Merge pull request #6 from italiangrid/suspended-user

Add test for suspended user
italiangrid · Jun 3, 2024 · 90ed650 · 90ed650
2 parents 660690a + 3153037
commit 90ed650
Show file tree

Hide file tree

Showing 6 changed files with 129 additions and 4 deletions.
diff --git a/.github/workflows/iam-dev.ci.yml b/.github/workflows/iam-dev.ci.yml
@@ -0,0 +1,97 @@
+name: run testsuite against iam-dev
+
+on:
+  push
+
+jobs:
+
+  run-testsuite:
+    name: Run VOMS robot testsuite against iam-dev
+
+    strategy:
+      matrix:
+        client: [7-beta, 7-stable, 9-beta]
+
+    runs-on: ubuntu-latest
+    continue-on-error: true
+
+    env:
+      ROBOT_OPTIONS: --variable vo1:test.vo --variable vo1_host:voms-dev.cloud.cnaf.infn.it --variable vo1_issuer:'/DC=org/DC=terena/DC=tcs/C=IT/ST=Roma/O=Istituto Nazionale di Fisica Nucleare/CN=voms-dev.cloud.cnaf.infn.it' --variable vo1_is_voms_aa:True --variable vo2:vo.1 --variable vo2_host:voms.test.example --variable vo2_issuer:/C=IT/O=IGI/CN=*.test.example --exclude issue-723 --exclude issue-724 --exclude issue-726
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Provide trustanchors
+      run: docker compose --file docker-compose.ci.yml up trust
+      working-directory: compose
+
+    - name: Start compose
+      run: docker compose --file docker-compose.ci.yml up --detach db voms testsuite
+      working-directory: compose
+      env:
+        TS_IMAGE: italiangrid/voms-testsuite:centos${{ matrix.client }}
+        VOMS_IMAGE: italiangrid/voms:centos7-stable
+
+    - name: Deploy db and voms
+      run: |
+        docker compose --file docker-compose.ci.yml exec -T --workdir /scripts db bash /scripts/populate-db.sh
+        docker compose --file docker-compose.ci.yml exec -T --workdir /scripts voms bash /scripts/setup-and-start-voms.sh
+      working-directory: compose
+
+    - name: Create artifacts dir
+      if: ${{ always() }}
+      run: |
+        ARTIFACTS_PATH=${HOME}/artifacts
+        echo ARTIFACTS_PATH: ${ARTIFACTS_PATH}
+        # save it in the job environment
+        echo "ARTIFACTS_PATH=${ARTIFACTS_PATH}" >> ${GITHUB_ENV}
+        mkdir -p ${ARTIFACTS_PATH}/logs ${ARTIFACTS_PATH}/java ${ARTIFACTS_PATH}/cpp
+
+    - name: Enable legacy OpenSSL crypto policies on EL9
+      if: matrix.client == '9-beta'
+      run: docker compose --file docker-compose.ci.yml exec -T testsuite bash -c "sudo update-crypto-policies --set LEGACY"
+      working-directory: compose
+
+    - name: Run testsuite for java clients
+      run: docker compose --file docker-compose.ci.yml exec -T -e ROBOT_OPTIONS="${ROBOT_OPTIONS}" testsuite bash /scripts/ci-run-testsuite.sh
+      working-directory: compose
+      continue-on-error: true
+
+    - name: Collect test report for java clients
+      if: ${{ always() }}
+      run: |
+        docker compose --file docker-compose.ci.yml cp testsuite:/tmp/reports ${ARTIFACTS_PATH}/java
+        docker compose --file docker-compose.ci.yml exec -T testsuite rm -rf /tmp/reports
+      working-directory: compose
+
+    - name: Run testsuite for cpp clients
+      run: |
+        docker compose --file docker-compose.ci.yml exec -T -u root testsuite bash -c "update-alternatives --set voms-proxy-init /usr/bin/voms-proxy-init2; update-alternatives --set voms-proxy-info /usr/bin/voms-proxy-info2; update-alternatives --set voms-proxy-destroy /usr/bin/voms-proxy-destroy2"
+        docker compose --file docker-compose.ci.yml exec -T -e ROBOT_OPTIONS="${ROBOT_OPTIONS}" testsuite bash /scripts/ci-run-testsuite.sh --variable client_version:2 --include legacy
+      working-directory: compose
+      continue-on-error: true
+
+    - name: Collect test report for cpp clients
+      if: ${{ always() }}
+      run: docker compose --file docker-compose.ci.yml cp testsuite:/tmp/reports ${ARTIFACTS_PATH}/cpp
+      working-directory: compose
+
+    - name: Collect logs
+      if: ${{ always() }}
+      run: |
+        docker compose --file docker-compose.ci.yml logs --no-color testsuite > ${ARTIFACTS_PATH}/logs/testsuite.log
+        docker compose --file docker-compose.ci.yml logs --no-color voms > ${ARTIFACTS_PATH}/logs/voms.log
+      working-directory: compose
+
+    - name: Stop compose
+      if: ${{ always() }}
+      run: docker compose --file docker-compose.ci.yml down --volumes
+      working-directory: compose
+
+    - name: Upload artifacts
+      if: ${{ always() }}
+      uses: actions/upload-artifact@v4
+      with:
+        name: test-report-and-logs_${{ matrix.client }}_voms-aa
+        path: ${{ env.ARTIFACTS_PATH }}
diff --git a/README.md b/README.md
@@ -24,6 +24,8 @@ Use the `italiangrid/voms-testsuite` docker image to run the testsuite.
 | `vo2_issuer`   | VOMS subject DN for the second VO  | DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=vgrid02.cnaf.infn.it  |
 | `vo1_legacy_fqan_enabled`     | Encode FQANs released by first VO as per legacy VOMS | True                                                                                             |
 | `vo2_legacy_fqan_enabled`     | Encode FQANs released by second VO as per legacy VOMS | True                                                                                             |
+| `vo1_is_voms_aa`     | First VO is served by a voms-aa server | False                                                                                             |
+| `vo2_is_voms_aa`     | Second VO is served by a voms-aa server | False                                                                                             |
 
 For other parameters, see the [variables file](./lib/variables.robot).
 

diff --git a/compose/assets/db/dump-voms_vo_0.sql b/compose/assets/db/dump-voms_vo_0.sql
@@ -331,7 +331,11 @@ CREATE TABLE `certificate` (
 
 LOCK TABLES `certificate` WRITE;
 /*!40000 ALTER TABLE `certificate` DISABLE KEYS */;
-INSERT INTO `certificate` VALUES (1,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=test0','\0',NULL,NULL,1,1),(2,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=test1','\0',NULL,NULL,1,2),(3,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=(Parenthesis)','\0',NULL,NULL,1,3);
+INSERT INTO `certificate` VALUES 
+  (1,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=test0','\0',NULL,NULL,1,1),
+  (2,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=test1','\0',NULL,NULL,1,2),
+  (3,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=(Parenthesis)','\0',NULL,NULL,1,3),
+  (4,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=test2','\1',NULL,NULL,1,4);
 /*!40000 ALTER TABLE `certificate` ENABLE KEYS */;
 UNLOCK TABLES;
 
@@ -1086,7 +1090,11 @@ CREATE TABLE `usr` (
 
 LOCK TABLES `usr` WRITE;
 /*!40000 ALTER TABLE `usr` DISABLE KEYS */;
-INSERT INTO `usr` VALUES (1,NULL,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=test0','[email protected]','2023-12-29 15:55:35',NULL,NULL,NULL,NULL,NULL,'\0',NULL,NULL,NULL),(2,NULL,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=test1','[email protected]','2023-12-29 15:55:35',NULL,NULL,NULL,NULL,NULL,'\0',NULL,NULL,NULL),(3,NULL,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=(Parenthesis)','[email protected]','2023-12-29 15:55:35',NULL,NULL,NULL,NULL,NULL,'\0',NULL,NULL,NULL);
+INSERT INTO `usr` VALUES 
+  (1,NULL,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=test0','[email protected]','2023-12-29 15:55:35',NULL,NULL,NULL,NULL,NULL,'\0',NULL,NULL,NULL),
+  (2,NULL,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=test1','[email protected]','2023-12-29 15:55:35',NULL,NULL,NULL,NULL,NULL,'\0',NULL,NULL,NULL),
+  (3,NULL,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=(Parenthesis)','(Parenthesis)@cnaf.infn.it','2023-12-29 15:55:35',NULL,NULL,NULL,NULL,NULL,'\0',NULL,NULL,NULL),
+  (4,NULL,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=test2','[email protected]','2023-12-29 15:55:35',NULL,NULL,NULL,NULL,NULL,'\1',NULL,NULL,NULL);
 /*!40000 ALTER TABLE `usr` ENABLE KEYS */;
 UNLOCK TABLES;
 

diff --git a/compose/assets/db/dump-voms_vo_1.sql b/compose/assets/db/dump-voms_vo_1.sql
@@ -331,7 +331,11 @@ CREATE TABLE `certificate` (
 
 LOCK TABLES `certificate` WRITE;
 /*!40000 ALTER TABLE `certificate` DISABLE KEYS */;
-INSERT INTO `certificate` VALUES (1,'2022-12-29 15:55:43','/C=IT/O=IGI/CN=test0','\0',NULL,NULL,1,1),(2,'2022-12-29 15:55:44','/C=IT/O=IGI/CN=test1','\0',NULL,NULL,1,2),(3,'2022-12-29 15:55:44','/C=IT/O=IGI/CN=(Parenthesis)','\0',NULL,NULL,1,3);
+INSERT INTO `certificate` VALUES 
+  (1,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=test0','\0',NULL,NULL,1,1),
+  (2,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=test1','\0',NULL,NULL,1,2),
+  (3,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=(Parenthesis)','\0',NULL,NULL,1,3),
+  (4,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=test2','\1',NULL,NULL,1,4);
 /*!40000 ALTER TABLE `certificate` ENABLE KEYS */;
 UNLOCK TABLES;
 
@@ -1086,7 +1090,11 @@ CREATE TABLE `usr` (
 
 LOCK TABLES `usr` WRITE;
 /*!40000 ALTER TABLE `usr` DISABLE KEYS */;
-INSERT INTO `usr` VALUES (1,NULL,'2022-12-29 15:55:43','/C=IT/O=IGI/CN=test0','[email protected]','2023-12-29 15:55:43',NULL,NULL,NULL,NULL,NULL,'\0',NULL,NULL,NULL),(2,NULL,'2022-12-29 15:55:44','/C=IT/O=IGI/CN=test1','[email protected]','2023-12-29 15:55:44',NULL,NULL,NULL,NULL,NULL,'\0',NULL,NULL,NULL),(3,NULL,'2022-12-29 15:55:44','/C=IT/O=IGI/CN=(Parenthesis)','[email protected]','2023-12-29 15:55:44',NULL,NULL,NULL,NULL,NULL,'\0',NULL,NULL,NULL);
+INSERT INTO `usr` VALUES 
+  (1,NULL,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=test0','[email protected]','2023-12-29 15:55:35',NULL,NULL,NULL,NULL,NULL,'\0',NULL,NULL,NULL),
+  (2,NULL,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=test1','[email protected]','2023-12-29 15:55:35',NULL,NULL,NULL,NULL,NULL,'\0',NULL,NULL,NULL),
+  (3,NULL,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=(Parenthesis)','(Parenthesis)@cnaf.infn.it','2023-12-29 15:55:35',NULL,NULL,NULL,NULL,NULL,'\0',NULL,NULL,NULL),
+  (4,NULL,'2022-12-29 15:55:35','/C=IT/O=IGI/CN=test2','[email protected]','2023-12-29 15:55:35',NULL,NULL,NULL,NULL,NULL,'\1',NULL,NULL,NULL);
 /*!40000 ALTER TABLE `usr` ENABLE KEYS */;
 UNLOCK TABLES;
 

diff --git a/lib/variables.robot b/lib/variables.robot
@@ -12,6 +12,8 @@ ${vo2_issuer}  /DC=org/DC=terena/DC=tcs/C=IT/ST=Roma/O=Istituto Nazionale di Fis
 ${vo1_legacy_fqan_enabled}   True
 ${vo2_legacy_fqan_enabled}   True
 ${vo1CorePort}  15001
+${vo1_is_voms_aa}   False
+${vo2_is_voms_aa}   False
 
 ${myproxy_server}  omii001.cnaf.infn.it
 ${myProxyPassPhrase}   123456

diff --git a/tests/clients/init/errors.robot b/tests/clients/init/errors.robot
@@ -204,3 +204,11 @@ See if voms-proxy-init -pwstdin fails correctly when no password is provided
     Should contain  ${output}  No credentials found!
   END
   [Teardown]  Stop using certificate
+
+See if suspended users can get a proxy
+  [Tags]  legacy
+  [Setup]  Use certificate  test2
+  ${output}  Create proxy failure  -voms ${vo1}
+  ${expected}  Set Variable If  ${vo1_is_voms_aa}  is not active.  User is currently suspended!
+  Should Contain   ${output}  ${expected}
+  [Teardown]  Stop using certificate