From 2ddcc34ca455973598f5693d64103deea41d8d79 Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 8 Jul 2025 13:11:59 -0600 Subject: chore: use minit to start processes from Procfile --- Procfile | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 Procfile (limited to 'Procfile') diff --git a/Procfile b/Procfile new file mode 100644 index 0000000..48047c1 --- /dev/null +++ b/Procfile @@ -0,0 +1,3 @@ +envoy: ./bin/envoy.sh +authzd: ./bin/authzd +sparkled: env -i - APP_ENV="$APP_ENV" BIND_ADDR="$BIND_ADDR" ./bin/sparkled -- cgit v1.2.3 From d0190ae7146a1a7f89b76ccb7f71430fca136d9d Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 21 Jul 2025 15:44:05 -0600 Subject: chore: remote UI tests --- Dockerfile | 5 ++- Procfile | 4 +- bin/envoy-shim | 37 ++++++++++++++++++ bin/envoy.sh | 37 ------------------ go.mod | 2 +- test/integration/container_test.go | 77 -------------------------------------- test/integration/ui.go | 33 ---------------- 7 files changed, 43 insertions(+), 152 deletions(-) create mode 100755 bin/envoy-shim delete mode 100755 bin/envoy.sh delete mode 100644 test/integration/ui.go (limited to 'Procfile') diff --git a/Dockerfile b/Dockerfile index b109321..45c8637 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,16 +19,17 @@ RUN go build -o /bin/authzd ./cmd/authzd/main.go # Final stage FROM gcr.io/distroless/base-debian12:nonroot -EXPOSE 8080 9901 10000 10003 +EXPOSE 10000 WORKDIR / COPY --from=envoy-binary /usr/local/bin/envoy /bin/envoy COPY --from=dumb-init-builder /usr/bin/dumb-init /bin/dumb-init COPY --from=build /app/Procfile /Procfile -COPY --from=build /app/bin/*.sh /bin/ +COPY --from=build /app/bin/envoy-shim /bin/envoy-shim COPY --from=build /app/etc/envoy /etc/envoy COPY --from=build /app/public /public COPY --from=build /bin/authzd /bin/authzd COPY --from=build /bin/sparkled /bin/sparkled COPY --from=build /go/bin/minit /bin/minit + ENTRYPOINT ["/bin/dumb-init", "--"] CMD ["/bin/minit"] diff --git a/Procfile b/Procfile index 48047c1..e38579b 100644 --- a/Procfile +++ b/Procfile @@ -1,3 +1,3 @@ -envoy: ./bin/envoy.sh +envoy: ./bin/envoy-shim authzd: ./bin/authzd -sparkled: env -i - APP_ENV="$APP_ENV" BIND_ADDR="$BIND_ADDR" ./bin/sparkled +sparkled: ./bin/sparkled diff --git a/bin/envoy-shim b/bin/envoy-shim new file mode 100755 index 0000000..f358631 --- /dev/null +++ b/bin/envoy-shim @@ -0,0 +1,37 @@ +#!/bin/sh +set -e + +[ -n "$DEBUG" ] && set -x +cd "$(dirname "$0")/.." + +oidc_scheme=$(echo "$OIDC_ISSUER" | awk -F[/:] '{print $1}') +oidc_host=$(echo "$OIDC_ISSUER" | awk -F[/:] '{print $4}') +yaml=$(sed -e "s/OAUTH_CLIENT_ID/$OAUTH_CLIENT_ID/" etc/envoy/envoy.yaml) +yaml=$(echo "$yaml" | sed -e "s,https://example.com,$OIDC_ISSUER,") +yaml=$(echo "$yaml" | sed -e "s/example.com/$oidc_host/") + +# For http://gdk.test:3000 +if [ "$oidc_scheme" = "http" ]; then + yaml=$(echo "$yaml" | sed -e '/transport_socket:/,+4d') + oidc_port=$(echo "$OIDC_ISSUER" | awk -F[/:] '{print $5}') + yaml=$(echo "$yaml" | sed -e "s/port_value: 443/port_value: $oidc_port/") +fi + +if [ -z "$OAUTH_CLIENT_SECRET" ]; then + export OAUTH_CLIENT_SECRET="secret" +fi +if [ -z "$HMAC_SESSION_SECRET" ]; then + export HMAC_SESSION_SECRET="$OAUTH_CLIENT_SECRET" +fi + +if ! command -v envoy > /dev/null 2>&1; then + echo "envoy could not be found: https://www.envoyproxy.io/docs/envoy/latest/start/install" + exit 1 +fi + +# https://github.com/envoyproxy/envoy/blob/48f93b68232aba15b5b14743a134691926749122//source/common/common/logger.h#L36 +exec envoy \ + --base-id 0 \ + --config-yaml "$yaml" \ + --log-level warn \ + --component-log-level admin:warn,connection:warn,ext_authz:info,grpc:info,health_checker:warn,http:warn,http2:warn,jwt:warn,oauth2:warn,router:warn,secret:warn,upstream:warn diff --git a/bin/envoy.sh b/bin/envoy.sh deleted file mode 100755 index 433ea22..0000000 --- a/bin/envoy.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/sh -set -e - -[ -n "$DEBUG" ] && set -x -cd "$(dirname "$0")/.." - -oidc_scheme=$(echo "$OIDC_ISSUER" | awk -F[/:] '{print $1}') -oidc_host=$(echo "$OIDC_ISSUER" | awk -F[/:] '{print $4}') -yaml=$(sed -e "s/OAUTH_CLIENT_ID/$OAUTH_CLIENT_ID/" etc/envoy/envoy.yaml) -yaml=$(echo "$yaml" | sed -e "s,https://example.com,$OIDC_ISSUER,") -yaml=$(echo "$yaml" | sed -e "s/example.com/$oidc_host/") - -# For http://gdk.test:3000 -if [ "$oidc_scheme" = "http" ]; then - yaml=$(echo "$yaml" | sed -e '/transport_socket:/,+4d') - oidc_port=$(echo "$OIDC_ISSUER" | awk -F[/:] '{print $5}') - yaml=$(echo "$yaml" | sed -e "s/port_value: 443/port_value: $oidc_port/") -fi - -if [ -z "$OAUTH_CLIENT_SECRET" ]; then - export OAUTH_CLIENT_SECRET="secret" -fi -if [ -z "$HMAC_SESSION_SECRET" ]; then - export HMAC_SESSION_SECRET="$OAUTH_CLIENT_SECRET" -fi - -if ! command -v envoy > /dev/null 2>&1; then - echo "envoy could not be found: https://www.envoyproxy.io/docs/envoy/latest/start/install" - exit 1 -fi - -# https://github.com/envoyproxy/envoy/blob/48f93b68232aba15b5b14743a134691926749122//source/common/common/logger.h#L36 -envoy \ - --base-id 0 \ - --config-yaml "$yaml" \ - --log-level warn \ - --component-log-level admin:warn,connection:warn,ext_authz:info,grpc:info,health_checker:warn,http:warn,http2:warn,jwt:warn,oauth2:warn,router:warn,secret:warn,upstream:warn diff --git a/go.mod b/go.mod index 39b1759..59ac14b 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,6 @@ require ( github.com/envoyproxy/go-control-plane/envoy v1.32.4 github.com/oauth2-proxy/mockoidc v0.0.0-20240214162133-caebfff84d25 github.com/oklog/ulid v1.3.1 - github.com/playwright-community/playwright-go v0.5200.0 github.com/rs/zerolog v1.34.0 github.com/stretchr/testify v1.10.0 github.com/testcontainers/testcontainers-go v0.38.0 @@ -80,6 +79,7 @@ require ( github.com/opencontainers/image-spec v1.1.1 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/planetscale/vtprotobuf v0.6.1-0.20250313105119-ba97887b0a25 // indirect + github.com/playwright-community/playwright-go v0.5200.0 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect diff --git a/test/integration/container_test.go b/test/integration/container_test.go index 68aef6d..99c161d 100644 --- a/test/integration/container_test.go +++ b/test/integration/container_test.go @@ -6,20 +6,14 @@ package test import ( "context" "net/http" - "strconv" "testing" "time" - auth "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3" - "github.com/oauth2-proxy/mockoidc" - playwright "github.com/playwright-community/playwright-go" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/testcontainers/testcontainers-go" "github.com/xlgmokha/x/pkg/env" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials/insecure" ) func environmentVariables(srv *web.OIDCServer) map[string]string { @@ -45,20 +39,10 @@ func TestContainer(t *testing.T) { require.True(t, container.IsRunning()) - sparkleEndpoint, err := container.PortEndpoint(ctx, "8080", "http") - require.NoError(t, err) - envoyEndpoint, err := container.PortEndpoint(ctx, "10000", "http") require.NoError(t, err) - envoyAdminEndpoint, err := container.PortEndpoint(ctx, "9901", "http") - require.NoError(t, err) - - authzdEndpoint, err := container.PortEndpoint(ctx, "10003", "") - require.NoError(t, err) - for _, publicPath := range []string{ - envoyAdminEndpoint + "/", envoyEndpoint + "/", envoyEndpoint + "/application.js", envoyEndpoint + "/favicon.ico", @@ -66,71 +50,10 @@ func TestContainer(t *testing.T) { envoyEndpoint + "/health", envoyEndpoint + "/index.html", envoyEndpoint + "/logo.png", - sparkleEndpoint + "/", - sparkleEndpoint + "/favicon.ico", srv.DiscoveryEndpoint(), } { t.Run(publicPath, func(t *testing.T) { assert.Equal(t, http.StatusOK, HttpGet(t, ctx, publicPath).StatusCode) }) } - - t.Run("envoy.yaml", func(t *testing.T) { - response := HttpGet(t, ctx, envoyAdminEndpoint+"/config_dump") - - require.Equal(t, http.StatusOK, response.StatusCode) - body := JSONBody[map[string]interface{}](t, response) - - assert.NotEmpty(t, "listener_0", body["configs"]) - }) - - t.Run("authzd", func(t *testing.T) { - t.Run("responds to a GRPC request", func(t *testing.T) { - connection, err := grpc.NewClient(authzdEndpoint, grpc.WithTransportCredentials(insecure.NewCredentials())) - require.NoError(t, err) - defer connection.Close() - - client := auth.NewAuthorizationClient(connection) - - response, err := client.Check(t.Context(), &auth.CheckRequest{ - Attributes: &auth.AttributeContext{ - Request: &auth.AttributeContext_Request{ - Http: &auth.AttributeContext_HttpRequest{ - Method: "GET", - Path: "/", - }, - }, - }, - }) - require.NoError(t, err) - assert.NotNil(t, response.GetOkResponse()) - }) - }) - - WithUI(t, func(browser playwright.Browser) { - page, err := browser.NewPage() - require.NoError(t, err) - - t.Run("initiates an OIDC login", func(t *testing.T) { - require.NoError(t, page.Context().ClearCookies()) - response, err := page.Goto(envoyEndpoint + "/") - require.NoError(t, err) - assert.True(t, response.Ok()) - - t.Run("redirects to the OpenID Connect Provider", func(t *testing.T) { - t.Skip() - - code := strconv.FormatInt(time.Now().Unix(), 10) - srv.MockOIDC.QueueUser(mockoidc.DefaultUser()) - srv.MockOIDC.QueueCode(code) - - require.NoError(t, page.GetByText("Login").Click()) - assert.Contains(t, page.URL(), envoyEndpoint+"/callback?code="+code) - - content, err := page.Content() - require.NoError(t, err) - assert.Contains(t, content, "Share your gratitude") - }) - }) - }) } diff --git a/test/integration/ui.go b/test/integration/ui.go deleted file mode 100644 index 1af0744..0000000 --- a/test/integration/ui.go +++ /dev/null @@ -1,33 +0,0 @@ -package test - -import ( - "testing" - - playwright "github.com/playwright-community/playwright-go" - "github.com/stretchr/testify/require" - "github.com/xlgmokha/x/pkg/env" - "github.com/xlgmokha/x/pkg/x" -) - -func WithUI(t *testing.T, callback x.Visitor[playwright.Browser]) { - t.Run("UI", func(t *testing.T) { - if isGitlabCI(t) { - t.Skip() - } - _ = playwright.Install() - - driver, err := playwright.Run() - require.NoError(t, err) - - browser, err := driver.Firefox.Launch(playwright.BrowserTypeLaunchOptions{ - Headless: playwright.Bool(env.Fetch("HEADLESS", "true") == "true"), - SlowMo: playwright.Float(1000), - }) - require.NoError(t, err) - - defer browser.Close() - defer driver.Stop() - - callback(browser) - }) -} -- cgit v1.2.3