Create selenium test user in Eclipse Che on OCP remotely#9982
Create selenium test user in Eclipse Che on OCP remotely#9982dmytro-ndp merged 6 commits intomasterfrom
Conversation
Signed-off-by: Dmytro Nochevnov <dnochevnov@codenvy.com>
|
ci-test |
dmytro-ndp
added
status/code-review
|
ci-test build report: |
Signed-off-by: Dmytro Nochevnov <dnochevnov@codenvy.com>
|
ci-test |
|
ci-test build report: |
|
ci-test |
|
ci-test build report: |
|
ci-test |
|
ci-test build report: |
|
|
||
| private static final boolean IS_MAC_OS = | ||
| System.getProperty("os.name").toLowerCase().startsWith("mac"); | ||
| private static final String DEFAULT_OPENSHIFT_USERNAME = "developer"; |
There was a problem hiding this comment.
So, this only works if auth isn't configured in the cluster (by default with oc cluster up)? Wouldn't it make more sense to have it in conf, so that you can run tests against Che deployed on any cluster?
There was a problem hiding this comment.
I reserved environment variables for this propose: OPENSHIFT_USERNAME, OPENSHIFT_PASSWORD. It ought to be documented in some way.
https://github.com/eclipse/che/blob/31029ca5318894a911e9593d9b39c4fadf28b6ad/selenium/che-selenium-test/src/main/java/org/eclipse/che/selenium/core/client/keycloak/executor/OpenShiftPodCommandExecutor.java#L138-L139
| Paths.get(System.getProperty("java.io.tmpdir")); | ||
|
|
||
| private static final Path PATH_TO_OPENSHIFT_CLI = PATH_TO_OPENSHIFT_CLI_DIRECTORY.resolve("oc"); | ||
| public static final String ECLIPSE_CHE_NAMESPACE = "eclipse-che"; |
There was a problem hiding this comment.
What if it's not eclipse-che namespace? Having it in configuration props will make it much more flexible.
There was a problem hiding this comment.
Thank you for advice!
| private static final boolean IS_MAC_OS = | ||
| System.getProperty("os.name").toLowerCase().startsWith("mac"); | ||
| private static final String DEFAULT_OPENSHIFT_USERNAME = "developer"; | ||
| private static final String DEFAULT_OPENSHIFT_PASSWORD = "any"; |
There was a problem hiding this comment.
You may need a token since if cluster is configured with oAuth, there's no way you can do oc login -u -p. Can we introduce a token for such use cases? Say, before running a test, you obtain a token, export it as env (or save to configuration file) and then run tests.
There was a problem hiding this comment.
Thank you for notice. Which environment variable we can use to hold the token?
There was a problem hiding this comment.
You may pick any reasonable name. And if set, then oc login should use it. If not, username and password are used (default unless set by a user).
You can get your token this way:
oc login -u developer -p password
oc whoami -t
My point is that even though this PR makes interaction with Keycloak more efficient, it won't help if you need to run tests against any infra that different from a default cluster started with oc cluster up
There was a problem hiding this comment.
I can't find parameter to pass auth token to "oc login" command in docs.
Did you mean that we should add auth token directly into the ~/.kube/config file?
There was a problem hiding this comment.
eugene@ivantsoft ~/projects/rhel-stacks/che-assembly (master) $ oc login --help
Log in to your server and save login for subsequent use
First-time users of the client should run this command to connect to a server, establish an authenticated session, and
save connection to the configuration file. The default configuration will be saved to your home directory under
".kube/config".
The information required to login -- like username and password, a session token, or the server details -- can be
provided through flags. If not provided, the command will prompt for user input as needed.
Usage:
oc login [URL] [options]
Examples:
# Log in interactively
oc login
# Log in to the given server with the given certificate authority file
oc login localhost:8443 --certificate-authority=/path/to/cert.crt
# Log in to the given server with the given credentials (will not prompt interactively)
oc login localhost:8443 --username=myuser --password=mypass
Options:
-p, --password='': Password, will prompt if not provided
-u, --username='': Username, will prompt if not provided --certificate-authority='': Path to a cert file for the
certificate authority
--insecure-skip-tls-verify=false: If true, the server's certificate will not be checked for validity. This will
make your HTTPS connections insecure
--token='': Bearer token for authentication to the API server
Use "oc options" for a list of global command-line options (applies to all commands).
eugene@ivantsoft ~/projects/rhel-stacks/che-assembly (master) $
There was a problem hiding this comment.
Thank you, Eugene.
| if (!matcher.matches()) { | ||
| throw new RuntimeException( | ||
| format( | ||
| "It's impossible to extract OpenShift host from Eclipse Che host '%s'. Make sure that correct value is set for `CHE_INFRASTRUCTURE`.", |
There was a problem hiding this comment.
It's just a question. Can you explain why you need to extract Che host (route?) from OpenShift web console URL? Also, we should not forget that 8443 is the default port. It can be just 443 (OSO for example).
There was a problem hiding this comment.
I am trying to avoid over-engineering here. It's kind of default behavior, but user is able to set OpenShift console URL manually through the "OPENSHIFT_URL" environment variable.
| format( | ||
| "docker exec -i %s sh -c 'keycloak/bin/kcadm.sh delete users/%s -r che -s username=%s --no-config --server http://localhost:8080/auth --user %s --password %s --realm master 2>&1'", | ||
| keycloakContainerId, | ||
| "delete users/%s -r che -s username=%s --no-config --server http://localhost:8080/auth --user %s --password %s --realm master 2>&1", |
There was a problem hiding this comment.
What about a case when "CHE_PORT" variable is different from default "8080"?
There was a problem hiding this comment.
Here we are using different port - for keycloak server from within keycloak container.
|
|
||
| /** @author Dmytro Nochevnov */ | ||
| @Singleton | ||
| public class DockerContainerCommandExecutor implements KeycloakCommandExecutor { |
There was a problem hiding this comment.
In my opinion, the current name of the class "DockerContainerCommandExecutor" means that it describes the class which responsible for commands execution in some abstract docker container but not in the particular "Keycloak" container. Maybe it should be renamed to something like "DockerKeycloakCommandExecutor" or "KeycloakCommandExecutorImpl"?
There was a problem hiding this comment.
You are particularly right, but I took into account the name of package: keycloak.executor.
| @Singleton | ||
| public class OpenShiftWebConsoleUrlProvider implements Provider<URL> { | ||
|
|
||
| private static final int PORT = 8443; |
There was a problem hiding this comment.
Is web console port always "8443" and can`t be reconfigured by any system variable?
There was a problem hiding this comment.
It can be reconfigured manually through the "OPENSHIFT_URL" environment variable.
…CommandExecutor Signed-off-by: Dmytro Nochevnov <dnochevnov@codenvy.com>
Signed-off-by: Dmytro Nochevnov <dnochevnov@codenvy.com>
|
ci-test |
|
ci-test build report: |
Signed-off-by: Dmytro Nochevnov <dnochevnov@codenvy.com>
dmytro-ndp
removed
the
status/code-review
…#9982) * Add KeycloakCommandExecutor to create test user in selenium tests * Create test user in Eclipse Che on OCP which is run remotely Signed-off-by: Dmytro Nochevnov <dnochevnov@codenvy.com>
4 participants
What does this PR do?
It involves OpenShift CLI client into test user creation process when we are running E2E selenium tests against Eclipse Che Multiuser on OCP.
It makes it possible to create test user remotely when testing product is deployed to the remote host.
What issues does this PR fix or reference?
#9878