mirror of
https://github.com/OpenMaxIO/openmaxio-object-browser
synced 2026-07-01 07:41:18 -07:00
Simplify SSO Integration Test (#1954)
This commit is contained in:
committed by
GitHub
parent
16474cbd81
commit
4c99b0d1d9
49
Makefile
49
Makefile
@@ -131,29 +131,25 @@ test-replication:
|
|||||||
test-sso-integration:
|
test-sso-integration:
|
||||||
@echo "create the network in bridge mode to communicate all containers"
|
@echo "create the network in bridge mode to communicate all containers"
|
||||||
@(docker network create my-net)
|
@(docker network create my-net)
|
||||||
@echo "execute latest keycloak container"
|
@echo "run openldap container using MinIO Image: quay.io/minio/openldap:latest"
|
||||||
@(docker run \
|
@(docker run \
|
||||||
--rm \
|
-e LDAP_ORGANIZATION="MinIO Inc" \
|
||||||
--name keycloak-container \
|
-e LDAP_DOMAIN="min.io" \
|
||||||
|
-e LDAP_ADMIN_PASSWORD="admin" \
|
||||||
--network my-net \
|
--network my-net \
|
||||||
-p 8080:8080 \
|
-p 389:389 \
|
||||||
-e KEYCLOAK_USER=admin \
|
-p 636:636 \
|
||||||
-e KEYCLOAK_PASSWORD=admin jboss/keycloak:latest -b 0.0.0.0 -bprivate 127.0.0.1 &)
|
--name openldap \
|
||||||
@echo "wait 60 sec until keycloak is listenning on port, then go for minio server"
|
--detach quay.io/minio/openldap:latest)
|
||||||
@(sleep 60)
|
@echo "Run Dex container using MinIO Image: quay.io/minio/dex:latest"
|
||||||
@echo "execute keycloak-config-cli container to configure keycloak for Single Sign On with MinIO"
|
|
||||||
@(docker run \
|
@(docker run \
|
||||||
--rm \
|
-e DEX_ISSUER=http://dex:5556/dex \
|
||||||
|
-e DEX_CLIENT_REDIRECT_URI=http://127.0.0.1:9001/oauth_callback \
|
||||||
|
-e DEX_LDAP_SERVER=openldap:389 \
|
||||||
--network my-net \
|
--network my-net \
|
||||||
--name keycloak-config-cli \
|
-p 5556:5556 \
|
||||||
-e KEYCLOAK_URL=http://keycloak-container:8080/auth \
|
--name dex \
|
||||||
-e KEYCLOAK_USER="admin" \
|
--detach quay.io/minio/dex:latest)
|
||||||
-e KEYCLOAK_PASSWORD="admin" \
|
|
||||||
-e KEYCLOAK_AVAILABILITYCHECK_ENABLED=true \
|
|
||||||
-e KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=120s \
|
|
||||||
-e IMPORT_FILES_LOCATIONS='/config/realm-export.json' \
|
|
||||||
-v /home/runner/work/console/console/sso-integration/config:/config \
|
|
||||||
adorsys/keycloak-config-cli:latest)
|
|
||||||
@echo "running minio server"
|
@echo "running minio server"
|
||||||
@(docker run \
|
@(docker run \
|
||||||
-v /data1 -v /data2 -v /data3 -v /data4 \
|
-v /data1 -v /data2 -v /data3 -v /data4 \
|
||||||
@@ -163,13 +159,22 @@ test-sso-integration:
|
|||||||
--rm \
|
--rm \
|
||||||
-p 9000:9000 \
|
-p 9000:9000 \
|
||||||
-p 9001:9001 \
|
-p 9001:9001 \
|
||||||
-e MINIO_IDENTITY_OPENID_CLIENT_SECRET=0nfJuqIt0iPnRIUJkvetve5l38C6gi9W \
|
-e MINIO_IDENTITY_OPENID_CLIENT_ID="minio-client-app" \
|
||||||
-e MINIO_IDENTITY_OPENID_CONFIG_URL=http://keycloak-container:8080/auth/realms/myrealm/.well-known/openid-configuration \
|
-e MINIO_IDENTITY_OPENID_CLIENT_SECRET="minio-client-app-secret" \
|
||||||
-e MINIO_IDENTITY_OPENID_CLIENT_ID="account" \
|
-e MINIO_IDENTITY_OPENID_CLAIM_NAME=name \
|
||||||
|
-e MINIO_IDENTITY_OPENID_CONFIG_URL=http://dex:5556/dex/.well-known/openid-configuration \
|
||||||
|
-e MINIO_IDENTITY_OPENID_REDIRECT_URI=http://127.0.0.1:9001/oauth_callback \
|
||||||
-e MINIO_ROOT_USER=minio \
|
-e MINIO_ROOT_USER=minio \
|
||||||
-e MINIO_ROOT_PASSWORD=minio123 $(MINIO_VERSION) server /data{1...4} --address :9000 --console-address :9001)
|
-e MINIO_ROOT_PASSWORD=minio123 $(MINIO_VERSION) server /data{1...4} --address :9000 --console-address :9001)
|
||||||
|
@echo "run mc commands to set the policy"
|
||||||
|
@(docker run --name minio-client --network my-net -dit --entrypoint=/bin/sh minio/mc)
|
||||||
|
@(docker exec minio-client mc alias set myminio/ http://minio:9000 minio minio123)
|
||||||
|
@echo "adding policy to Dillon Harper to be able to login:"
|
||||||
|
@(cd sso-integration && docker cp allaccess.json minio-client:/ && docker exec minio-client mc admin policy add myminio "Dillon Harper" allaccess.json)
|
||||||
@echo "starting bash script"
|
@echo "starting bash script"
|
||||||
@(env bash $(PWD)/sso-integration/set-sso.sh)
|
@(env bash $(PWD)/sso-integration/set-sso.sh)
|
||||||
|
@echo "add python module"
|
||||||
|
@(pip3 install bs4)
|
||||||
@echo "Executing the test:"
|
@echo "Executing the test:"
|
||||||
@(cd sso-integration && go test -coverpkg=../restapi -c -tags testrunmain . && mkdir -p coverage && ./sso-integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/sso-system.out)
|
@(cd sso-integration && go test -coverpkg=../restapi -c -tags testrunmain . && mkdir -p coverage && ./sso-integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/sso-system.out)
|
||||||
|
|
||||||
|
|||||||
3
sso-integration/Dockerfile
Normal file
3
sso-integration/Dockerfile
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
FROM ghcr.io/dexidp/dex:latest
|
||||||
|
|
||||||
|
ADD config.docker.yaml /etc/dex/
|
||||||
14
sso-integration/allaccess.json
Normal file
14
sso-integration/allaccess.json
Normal file
@@ -0,0 +1,14 @@
|
|||||||
|
{
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": [
|
||||||
|
{
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Action": [
|
||||||
|
"s3:*"
|
||||||
|
],
|
||||||
|
"Resource": [
|
||||||
|
"arn:aws:s3:::*"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
23
sso-integration/config.docker.yaml
Normal file
23
sso-integration/config.docker.yaml
Normal file
@@ -0,0 +1,23 @@
|
|||||||
|
issuer: http://dex:5556/dex
|
||||||
|
storage:
|
||||||
|
type: sqlite3
|
||||||
|
config:
|
||||||
|
file: /var/dex/dex.db
|
||||||
|
web:
|
||||||
|
http: 0.0.0.0:5556
|
||||||
|
staticClients:
|
||||||
|
- id: minio-client-app
|
||||||
|
secret: minio-client-app-secret
|
||||||
|
name: 'MinIO Example Client App'
|
||||||
|
redirectURIs:
|
||||||
|
- 'http://127.0.0.1:9001/oauth_callback'
|
||||||
|
connectors:
|
||||||
|
- type: mockCallback
|
||||||
|
id: mock
|
||||||
|
name: Example
|
||||||
|
enablePasswordDB: true
|
||||||
|
staticPasswords:
|
||||||
|
- email: "admin@example.com"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
username: "admin"
|
||||||
|
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
|
||||||
File diff suppressed because it is too large
Load Diff
30
sso-integration/dex-requests.py
Normal file
30
sso-integration/dex-requests.py
Normal file
@@ -0,0 +1,30 @@
|
|||||||
|
#!/usr/bin/env python
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
|
import pdb
|
||||||
|
import requests
|
||||||
|
from bs4 import BeautifulSoup
|
||||||
|
|
||||||
|
result = requests.get('http://localhost:9001/api/v1/login')
|
||||||
|
redirect = result.json()['redirect']
|
||||||
|
result = requests.get(redirect)
|
||||||
|
soup = BeautifulSoup(result.text, "html.parser")
|
||||||
|
|
||||||
|
# Log in to Your Account via OpenLDAP Connector
|
||||||
|
url = "http://dex:5556" + soup.findAll('a')[1].get('href')
|
||||||
|
result = requests.get(url)
|
||||||
|
soup = BeautifulSoup(result.text, "html.parser")
|
||||||
|
url = "http://dex:5556" + soup.form.get('action')
|
||||||
|
|
||||||
|
# Post the credentials in the form
|
||||||
|
# From https://github.com/minio/minio-iam-testing/blob/main/ldap/bootstrap.ldif
|
||||||
|
myobj = {
|
||||||
|
'login': 'dillon@example.io',
|
||||||
|
'password': 'dillon',
|
||||||
|
}
|
||||||
|
result2 = requests.post(url, data = myobj)
|
||||||
|
code = result2.url.split("?code=")[1].split("&state=")[0]
|
||||||
|
state = result2.url.split("?code=")[1].split("&state=")[1]
|
||||||
|
|
||||||
|
print(code)
|
||||||
|
print(state)
|
||||||
@@ -1,165 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
result=`curl 'http://localhost:9001/api/v1/login' \
|
|
||||||
-H 'Connection: keep-alive' \
|
|
||||||
-H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99"' \
|
|
||||||
-H 'sec-ch-ua-mobile: ?0' \
|
|
||||||
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36' \
|
|
||||||
-H 'sec-ch-ua-platform: "macOS"' \
|
|
||||||
-H 'Accept: */*' \
|
|
||||||
-H 'Sec-Fetch-Site: same-origin' \
|
|
||||||
-H 'Sec-Fetch-Mode: cors' \
|
|
||||||
-H 'Sec-Fetch-Dest: empty' \
|
|
||||||
-H 'Referer: http://localhost:9001/login' \
|
|
||||||
-H 'Accept-Language: en-CA,en;q=0.9' \
|
|
||||||
--compressed`
|
|
||||||
echo $result | jq '.redirect' > redirect.txt
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
redirect=`cat redirect.txt | tr -d '"'`
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
curl -i "$redirect" \
|
|
||||||
-H 'Connection: keep-alive' \
|
|
||||||
-H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99"' \
|
|
||||||
-H 'sec-ch-ua-mobile: ?0' \
|
|
||||||
-H 'sec-ch-ua-platform: "macOS"' \
|
|
||||||
-H 'Upgrade-Insecure-Requests: 1' \
|
|
||||||
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36' \
|
|
||||||
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
|
|
||||||
-H 'Sec-Fetch-Site: same-site' \
|
|
||||||
-H 'Sec-Fetch-Mode: navigate' \
|
|
||||||
-H 'Sec-Fetch-User: ?1' \
|
|
||||||
-H 'Sec-Fetch-Dest: document' \
|
|
||||||
-H 'Referer: http://localhost:9001/' \
|
|
||||||
-H 'Accept-Language: en-CA,en;q=0.9' \
|
|
||||||
--compressed > form-cookies.txt
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
cat form-cookies.txt | grep Set-Cookie > first-cookies.txt
|
|
||||||
cat first-cookies.txt | grep 'AUTH_SESSION_ID=' > AUTH_SESSION_ID.txt
|
|
||||||
cat AUTH_SESSION_ID.txt | awk '{print $2}' > AUTH_SESSION_ID_2.txt
|
|
||||||
sed 's/AUTH_SESSION_ID=//' AUTH_SESSION_ID_2.txt > AUTH_SESSION_ID_3.txt
|
|
||||||
sed 's/;//' AUTH_SESSION_ID_3.txt > AUTH_SESSION_ID_4.txt
|
|
||||||
AUTH_SESSION_ID=`cat AUTH_SESSION_ID_4.txt`
|
|
||||||
AUTH_SESSION_ID_LEGACY=$AUTH_SESSION_ID
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
cat first-cookies.txt | grep 'KC_RESTART=' > KC_RESTART.txt
|
|
||||||
cat KC_RESTART.txt | awk '{print $2}' > KC_RESTART_2.txt
|
|
||||||
sed 's/KC_RESTART=//' KC_RESTART_2.txt > KC_RESTART_3.txt
|
|
||||||
sed 's/;//' KC_RESTART_3.txt > KC_RESTART_4.txt
|
|
||||||
KC_RESTART=`cat KC_RESTART_4.txt`
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
cat form-cookies.txt | grep form | grep "kc-form-login" > form-in-file-saved.txt
|
|
||||||
cat form-in-file-saved.txt | awk '{print $8}' > form-action-only.txt
|
|
||||||
sed 's/action="//' form-action-only.txt > form-action-only-2.txt
|
|
||||||
sed 's/"//' form-action-only-2.txt > form-action-only-3.txt
|
|
||||||
sed 's/amp;//' form-action-only-3.txt > form-action-only-4.txt
|
|
||||||
sed 's/amp;//' form-action-only-4.txt > form-action-only-5.txt
|
|
||||||
sed 's/amp;//' form-action-only-5.txt > form-action-only-6.txt
|
|
||||||
action=`cat form-action-only-6.txt`
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
cookies=`echo "Cookie: AUTH_SESSION_ID=${AUTH_SESSION_ID}; AUTH_SESSION_ID_LEGACY=${AUTH_SESSION_ID_LEGACY}; KC_RESTART=${KC_RESTART}" | tr -d '"'`
|
|
||||||
curl -i "$action" \
|
|
||||||
-X POST \
|
|
||||||
-H 'Connection: keep-alive' \
|
|
||||||
-H 'Cache-Control: max-age=0' \
|
|
||||||
-H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99"' \
|
|
||||||
-H 'sec-ch-ua-mobile: ?0' \
|
|
||||||
-H 'sec-ch-ua-platform: "macOS"' \
|
|
||||||
-H 'Upgrade-Insecure-Requests: 1' \
|
|
||||||
-H 'Origin: null' \
|
|
||||||
-H 'Content-Type: application/x-www-form-urlencoded' \
|
|
||||||
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36' \
|
|
||||||
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
|
|
||||||
-H 'Sec-Fetch-Site: same-origin' \
|
|
||||||
-H 'Sec-Fetch-Mode: navigate' \
|
|
||||||
-H 'Sec-Fetch-User: ?1' \
|
|
||||||
-H 'Sec-Fetch-Dest: document' \
|
|
||||||
-H 'Accept-Language: en-CA,en;q=0.9' \
|
|
||||||
-H "$cookies" \
|
|
||||||
--data-raw 'username=minio&password=minio123&credentialId=' \
|
|
||||||
--compressed > referer-code-state.txt
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
cat referer-code-state.txt | grep Location > location.txt
|
|
||||||
cat location.txt | awk '{print $2}' > location-2.txt
|
|
||||||
location=`cat location-2.txt`
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
IFS='&'
|
|
||||||
read -ra ADDR <<< "$location"
|
|
||||||
|
|
||||||
echo ${ADDR[0]} > state.txt
|
|
||||||
echo ${ADDR[2]} > code.txt
|
|
||||||
sed 's/code=//' code.txt > code-1.txt
|
|
||||||
code=`cat code-1.txt`
|
|
||||||
echo $code
|
|
||||||
echo $code > /tmp/code
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
IFS='?'
|
|
||||||
state=`cat state.txt`
|
|
||||||
read -ra ADDR22 <<< "$state"
|
|
||||||
echo ${ADDR22[1]} > state-22.txt
|
|
||||||
sed 's/%3D/=/' state-22.txt > state-22-1.txt
|
|
||||||
sed 's/%3D/=/' state-22-1.txt > state-22-2.txt
|
|
||||||
sed 's/state=//' state-22-2.txt > state-22-3.txt
|
|
||||||
state=`cat state-22-3.txt`
|
|
||||||
echo $state
|
|
||||||
echo $state > /tmp/state
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
echo "127.0.0.1 keycloak-container" | sudo tee -a /etc/hosts
|
echo "127.0.0.1 dex" | sudo tee -a /etc/hosts
|
||||||
echo " "
|
echo " "
|
||||||
echo " "
|
echo " "
|
||||||
echo "/etc/hosts:"
|
echo "/etc/hosts:"
|
||||||
|
|||||||
@@ -93,8 +93,8 @@ func TestMain(t *testing.T) {
|
|||||||
Timeout: 2 * time.Second,
|
Timeout: 2 * time.Second,
|
||||||
}
|
}
|
||||||
|
|
||||||
// execute bash script to get the code and state
|
// execute script to get the code and state
|
||||||
cmd, err := exec.Command("./logssorun2.sh").Output()
|
cmd, err := exec.Command("python3", "dex-requests.py").Output()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Printf("error %s", err)
|
fmt.Printf("error %s", err)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user