Support for complex cross-realm scenarios #272
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Name of the workflow needs to match the name of the major version directory | ||
| name: v8 | ||
| on: | ||
| push: | ||
| paths: | ||
| - 'v8/**' | ||
| pull_request: | ||
| paths: | ||
| - 'v8/**' | ||
| jobs: | ||
| build: | ||
| name: Tests | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| go: [ '1.18.x', '1.19.x', '1.20.x' ] | ||
| env: | ||
| TEST_KDC_ADDR: 127.0.0.1 | ||
| TEST_HTTP_URL: http://cname.test.gokrb5 | ||
| TEST_HTTP_ADDR: 127.0.0.1 | ||
| DNS_IP: 127.0.88.53 | ||
| DNSUTILS_OVERRIDE_NS: 127.0.88.53:53 | ||
| steps: | ||
| - name: Set up Go ${{ matrix.go }} | ||
| uses: actions/setup-go@v1 | ||
| with: | ||
| go-version: ${{ matrix.go }} | ||
| - name: Checkout | ||
| uses: actions/checkout@v2 | ||
| with: | ||
| ref: ${{ github.ref }} | ||
| - name: Test well formatted with gofmt | ||
| run: | | ||
| GO_FILES=$(find ${GITHUB_WORKFLOW} -iname '*.go' -type f | grep -v /vendor/) | ||
| test -z $(gofmt -s -l -e $GO_FILES | tee /dev/fd/2 | xargs | sed 's/\s//g') | ||
| id: gofmt | ||
| - name: Unit tests | ||
| run: | | ||
| cd ${GITHUB_WORKFLOW} | ||
| go test -race ./... | ||
| id: unitTests | ||
| - name: Start integration test dependencies | ||
| run: | | ||
| sudo DEBIAN_FRONTEND=noninteractive apt-get install -yq krb5-user | ||
| sudo chmod 666 /etc/krb5.conf | ||
| sudo docker run -d -h ns.test.gokrb5 -v /etc/localtime:/etc/localtime:ro -e "TEST_KDC_ADDR=${TEST_KDC_ADDR}" -e "TEST_HTTP_ADDR=${TEST_HTTP_ADDR}" -p ${DNSUTILS_OVERRIDE_NS}:53 -p ${DNSUTILS_OVERRIDE_NS}:53/udp --name dns ghcr.io/grafana/gokrb5-test:dns | ||
| sudo docker run -d -h kdc.test.gokrb5 -v /etc/localtime:/etc/localtime:ro -p 88:88 -p 88:88/udp -p 464:464 -p 464:464/udp --name krb5kdc ghcr.io/grafana/gokrb5-test:kdc-centos-default | ||
| sudo docker run -d -h kdc.test.gokrb5 -v /etc/localtime:/etc/localtime:ro -p 78:88 -p 78:88/udp --name krb5kdc-old ghcr.io/grafana/gokrb5-test:kdc-older | ||
| sudo docker run -d -h kdc.test.gokrb5 -v /etc/localtime:/etc/localtime:ro -p 98:88 -p 98:88/udp --name krb5kdc-latest ghcr.io/grafana/gokrb5-test:kdc-latest | ||
| sudo docker run -d -h kdc.resdom.gokrb5 -v /etc/localtime:/etc/localtime:ro -p 188:88 -p 188:88/udp --name krb5kdc-resdom ghcr.io/grafana/gokrb5-test:kdc-resdom | ||
| sudo docker run -d -h kdc.test.gokrb5 -v /etc/localtime:/etc/localtime:ro -p 58:88 -p 58:88/udp --name krb5kdc-shorttickets ghcr.io/grafana/gokrb5-test:kdc-shorttickets | ||
| sudo docker run -d -h kdc.sub.test.gokrb5 -v /etc/localtime:/etc/localtime:ro -p 288:88 -p 288:88/udp --name krb5kdc-sub ghcr.io/grafana/gokrb5-test:kdc-sub | ||
| sudo docker run -d --add-host host.test.gokrb5:127.0.0.88 -v /etc/localtime:/etc/localtime:ro -p 80:80 -p 443:443 --name gokrb5-http ghcr.io/grafana/gokrb5-test:http | ||
| sleep 10 # Wait for the containers to be ready | ||
| sudo sed -i 's/nameserver .*/nameserver '${DNS_IP}'/g' /etc/resolv.conf | ||
| dig _kerberos._udp.TEST.GOKRB5 | ||
| id: intgTestDeps | ||
| - name: Run Examples | ||
| run: | | ||
| cd ${GITHUB_WORKFLOW} | ||
| go run -tags="examples" examples/example.go | ||
| id: examples | ||
| - name: Configure krb5.conf | ||
| run: | | ||
| echo "[libdefaults] | ||
| default_realm = TEST.GOKRB5 | ||
| dns_lookup_realm = false | ||
| dns_lookup_kdc = false | ||
| ticket_lifetime = 24h | ||
| forwardable = yes | ||
| default_tkt_enctypes = aes256-cts-hmac-sha1-96 | ||
| default_tgs_enctypes = aes256-cts-hmac-sha1-96 | ||
| [realms] | ||
| TEST.GOKRB5 = { | ||
| kdc = 127.0.0.1:88 | ||
| admin_server = 127.0.0.1:749 | ||
| default_domain = test.gokrb5 | ||
| } | ||
| SUB.TEST.GOKRB5 = { | ||
| kdc = 127.0.0.1:288 | ||
| admin_server = 127.0.0.1:749 | ||
| default_domain = sub.test.gokrb5 | ||
| } | ||
| RESDOM.GOKRB5 = { | ||
| kdc = 127.0.0.1:188 | ||
| admin_server = 127.0.0.1:749 | ||
| default_domain = resdom.gokrb5 | ||
| } | ||
| [domain_realm] | ||
| .test.gokrb5 = TEST.GOKRB5 | ||
| test.gokrb5 = TEST.GOKRB5 | ||
| .sub.test.gokrb5 = SUB.TEST.GOKRB5 | ||
| sub.test.gokrb5 = SUB.TEST.GOKRB5 | ||
| .resdom.gokrb5 = RESDOM.GOKRB5 | ||
| resdom.gokrb5 = RESDOM.GOKRB5 | ||
| [logging] | ||
| default = FILE:/var/log/krb5libs.log | ||
| kdc = FILE:/var/log/krb5kdc.log | ||
| admin_server = FILE:/var/log/kadmind.log | ||
| [appdefaults] | ||
| pam = { | ||
| debug = false | ||
| ticket_lifetime = 36000 | ||
| renew_lifetime = 36000 | ||
| forwardable = true | ||
| krb4_convert = false | ||
| }" | sudo tee /etc/krb5.conf | ||
| - name: Display krb5.conf | ||
| run: cat /etc/krb5.conf | ||
| - name: Run | ||
| run: | | ||
| echo "passwordvalue" | kinit [email protected] | ||
| kvno HTTP/[email protected] | ||
| klist | ||
| - name: Tests including integration tests | ||
| run: | | ||
| cd ${GITHUB_WORKFLOW} | ||
| go test -race ./... | ||
| env: | ||
| INTEGRATION: 1 | ||
| TESTPRIVILEGED: 1 | ||
| id: intgTests | ||
| - name: Tests (32bit) | ||
| run: | | ||
| cd ${GITHUB_WORKFLOW} | ||
| go test ./... | ||
| env: | ||
| GOARCH: 386 | ||
| INTEGRATION: 1 | ||
| TESTPRIVILEGED: 1 | ||
| id: test32 | ||
