Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update kerberos sso test setup to use new user_saml config system #36314

Merged
merged 2 commits into from
Feb 7, 2023
Merged

Update kerberos sso test setup to use new user_saml config system #36314

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
54973c3
run kerberos sso test when the action is changed
icewind1991 Jan 23, 2023
3b577aa
Update kerberos sso test setup to use new user_saml config system
icewind1991 Jan 23, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 14 additions & 12 deletions .github/workflows/smb-kerberos.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,17 @@ on:
- stable*
paths:
- 'apps/files_external/**'
- '.github/workflows/smb-kerberos.yml'
pull_request:
paths:
- 'apps/files_external/**'
- '.github/workflows/smb-kerberos.yml'

jobs:
smb-kerberos-tests:
runs-on: ubuntu-latest

name: kerberos
name: smb-kerberos-sso

steps:
- name: Checkout server
Expand All @@ -28,9 +30,12 @@ jobs:
docker pull icewind1991/samba-krb-test-client
- name: Setup AD-DC
run: |
cp apps/files_external/tests/*.sh .
mkdir data
sudo chown -R 33 data apps config
apps/files_external/tests/setup-krb.sh
DC_IP=$(./start-dc.sh)
./start-apache.sh $DC_IP $PWD
echo "DC_IP=$DC_IP" >> $GITHUB_ENV
- name: Set up Nextcloud
run: |
docker exec --user 33 apache ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password
Expand All @@ -39,7 +44,8 @@ jobs:
# setup user_saml
docker exec --user 33 apache ./occ app:enable user_saml --force
docker exec --user 33 apache ./occ config:app:set user_saml type --value 'environment-variable'
docker exec --user 33 apache ./occ config:app:set user_saml general-uid_mapping --value REMOTE_USER
docker exec --user 33 apache ./occ saml:config:create
docker exec --user 33 apache ./occ saml:config:set 1 --general-uid_mapping=REMOTE_USER

# setup external storage
docker exec --user 33 apache ./occ app:enable files_external --force
Expand All @@ -49,16 +55,12 @@ jobs:
docker exec --user 33 apache ./occ files_external:list
- name: Test SSO
run: |
mkdir cookies
chmod 0777 cookies
mkdir /tmp/shared/cookies
chmod 0777 /tmp/shared/cookies

DC_IP=$(docker inspect dc --format '{{.NetworkSettings.IPAddress}}')
echo "SAML login"
docker run --rm --name client -v $PWD/cookies:/cookies -v /tmp/shared:/shared --dns $DC_IP --hostname client.domain.test icewind1991/samba-krb-test-client \
curl -c /cookies/jar --negotiate -u [email protected]: --delegation always http://httpd.domain.test/index.php/apps/user_saml/saml/login
./client-cmd.sh ${{ env.DC_IP }} curl -c /shared/cookies/jar -s --negotiate -u [email protected]: --delegation always http://httpd.domain.test/index.php/apps/user_saml/saml/login
echo "Check we are logged in"
CONTENT=$(docker run --rm --name client -v $PWD/cookies:/cookies -v /tmp/shared:/shared --dns $DC_IP --hostname client.domain.test icewind1991/samba-krb-test-client \
curl -b /cookies/jar -s --negotiate -u [email protected]: --delegation always http://httpd.domain.test/remote.php/webdav/smb/test.txt)
echo $CONTENT
CONTENT=$(echo $CONTENT | tr -d '[:space:]')
CONTENT=$(./client-cmd.sh ${{ env.DC_IP }} curl -b /shared/cookies/jar -s --negotiate -u [email protected]: --delegation always http://httpd.domain.test/remote.php/webdav/smb/test.txt)
CONTENT=$(echo $CONTENT | head -n 1 | tr -d '[:space:]')
[[ $CONTENT == "testfile" ]]
6 changes: 6 additions & 0 deletions apps/files_external/tests/client-cmd.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/usr/bin/env bash

DC_IP=$1
shift

docker run --rm --name client -v /tmp/shared:/shared --dns $DC_IP --hostname client.domain.test icewind1991/samba-krb-test-client $@
33 changes: 0 additions & 33 deletions apps/files_external/tests/setup-krb.sh
View file
Open in desktop

This file was deleted.

11 changes: 11 additions & 0 deletions apps/files_external/tests/start-apache.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
#!/usr/bin/env bash

docker rm -f apache 2>/dev/null > /dev/null

docker run -d --name apache -v $2:/var/www/html -v /tmp/shared:/shared --dns $1 --hostname httpd.domain.test icewind1991/samba-krb-test-apache 1>&2
APACHE_IP=$(docker inspect apache --format '{{.NetworkSettings.IPAddress}}')

# add the dns record for apache
docker exec dc samba-tool dns add krb.domain.test domain.test httpd A $APACHE_IP -U administrator --password=passwOrd1 1>&2

echo $APACHE_IP
29 changes: 29 additions & 0 deletions apps/files_external/tests/start-dc.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
#!/usr/bin/env bash

function getContainerHealth {
docker inspect --format "{{.State.Health.Status}}" $1
}

function waitContainer {
while STATUS=$(getContainerHealth $1); [ $STATUS != "healthy" ]; do
if [ $STATUS == "unhealthy" ]; then
echo "Failed!" 1>&2
exit -1
fi
printf . 1>&2
lf=$'\n'
sleep 1
done
printf "$lf" 1>&2
}

docker rm -f dc 2>/dev/null > /dev/null

mkdir -p /tmp/shared

# start the dc
docker run -dit --name dc -v /tmp/shared:/shared --hostname krb.domain.test --cap-add SYS_ADMIN icewind1991/samba-krb-test-dc 1>&2

waitContainer dc

docker inspect dc --format '{{.NetworkSettings.IPAddress}}'