Merge pull request #100 from jp-gouin/improve-ci

Improve ci
jp-gouin · Feb 23, 2023 · 44b16d9 · 44b16d9
2 parents 54e092a + ac1f4c2
commit 44b16d9
Show file tree

Hide file tree

Showing 5 changed files with 736 additions and 0 deletions.
diff --git a/.bin/myval.yaml b/.bin/myval.yaml
@@ -18,6 +18,29 @@ customTLS:
     repository: alpine/openssl
     tag: latest
   secret: "custom-cert" 
+customSchemaFiles:
+  10_owncloud_schema.ldif: |-
+    # This LDIF files describes the ownCloud schema and can be used to
+    # add two optional attributes: ownCloudQuota and ownCloudUUID
+    # The ownCloudUUID is used to store a unique, non-reassignable, persistent identifier for users and groups
+    dn: cn=owncloud,cn=schema,cn=config
+    objectClass: olcSchemaConfig
+    cn: owncloud
+    olcObjectIdentifier: ownCloudOid 1.3.6.1.4.1.39430
+    olcAttributeTypes: ( ownCloudOid:1.1.1 NAME 'ownCloudQuota'
+      DESC 'User Quota (e.g. 2 GB)'
+      EQUALITY caseExactMatch
+      SUBSTR caseIgnoreSubstringsMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+    olcAttributeTypes: ( ownCloudOid:1.1.2 NAME 'ownCloudUUID'
+      DESC 'A non-reassignable and persistent account ID)'
+      EQUALITY uuidMatch
+      SUBSTR caseIgnoreSubstringsMatch
+      SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE )
+    olcObjectClasses: ( ownCloudOid:1.2.1 NAME 'ownCloud'
+      DESC 'ownCloud LDAP Schema'
+      AUXILIARY
+      MAY ( ownCloudQuota $ ownCloudUUID ) )
 customLdifFiles:
   00-root.ldif: |-
     # Root creation
@@ -39,6 +62,7 @@ customLdifFiles:
     homedirectory: /home/users/jdupond
     objectclass: inetOrgPerson
     objectclass: posixAccount
+    objectClass: ownCloud
     objectclass: top
     sn: Dupond
     uid: jdupond

diff --git a/.bin/singleNode.yaml b/.bin/singleNode.yaml
@@ -0,0 +1,22 @@
+logLevel: debug
+resources: 
+  limits:
+    cpu: "128m"
+    memory: "64Mi"
+replicaCount: 1
+replication:
+  enabled: false
+ltb-passwd:
+  ingress:
+    hosts:
+    - "ssl-ldap2.example"
+phpldapadmin:
+  ingress:
+    hosts:
+    - "phpldapadmin.example"
+customTLS:
+  enabled: false
+service:
+  ldapPortNodePort: 30389
+  sslLdapPortNodePort: 30636
+  type: NodePort
diff --git a/.bin/user.ldif b/.bin/user.ldif
@@ -0,0 +1,19 @@
+dn: uid=einstein,dc=example,dc=org
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: ownCloud
+objectClass: person
+objectClass: posixAccount
+objectClass: top
+uid: einstein
+givenName: Albert
+sn: Einstein
+cn: einstein
+displayName: Albert Einstein
+description: A German-born theoretical physicist who developed the theory of relativity, one of the two pillars of modern physics (alongside quantum mechanics).
+mail: einstein@example.org
+uidNumber: 20000
+gidNumber: 30000
+homeDirectory: /home/einstein
+ownCloudUUID:: NGM1MTBhZGEtYzg2Yi00ODE1LTg4MjAtNDJjZGY4MmMzZDUx
+userPassword:: e1NTSEF9TXJEcXpFNGdKbXZxbVRVTGhvWEZ1VzJBbkV3NWFLK3J3WTIvbHc9PQ==
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -68,11 +68,34 @@ jobs:
         run: |
            echo "test access to openldap database"
            kubectl apply -f .bin/chaos.yaml
+      - name: test write
+        shell: bash
+        run: |
+           echo "test access to openldap database"
+           LDAPTLS_REQCERT=never ldapadd -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -f  .bin/user.ldif
+           LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' > /tmp/test-write.txt
+           if [ $(grep "numResponses" /tmp/test-write.txt | cut -d ":" -f 2 | tr -d ' ') -ne 5 ]; then exit 1 ; fi
+           if ! grep -q "objectClass: ownCloud" /tmp/test-write.txt; then  echo exit 1; fi
       - name: chaos tests
         shell: bash
         run: |
            echo "test access to openldap database"
            for i in {1..20}; do  LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' && sleep 60 ; done
+      - name: deploy openldap-stack-ha-single-node
+        shell: bash
+        run: |
+          helm delete openldap-stack-ha
+          cd "$GITHUB_WORKSPACE"
+          helm install openldap-stack-ha -n single --create-namespace -f .bin/singleNode.yaml .
+          kubectl rollout status sts openldap-stack-ha -n single
+      - name: verify single node deployment
+        shell: bash
+        run: |
+           echo "test access to openldap database"
+           sudo apt-get install -y ldap-utils
+           LDAPTLS_REQCERT=never ldapsearch -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' > /tmp/test-single-node.txt
+           cat /tmp/test-single-node.txt
+           if [ $(grep "numResponses" /tmp/test-single-node.txt | cut -d ":" -f 2 | tr -d ' ') -ne 6 ]; then exit 1 ; fi