Implement token validation for project and port creation #112
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| unit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Install Protoc | |
| uses: arduino/setup-protoc@v3 | |
| - name: Run Unit Tests | |
| run: cargo test --lib | |
| integration: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Create k8s Kind Cluster | |
| uses: helm/[email protected] | |
| with: | |
| cluster_name: "k8scluster" | |
| - name: Build RPC | |
| run: docker build -t rpc:1.0 -f docker/dockerfile.rpc . | |
| - name: Load Docker Image | |
| run: kind load docker-image rpc:1.0 --name k8scluster | |
| - name: Build Daemon | |
| run: docker build -t daemon:1.0 -f docker/dockerfile.daemon . | |
| - name: Load Docker Image | |
| run: kind load docker-image daemon:1.0 --name k8scluster | |
| - name: Apply main manifest | |
| run: kubectl apply -f test/manifest.yaml | |
| - name: Validate | |
| env: | |
| TEST_CREDENTIAL: ${{ vars.TEST_CREDENTIAL }} | |
| run: | | |
| wget https://github.com/fullstorydev/grpcurl/releases/download/v1.9.1/grpcurl_1.9.1_linux_x86_64.tar.gz | |
| tar -zxvf ./grpcurl_1.9.1_linux_x86_64.tar.gz grpcurl | |
| echo "Waiting for kafka to be ready..." | |
| while true; do | |
| pod_status=$(kubectl get pods -n demeter-kafka -o 'jsonpath={.items[*].status.conditions[?(@.type=="Ready")].status}' | grep True) | |
| if [[ -n "$pod_status" ]]; then | |
| break | |
| else | |
| echo "Kafka is not ready yet, waiting..." | |
| sleep 5 | |
| fi | |
| done | |
| echo "$TEST_CREDENTIAL" | |
| TOKEN_RESPONSE=$(curl --verbose --request POST --url https://dev-dflg0ssi.us.auth0.com/oauth/token --header 'content-type: application/json' --data "$TEST_CREDENTIAL") | |
| echo "$TOKEN_RESPONSE" | |
| TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.access_token') | |
| echo "$TOKEN" | |
| NODE_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}') | |
| NAMESPACE=$(./grpcurl -plaintext -H "Authorization: Bearer $TOKEN" -d '{"name": "New Namespace"}' "$NODE_IP":30950 demeter.ops.v1alpha.ProjectService.CreateProject | jq -r '.namespace') | |
| ATTEMPT=1 | |
| MAX_ATTEMPT=120 | |
| echo "Checking executation" | |
| while [ $ATTEMPT -lt $MAX_ATTEMPT ]; do | |
| if kubectl get namespace "$NAMESPACE" &> /dev/null; then | |
| echo "Namespace $NAMESPACE exists." | |
| break | |
| else | |
| echo "Namespace $NAMESPACE not found. Retrying..." | |
| sleep 2 | |
| let ATTEMPT=ATTEMPT+1 | |
| fi | |
| done | |
| if [ $ATTEMPT -eq $MAX_ATTEMPT ]; then | |
| echo "Error: Namespace $NAMESPACE not found after $MAX_ATTEMPT attempts." | |
| exit 1 | |
| fi |