Simplify SSO Integration Test (#1954)

2022-05-05 13:29:41 -04:00
parent 16474cbd81
commit 4c99b0d1d9
9 changed files with 102 additions and 2462 deletions
--- a/53
+++ b/53
@@ -131,29 +131,25 @@ test-replication:
 test-sso-integration:
 	@echo "create the network in bridge mode to communicate all containers"
 	@(docker network create my-net)
-	@echo "execute latest keycloak container"
+	@echo "run openldap container using MinIO Image: quay.io/minio/openldap:latest"
 	@(docker run \
-	--rm \
-	--name keycloak-container \
-	--network my-net \
-	-p 8080:8080 \
-	-e KEYCLOAK_USER=admin \
-	-e KEYCLOAK_PASSWORD=admin jboss/keycloak:latest -b 0.0.0.0 -bprivate 127.0.0.1 &)
-	@echo "wait 60 sec until keycloak is listenning on port, then go for minio server"
-	@(sleep 60)
-	@echo "execute keycloak-config-cli container to configure keycloak for Single Sign On with MinIO"
+		-e LDAP_ORGANIZATION="MinIO Inc" \
+		-e LDAP_DOMAIN="min.io" \
+		-e LDAP_ADMIN_PASSWORD="admin" \
+		--network my-net \
+		-p 389:389 \
+		-p 636:636 \
+		--name openldap \
+		--detach quay.io/minio/openldap:latest)
+	@echo "Run Dex container using MinIO Image: quay.io/minio/dex:latest"
 	@(docker run \
-	--rm \
-	--network my-net \
-	--name keycloak-config-cli \
-	-e KEYCLOAK_URL=http://keycloak-container:8080/auth \
-	-e KEYCLOAK_USER="admin" \
-	-e KEYCLOAK_PASSWORD="admin" \
-	-e KEYCLOAK_AVAILABILITYCHECK_ENABLED=true \
-	-e KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=120s \
-	-e IMPORT_FILES_LOCATIONS='/config/realm-export.json' \
-	-v /home/runner/work/console/console/sso-integration/config:/config \
-	adorsys/keycloak-config-cli:latest)
+		-e DEX_ISSUER=http://dex:5556/dex \
+		-e DEX_CLIENT_REDIRECT_URI=http://127.0.0.1:9001/oauth_callback \
+		-e DEX_LDAP_SERVER=openldap:389 \
+		--network my-net \
+		-p 5556:5556 \
+		--name dex \
+		--detach quay.io/minio/dex:latest)
 	@echo "running minio server"
 	@(docker run \
 	-v /data1 -v /data2 -v /data3 -v /data4 \
@@ -163,13 +159,22 @@ test-sso-integration:
 	--rm \
 	-p 9000:9000 \
 	-p 9001:9001 \
-	-e MINIO_IDENTITY_OPENID_CLIENT_SECRET=0nfJuqIt0iPnRIUJkvetve5l38C6gi9W \
-	-e MINIO_IDENTITY_OPENID_CONFIG_URL=http://keycloak-container:8080/auth/realms/myrealm/.well-known/openid-configuration \
-	-e MINIO_IDENTITY_OPENID_CLIENT_ID="account" \
+	-e MINIO_IDENTITY_OPENID_CLIENT_ID="minio-client-app" \
+	-e MINIO_IDENTITY_OPENID_CLIENT_SECRET="minio-client-app-secret" \
+	-e MINIO_IDENTITY_OPENID_CLAIM_NAME=name \
+	-e MINIO_IDENTITY_OPENID_CONFIG_URL=http://dex:5556/dex/.well-known/openid-configuration \
+	-e MINIO_IDENTITY_OPENID_REDIRECT_URI=http://127.0.0.1:9001/oauth_callback \
 	-e MINIO_ROOT_USER=minio \
 	-e MINIO_ROOT_PASSWORD=minio123 $(MINIO_VERSION) server /data{1...4} --address :9000 --console-address :9001)
+	@echo "run mc commands to set the policy"
+	@(docker run --name minio-client --network my-net -dit --entrypoint=/bin/sh minio/mc)
+	@(docker exec minio-client mc alias set myminio/ http://minio:9000 minio minio123)
+	@echo "adding policy to Dillon Harper to be able to login:"
+	@(cd sso-integration && docker cp allaccess.json minio-client:/ && docker exec minio-client mc admin policy add myminio "Dillon Harper" allaccess.json)
 	@echo "starting bash script"
 	@(env bash $(PWD)/sso-integration/set-sso.sh)
+	@echo "add python module"
+	@(pip3 install bs4)
 	@echo "Executing the test:"
 	@(cd sso-integration && go test -coverpkg=../restapi -c -tags testrunmain . && mkdir -p coverage && ./sso-integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/sso-system.out)

--- a/sso-integration/Dockerfile
+++ b/sso-integration/Dockerfile
@@ -0,0 +1,3 @@
+FROM ghcr.io/dexidp/dex:latest
+
+ADD config.docker.yaml /etc/dex/
--- a/sso-integration/allaccess.json
+++ b/sso-integration/allaccess.json
@@ -0,0 +1,14 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+}
--- a/sso-integration/config.docker.yaml
+++ b/sso-integration/config.docker.yaml
@@ -0,0 +1,23 @@
+issuer: http://dex:5556/dex
+storage:
+  type: sqlite3
+  config:
+    file: /var/dex/dex.db
+web:
+  http: 0.0.0.0:5556
+staticClients:
+- id: minio-client-app
+  secret: minio-client-app-secret
+  name: 'MinIO Example Client App'
+  redirectURIs:
+  - 'http://127.0.0.1:9001/oauth_callback'
+connectors:
+- type: mockCallback
+  id: mock
+  name: Example
+enablePasswordDB: true
+staticPasswords:
+- email: "admin@example.com"
+  hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
+  username: "admin"
+  userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
--- a/sso-integration/config/realm-export.json
+++ b/sso-integration/config/realm-export.json
--- a/sso-integration/dex-requests.py
+++ b/sso-integration/dex-requests.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+import pdb
+import requests
+from bs4 import BeautifulSoup
+
+result = requests.get('http://localhost:9001/api/v1/login')
+redirect = result.json()['redirect']
+result = requests.get(redirect)
+soup = BeautifulSoup(result.text, "html.parser")
+
+# Log in to Your Account via OpenLDAP Connector
+url = "http://dex:5556" + soup.findAll('a')[1].get('href')
+result = requests.get(url)
+soup = BeautifulSoup(result.text, "html.parser")
+url = "http://dex:5556" + soup.form.get('action')
+
+# Post the credentials in the form
+# From https://github.com/minio/minio-iam-testing/blob/main/ldap/bootstrap.ldif
+myobj = {
+    'login': 'dillon@example.io',
+    'password': 'dillon',
+}
+result2 = requests.post(url, data = myobj)
+code  = result2.url.split("?code=")[1].split("&state=")[0]
+state = result2.url.split("?code=")[1].split("&state=")[1]
+
+print(code)
+print(state)
--- a/sso-integration/logssorun2.sh
+++ b/sso-integration/logssorun2.sh
@@ -1,165 +0,0 @@
-#!/bin/bash
-
-result=`curl 'http://localhost:9001/api/v1/login' \
-  -H 'Connection: keep-alive' \
-  -H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99"' \
-  -H 'sec-ch-ua-mobile: ?0' \
-  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36' \
-  -H 'sec-ch-ua-platform: "macOS"' \
-  -H 'Accept: */*' \
-  -H 'Sec-Fetch-Site: same-origin' \
-  -H 'Sec-Fetch-Mode: cors' \
-  -H 'Sec-Fetch-Dest: empty' \
-  -H 'Referer: http://localhost:9001/login' \
-  -H 'Accept-Language: en-CA,en;q=0.9' \
-  --compressed`
-echo $result | jq '.redirect' > redirect.txt
-
-
-
-
-redirect=`cat redirect.txt | tr -d '"'` 
-
-
-
-
-curl -i "$redirect" \
-  -H 'Connection: keep-alive' \
-  -H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99"' \
-  -H 'sec-ch-ua-mobile: ?0' \
-  -H 'sec-ch-ua-platform: "macOS"' \
-  -H 'Upgrade-Insecure-Requests: 1' \
-  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36' \
-  -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
-  -H 'Sec-Fetch-Site: same-site' \
-  -H 'Sec-Fetch-Mode: navigate' \
-  -H 'Sec-Fetch-User: ?1' \
-  -H 'Sec-Fetch-Dest: document' \
-  -H 'Referer: http://localhost:9001/' \
-  -H 'Accept-Language: en-CA,en;q=0.9' \
-  --compressed > form-cookies.txt
-
-
-
-
-
-cat form-cookies.txt | grep Set-Cookie > first-cookies.txt
-cat first-cookies.txt | grep 'AUTH_SESSION_ID=' > AUTH_SESSION_ID.txt
-cat AUTH_SESSION_ID.txt | awk '{print $2}' > AUTH_SESSION_ID_2.txt
-sed 's/AUTH_SESSION_ID=//' AUTH_SESSION_ID_2.txt > AUTH_SESSION_ID_3.txt
-sed 's/;//' AUTH_SESSION_ID_3.txt > AUTH_SESSION_ID_4.txt
-AUTH_SESSION_ID=`cat AUTH_SESSION_ID_4.txt`
-AUTH_SESSION_ID_LEGACY=$AUTH_SESSION_ID
-
-
-
-
-
-
-cat first-cookies.txt | grep 'KC_RESTART=' > KC_RESTART.txt
-cat KC_RESTART.txt | awk '{print $2}' > KC_RESTART_2.txt
-sed 's/KC_RESTART=//' KC_RESTART_2.txt > KC_RESTART_3.txt
-sed 's/;//' KC_RESTART_3.txt > KC_RESTART_4.txt
-KC_RESTART=`cat KC_RESTART_4.txt`
-
-
-
-
-
-
-
-
-
-cat form-cookies.txt | grep form | grep "kc-form-login" > form-in-file-saved.txt
-cat form-in-file-saved.txt | awk '{print $8}' > form-action-only.txt
-sed 's/action="//' form-action-only.txt > form-action-only-2.txt
-sed 's/"//' form-action-only-2.txt > form-action-only-3.txt
-sed 's/amp;//' form-action-only-3.txt > form-action-only-4.txt
-sed 's/amp;//' form-action-only-4.txt > form-action-only-5.txt
-sed 's/amp;//' form-action-only-5.txt > form-action-only-6.txt
-action=`cat form-action-only-6.txt`
-
-
-
-
-
-
-cookies=`echo "Cookie: AUTH_SESSION_ID=${AUTH_SESSION_ID}; AUTH_SESSION_ID_LEGACY=${AUTH_SESSION_ID_LEGACY}; KC_RESTART=${KC_RESTART}" | tr -d '"'`
-curl -i "$action" \
-  -X POST \
-  -H 'Connection: keep-alive' \
-  -H 'Cache-Control: max-age=0' \
-  -H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99"' \
-  -H 'sec-ch-ua-mobile: ?0' \
-  -H 'sec-ch-ua-platform: "macOS"' \
-  -H 'Upgrade-Insecure-Requests: 1' \
-  -H 'Origin: null' \
-  -H 'Content-Type: application/x-www-form-urlencoded' \
-  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36' \
-  -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
-  -H 'Sec-Fetch-Site: same-origin' \
-  -H 'Sec-Fetch-Mode: navigate' \
-  -H 'Sec-Fetch-User: ?1' \
-  -H 'Sec-Fetch-Dest: document' \
-  -H 'Accept-Language: en-CA,en;q=0.9' \
-  -H "$cookies" \
-  --data-raw 'username=minio&password=minio123&credentialId=' \
-  --compressed > referer-code-state.txt
-
-
-
-
-
-
-
-
-
-
-cat referer-code-state.txt | grep Location > location.txt
-cat location.txt | awk '{print $2}' > location-2.txt
-location=`cat location-2.txt`
-
-
-
-
-
-
-
-
-IFS='&'
-read -ra ADDR <<< "$location"
-
-echo ${ADDR[0]} > state.txt
-echo ${ADDR[2]} > code.txt
-sed 's/code=//' code.txt > code-1.txt
-code=`cat code-1.txt`
-echo $code
-echo $code > /tmp/code
-
-
-
-
-
-IFS='?'
-state=`cat state.txt`
-read -ra ADDR22 <<< "$state"
-echo ${ADDR22[1]} > state-22.txt
-sed 's/%3D/=/' state-22.txt > state-22-1.txt
-sed 's/%3D/=/' state-22-1.txt > state-22-2.txt
-sed 's/state=//' state-22-2.txt > state-22-3.txt
-state=`cat state-22-3.txt`
-echo $state
-echo $state > /tmp/state
-
-
-
-
-
-
-
-
-
-
-
-
-
--- a/sso-integration/set-sso.sh
+++ b/sso-integration/set-sso.sh
@@ -1,6 +1,6 @@
 #!/bin/sh

-echo "127.0.0.1 keycloak-container" | sudo tee -a /etc/hosts
+echo "127.0.0.1 dex" | sudo tee -a /etc/hosts
 echo " "
 echo " "
 echo "/etc/hosts:"
--- a/sso-integration/sso_test.go
+++ b/sso-integration/sso_test.go
@@ -93,8 +93,8 @@ func TestMain(t *testing.T) {
 		Timeout: 2 * time.Second,
 	}

-	// execute bash script to get the code and state
-	cmd, err := exec.Command("./logssorun2.sh").Output()
+	// execute script to get the code and state
+	cmd, err := exec.Command("python3", "dex-requests.py").Output()
 	if err != nil {
 		fmt.Printf("error %s", err)
 	}