-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add dockerised setup for iGrant.io Consent BB solution #67
Add dockerised setup for iGrant.io Consent BB solution #67
Conversation
@georgepadayatti this is great! Have you had any time to look at the caddy implementation here? https://github.com/GovStackWorkingGroup/bb-consent/blob/main/examples/mock/Dockerfile_caddy It will use the API spec such that all HTTP requests & responses are validated against the API spec. |
3c0ab37
to
6cc19e4
Compare
@georgepadayatti GitHub displays it as if |
@dborowiecki @pgesek @conradsp Notice on Circle CI: The test runner doesn't perform any tests, however the Circle CI configuration is actually running fine, as it allows PRs. I don't remember what has been the previous conversation around this, but I would like PRs from forked repositories like this one to work. However, I think that there is a security hindrance somewhere preventing these third-party PRs from running. IMO, it should be possible for any third-party vendor to contribute a new solution to a BB repository without having push access to the main repo. If you agree, I can open a Jira issue. |
Sorry for the delayed response. I have looked into your custom caddy setup for OpenAPI validation and updated ours. Some observations:
bb-consent/api/consent-openapi.yaml Lines 2174 to 2178 in 3f7d2e2
Hope we can rectify them for a smooth validation process. |
I hope point 2 in this response clarifies the reason. This is a temporary measure I have taken. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is moving along well, but we need to figure out how to get it running in Circle CI. I'll let you know soon if that requires pushing a local branch to this repo instead.
@benjaoming One more clarification on Point 1. Once configured, the caddy module didn't work out of the box for me as it was always looking for OPA policies. I had to fork the caddy module remove the OPA check and rebuild caddy FYI. https://github.com/georgepadayatti/caddy-openapi |
What does this check do exactly? |
Remove the checks for Open Policy Agent. This feature is not required for OpenAPI validation. Also it breaks the caddy module. |
@georgepadayatti do you think that this can be suggested as a PR for the upstream project? It would be nice if we can continue relying on it. I wasn't aware that it had broken. Perhaps a PR that suggests to comment out the code or make it configurable would be accepted and released by the maintainer. (It has been working, but it's perhaps 1 year ago since I added it! When I was initially researching it, I was able to see valid requests accepted and invalid requests rejected.) |
c5f291e
to
b5e8f7d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I left one comment. I was able to run tests against this application locally after my small change in test-entrypoint.sh but I not all the tests pass. While some tests passed, issues with loading user data and fetching data from tests. I checked Keycloak via panel admin, which seemed fine. However, I couldn't resolve all test failures due to unfamiliarity with your application's configuration.
Signed-off-by: George J Padayatti <george.padayatti@igrant.io>
@benjaoming Sorry for the late response. I have fixed the outstanding comments. Are we good to merge and publish test results? |
I can start by pulling in these changes to a branch in this repo. This should trigger the Circle CI setup. (I've also expressed some concern about this sub-optimal workflow to the tech committee) |
Ah great, it seems that GitHub uses the Commit ID, so once I've pushed this into the upstream repo branch and opened a PR (I think it wasn't active before I also opened the PR), we can see the results directly in this repo 👍 |
How sad. This seems to indicate that it's possible to delete packages in "Go Get". I'm not sure exactly what to do here, do you have time to look into it @georgepadayatti ? I can start pondering if it's become too expensive to use this Caddy + caddy-openapi extension, it hasn't exactly been stable. It's very valuable that it can provide us free compliance testing of request/response vs. OpenAPI spec, though. |
Interesting. Where is this coming, when building docker ? |
@georgepadayatti it's from the failed Circle CI buid - https://circleci.com/gh/GovStackWorkingGroup/bb-consent/738 |
I have checked the same on my local machine. This is due to an old version of bb-consent/examples/mock/Dockerfile_caddy Lines 2 to 3 in 280a32f
Once updated to 0.9.0 the docker build succeeds. |
Thank you for fixing this @georgepadayatti 👍 |
@georgepadayatti wups, forgot, but now I've pushed it to the other branch, so we can see how it builds... |
@georgepadayatti it seems like |
@georgepadayatti so this is valid and running 🥳 but I would ask for this change before continuing: Try to run As you can see, the diff is quite big but most changes are single quotes to double quotes. Is it possible for you to
Otherwise, this looks great and I congratulate you and the team on the big effort that's succeeding! |
Thanks! I can see that it's only security policies remaining in the diff @georgepadayatti - so no need to have a diff for this. Let's get rid of them in the |
Sounds perfect. |
@georgepadayatti you can go ahead and merge in the upstream main branch, then symlink consent-openapi.yaml and then I can do a final verification and merge this 👍 |
Signed-off-by: George J Padayatti <george.padayatti@igrant.io>
Signed-off-by: George J Padayatti <george.padayatti@igrant.io>
Signed-off-by: George J Padayatti <george.padayatti@igrant.io>
Signed-off-by: George J Padayatti <george.padayatti@igrant.io>
Signed-off-by: George J Padayatti <george.padayatti@igrant.io>
Signed-off-by: George J Padayatti <george.padayatti@igrant.io>
…this command locally Signed-off-by: George J Padayatti <george.padayatti@igrant.io>
Signed-off-by: George J Padayatti <george.padayatti@igrant.io>
Signed-off-by: George J Padayatti <george.padayatti@igrant.io>
Signed-off-by: George J Padayatti <george.padayatti@igrant.io>
Signed-off-by: George J Padayatti <george.padayatti@igrant.io>
Updated. |
Seems the build has run. It'll be exciting now to see if it shows up in the test harness report... |
Ay, forgot to submit a proper review... but as comments suggest, we've gone over some details, and now everything looks great and ready for further progress ✔️ |
Description
This PR contains the setup for test environment of iGrant.io Consent Building Block solution.
Related Issue
As discussed in Consent BB WG weekly call on 2023-12-01 and mentioned here.
Motivation and Context
As an initial setup towards running test harness against solution.