Use login & consent server accepting all requests

Instead of using selenium driver to log in and accept the consent request use a simple python implementation which accepts all requests thus eliminating the need of web driver entirely. Fixes trinodb#6991
lukasz-walkiewicz · Jan 24, 2022 · 0e004f5 · 0e004f5
1 parent b1474b1
commit 0e004f5
Show file tree

Hide file tree

Showing 28 changed files with 484 additions and 587 deletions.
diff --git a/pom.xml b/pom.xml
@@ -58,7 +58,6 @@
         <dep.oracle.version>19.3.0.0</dep.oracle.version>
         <dep.drift.version>1.14</dep.drift.version>
         <dep.scribejava.version>6.9.0</dep.scribejava.version>
-        <dep.selenium.version>3.141.59</dep.selenium.version>
         <dep.tempto.version>187</dep.tempto.version>
         <dep.gcs.version>2.0.0</dep.gcs.version>
         <dep.errorprone.version>2.10.0</dep.errorprone.version>
@@ -1128,6 +1127,12 @@
                 <version>${dep.okhttp.version}</version>
             </dependency>
 
+            <dependency>
+                <groupId>com.squareup.okhttp3</groupId>
+                <artifactId>okhttp-tls</artifactId>
+                <version>${dep.okhttp.version}</version>
+            </dependency>
+
             <dependency>
                 <groupId>com.squareup.okhttp3</groupId>
                 <artifactId>okhttp-urlconnection</artifactId>
@@ -1530,54 +1535,6 @@
                 <version>42.3.1</version>
             </dependency>
 
-            <dependency>
-                <groupId>org.seleniumhq.selenium</groupId>
-                <artifactId>selenium-api</artifactId>
-                <version>${dep.selenium.version}</version>
-            </dependency>
-
-            <dependency>
-                <groupId>org.seleniumhq.selenium</groupId>
-                <artifactId>selenium-chrome-driver</artifactId>
-                <version>${dep.selenium.version}</version>
-            </dependency>
-
-            <dependency>
-                <groupId>org.seleniumhq.selenium</groupId>
-                <artifactId>selenium-java</artifactId>
-                <version>${dep.selenium.version}</version>
-                <exclusions>
-                    <exclusion>
-                        <groupId>commons-logging</groupId>
-                        <artifactId>commons-logging</artifactId>
-                    </exclusion>
-                </exclusions>
-            </dependency>
-
-            <dependency>
-                <groupId>org.seleniumhq.selenium</groupId>
-                <artifactId>selenium-remote-driver</artifactId>
-                <version>${dep.selenium.version}</version>
-                <exclusions>
-                    <exclusion>
-                        <groupId>commons-logging</groupId>
-                        <artifactId>commons-logging</artifactId>
-                    </exclusion>
-                </exclusions>
-            </dependency>
-
-            <dependency>
-                <groupId>org.seleniumhq.selenium</groupId>
-                <artifactId>selenium-support</artifactId>
-                <version>${dep.selenium.version}</version>
-                <exclusions>
-                    <exclusion>
-                        <groupId>commons-logging</groupId>
-                        <artifactId>commons-logging</artifactId>
-                    </exclusion>
-                </exclusions>
-            </dependency>
-
             <dependency>
                 <groupId>org.sonatype.aether</groupId>
                 <artifactId>aether-api</artifactId>

diff --git a/...t-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/EnvironmentModule.java b/...t-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/EnvironmentModule.java
@@ -25,7 +25,6 @@
 import io.trino.tests.product.launcher.env.common.Kafka;
 import io.trino.tests.product.launcher.env.common.KafkaSsl;
 import io.trino.tests.product.launcher.env.common.Phoenix;
-import io.trino.tests.product.launcher.env.common.SeleniumChrome;
 import io.trino.tests.product.launcher.env.common.Standard;
 import io.trino.tests.product.launcher.env.common.StandardMultinode;
 import io.trino.tests.product.launcher.testcontainers.PortBinder;
@@ -69,7 +68,6 @@ public void configure(Binder binder)
         binder.bind(HydraIdentityProvider.class).in(SINGLETON);
         binder.bind(Kafka.class).in(SINGLETON);
         binder.bind(KafkaSsl.class).in(SINGLETON);
-        binder.bind(SeleniumChrome.class).in(SINGLETON);
         binder.bind(Standard.class).in(SINGLETON);
         binder.bind(StandardMultinode.class).in(SINGLETON);
         binder.bind(Phoenix.class).in(SINGLETON);

diff --git a/...ncher/src/main/java/io/trino/tests/product/launcher/env/common/HydraIdentityProvider.java b/...ncher/src/main/java/io/trino/tests/product/launcher/env/common/HydraIdentityProvider.java
@@ -63,10 +63,11 @@ public void extendEnvironment(Environment.Builder builder)
                 .withStartupCheckStrategy(new OneShotStartupCheckStrategy())
                 .setTemporary(true);
 
-        DockerContainer hydraConsent = new DockerContainer("oryd/hydra-login-consent-node:v1.4.2", "hydra-consent")
-                .withEnv("HYDRA_ADMIN_URL", "https://hydra:4445")
-                .withEnv("NODE_TLS_REJECT_UNAUTHORIZED", "0")
-                .waitingFor(Wait.forHttp("/").forPort(3000).forStatusCode(200));
+        DockerContainer hydraConsent = new DockerContainer("python:3.10.1-alpine", "hydra-consent")
+                .withCopyFileToContainer(forHostPath(configDir.getPath("login_and_consent_server.py")), "/")
+                .withCommand("python", "/login_and_consent_server.py")
+                .withExposedPorts(3000)
+                .waitingFor(Wait.forHttp("/healthz").forPort(3000).forStatusCode(200));
 
         binder.exposePort(hydraConsent, 3000);
 
@@ -76,12 +77,12 @@ public void extendEnvironment(Environment.Builder builder)
                 .withEnv("URLS_SELF_ISSUER", "https://hydra:4444/")
                 .withEnv("URLS_CONSENT", "http://hydra-consent:3000/consent")
                 .withEnv("URLS_LOGIN", "http://hydra-consent:3000/login")
-                .withEnv("SERVE_TLS_KEY_PATH", "/tmp/certs/localhost.pem")
-                .withEnv("SERVE_TLS_CERT_PATH", "/tmp/certs/localhost.pem")
+                .withEnv("SERVE_TLS_KEY_PATH", "/tmp/certs/hydra.pem")
+                .withEnv("SERVE_TLS_CERT_PATH", "/tmp/certs/hydra.pem")
                 .withEnv("STRATEGIES_ACCESS_TOKEN", "jwt")
                 .withEnv("TTL_ACCESS_TOKEN", TTL_ACCESS_TOKEN_IN_SECONDS + "s")
                 .withCommand("serve", "all")
-                .withCopyFileToContainer(forHostPath(configDir.getPath("cert")), "/tmp/certs")
+                .withCopyFileToContainer(forHostPath(configDir.getPath("cert/hydra.pem")), "/tmp/certs/hydra.pem")
                 .waitingFor(new WaitAllStrategy()
                         .withStrategy(Wait.forLogMessage(".*Setting up http server on :4444.*", 1))
                         .withStrategy(Wait.forLogMessage(".*Setting up http server on :4445.*", 1)));
@@ -99,14 +100,22 @@ public void extendEnvironment(Environment.Builder builder)
             if (isPrestoContainer(dockerContainer.getLogicalName())) {
                 dockerContainer
                         .withCopyFileToContainer(
-                                forHostPath(configDir.getPath("cert")),
-                                CONTAINER_PRESTO_ETC + "/hydra/cert");
+                                forHostPath(configDir.getPath("cert/trino.pem")),
+                                CONTAINER_PRESTO_ETC + "/trino.pem")
+                        .withCopyFileToContainer(
+                                forHostPath(configDir.getPath("cert/hydra.pem")),
+                                CONTAINER_PRESTO_ETC + "/hydra.pem");
             }
         });
 
-        builder.configureContainer(TESTS, dockerContainer -> dockerContainer.withCopyFileToContainer(
-                forHostPath(configDir.getPath("tempto-configuration-for-docker-oauth2.yaml")),
-                CONTAINER_TEMPTO_PROFILE_CONFIG));
+        builder.configureContainer(TESTS, dockerContainer ->
+                dockerContainer
+                        .withCopyFileToContainer(
+                                forHostPath(configDir.getPath("tempto-configuration-for-docker-oauth2.yaml")),
+                                CONTAINER_TEMPTO_PROFILE_CONFIG)
+                        .withCopyFileToContainer(
+                                forHostPath(configDir.getPath("cert/truststore.jks")),
+                                "/docker/presto-product-tests/truststore.jks"));
     }
 
     public DockerContainer createClient(

diff --git a/...sts-launcher/src/main/java/io/trino/tests/product/launcher/env/common/SeleniumChrome.java b/...sts-launcher/src/main/java/io/trino/tests/product/launcher/env/common/SeleniumChrome.java
diff --git a/...er/src/main/java/io/trino/tests/product/launcher/env/environment/EnvSinglenodeOauth2.java b/...er/src/main/java/io/trino/tests/product/launcher/env/environment/EnvSinglenodeOauth2.java
@@ -20,7 +20,6 @@
 import io.trino.tests.product.launcher.env.Environment;
 import io.trino.tests.product.launcher.env.EnvironmentProvider;
 import io.trino.tests.product.launcher.env.common.HydraIdentityProvider;
-import io.trino.tests.product.launcher.env.common.SeleniumChrome;
 import io.trino.tests.product.launcher.env.common.Standard;
 import io.trino.tests.product.launcher.env.common.TestsEnvironment;
 import io.trino.tests.product.launcher.testcontainers.PortBinder;
@@ -41,9 +40,9 @@ public class EnvSinglenodeOauth2
     private final ResourceProvider configDir;
 
     @Inject
-    public EnvSinglenodeOauth2(DockerFiles dockerFiles, PortBinder binder, Standard standard, HydraIdentityProvider hydraIdentityProvider, SeleniumChrome seleniumChrome)
+    public EnvSinglenodeOauth2(DockerFiles dockerFiles, PortBinder binder, Standard standard, HydraIdentityProvider hydraIdentityProvider)
     {
-        super(ImmutableList.of(standard, hydraIdentityProvider, seleniumChrome));
+        super(ImmutableList.of(standard, hydraIdentityProvider));
 
         this.binder = requireNonNull(binder, "binder is null");
         this.hydraIdentityProvider = requireNonNull(hydraIdentityProvider, "hydraIdentityProvider is null");

diff --git a/...in/java/io/trino/tests/product/launcher/env/environment/EnvSinglenodeOauth2HttpProxy.java b/...in/java/io/trino/tests/product/launcher/env/environment/EnvSinglenodeOauth2HttpProxy.java
@@ -20,7 +20,6 @@
 import io.trino.tests.product.launcher.env.Environment;
 import io.trino.tests.product.launcher.env.EnvironmentProvider;
 import io.trino.tests.product.launcher.env.common.HydraIdentityProvider;
-import io.trino.tests.product.launcher.env.common.SeleniumChrome;
 import io.trino.tests.product.launcher.env.common.Standard;
 import io.trino.tests.product.launcher.env.common.TestsEnvironment;
 import io.trino.tests.product.launcher.testcontainers.PortBinder;
@@ -41,9 +40,9 @@ public class EnvSinglenodeOauth2HttpProxy
     private final ResourceProvider configDir;
 
     @Inject
-    public EnvSinglenodeOauth2HttpProxy(DockerFiles dockerFiles, PortBinder binder, Standard standard, HydraIdentityProvider hydraIdentityProvider, SeleniumChrome seleniumChrome)
+    public EnvSinglenodeOauth2HttpProxy(DockerFiles dockerFiles, PortBinder binder, Standard standard, HydraIdentityProvider hydraIdentityProvider)
     {
-        super(ImmutableList.of(standard, hydraIdentityProvider, seleniumChrome));
+        super(ImmutableList.of(standard, hydraIdentityProvider));
 
         this.binder = requireNonNull(binder, "binder is null");
         this.hydraIdentityProvider = requireNonNull(hydraIdentityProvider, "hydraIdentityProvider is null");

diff --git a/...n/java/io/trino/tests/product/launcher/env/environment/EnvSinglenodeOauth2HttpsProxy.java b/...n/java/io/trino/tests/product/launcher/env/environment/EnvSinglenodeOauth2HttpsProxy.java
@@ -20,7 +20,6 @@
 import io.trino.tests.product.launcher.env.Environment;
 import io.trino.tests.product.launcher.env.EnvironmentProvider;
 import io.trino.tests.product.launcher.env.common.HydraIdentityProvider;
-import io.trino.tests.product.launcher.env.common.SeleniumChrome;
 import io.trino.tests.product.launcher.env.common.Standard;
 import io.trino.tests.product.launcher.env.common.TestsEnvironment;
 import io.trino.tests.product.launcher.testcontainers.PortBinder;
@@ -42,9 +41,9 @@ public class EnvSinglenodeOauth2HttpsProxy
     private final ResourceProvider configDir;
 
     @Inject
-    public EnvSinglenodeOauth2HttpsProxy(DockerFiles dockerFiles, PortBinder binder, Standard standard, HydraIdentityProvider hydraIdentityProvider, SeleniumChrome seleniumChrome)
+    public EnvSinglenodeOauth2HttpsProxy(DockerFiles dockerFiles, PortBinder binder, Standard standard, HydraIdentityProvider hydraIdentityProvider)
     {
-        super(ImmutableList.of(standard, hydraIdentityProvider, seleniumChrome));
+        super(ImmutableList.of(standard, hydraIdentityProvider));
 
         this.binder = requireNonNull(binder, "binder is null");
         this.hydraIdentityProvider = requireNonNull(hydraIdentityProvider, "hydraIdentityProvider is null");
@@ -61,8 +60,8 @@ public void extendEnvironment(Environment.Builder builder)
                             forHostPath(configDir.getPath("config.properties")),
                             CONTAINER_PRESTO_CONFIG_PROPERTIES)
                     .withCopyFileToContainer(
-                            forHostPath(configDir.getPath("cert")),
-                            CONTAINER_PRESTO_ETC + "/cert");
+                            forHostPath(configDir.getPath("cert/truststore.jks")),
+                            CONTAINER_PRESTO_ETC + "/cert/truststore.jks");
 
             binder.exposePort(dockerContainer, 7778);
         });
@@ -77,11 +76,6 @@ public void extendEnvironment(Environment.Builder builder)
 
         builder.containerDependsOn(COORDINATOR, hydraClientConfig.getLogicalName());
 
-        builder.configureContainer("hydra", dockerContainer -> dockerContainer
-                .withCopyFileToContainer(forHostPath(configDir.getPath("cert")), "/tmp/certs")
-                .withEnv("SERVE_TLS_KEY_PATH", "/tmp/certs/hydra.pem")
-                .withEnv("SERVE_TLS_CERT_PATH", "/tmp/certs/hydra.pem"));
-
         DockerContainer proxy = new DockerContainer("httpd:2.4.51", "proxy");
         proxy
                 .withCopyFileToContainer(

diff --git a/...ain/resources/docker/presto-product-tests/common/hydra-identity-provider/cert/generate.sh b/...ain/resources/docker/presto-product-tests/common/hydra-identity-provider/cert/generate.sh
@@ -2,5 +2,12 @@
 
 set -eux
 
-openssl req -new -x509 -newkey rsa:4096 -sha256 -nodes -keyout localhost.key -days 3560 -out localhost.crt -config localhost.conf
-cat localhost.crt localhost.key > localhost.pem
+rm -f truststore.jks
+
+for name in "hydra" "trino"
+do
+    openssl req -new -x509 -newkey rsa:4096 -sha256 -nodes -keyout "${name}.key" -days 35600 -out "${name}.crt" -config "${name}.conf"
+    cat "${name}.crt" "${name}.key" > "${name}.pem"
+    keytool -import -noprompt -alias "${name}" -keystore truststore.jks -storepass 123456 -file "${name}.crt"
+    rm "${name}.crt" "${name}.key"
+done
diff --git a/...main/resources/docker/presto-product-tests/common/hydra-identity-provider/cert/hydra.conf b/...main/resources/docker/presto-product-tests/common/hydra-identity-provider/cert/hydra.conf
@@ -0,0 +1,15 @@
+[ req ]
+default_bits       = 4096
+prompt             = no
+default_md         = sha256
+x509_extensions    = v3_req
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name ]
+CN = hydra
+
+[ v3_req ]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS = hydra