-
Notifications
You must be signed in to change notification settings - Fork 62
/
configs.go
168 lines (153 loc) · 3.65 KB
/
configs.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
// +build integration interactive
package e2e
import (
"fmt"
"io/ioutil"
"os"
"path"
"path/filepath"
"testing"
"github.com/efficientgo/e2e"
"github.com/efficientgo/tools/core/pkg/testutil"
)
type testType string
const (
metrics testType = "metrics"
logs testType = "logs"
tenants testType = "tenants"
interactive testType = "interactive"
dockerLocalSharedDir = "/shared"
certsSharedDir = "certs"
configSharedDir = "config"
certsContainerPath = dockerLocalSharedDir + "/" + certsSharedDir
configsContainerPath = dockerLocalSharedDir + "/" + configSharedDir
envMetricsName = "e2e_metrics_read_write"
envLogsName = "e2e_logs_read_write_tail"
envTenantsName = "e2e_tenants"
envInteractive = "e2e_interactive"
defaultTenantID = "1610b0c3-c509-4592-a256-a1871353dbfa"
mtlsTenantID = "845cdfd9-f936-443c-979c-2ee7dc91f646"
)
const tenantsYamlTpl = `
tenants:
- name: test-oidc
id: 1610b0c3-c509-4592-a256-a1871353dbfa
authenticator:
type: oidc
config:
clientID: test
clientSecret: ZXhhbXBsZS1hcHAtc2VjcmV0
issuerCAPath: %[1]s
issuerURL: https://%[2]s
redirectURL: https://localhost:8443/oidc/test-oidc/callback
usernameClaim: email
opa:
query: data.observatorium.allow
paths:
- %[3]s
- %[4]s
rateLimits:
- endpoint: "/api/metrics/v1/.+/api/v1/receive"
limit: 100
window: 1s
- endpoint: "/api/logs/v1/.*"
limit: 100
window: 1s
- name: test-attacker
id: 066df98b-04e1-46c5-86f7-dc3250bfe869
oidc:
clientID: test
clientSecret: ZXhhbXBsZS1hcHAtc2VjcmV0
issuerCAPath: %[1]s
issuerURL: https://%[2]s
redirectURL: https://localhost:8443/oidc/test-attacker/callback
usernameClaim: email
opa:
query: data.observatorium.allow
paths:
- %[3]s
- %[4]s
- name: test-mtls
id: 845cdfd9-f936-443c-979c-2ee7dc91f646
mTLS:
caPath: %[5]s
opa:
url: http://%[6]s
rateLimits:
- endpoint: "/api/metrics/v1/.+/api/v1/receive"
limit: 1
window: 1s
- endpoint: "/api/logs/v1/.*"
limit: 1
window: 1s
`
func createTenantsYAML(
t *testing.T,
e e2e.Environment,
issuerURL string,
opaURL string,
) {
yamlContent := []byte(fmt.Sprintf(
tenantsYamlTpl,
filepath.Join(certsContainerPath, "ca.pem"),
path.Join(issuerURL, "dex"),
filepath.Join(configsContainerPath, "observatorium.rego"),
filepath.Join(configsContainerPath, "rbac.yaml"),
filepath.Join(certsContainerPath, "ca.pem"),
path.Join(opaURL, "v1/data/observatorium/allow"),
))
err := ioutil.WriteFile(
filepath.Join(e.SharedDir(), configSharedDir, "tenants.yaml"),
yamlContent,
os.FileMode(0755),
)
testutil.Ok(t, err)
}
const dexYAMLTpl = `
issuer: https://%s:5556/dex
storage:
type: sqlite3
config:
file: /tmp/dex.db
web:
https: 0.0.0.0:5556
tlsCert: /shared/certs/dex.pem
tlsKey: /shared/certs/dex.key
telemetry:
http: 0.0.0.0:5558
logger:
level: "debug"
oauth2:
passwordConnector: local
staticClients:
- id: test
name: test
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
redirectURIs:
- https://%s:8443/oidc/test-oidc/callback
enablePasswordDB: true
staticPasswords:
- email: "admin@example.com"
# bcrypt hash of the string "password"
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
username: "admin"
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
`
func createDexYAML(
t *testing.T,
e e2e.Environment,
issuer string,
redirectURI string,
) {
yamlContent := []byte(fmt.Sprintf(
dexYAMLTpl,
issuer,
redirectURI,
))
err := ioutil.WriteFile(
filepath.Join(e.SharedDir(), configSharedDir, "dex.yaml"),
yamlContent,
os.FileMode(0755),
)
testutil.Ok(t, err)
}