Skip to content

Commit

Permalink
Merge pull request #50 from cloud-gov/various-fixes
Browse files Browse the repository at this point in the history 
Various fixes
  • Loading branch information
@markdboyd
markdboyd committed Jun 15, 2022
2 parents a796975 + 290ceee commit 6c580f6
Show file tree
Hide file tree
Showing 13 changed files with 322 additions and 253 deletions.
29 changes: 28 additions & 1 deletion .env-sample
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ FLASK_ENV=local
# you might change these
SESSION_LIFETIME=600
PORT=8080
AUTH_PROXY_URL="http://localhost:8080/"

# you almost certainly should change these
CF_API_URL=https://api.example.cloud.gov/ # make sure to include trailing slash!
Expand All @@ -14,4 +15,30 @@ UAA_BASE_URL=https://uaa.example.com/ # make sure to include trailing slash!
UAA_CLIENT_ID=FEEDABEE
UAA_CLIENT_SECRET=CHANGEME
SECRET_KEY=changeme
CF_ADMIN_GROUP_NAME="<cf-group-name>"
CF_ADMIN_GROUP_NAME="<cf-group-name>"

# only necessary for running e2e tests locally
<!--
CF_ORG_ID_1=<insert-random-guid>
CF_SPACE_ID_1=<insert-random-guid>

CF_ORG_ID_2=<insert-random-guid>
CF_SPACE_ID_2=<insert-random-guid>

DEV_TEST_USER_1_ORG_ID="<match value of CF_ORG_ID_1 above>"
DEV_TEST_USER_1_SPACE_ID="<match value of CF_SPACE_ID_1 above>"

DEV_TEST_USER_2_ORG_ID="<match value of CF_ORG_ID_2 above>"
DEV_TEST_USER_2_SPACE_ID="<match value of CF_SPACE_ID_2 above>"

DEV_TEST_USER_1_USERNAME=
DEV_TEST_USER_1_PASSWORD=
DEV_TEST_USER_1_TOTP_SEED=

DEV_TEST_USER_2_USERNAME=
DEV_TEST_USER_2_PASSWORD=
DEV_TEST_USER_2_TOTP_SEED=

ES_USER=
ES_PASSWORD=
-->
8 changes: 8 additions & 0 deletions DEVELOPMENT.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,14 @@ outside of this repository.

To see all of the available commands, run `./dev -h`.

## Running e2e tests locally

1. Update your `.env` file and uncomment/set values for the e2e test variables. You can find the necessary
variables in `.env-sample`. You can get the values used in the pipeline from the credentials file stored
on S3.
1. [Make sure your local development stack is up and running](./README.md#running-locally)
1. Run `./dev e2e-local`

## Code style

Code is styled with `black`, which is configured in `pyproject.toml`. This means you can (and
Expand Down
242 changes: 6 additions & 236 deletions ci/init-config.sh
View file
Original file line number Diff line number Diff line change
@@ -1,253 +1,23 @@
#!/usr/bin/env bash

set -euo pipefail
shopt -s inherit_errexit

shopt -s inherit_errexit || true
dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"

function cleanup() {
[[ -n "${ssh_pid:-}" ]] && kill ${ssh_pid}
rm ${cookie_jar}
[[ -n "${ssh_pid:-}" ]] && kill "${ssh_pid}"
}
trap cleanup exit

cf api ${CF_API_URL}
cf api "${CF_API_URL}"
cf auth
cf t -o ${CF_ORGANIZATION} -s ${CF_SPACE}
cf t -o "${CF_ORGANIZATION}" -s "${CF_SPACE}"

echo "Creating SSH tunnel"
cf ssh -L 9200:odfe-test.apps.internal:9200 -L 5601:kbn-test.apps.internal:5601 kibana -N &
ssh_pid=$!

cookie_jar=$(mktemp)

echo "Waiting for tunnel to come up ..."
sleep 10

# we have to create index and component templates
# to work around the baked-in stream templates
echo "creating component template"
curl --fail --silent --show-error -u ${ES_USER}:${ES_PASSWORD} -k \
-X PUT \
-H "content-type: application/json" \
https://localhost:9200/_component_template/ct_apps \
-d '{
"template": {
"settings": {
"number_of_shards": 1
},
"mappings": {
"properties": {
"@cf": {
"type": "object",
"dynamic": true,
"properties": {
"space_id": {
"type": "keyword",
"index": true
},
"org_id": {
"type": "keyword",
"index": true
}
}
}
}
}
}
}' | jq

echo "Creating index template"
curl --fail --silent --show-error -u ${ES_USER}:${ES_PASSWORD} -k \
-X PUT \
-H "content-type: application/json" \
https://localhost:9200/_index_template/it_apps \
-d '{
"index_patterns" : ["logs-app-*"],
"priority" : 1,
"composed_of": ["ct_apps"]
}' | jq

echo "Creating index"
curl --silent --show-error -u ${ES_USER}:${ES_PASSWORD} -k \
-X PUT \
-H "content-type: application/json" \
https://localhost:9200/logs-app-now \
-d '{
"mappings": {
"properties": {
"@cf": {
"type": "object",
"dynamic": true,
"properties": {
"@cf": {
"space_id": {
"type": "keyword",
"index": true
},
"org_id": {
"type": "keyword",
"index": true
}
}
}
}
}
}
}' | jq


# next we add some logs
# the idea is to add one log for each test
# - user should be able to see logs with their space id
# - user should not be able to see logs with the wrong space id
# - user should not be able to see logs without a space id

# We should have this set up ahead of time:
# - org 1 has space space 1 with id ${CF_SPACE_ID_1}
# - org 2 has space space 2 with id ${CF_SPACE_ID_2}
# - user 1 is a space developer in space 1, with no org-level role
# - user 2 is an org manager in org 2, with no space-level role
# - user 3 is a space developer in space 1 and space 2, with no org-level roles

# we're using features from `date` that the default MacOS date
# doesn't have installed, so we need to figure out what `date`
# to use
date_bin=date

if [[ ! $(${date_bin} --iso-8601 2> /dev/null) ]]; then
if [[ $(which gdate) ]]; then
date_bin=gdate
else
echo "Can't find a suitable date program"
echo "try \`brew install coreutils\` if you're on MacOS"
exit 1
fi
fi

time=$(${date_bin} --iso-8601=seconds)

# user 1 should be able to see this log
# user 2 should not be able to see it
# user 3 should be able to see this log
echo "creating test document 1/5"
# we use refresh=true on all these to force elasticsearch to refresh
# It doesn't seem to make the docs available otherwise
# We could probably just do this on the last doc we index, but doing
# it on all of them makes it easier to modify the script
curl --fail --silent --show-error -u ${ES_USER}:${ES_PASSWORD} -k \
-X POST \
-H "content-type: application/json" \
https://localhost:9200/logs-app-now/_doc?refresh=true \
-d '{
"@timestamp": "'${time}'",
"@cf": {
"space_id":"'${CF_SPACE_ID_1}'"
},
"message": "space_id_1"
}' | jq

# user 1 should not be able to see it
# user 2 should be able to see this log
# user 3 should be able to see this log
echo "creating test document 2/5"
curl --fail --silent --show-error -u ${ES_USER}:${ES_PASSWORD} -k \
-X POST \
-H "content-type: application/json" \
https://localhost:9200/logs-app-now/_doc?refresh=true \
-d '{
"@timestamp": "'${time}'",
"@cf": {
"space_id":"'${CF_SPACE_ID_2}'"
},
"message": "space_id_2"
}' | jq

# none of the users should be able to see this log
echo "creating test document 3/5"
curl --fail --silent --show-error -u ${ES_USER}:${ES_PASSWORD} -k \
-X POST \
-H "content-type: application/json" \
https://localhost:9200/logs-app-now/_doc?refresh=true \
-d '{
"@timestamp": "'${time}'",
"message": "no_space_id"
}' | jq

# user 1 should be able to see this log
# user 2 should not be able to see it
# user 3 should be able to see this log
echo "creating test document 4/5"
curl --fail --silent --show-error -u ${ES_USER}:${ES_PASSWORD} -k \
-X POST \
-H "content-type: application/json" \
https://localhost:9200/logs-app-now/_doc?refresh=true \
-d '{
"@timestamp": "'${time}'",
"@cf":{ "org_id":"'${CF_ORG_ID_1}'"},
"message": "org_id_1"
}' | jq

# user 1 should not be able to see it
# user 2 should be able to see this log
# user 3 should be able to see this log
echo "creating test document 5/5"
curl --fail --silent --show-error -u ${ES_USER}:${ES_PASSWORD} -k \
-X POST \
-H "content-type: application/json" \
https://localhost:9200/logs-app-now/_doc?refresh=true \
-d '{
"@timestamp": "'${time}'",
"@cf": {"org_id":"'${CF_ORG_ID_2}'"},
"message": "org_id_2"
}' | jq

# for the kibana stuff, we need cookies just to deal with the multitenancy
echo "Setting up kibana http session"
# this curl is just to get a cookie ready
curl --fail --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \
-X GET \
-H "x-proxy-roles: admin" \
-H "x-proxy-user: admin" \
-H 'x-forwarded-for: 127.0.0.1' \
-H "kbn-xsrf: 1" \
-H "kbn-version: 7.10.0" \
http://localhost:5601/api/v1/configuration/account | jq

echo "Switching to default tenant"
curl --fail --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \
-X POST \
-H "content-type: application/json" \
-H "x-proxy-roles: admin" \
-H "x-proxy-user: admin" \
-H 'x-forwarded-for: 127.0.0.1' \
-H "kbn-version: 7.10.0" \
http://localhost:5601/api/v1/multitenancy/tenant \
-d '{"tenant":"","username":"'${ES_USER}'"}'

echo "Creating index pattern"
curl --fail --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \
-X POST \
-H "content-type: application/json" \
-H "x-proxy-roles: admin" \
-H "x-proxy-user: admin" \
-H 'x-forwarded-for: 127.0.0.1' \
-H "kbn-version: 7.10.0" \
http://localhost:5601/api/saved_objects/index-pattern \
-d '
{
"attributes": {
"title": "logs-app-*",
"timeFieldName": "@timestamp"
}
}' | jq

echo "Setting default index"
curl --fail --silent --show-error --cookie-jar ${cookie_jar} -b ${cookie_jar} \
-X POST \
-H "content-type: application/json" \
-H "x-proxy-roles: admin" \
-H "x-proxy-user: admin" \
-H 'x-forwarded-for: 127.0.0.1' \
-H "kbn-version: 7.10.0" \
http://localhost:5601/api/kibana/settings \
-d '{"changes":{"defaultIndex":"logs-app-*"}}' | jq
bash "${dir}/seed-es-data.sh"
2 changes: 1 addition & 1 deletion ci/pipeline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ jobs:
run:
path: src/ci/e2e.sh
params:
KIBANA_URL: ((kibana-url))
AUTH_PROXY_URL: ((auth-proxy-url))
DEV_TEST_USER_1_USERNAME: ((dev-test-user-1-username))
DEV_TEST_USER_1_PASSWORD: ((dev-test-user-1-password))
DEV_TEST_USER_1_TOTP_SEED: ((dev-test-user-1-totp-seed))
Expand Down
Loading

0 comments on commit 6c580f6

Please sign in to comment.