on: | ||
push: | ||
branches: | ||
- v3 | ||
- "feature*" | ||
|
||
jobs: | ||
go_cache: | ||
name: Cache Go Dependencies and Build/Lint Artifacts | ||
runs-on: ubuntu-22.04 | ||
timeout-minutes: 15 | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-tags: true | ||
fetch-depth: 0 | ||
|
||
- name: Setup Go | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version-file: 'go.mod' | ||
|
||
- name: Build | ||
run: go build ./... | ||
|
||
- name: Run Golangci-lint | ||
uses: golangci/golangci-lint-action@v6 | ||
with: | ||
args: --timeout 30m --verbose | ||
version: v1.60 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
name: golangci-lint | ||
on: | ||
pull_request: | ||
|
||
permissions: | ||
contents: read | ||
checks: write # Optional: allow write access to checks to allow the action to annotate code in the PR. | ||
|
||
jobs: | ||
golangci: | ||
name: Lint | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
|
||
- name: Setup Go | ||
uses: actions/setup-go@v5 | ||
with: | ||
go-version: stable | ||
|
||
- name: Run Golangci-lint | ||
uses: golangci/golangci-lint-action@v6 | ||
with: | ||
args: --timeout 30m --verbose | ||
version: v1.60 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
name: Integration Test | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
jimm-version: | ||
description: > | ||
JIMM version tag to use. This will decide the version of JIMM to start e.g. v3.1.7. | ||
View all available versions at https://github.com/canonical/jimm/pkgs/container/jimm. | ||
required: true | ||
pull_request: | ||
|
||
jobs: | ||
startjimm: | ||
name: Test JIMM with Juju controller | ||
runs-on: ubuntu-22.04 | ||
steps: | ||
- name: Checkout JIMM repo | ||
uses: actions/checkout@v4 | ||
|
||
- name: Setup Go | ||
if: ${{ github.event_name == 'pull_request' }} | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version-file: 'go.mod' | ||
|
||
- name: Go vendor to speed up docker build | ||
if: ${{ github.event_name == 'pull_request' }} | ||
run: go mod vendor | ||
|
||
- name: Start JIMM (pull request) | ||
if: ${{ github.event_name == 'pull_request' }} | ||
uses: ./.github/actions/test-server | ||
with: | ||
jimm-version: dev | ||
juju-channel: "3/stable" | ||
ghcr-pat: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Start JIMM (manual run) | ||
if: ${{ github.event_name == 'workflow_dispatch' }} | ||
uses: ./.github/actions/test-server | ||
with: | ||
jimm-version: ${{ inputs.jimm-version }} | ||
juju-channel: "3/stable" | ||
ghcr-pat: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Create a model, deploy an application and run juju status | ||
run: | | ||
juju add-model foo && \ | ||
juju deploy haproxy && \ | ||
sleep 5 && \ | ||
juju status |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.