diff --git a/.github/workflows/kerberos.yml b/.github/workflows/kerberos.yml new file mode 100644 index 0000000..d03e6ee --- /dev/null +++ b/.github/workflows/kerberos.yml @@ -0,0 +1,48 @@ +name: kerberos + +# NOTE: Restricting branches prevents jobs from being doubled since +# a push to a pull request triggers two events. +on: + pull_request: + branches: + - "*" + push: + branches: + - "*" + +jobs: + test: + name: Test with Kerberos + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v2 + + - name: Build & start services + run: | + make build-services + make run-services + + - name: Install & configure Kerberos client + run: | + KRB5_ADDR=`docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' krb5_kiwitcms_org` + + sudo apt-get -y install krb5-user + sudo cp ./tests/krb5/krb5.conf /etc/ + sudo sed -i "s/localhost\./$KRB5_ADDR/" /etc/krb5.conf + + # this directory is missing and krb5.conf wants to include it + sudo mkdir /etc/krb5.conf.d/ + + WEB_ADDR=`docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' web_kiwitcms_org` + sudo sh -c "echo '$WEB_ADDR web.kiwitcms.org' >> /etc/hosts" + + - name: Obtain valid Kerberos ticket + run: | + echo changeme | kinit travis@KIWITCMS.ORG + klist + + - name: Verify web login with Kerberos + run: | + make verify-web-login + klist diff --git a/Makefile b/Makefile index 9eef507..572a1d7 100644 --- a/Makefile +++ b/Makefile @@ -30,3 +30,21 @@ run-services: docker cp ./application.keytab web_kiwitcms_org:/Kiwi/application.keytab rm ./application.keytab docker exec -u 0 -i web_kiwitcms_org /bin/bash -c 'chown 1001:root /Kiwi/application.keytab' + +.PHONY: verify-web-login +verify-web-login: + # make sure curl supports Negotiate authentication + curl -V | grep GSS-Negotiate + + # grab the page + curl -k -L -o /tmp/curl.log --negotiate -u: \ + -b /tmp/cookie.jar -c /tmp/cookie.jar \ + https://web.kiwitcms.org:8443/login/kerberos/ + + # verify user has been logged in + cat /tmp/curl.log | grep 'Kiwi TCMS - Dashboard' + cat /tmp/curl.log | grep 'Test executions' + cat /tmp/curl.log | grep 'Your Test plans' + + # verify username is 'travis', e.g. taken from 'travis@KIWITCMS.ORG' principal + cat /tmp/curl.log | grep 'My profile'