Merge pull request #7 from italiangrid/voms-aa-compose

Run VOMS robot testsuite also against local VOMS-AA
italiangrid · May 20, 2024 · 86a4ede · 86a4ede
2 parents f029611 + bd22cb7
commit 86a4ede
Show file tree

Hide file tree

Showing 20 changed files with 2,896 additions and 114 deletions.
diff --git a/.github/workflows/iam-dev.ci.yml b/.github/workflows/iam-dev.ci.yml
diff --git a/.github/workflows/voms-aa.ci.yml b/.github/workflows/voms-aa.ci.yml
@@ -0,0 +1,184 @@
+name: run testsuite against VOMS-AA
+
+on:
+  push
+
+jobs:
+
+  run-testsuite-prod-vomsaa:
+    name: Run VOMS robot testsuite against iam-dev
+
+    strategy:
+      matrix:
+        client: [7-beta, 7-stable, 9-beta]
+
+    runs-on: ubuntu-latest
+    continue-on-error: true
+
+    env:
+      ROBOT_OPTIONS: --variable vo1:test.vo --variable vo1_host:voms-dev.cloud.cnaf.infn.it --variable vo1_issuer:'/DC=org/DC=terena/DC=tcs/C=IT/ST=Roma/O=Istituto Nazionale di Fisica Nucleare/CN=voms-dev.cloud.cnaf.infn.it' --variable vo2:vo.1 --variable vo2_host:voms.test.example --variable vo2_issuer:/C=IT/O=IGI/CN=*.test.example --exclude issue-723 --exclude issue-724 --exclude issue-726
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Provide trustanchors
+      run: docker compose --file docker-compose.ci.yml up trust
+      working-directory: compose
+
+    - name: Start compose
+      run: docker compose --file docker-compose.ci.yml up --detach db voms testsuite
+      working-directory: compose
+      env:
+        TS_IMAGE: italiangrid/voms-testsuite:centos${{ matrix.client }}
+        VOMS_IMAGE: italiangrid/voms:centos7-stable
+
+    - name: Deploy db and voms
+      run: |
+        docker compose --file docker-compose.ci.yml exec -T --workdir /scripts db bash /scripts/populate-db.sh
+        docker compose --file docker-compose.ci.yml exec -T --workdir /scripts voms bash /scripts/setup-and-start-voms.sh
+      working-directory: compose
+
+    - name: Create artifacts dir
+      if: ${{ always() }}
+      run: |
+        ARTIFACTS_PATH=${HOME}/artifacts
+        echo ARTIFACTS_PATH: ${ARTIFACTS_PATH}
+        # save it in the job environment
+        echo "ARTIFACTS_PATH=${ARTIFACTS_PATH}" >> ${GITHUB_ENV}
+        mkdir -p ${ARTIFACTS_PATH}/logs ${ARTIFACTS_PATH}/java ${ARTIFACTS_PATH}/cpp
+
+    - name: Enable legacy OpenSSL crypto policies on EL9
+      if: matrix.client == '9-beta'
+      run: docker compose --file docker-compose.ci.yml exec -T testsuite bash -c "sudo update-crypto-policies --set LEGACY"
+      working-directory: compose
+
+    - name: Run testsuite for java clients
+      run: docker compose --file docker-compose.ci.yml exec -T -e ROBOT_OPTIONS="${ROBOT_OPTIONS}" testsuite bash /scripts/ci-run-testsuite.sh
+      working-directory: compose
+      continue-on-error: true
+
+    - name: Collect test report for java clients
+      if: ${{ always() }}
+      run: |
+        docker compose --file docker-compose.ci.yml cp testsuite:/tmp/reports ${ARTIFACTS_PATH}/java
+        docker compose --file docker-compose.ci.yml exec -T testsuite rm -rf /tmp/reports
+      working-directory: compose
+
+    - name: Run testsuite for cpp clients
+      run: |
+        docker compose --file docker-compose.ci.yml exec -T -u root testsuite bash -c "update-alternatives --set voms-proxy-init /usr/bin/voms-proxy-init2; update-alternatives --set voms-proxy-info /usr/bin/voms-proxy-info2; update-alternatives --set voms-proxy-destroy /usr/bin/voms-proxy-destroy2"
+        docker compose --file docker-compose.ci.yml exec -T -e ROBOT_OPTIONS="${ROBOT_OPTIONS}" testsuite bash /scripts/ci-run-testsuite.sh --variable client_version:2 --include legacy
+      working-directory: compose
+      continue-on-error: true
+
+    - name: Collect test report for cpp clients
+      if: ${{ always() }}
+      run: docker compose --file docker-compose.ci.yml cp testsuite:/tmp/reports ${ARTIFACTS_PATH}/cpp
+      working-directory: compose
+
+    - name: Collect logs
+      if: ${{ always() }}
+      run: |
+        docker compose --file docker-compose.ci.yml logs --no-color testsuite > ${ARTIFACTS_PATH}/logs/testsuite.log
+        docker compose --file docker-compose.ci.yml logs --no-color voms > ${ARTIFACTS_PATH}/logs/voms.log
+      working-directory: compose
+
+    - name: Stop compose
+      if: ${{ always() }}
+      run: docker compose --file docker-compose.ci.yml down --volumes
+      working-directory: compose
+
+    - name: Upload artifacts
+      if: ${{ always() }}
+      uses: actions/upload-artifact@v4
+      with:
+        name: test-report-and-logs_${{ matrix.client }}_voms-aa_dev
+        path: ${{ env.ARTIFACTS_PATH }}
+
+  run-testsuite-local-vomsaa:
+    name: Run VOMS robot testsuite against local VOMS-AA
+
+    strategy:
+      matrix:
+        client: [7-beta, 7-stable, 9-beta]
+
+    runs-on: ubuntu-latest
+    continue-on-error: true
+
+    env:
+      ROBOT_OPTIONS: --variable vo1:vo.2 --variable vo1_host:voms-aa.test.example --variable vo1_issuer:'/C=IT/O=IGI/CN=*.test.example' --variable vo2:vo.1 --variable vo2_host:voms.test.example --variable vo2_issuer:'/C=IT/O=IGI/CN=*.test.example' --exclude issue-723 --exclude issue-724 --exclude issue-726
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Start compose
+      run: docker compose --file docker-compose.ci.yml up --detach
+      working-directory: compose
+      env:
+        TS_IMAGE: italiangrid/voms-testsuite:centos${{ matrix.client }}
+        VOMS_IMAGE: italiangrid/voms:centos7-stable
+
+    - name: Deploy db and voms
+      run: |
+        docker compose --file docker-compose.ci.yml exec -T --workdir /scripts db bash /scripts/populate-db.sh
+        docker compose --file docker-compose.ci.yml exec -T --workdir /scripts voms bash /scripts/setup-and-start-voms.sh
+      working-directory: compose
+
+    - name: Create artifacts dir
+      if: ${{ always() }}
+      run: |
+        ARTIFACTS_PATH=${HOME}/artifacts
+        echo ARTIFACTS_PATH: ${ARTIFACTS_PATH}
+        # save it in the job environment
+        echo "ARTIFACTS_PATH=${ARTIFACTS_PATH}" >> ${GITHUB_ENV}
+        mkdir -p ${ARTIFACTS_PATH}/logs ${ARTIFACTS_PATH}/java ${ARTIFACTS_PATH}/cpp
+      
+    - name: Enable legacy OpenSSL crypto policies on EL9
+      if: matrix.client == '9-beta'
+      run: docker compose --file docker-compose.ci.yml exec -T testsuite bash -c "sudo update-crypto-policies --set LEGACY"
+      working-directory: compose
+
+    - name: Run testsuite for java clients
+      run: docker compose --file docker-compose.ci.yml exec -T -e ROBOT_OPTIONS="${ROBOT_OPTIONS}" testsuite bash /scripts/ci-run-testsuite.sh
+      working-directory: compose
+      continue-on-error: true
+
+    - name: Collect test report for java clients
+      if: ${{ always() }}
+      run: |
+        docker compose --file docker-compose.ci.yml cp testsuite:/tmp/reports ${ARTIFACTS_PATH}/java
+        docker compose --file docker-compose.ci.yml exec -T testsuite rm -rf /tmp/reports
+      working-directory: compose
+
+    - name: Run testsuite for cpp clients
+      run: |
+        docker compose --file docker-compose.ci.yml exec -T -u root testsuite bash -c "update-alternatives --set voms-proxy-init /usr/bin/voms-proxy-init2; update-alternatives --set voms-proxy-info /usr/bin/voms-proxy-info2; update-alternatives --set voms-proxy-destroy /usr/bin/voms-proxy-destroy2"
+        docker compose --file docker-compose.ci.yml exec -T -e ROBOT_OPTIONS="${ROBOT_OPTIONS}" testsuite bash /scripts/ci-run-testsuite.sh --variable client_version:2 --include legacy
+      working-directory: compose
+      continue-on-error: true
+
+    - name: Collect test report for cpp clients
+      if: ${{ always() }}
+      run: docker compose --file docker-compose.ci.yml cp testsuite:/tmp/reports ${ARTIFACTS_PATH}/cpp
+      working-directory: compose
+
+    - name: Collect logs
+      if: ${{ always() }}
+      run: |
+        docker compose --file docker-compose.ci.yml logs --no-color testsuite > ${ARTIFACTS_PATH}/logs/testsuite.log
+        docker compose --file docker-compose.ci.yml logs --no-color voms > ${ARTIFACTS_PATH}/logs/voms.log
+      working-directory: compose
+
+    - name: Stop compose
+      if: ${{ always() }}
+      run: docker compose --file docker-compose.ci.yml down --volumes
+      working-directory: compose
+
+    - name: Upload artifacts
+      if: ${{ always() }}
+      uses: actions/upload-artifact@v4
+      with:
+        name: test-report-and-logs_${{ matrix.client }}_voms-aa_local
+        path: ${{ env.ARTIFACTS_PATH }}
diff --git a/README.md b/README.md
@@ -68,32 +68,35 @@ $ export ROBOT_OPTIONS="--variable vo1:vo.0 --variable vo1_host:voms.test.exampl
 $ docker compose --file docker-compose.ci.yml exec -T -e ROBOT_OPTIONS="${ROBOT_OPTIONS}" testsuite bash /scripts/ci-run-testsuite.sh
 ```
 
-#### Tests using the VOMS-AA microservice
+#### Tests using local VOMS-AA microservice
 
-Start the trustanchor job with
+Start all services with
 
 ```
 $ cd compose
-$ docker compose --file docker-compose.ci.yml up trust
-trust_1      | + FETCH_CRL_TIMEOUT_SECS=5
-trust_1      | + [[ -z 1 ]]
-trust_1      | + fetch-crl --verbose -T 5
-trust_1      | VERBOSE(1) Initializing trust anchor AC-GRID-FR-Personnels
-trust_1      | VERBOSE(1) Initializing trust anchor AC-GRID-FR-Robots
-...
-voms-testsuite_trust_1 exited with code 0
+$ docker compose --file docker-compose.ci.yml up -d
+[+] Running 9/9
+ ⠿ Network voms-testsuite_default           Created     0.1s
+ ⠿ Volume "voms-testsuite_cabundle"         Created     0.0s
+ ⠿ Volume "voms-testsuite_trustanchors"     Created     0.0s
+ ⠿ Container voms-testsuite-trust-1         Started     1.6s
+ ⠿ Container db                             Started     1.4s
+ ⠿ Container voms-testsuite-testsuite-1     Started     1.6s
+ ⠿ Container voms-testsuite-voms-1          Started     1.4s
+ ⠿ Container voms-testsuite-vomsaa-1        Started     2.2s
+ ⠿ Container voms-testsuite-ngx-1           Started     44.7s
 ```
 
-Start the testsuite container
+Populate the VOMS-AA db with a dbdump for testing (it is a shared db with the VOMS one, that will be populated as well)
 
 ```
-$ docker compose --file docker-compose.ci.yml up --detach testsuite
+$ docker compose --file docker-compose.ci.yml exec -T --workdir /scripts db bash /scripts/populate-db.sh
 ```
 
 Run the testsuite. Some variables will be overridden using the `ROBOT_OPTIONS` environment variable
 
 ```
-$ export ROBOT_OPTIONS="--variable vo1:test.vo --variable vo1_host:voms-dev.cloud.cnaf.infn.it --variable vo1_issuer:'/DC=org/DC=terena/DC=tcs/C=IT/ST=Roma/O=Istituto Nazionale di Fisica Nucleare/CN=voms-dev.cloud.cnaf.infn.it' --variable vo1_legacy_fqan_enabled:False --variable vo2:vo.1 --variable vo2_host:voms.test.example --variable vo2_issuer:/C=IT/O=IGI/CN=*.test.example"
+$ export ROBOT_OPTIONS="--variable vo1:vo.2 --variable vo1_host:voms-aa.test.example --variable vo1_issuer:/C=IT/O=IGI/CN=*.test.example --variable --variable vo2:vo.1 --variable vo2_host:voms.test.example --variable vo2_issuer:/C=IT/O=IGI/CN=*.test.example"
 $ docker compose --file docker-compose.ci.yml exec -T -e ROBOT_OPTIONS="${ROBOT_OPTIONS}" testsuite bash /scripts/ci-run-testsuite.sh
 ```
 

diff --git a/compose/.env b/compose/.env
@@ -1,4 +1,8 @@
 COMPOSE_PROJECT_NAME=voms-testsuite
 TS_IMAGE=italiangrid/voms-testsuite:centos7-stable
 VOMS_IMAGE=italiangrid/voms:latest
-VOMS_ADMIN_IMAGE=italiangrid/voms-admin:latest
+VOMS_ADMIN_IMAGE=italiangrid/voms-admin:latest
+NGINX_IMAGE=baltig.infn.it:4567/cnafsd/ngx_http_voms_module/nginx-httpg-voms
+NGINX_IMAGE_TAG=latest
+VOMS_AA_IMAGE=indigoiam/voms-aa-bp
+VOMS_AA_IMAGE_TAG=v1.8.3