Skip to content

Commit

Permalink
Migrate OIDC client Tests (#107)
Browse files Browse the repository at this point in the history 
* Migrate OIDC client Tests

* update tests to get client_creds

* fix client_creds test

* update conftest.py marker code

* fix centralized_auth tests

* Update shared_integration_tests.yaml

* changes for OIDC

* Update shared_integration_tests.yaml

* Changes for jenkins-client-tester

* Changes for removing client info files

* Update gen3_admin_tasks.py

---------

Co-authored-by: Krishna Agarwal <[email protected]>
Co-authored-by: Krishna Agarwal <[email protected]>
  • Loading branch information
@atharvar28 @krishnaa05
3 people authored Sep 6, 2024
1 parent d2e5168 commit eb550c5
Show file tree
Hide file tree
Showing 35 changed files with 578 additions and 125 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/shared_integration_tests.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,7 @@ jobs:
continue-on-error: true # if this fails, we still need to run clean-up steps
run: |
mkdir output
poetry run pytest -n auto -m "not wip and ${{ inputs.SERVICE_TO_TEST }}" --alluredir allure-results --no-header --dist loadscope ${{ env.TEST_LABEL }}
poetry run pytest -n auto -m "${{ inputs.SERVICE_TO_TEST }} and not wip" --alluredir allure-results --no-header --dist loadscope ${{ env.TEST_LABEL }}
- name: Run tests
id: run_tests
Expand Down
170 changes: 158 additions & 12 deletions .secrets.baseline
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,143 @@
}
],
"results": {
"gen3-integration-tests/test_data/fence_clients/client_rotate_creds.txt": [
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/client_rotate_creds.txt",
"hashed_secret": "53709eebcf139fb2ca486c04f065070e321c102a",
"is_verified": false,
"line_number": 1
},
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/client_rotate_creds.txt",
"hashed_secret": "fd145b883f4f94e6baad59399cc542f7ac49a5d8",
"is_verified": false,
"line_number": 1
}
],
"gen3-integration-tests/test_data/fence_clients/clients_creds.txt": [
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/clients_creds.txt",
"hashed_secret": "17b898c11407d972798982c364c70dd03bd0fb62",
"is_verified": false,
"line_number": 1
},
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/clients_creds.txt",
"hashed_secret": "ab3e0294932fe7abad9fb58c3e41758b90e70595",
"is_verified": false,
"line_number": 1
},
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/clients_creds.txt",
"hashed_secret": "ff0f231c5344e69d56e1e554b623949911279ca6",
"is_verified": false,
"line_number": 2
},
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/clients_creds.txt",
"hashed_secret": "01662b9143b84b0eaae23336237cde7bf39ab042",
"is_verified": false,
"line_number": 3
},
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/clients_creds.txt",
"hashed_secret": "f1cce78768a849beac11d93ec43ba565e819c0da",
"is_verified": false,
"line_number": 3
},
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/clients_creds.txt",
"hashed_secret": "95c46bac73679ff696a2843f65df7964cdce78ab",
"is_verified": false,
"line_number": 4
},
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/clients_creds.txt",
"hashed_secret": "a73f004e3889b1342751d4670b09dc15cfc51327",
"is_verified": false,
"line_number": 4
},
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/clients_creds.txt",
"hashed_secret": "6014178b480b477133815cca5276dc03361d9310",
"is_verified": false,
"line_number": 5
},
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/clients_creds.txt",
"hashed_secret": "7c9aa25179da69db33502af670476fc20182093c",
"is_verified": false,
"line_number": 5
},
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/clients_creds.txt",
"hashed_secret": "c4cd1dd1f8cd6186c0ed46bc29a784c7ec26b2c9",
"is_verified": false,
"line_number": 6
},
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/clients_creds.txt",
"hashed_secret": "d8edfaea81724f5a10855691d92f61de66280269",
"is_verified": false,
"line_number": 6
},
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/clients_creds.txt",
"hashed_secret": "9ed12c9978fcc9cebc65cd1fc5ef366de62c9734",
"is_verified": false,
"line_number": 7
},
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/clients_creds.txt",
"hashed_secret": "e37ec01ad0109eec802dfbd617e162080c835316",
"is_verified": false,
"line_number": 7
},
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/clients_creds.txt",
"hashed_secret": "3c4d365b05bba7dca96ef316a7596fa01b108abf",
"is_verified": false,
"line_number": 8
},
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/clients_creds.txt",
"hashed_secret": "9212e6bd53da0a2bcb0a41119ee2378d9b0d3e2c",
"is_verified": false,
"line_number": 8
},
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/clients_creds.txt",
"hashed_secret": "089f848c95240e6ec6b14a4da935253a00555a99",
"is_verified": false,
"line_number": 9
},
{
"type": "Base64 High Entropy String",
"filename": "gen3-integration-tests/test_data/fence_clients/clients_creds.txt",
"hashed_secret": "57be9b25b765c9c7b16c05481e1d05885eff83a8",
"is_verified": false,
"line_number": 9
}
],
"gen3-integration-tests/test_data/study_registration/study.json": [
{
"type": "Hex High Entropy String",
Expand Down Expand Up @@ -154,87 +291,87 @@
"filename": "gen3-integration-tests/tests/test_centralized_auth.py",
"hashed_secret": "62bd0c4d3a6b445b13212d23500a7f0916757c3e",
"is_verified": false,
"line_number": 30,
"line_number": 29,
"is_secret": false
},
{
"type": "Hex High Entropy String",
"filename": "gen3-integration-tests/tests/test_centralized_auth.py",
"hashed_secret": "e1fa8c0685ac2b51db97b7bd00b9afa63489d30c",
"is_verified": false,
"line_number": 37,
"line_number": 36,
"is_secret": false
},
{
"type": "Hex High Entropy String",
"filename": "gen3-integration-tests/tests/test_centralized_auth.py",
"hashed_secret": "faad2c1400e2071d0b52a70589e6a69e960a8f66",
"is_verified": false,
"line_number": 44,
"line_number": 43,
"is_secret": false
},
{
"type": "Hex High Entropy String",
"filename": "gen3-integration-tests/tests/test_centralized_auth.py",
"hashed_secret": "e9728a38017dc43b9240cc2a554bbc85c4951ac9",
"is_verified": false,
"line_number": 54,
"line_number": 53,
"is_secret": false
},
{
"type": "Hex High Entropy String",
"filename": "gen3-integration-tests/tests/test_centralized_auth.py",
"hashed_secret": "c9db8b43a10ab86e1ff61c6639f7d12ec42538ba",
"is_verified": false,
"line_number": 64,
"line_number": 63,
"is_secret": false
},
{
"type": "Hex High Entropy String",
"filename": "gen3-integration-tests/tests/test_centralized_auth.py",
"hashed_secret": "784c6e9de4ecdc99633fd8df4bb46d1a547cce47",
"is_verified": false,
"line_number": 74,
"line_number": 73,
"is_secret": false
},
{
"type": "Hex High Entropy String",
"filename": "gen3-integration-tests/tests/test_centralized_auth.py",
"hashed_secret": "e0023bf0f573f727496fa24af0c1d26f05b23fc8",
"is_verified": false,
"line_number": 84,
"line_number": 83,
"is_secret": false
},
{
"type": "Hex High Entropy String",
"filename": "gen3-integration-tests/tests/test_centralized_auth.py",
"hashed_secret": "191e56b8fb18e2008781d6953cbb73be28ce66e7",
"is_verified": false,
"line_number": 96,
"line_number": 95,
"is_secret": false
},
{
"type": "Hex High Entropy String",
"filename": "gen3-integration-tests/tests/test_centralized_auth.py",
"hashed_secret": "7c3be26a466754059b7c75e8b459a4ade9c2117f",
"is_verified": false,
"line_number": 103,
"line_number": 102,
"is_secret": false
},
{
"type": "Hex High Entropy String",
"filename": "gen3-integration-tests/tests/test_centralized_auth.py",
"hashed_secret": "e19559ed661532682397daed1651e91321c4c8c4",
"is_verified": false,
"line_number": 113,
"line_number": 112,
"is_secret": false
},
{
"type": "Hex High Entropy String",
"filename": "gen3-integration-tests/tests/test_centralized_auth.py",
"hashed_secret": "9ec16d1f5ec2441b412f6ddef0676376a6bf7dd4",
"is_verified": false,
"line_number": 120,
"line_number": 119,
"is_secret": false
}
],
Expand Down Expand Up @@ -308,6 +445,15 @@
"is_secret": false
}
],
"gen3-integration-tests/tests/test_oidc_client.py": [
{
"type": "Hex High Entropy String",
"filename": "gen3-integration-tests/tests/test_oidc_client.py",
"hashed_secret": "62bd0c4d3a6b445b13212d23500a7f0916757c3e",
"is_verified": false,
"line_number": 145
}
],
"gen3-integration-tests/tests/test_presigned_url.py": [
{
"type": "Hex High Entropy String",
Expand Down Expand Up @@ -338,5 +484,5 @@
}
]
},
"generated_at": "2024-08-29T17:35:31Z"
"generated_at": "2024-09-05T21:36:22Z"
}
8 changes: 8 additions & 0 deletions gen3-integration-tests/conftest.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,10 +59,17 @@ def pytest_collection_finish(session):
for marker_name, marker in markers.items():
if marker_name == "requires_fence_client":
setup.get_fence_client_info()
setup.get_fence_rotated_client_info()
requires_fence_client_marker_present = True
return


@pytest.fixture(scope="session", autouse=True)
def get_fence_clients():
setup.get_client_id_secret()
setup.get_rotated_client_id_secret()


def pytest_configure(config):
# Compute hostname and namespace
hostname = os.getenv("HOSTNAME")
Expand All @@ -83,6 +90,7 @@ def pytest_configure(config):

# Clients used for testing
pytest.clients = {}
pytest.rotated_clients = {}
# Accounts used for testing
pytest.users = {}
pytest.users["main_account"] = "[email protected]" # default user
Expand Down
4 changes: 2 additions & 2 deletions gen3-integration-tests/gen3_ci/jenkins_jobs/ci-only-audit-service-logging.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ pipeline {
timeout(time: 5, unit: 'MINUTES') // timeout on this stage
}
steps {
dir("audit-service-logging"){
dir("ci-only-audit-service-logging"){
script {
try {
sh '''#!/bin/bash +x
Expand All @@ -54,7 +54,7 @@ pipeline {
shopt -s xpg_echo; echo "ENABLE_AUDIT_LOGS:\n presigned_url: \${AUDIT_LOGGING}\n login: \${AUDIT_LOGGING}" >> fence_config_tmp.yaml
# Update the Secret
g3kubectl get secret fence-config -o json | jq --arg new_config "$(cat fence_config_tmp.yaml | base64)" '.data["fence-config.yaml"]=$new_config' | g3kubectl apply -f -
kubectl get secret fence-config -o json | jq --arg new_config "$(cat fence_config_tmp.yaml | base64)" '.data["fence-config.yaml"]=$new_config' | kubectl apply -f -
# Roll the fence and presigned-url-fence pods
gen3 roll fence; gen3 roll presigned-url-fence
Expand Down
14 changes: 11 additions & 3 deletions gen3-integration-tests/gen3_ci/jenkins_jobs/ci-only-check-kube-job-pod.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ pipeline {
timeout(time: 5, unit: 'MINUTES') // timeout on this stage
}
steps {
dir("check-kube-pod"){
dir("ci-only-check-kube-pod"){
script {
try {
sh '''#!/bin/bash +x
Expand All @@ -55,24 +55,27 @@ pipeline {
echo "Waiting for $JOB_NAME job pod ..."
# checking if there are pods with LABEL_NAME mentioned in parameters
POD_NAMES=$(g3kubectl -n $KUBECTL_NAMESPACE get pod --sort-by=.metadata.creationTimestamp -l app=$LABEL_NAME -o json | jq -r '.items[] | select(.metadata.name | test("^'"$JOB_NAME"'")) | .metadata.name')
POD_NAMES=$(kubectl -n $KUBECTL_NAMESPACE get pod --sort-by=.metadata.creationTimestamp -l app=$LABEL_NAME -o json | jq -r '.items[] | select(.metadata.name | test("^'"$JOB_NAME"'")) | .metadata.name')
if [[ -z "$POD_NAMES" ]]; then
echo "No pods found with label $LABEL_NAME"
else
# if pod/s found, get the status of the latest pod
LATEST_POD=$(echo "$POD_NAMES" | tail -n 1)
echo "Pod found with label $LABEL_NAME: $LATEST_POD"
POD_STATUS=$(g3kubectl -n $KUBECTL_NAMESPACE get pod $LATEST_POD -o jsonpath='{.status.phase}')
POD_STATUS=$(kubectl -n $KUBECTL_NAMESPACE get pod $LATEST_POD -o jsonpath='{.status.phase}')
echo "Pod status: $POD_STATUS"
if [ "$POD_STATUS" == "Succeeded" ]; then
echo "The container from pod $LATEST_POD is ready! Proceed with the assertion checks..."
kubectl logs $LATEST_POD -n $NAMESPACE > logs.txt
break
elif [ "$POD_STATUS" == "Failed" ]; then
if [ "$EXPECT_FAILURE" == "True" ]; then
echo "The container from pod $LATEST_POD failed as expected! Just ignore as this is part of a negative test."
kubectl logs $LATEST_POD -n $NAMESPACE > logs.txt
break
else
echo "THE POD FAILED. GIVING UP."
kubectl logs $LATEST_POD -n $NAMESPACE > logs.txt
POD_LOGS=$(kubectl logs $LATEST_POD -n $NAMESPACE)
echo "Logs:\n$POD_LOGS"
exit 1
Expand All @@ -91,4 +94,9 @@ pipeline {
}
}
}
post {
always {
archiveArtifacts artifacts: 'check-kube-pod/logs.txt'
}
}
}
4 changes: 2 additions & 2 deletions gen3-integration-tests/gen3_ci/jenkins_jobs/ci-only-check_indices_after_etl.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,14 @@ pipeline {
}
stage('Check Indices After ETL') {
steps {
dir("check-indices-after-etl"){
dir("ci-only-check-indices-after-etl"){
sh '''#!/bin/bash +x
set -e
export GEN3_HOME=\$WORKSPACE/cloud-automation
export KUBECTL_NAMESPACE=\${NAMESPACE}
source $GEN3_HOME/gen3/gen3setup.sh
etlMappingNames=$(g3kubectl get cm etl-mapping -o jsonpath='{.data.etlMapping\\.yaml}' | yq '.mappings[].name' | xargs)
etlMappingNames=$(kubectl get cm etl-mapping -o jsonpath='{.data.etlMapping\\.yaml}' | yq '.mappings[].name' | xargs)
IFS=' ' read -r -a aliases <<< "$etlMappingNames"
echo "${aliases[@]}"
Expand Down
Loading

0 comments on commit eb550c5

Please sign in to comment.