test: Update OIDC integration test (#565)

* add oidc integration test with oidc auth flow and druid ingestion check * fix test steps * introduce test dimension oidc-use-tls * add integration test for oidc over tls * disable oidc-over-tls integration test * fix indentation * improve OIDC_USE_TLS env usage
stackabletech · May 27, 2024 · f5cc80d · f5cc80d
1 parent 2e6dcf0
commit f5cc80d
Show file tree

Hide file tree

Showing 20 changed files with 470 additions and 316 deletions.
diff --git a/tests/templates/kuttl/commons/ingestioncheck-tls.py b/tests/templates/kuttl/commons/ingestioncheck-tls.py
@@ -1,7 +1,9 @@
 import urllib
 
 import requests
+from requests.auth import HTTPBasicAuth
 import http
+import os
 import sys
 import json
 import time
@@ -11,6 +13,10 @@ class DruidClient:
     def __init__(self, cert, verify):
         self.session = requests.Session()
         self.session.headers.update({'Accept': 'application/json', 'Content-Type': 'application/json'})
+        if os.environ['DRUID_OIDC'] == 'true':
+            if os.environ['DRUID_USER'] == '' or os.environ['DRUID_PASSWORD'] == '':
+                sys.exit("Need to provide basic auth user and password when OIDC is enabled.")
+            self.session.auth = HTTPBasicAuth(os.environ['DRUID_USER'], os.environ['DRUID_PASSWORD'])
         self.session.cert = cert
         self.session.verify = verify
 

diff --git a/tests/templates/kuttl/oidc/09-keycloak-realm.yaml b/tests/templates/kuttl/oidc/09-keycloak-realm.yaml
diff --git a/tests/templates/kuttl/oidc/10-assert.yaml.j2 b/tests/templates/kuttl/oidc/10-assert.yaml.j2
@@ -0,0 +1,10 @@
+---
+apiVersion: kuttl.dev/v1beta1
+kind: TestAssert
+{% if lookup('env', 'VECTOR_AGGREGATOR') %}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: vector-aggregator-discovery
+{% endif %}
diff --git a/tests/templates/kuttl/oidc/10-install-vector-aggregator-discovery-configmap.yaml.j2 b/tests/templates/kuttl/oidc/10-install-vector-aggregator-discovery-configmap.yaml.j2
@@ -0,0 +1,9 @@
+{% if lookup('env', 'VECTOR_AGGREGATOR') %}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: vector-aggregator-discovery
+data:
+  ADDRESS: {{ lookup('env', 'VECTOR_AGGREGATOR') }}
+{% endif %}
diff --git a/tests/templates/kuttl/oidc/10-keycloak.yaml.j2 b/tests/templates/kuttl/oidc/10-keycloak.yaml.j2
diff --git a/tests/templates/kuttl/oidc/30-assert.yaml b/tests/templates/kuttl/oidc/30-assert.yaml
@@ -1,44 +1,14 @@
 ---
 apiVersion: kuttl.dev/v1beta1
 kind: TestAssert
-timeout: 600
----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: druid-broker-default
-status:
-  readyReplicas: 1
-  replicas: 1
----
-apiVersion: apps/v1
-kind: StatefulSet
 metadata:
-  name: druid-coordinator-default
-status:
-  readyReplicas: 1
-  replicas: 1
----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: druid-historical-default
-status:
-  readyReplicas: 1
-  replicas: 1
----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: druid-middlemanager-default
-status:
-  readyReplicas: 1
-  replicas: 1
+  name: test-keycloak
+timeout: 480
 ---
 apiVersion: apps/v1
-kind: StatefulSet
+kind: Deployment
 metadata:
-  name: druid-router-default
+  name: keycloak
 status:
   readyReplicas: 1
   replicas: 1
diff --git a/tests/templates/kuttl/oidc/30-install-keycloak.yaml b/tests/templates/kuttl/oidc/30-install-keycloak.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - script: |
+      INSTANCE_NAME=keycloak \
+      REALM=test \
+      USERNAME=jane.doe \
+      FIRST_NAME=Jane \
+      LAST_NAME=Doe \
+      [email protected] \
+      PASSWORD=T8mn72D9 \
+      CLIENT_ID=druid \
+      CLIENT_SECRET=R1bxHUD569vHeQdw \
+      envsubst < install-keycloak.yaml | kubectl apply -n $NAMESPACE -f -
diff --git a/tests/templates/kuttl/oidc/40-assert.yaml b/tests/templates/kuttl/oidc/40-assert.yaml
@@ -1,11 +1,44 @@
 ---
 apiVersion: kuttl.dev/v1beta1
 kind: TestAssert
-timeout: 300
+timeout: 600
 ---
-apiVersion: batch/v1
-kind: Job
+apiVersion: apps/v1
+kind: StatefulSet
 metadata:
-  name: login
+  name: druid-broker-default
 status:
-  succeeded: 1
+  readyReplicas: 1
+  replicas: 1
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: druid-coordinator-default
+status:
+  readyReplicas: 1
+  replicas: 1
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: druid-historical-default
+status:
+  readyReplicas: 1
+  replicas: 1
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: druid-middlemanager-default
+status:
+  readyReplicas: 1
+  replicas: 1
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: druid-router-default
+status:
+  readyReplicas: 1
+  replicas: 1
diff --git a/tests/templates/kuttl/oidc/40-install-druid.yaml b/tests/templates/kuttl/oidc/40-install-druid.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - script: envsubst < install-druid.yaml | kubectl apply -n $NAMESPACE -f -
diff --git a/tests/templates/kuttl/oidc/40-login.yaml b/tests/templates/kuttl/oidc/40-login.yaml
diff --git a/tests/templates/kuttl/oidc/50-create-configmap.yaml.j2 b/tests/templates/kuttl/oidc/50-create-configmap.yaml.j2
@@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+metadata:
+  name: create-configmap
+commands:
+  - script: kubectl create cm ingestion-check -n $NAMESPACE --from-file=../../../../templates/kuttl/commons/ingestioncheck-tls.py --from-file=../../../../templates/kuttl/commons/druid-quickstartimport.json
diff --git a/tests/templates/kuttl/oidc/10-assert.yaml → tests/templates/kuttl/oidc/51-assert.yaml b/tests/templates/kuttl/oidc/10-assert.yaml → tests/templates/kuttl/oidc/51-assert.yaml
@@ -1,13 +1,14 @@
 ---
 apiVersion: kuttl.dev/v1beta1
 kind: TestAssert
+metadata:
+  name: install-test-container
 timeout: 300
 ---
 apiVersion: apps/v1
-kind: Deployment
+kind: StatefulSet
 metadata:
-  labels:
-    app: keycloak
-  name: keycloak
+  name: python
 status:
   readyReplicas: 1
+  replicas: 1