Improve SecurityLinux smoke test
* Creates UAA details per run Signed-off-by: Keaty Gross <kgross@pivotal.io>
This commit is contained in:
Dave Goddard
Keaty Gross
Родитель
0ea427cbe6
Коммит
ae1fd1f1ea
|
|
@ -13,10 +13,7 @@ ORGANIZATION=`jq -r '.source.organization' < $payload`
|
|||
|
||||
cf login -a $TARGET -u $USERNAME -p $PASSWORD --skip-ssl-validation -o dev -s dev
|
||||
|
||||
SPACE=$(pwgen -1)
|
||||
SPACE=$(pwgen -1 | awk '{print tolower($0)}')
|
||||
cf create-space ${SPACE} -o $ORGANIZATION
|
||||
|
||||
DOMAIN=$(cf domains | grep shared | cut -d ' ' -f 1)
|
||||
cf create-domain $ORGANIZATION ${SPACE}.$DOMAIN
|
||||
|
||||
echo "{\"version\": {\"ref\":\"$SPACE\"},\"metadata\":[]}" >&3
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ resources:
|
|||
type: git
|
||||
source:
|
||||
uri: https://github.com/SteelToeOSS/steeltoe-ci.git
|
||||
branch: master
|
||||
branch: dgodd
|
||||
- name: samples-rabbit
|
||||
type: git
|
||||
source:
|
||||
|
|
@ -825,10 +825,38 @@ jobs:
|
|||
- put: cf-space
|
||||
resource: pcfdev-space
|
||||
- do:
|
||||
- task: setup-uaa
|
||||
config:
|
||||
platform: linux
|
||||
image_resource:
|
||||
type: docker-image
|
||||
source:
|
||||
repository: ruby
|
||||
inputs:
|
||||
- name: cf-space
|
||||
outputs:
|
||||
- name: cf-app-login
|
||||
run:
|
||||
path: sh
|
||||
args:
|
||||
- -euxc
|
||||
- |
|
||||
curl -L 'https://cli.run.pivotal.io/stable?release=linux64-binary&source=github' | tar -zx -C /usr/local/bin/
|
||||
gem install cf-uaac
|
||||
./cf-space/login
|
||||
export SPACE=`cat cf-space/name`
|
||||
uaac target uaa.pcfdev.shoetree.io --skip-ssl-validation
|
||||
uaac token client get admin -s admin-client-secret
|
||||
uaac contexts
|
||||
uaac group add testgroup || true
|
||||
uaac user add user${SPACE} --given_name Integration --family_name Test --emails test@testcloud.com --password Password1!
|
||||
uaac member add testgroup user${SPACE}
|
||||
uaac client add ${SPACE}TestApp --name ${SPACE}TestApp --scope cloud_controller.read,cloud_controller_service_permissions.read,openid,testgroup --authorized_grant_types authorization_code,refresh_token --authorities uaa.resource --redirect_uri http://single-signon-${SPACE}.pcfdev.shoetree.io/signin-cloudfoundry --autoapprove cloud_controller.read,cloud_controller_service_permissions.read,openid,testgroup --secret ${SPACE}TestApp
|
||||
echo "{\"username\":\"user${SPACE}\",\"password\":\"Password1!\"}" > cf-app-login/login.json
|
||||
- task: create-service
|
||||
file: steeltoe-ci/tasks/create-service.yml
|
||||
params:
|
||||
CREATE_CUPS: 'myOAuthService -p {"client_id":"${SPACE}TestApp","client_secret":"myTestApp","uri":"uaa://login.pcfdev.shoetree.io"}'
|
||||
CREATE_CUPS: 'myOAuthService -p {"client_id":"${SPACE}TestApp","client_secret":"${SPACE}TestApp","uri":"uaa://login.pcfdev.shoetree.io"}'
|
||||
- aggregate:
|
||||
- do:
|
||||
- task: publish-signon
|
||||
|
|
@ -845,7 +873,7 @@ jobs:
|
|||
input_mapping: {publish: publish_signon}
|
||||
params:
|
||||
STACK: cflinuxfs2
|
||||
APPNAME: singlesignon
|
||||
APPNAME: single-signon
|
||||
- do:
|
||||
- task: publish-jwtauth
|
||||
file: steeltoe-ci/tasks/publish.yml
|
||||
|
|
@ -862,7 +890,8 @@ jobs:
|
|||
params:
|
||||
STACK: cflinuxfs2
|
||||
APPNAME: jwtauth
|
||||
- task: setup-uaa
|
||||
- task: test-app
|
||||
attempts: 5
|
||||
config:
|
||||
platform: linux
|
||||
image_resource:
|
||||
|
|
@ -870,35 +899,17 @@ jobs:
|
|||
source:
|
||||
repository: ruby
|
||||
inputs:
|
||||
- name: steeltoe-ci
|
||||
- name: cf-space
|
||||
- name: cf-push
|
||||
outputs:
|
||||
- name: cf-app-login
|
||||
run:
|
||||
path: sh
|
||||
args:
|
||||
- -euxc
|
||||
- |
|
||||
curl -L 'https://cli.run.pivotal.io/stable?release=linux64-binary&source=github' | tar -zx -C /usr/local/bin/
|
||||
gem install cf-uaac
|
||||
./cf-space/login
|
||||
export APP_URL=`cat cf-push/url`
|
||||
export SPACE=`cat cf-space/name`
|
||||
uaac target uaa.pcfdev.shoetree.io --skip-ssl-validation
|
||||
uaac token client get admin -s admin-client-secret
|
||||
uaac contexts
|
||||
uaac group add testgroup || true
|
||||
uaac user add user_${SPACE} --given_name Integration --family_name Test --emails test@testcloud.com --password Password1!
|
||||
uaac member add testgroup user_${SPACE}
|
||||
uaac client add ${SPACE}TestApp --name ${SPACE}TestApp --scope cloud_controller.read,cloud_controller_service_permissions.read,openid,testgroup --authorized_grant_types authorization_code,refresh_token --authorities uaa.resource --redirect_uri http://${APP_URL}/signin-cloudfoundry --autoapprove cloud_controller.read,cloud_controller_service_permissions.read,openid,testgroup --secret ${SPACE}TestApp
|
||||
echo "{\"username\":\"user_${SPACE}\",\"password\":\"Password1!\"}" > cf-app-login/login.json
|
||||
- task: test-app
|
||||
attempts: 5
|
||||
file: steeltoe-ci/tasks/test-app.yml
|
||||
params:
|
||||
PRECOND: ""
|
||||
URL_PATH: /Home/ConfigServer
|
||||
TEXT: <h4>Property bar=spam
|
||||
# ensure:
|
||||
# task: delete-space
|
||||
# file: steeltoe-ci/tasks/delete-space.yml
|
||||
gem install mechanize
|
||||
./steeltoe-ci/scripts/test-security.rb
|
||||
ensure:
|
||||
task: delete-space
|
||||
file: steeltoe-ci/tasks/delete-space.yml
|
||||
### FIXME Also remove uaac client etc.... (from above)
|
||||
|
|
|
|||
|
|
@ -9,9 +9,3 @@ cf services | sed '1,4d' | cut -d ' ' -f 1 | xargs -n1 cf purge-service-instance
|
|||
# Delete space
|
||||
export SPACE=`cat cf-space/name`
|
||||
cf delete-space -f $SPACE
|
||||
|
||||
# Delete domain
|
||||
export DOMAIN=`cf domains | grep $SPACE | cut -d ' ' -f 1`
|
||||
if [-n $DOMAIN]; then
|
||||
cf delete-domain $DOMAIN -f
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -0,0 +1,22 @@
|
|||
#!/usr/bin/env ruby
|
||||
require 'rubygems'
|
||||
require 'mechanize'
|
||||
|
||||
space = ENV['SPACE'] or raise 'Please specify space'
|
||||
agent = Mechanize.new
|
||||
agent.verify_mode = 0
|
||||
|
||||
page = agent.get("http://single-signon-#{space}.pcfdev.shoetree.io/Home/InvokeJwtSample")
|
||||
page.body.match('401 (Not Authenticated)') or raise 'Should force Auth'
|
||||
page.click('Login In')
|
||||
page.form_with(action: '/login.do') do |f|
|
||||
f.username = "user#{space}"
|
||||
f.password = 'Password1!'
|
||||
end.submit
|
||||
page.body.match('Your About page') or raise 'Should now allow testgroup access'
|
||||
|
||||
page.click('Contact')
|
||||
page.body.match('401 (Not Authenticated)') or raise 'Should not allow testgroup1 access'
|
||||
|
||||
page.click('InvokeJwtSample')
|
||||
page.body.match('Some missing text - should fail') or raise 'Should allow jwt access'
|
||||
|
|
@ -18,6 +18,5 @@ run:
|
|||
cf create-service $CREATE_SERVICE
|
||||
fi
|
||||
if [ ! -z "$CREATE_CUPS" ]; then
|
||||
export CREATE_CUPS=`echo $CREATE_CUPS | sed "s/\${SPACE}/$SPACE/"`
|
||||
cf cups $CREATE_CUPS
|
||||
cf cups $(echo $CREATE_CUPS | sed "s/\${SPACE}/$SPACE/")
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -17,6 +17,5 @@ run:
|
|||
./cf-space/login
|
||||
export APPNAME=${APPNAME:-testapp}
|
||||
export SPACE=`cat cf-space/name`
|
||||
export DOMAIN=`cf domains | grep $SPACE | cut -d ' ' -f 1`
|
||||
cf push $APPNAME -s $STACK -f publish/manifest.yml -p publish -d $DOMAIN
|
||||
cf push $APPNAME -s $STACK -f publish/manifest.yml -p publish --hostname $APPNAME-$SPACE
|
||||
cf app $APPNAME | grep '^urls: ' | cut -d ' ' -f 2 > cf-push/url
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче