From 9dcf565c2fbbad25161a1ef69ca7bec3234869e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alberto=20C=2E=20R=C3=ADos?= Date: Thu, 14 Sep 2023 15:48:25 +0200 Subject: [PATCH] Backporting integration-tests (#155) --- .gitignore | 3 -- ci/images/spring-credhub-ci/Dockerfile | 52 ++++++++++++++++++---- ci/scripts/build-project.sh | 35 ++++++++++----- credhub-server/config/privkey.pem | 27 ++++++++++++ credhub-server/config/pubkey.pem | 9 ++++ credhub-server/uaa.yml | 60 ++++++++++++++++++++++++++ 6 files changed, 164 insertions(+), 22 deletions(-) create mode 100644 credhub-server/config/privkey.pem create mode 100644 credhub-server/config/pubkey.pem create mode 100644 credhub-server/uaa.yml diff --git a/.gitignore b/.gitignore index 3e4fd89..a90b1f5 100644 --- a/.gitignore +++ b/.gitignore @@ -15,6 +15,3 @@ bin build out target - -credhub-server/config/*.pem -credhub-server/uaa.yml \ No newline at end of file diff --git a/ci/images/spring-credhub-ci/Dockerfile b/ci/images/spring-credhub-ci/Dockerfile index 7c2c457..d70fc22 100644 --- a/ci/images/spring-credhub-ci/Dockerfile +++ b/ci/images/spring-credhub-ci/Dockerfile @@ -1,17 +1,51 @@ FROM harbor-repo.vmware.com/dockerhub-proxy-cache/library/ubuntu:jammy +# Environment variables +ENV TERM dumb +ENV LC_ALL C.UTF-8 + ARG CONCOURSE_JAVA_SCRIPTS_VERSION=0.0.4 ARG CONCOURSE_RELEASE_SCRIPTS_VERSION=0.3.4 +ARG YTT_VERSION="0.45.4" -RUN apt-get update && \ - apt-get install --no-install-recommends -y \ - ca-certificates \ - curl \ - git \ - jq \ - net-tools \ - openjdk-17-jdk-headless && \ - apt-get clean +# Install packages required for bootstrapping +RUN apt-get -qy update \ + && apt-get -qy --no-install-recommends install \ + apt-transport-https \ + ca-certificates \ + curl \ + gnupg-agent \ + software-properties-common \ + && apt-get clean + +# Accept apt repository keys +RUN curl -q 'https://download.docker.com/linux/ubuntu/gpg' | apt-key add - + +# Add custom apt repositories +RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + +# Install packages +RUN apt-get -qy update \ + && apt-get -qy --no-install-recommends install \ + bsdextrautils \ + containerd.io \ + cgroupfs-mount \ + docker-ce \ + git \ + jq \ + make \ + openjdk-17-jdk \ + openssh-client \ + tcpdump \ + && apt-get clean + +RUN curl -Lo ytt "https://github.com/vmware-tanzu/carvel-ytt/releases/download/v$YTT_VERSION/ytt-linux-amd64" \ + && chmod u+x ytt && mv ytt /usr/local/bin/ + +RUN curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" \ + -o /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose + +WORKDIR /unpack ADD "https://raw.githubusercontent.com/spring-io/concourse-java-scripts/v$CONCOURSE_JAVA_SCRIPTS_VERSION/concourse-java.sh" /opt/ ADD "https://repo.spring.io/ui/native/snapshot/io/spring/concourse/releasescripts/concourse-release-scripts/$CONCOURSE_RELEASE_SCRIPTS_VERSION/concourse-release-scripts-$CONCOURSE_RELEASE_SCRIPTS_VERSION.jar" /opt/ diff --git a/ci/scripts/build-project.sh b/ci/scripts/build-project.sh index c0b51a4..0838af3 100755 --- a/ci/scripts/build-project.sh +++ b/ci/scripts/build-project.sh @@ -2,17 +2,32 @@ set -euo pipefail -readonly SKIP_TESTS="${SKIP_TESTS:-false}" - # shellcheck source=common.sh source "$(dirname "$0")/common.sh" repository=$(pwd)/distribution-repository -if [ "$SKIP_TESTS" == "true" ]; then - build_task=assemble -else - build_task=build -fi -pushd git-repo >/dev/null -./gradlew clean "${build_task}" publish -PpublicationRepository="${repository}" -popd >/dev/null +start_docker() { + pushd credhub-server >/dev/null + echo '{"registry-mirrors": ["https://harbor-mirror.spring.vmware.com"]}' > /etc/docker/daemon.json + service cgroupfs-mount start + service docker start + docker-compose up --detach + trap "stop_docker" EXIT + popd >/dev/null +} + +stop_docker() { + pushd credhub-server >/dev/null + docker-compose stop + service cgroupfs-mount stop + service docker stop + popd >/dev/null +} + +main() { + cd git-repo >/dev/null + start_docker + ./gradlew build publish -PpublicationRepository="${repository}" -PintegrationTests --no-parallel +} + +main diff --git a/credhub-server/config/privkey.pem b/credhub-server/config/privkey.pem new file mode 100644 index 0000000..f2d0d55 --- /dev/null +++ b/credhub-server/config/privkey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAzmFA/hQZ8iIl2eaCW0XH1eZ2YuPNMhcaavyvGJwHUbXTUUhr +P7cYdNVgycqfRR+64qJ0ulsWpRdbdtQHCvTzzdX/KSTTepW2nxZNFKq+Re3M+L0L +GeL1maNJ3xLyJ6dvB9YmImI4k+suCOfNBEV03ZJmTxUw3CVjqCdKRpLunA48BeDq ++gQAMpBvL9jdMAXqEmsFhLYE/KWjdBzdjfgt7c29zHz4RX4/N9YS8Q8KWjWgo+Yg +HaNZpYs+6AZXrOEp25ZpTMhpseP6NgbNhgwKzsI5l9cV5cNvHQjODBPPsVoPgkiC +0LRBMChs5h85e6KLrnjpj4njkzmjL5L7xngMRQIDAQABAoIBABMW79oQpe29tt6W +8cvbgoaIkL7I73wIowruYIvYMt0eAnPsTO9R0lNMQW2o7l6IdtLrz/xE3K1cobs2 +FYiv67VIbBe0LlOScZf5ihu1R3BUdLc1VUeJtMoHTpfxurBsTlrdNh3MFAuqn1F3 +j4Ero4mzNv9tqF1UoAk3ySkKAkQw6le2bE4CKvN+XMLMQvYrdTKIHbNP5UYqmwQ1 +fVrdUALiXTJl5tRnWYOs+J2jdysRoti2lrHk94im9wCvHU/AqwMjnEDd1HePaWzD +SNb0T8Flk9wdb9jlhmsJBHKkG5E7yKJ/M7KgPCfbvJb3Br5W6kPSeuAS0ABE6VFZ +RcLKYKkCgYEA6zxlClAVz/vYiyhrIOXt53qEmKqH02Yfg+NeoujG8YffBeq5szsp +1iiMnRNKXMeIRpR48dqvSV5HfhK1i052tVdQAa28CObScROts+0QH8aXHq0roINO +y+leqiq94yeSCTEBpEUTWKdYpdKhMw2PDlV0EwrhRP2j5BXbKUR+musCgYEA4JjN +YZ3qxPaOqclkM50vbrQN8WUimQywePmJi0pI2RBxSnknePiAP7cW8NCsZ10YXe5B +4J8y14l17/oirtr+/S6bD1b//ZPrvX4K0mMiUVNzb05HSjYOTNwEtCc+24FHOlVW +fH50njSGRyxXBELDJGEuHBcgYaR+9aaoZ1MXyY8CgYAJA0xfw8fCK0UVt9u66/Rc +jR4td0My/1OvyvNiTIbq1CjgYijxTBADS5RvpECSI3b+NUwZACb9KaaVlwPrrXrw +4cKH/e8ZbDad7IIYRbn7bbF2lG36fW10dKGS5YZXALogrgcBE0B1ghvsZpCUky1r +AC0tWZpd+VXhNFEsWJp9NwKBgQDAvwHLG44mGH5YgagHj4bsV4N7vdKSTEyKlYSP +0GFyP2Uqh4zziTfu9j6uzjaWwlMuEVHh5l3okWRwXVc0fmbEeyHBaWVphm+SgL/i +zAbgimCPjjsqGfftyAgVX3TXRjwNeL0vPAry1prCK/BFjNIRv4ClxMcaZOQ8BxmR +CsNoSwKBgQC1KIdBUzuLkSxLAm3pEscS3F5yqpclM+eYE/ed4tT6ySqs46X2G0kQ +6VoXd5fT4YgcHszhT7PuW6j8ywNGUN2Zz3Zl8xgxkIkdEZPrL1Hq5K7uBUDeUwhn +96S9sIJEd58utQSu/FqFq14K7dFTQjMtC08T0shzTGhFnWcX85jTcA== +-----END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/credhub-server/config/pubkey.pem b/credhub-server/config/pubkey.pem new file mode 100644 index 0000000..a2e60e4 --- /dev/null +++ b/credhub-server/config/pubkey.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmFA/hQZ8iIl2eaCW0XH +1eZ2YuPNMhcaavyvGJwHUbXTUUhrP7cYdNVgycqfRR+64qJ0ulsWpRdbdtQHCvTz +zdX/KSTTepW2nxZNFKq+Re3M+L0LGeL1maNJ3xLyJ6dvB9YmImI4k+suCOfNBEV0 +3ZJmTxUw3CVjqCdKRpLunA48BeDq+gQAMpBvL9jdMAXqEmsFhLYE/KWjdBzdjfgt +7c29zHz4RX4/N9YS8Q8KWjWgo+YgHaNZpYs+6AZXrOEp25ZpTMhpseP6NgbNhgwK +zsI5l9cV5cNvHQjODBPPsVoPgkiC0LRBMChs5h85e6KLrnjpj4njkzmjL5L7xngM +RQIDAQAB +-----END PUBLIC KEY----- \ No newline at end of file diff --git a/credhub-server/uaa.yml b/credhub-server/uaa.yml new file mode 100644 index 0000000..c5e624d --- /dev/null +++ b/credhub-server/uaa.yml @@ -0,0 +1,60 @@ +scim: + users: + - credhub|password|credhub|Credhub|User|credhub.read,credhub.write +oauth: + clients: + credhub_cli: + override: true + authorized-grant-types: password,refresh_token + scope: credhub.read,credhub.write + authorities: uaa.resource + access-token-validity: 86400 + refresh-token-validity: 172800 + secret: "" + credhub_client: + override: true + authorized-grant-types: client_credentials + secret: secret + scope: uaa.none + authorities: credhub.read,credhub.write + access-token-validity: 86400 +jwt: + token: + signing-key: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAzmFA/hQZ8iIl2eaCW0XH1eZ2YuPNMhcaavyvGJwHUbXTUUhr + P7cYdNVgycqfRR+64qJ0ulsWpRdbdtQHCvTzzdX/KSTTepW2nxZNFKq+Re3M+L0L + GeL1maNJ3xLyJ6dvB9YmImI4k+suCOfNBEV03ZJmTxUw3CVjqCdKRpLunA48BeDq + +gQAMpBvL9jdMAXqEmsFhLYE/KWjdBzdjfgt7c29zHz4RX4/N9YS8Q8KWjWgo+Yg + HaNZpYs+6AZXrOEp25ZpTMhpseP6NgbNhgwKzsI5l9cV5cNvHQjODBPPsVoPgkiC + 0LRBMChs5h85e6KLrnjpj4njkzmjL5L7xngMRQIDAQABAoIBABMW79oQpe29tt6W + 8cvbgoaIkL7I73wIowruYIvYMt0eAnPsTO9R0lNMQW2o7l6IdtLrz/xE3K1cobs2 + FYiv67VIbBe0LlOScZf5ihu1R3BUdLc1VUeJtMoHTpfxurBsTlrdNh3MFAuqn1F3 + j4Ero4mzNv9tqF1UoAk3ySkKAkQw6le2bE4CKvN+XMLMQvYrdTKIHbNP5UYqmwQ1 + fVrdUALiXTJl5tRnWYOs+J2jdysRoti2lrHk94im9wCvHU/AqwMjnEDd1HePaWzD + SNb0T8Flk9wdb9jlhmsJBHKkG5E7yKJ/M7KgPCfbvJb3Br5W6kPSeuAS0ABE6VFZ + RcLKYKkCgYEA6zxlClAVz/vYiyhrIOXt53qEmKqH02Yfg+NeoujG8YffBeq5szsp + 1iiMnRNKXMeIRpR48dqvSV5HfhK1i052tVdQAa28CObScROts+0QH8aXHq0roINO + y+leqiq94yeSCTEBpEUTWKdYpdKhMw2PDlV0EwrhRP2j5BXbKUR+musCgYEA4JjN + YZ3qxPaOqclkM50vbrQN8WUimQywePmJi0pI2RBxSnknePiAP7cW8NCsZ10YXe5B + 4J8y14l17/oirtr+/S6bD1b//ZPrvX4K0mMiUVNzb05HSjYOTNwEtCc+24FHOlVW + fH50njSGRyxXBELDJGEuHBcgYaR+9aaoZ1MXyY8CgYAJA0xfw8fCK0UVt9u66/Rc + jR4td0My/1OvyvNiTIbq1CjgYijxTBADS5RvpECSI3b+NUwZACb9KaaVlwPrrXrw + 4cKH/e8ZbDad7IIYRbn7bbF2lG36fW10dKGS5YZXALogrgcBE0B1ghvsZpCUky1r + AC0tWZpd+VXhNFEsWJp9NwKBgQDAvwHLG44mGH5YgagHj4bsV4N7vdKSTEyKlYSP + 0GFyP2Uqh4zziTfu9j6uzjaWwlMuEVHh5l3okWRwXVc0fmbEeyHBaWVphm+SgL/i + zAbgimCPjjsqGfftyAgVX3TXRjwNeL0vPAry1prCK/BFjNIRv4ClxMcaZOQ8BxmR + CsNoSwKBgQC1KIdBUzuLkSxLAm3pEscS3F5yqpclM+eYE/ed4tT6ySqs46X2G0kQ + 6VoXd5fT4YgcHszhT7PuW6j8ywNGUN2Zz3Zl8xgxkIkdEZPrL1Hq5K7uBUDeUwhn + 96S9sIJEd58utQSu/FqFq14K7dFTQjMtC08T0shzTGhFnWcX85jTcA== + -----END RSA PRIVATE KEY----- + verification-key: | + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmFA/hQZ8iIl2eaCW0XH + 1eZ2YuPNMhcaavyvGJwHUbXTUUhrP7cYdNVgycqfRR+64qJ0ulsWpRdbdtQHCvTz + zdX/KSTTepW2nxZNFKq+Re3M+L0LGeL1maNJ3xLyJ6dvB9YmImI4k+suCOfNBEV0 + 3ZJmTxUw3CVjqCdKRpLunA48BeDq+gQAMpBvL9jdMAXqEmsFhLYE/KWjdBzdjfgt + 7c29zHz4RX4/N9YS8Q8KWjWgo+YgHaNZpYs+6AZXrOEp25ZpTMhpseP6NgbNhgwK + zsI5l9cV5cNvHQjODBPPsVoPgkiC0LRBMChs5h85e6KLrnjpj4njkzmjL5L7xngM + RQIDAQAB + -----END PUBLIC KEY----- \ No newline at end of file