ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-09-08 22:14:25 +08:00
Code Issues Projects Releases Packages Wiki Activity

chore: fix latest centos 8 release, add tests for last 3 minors

Browse source
This commit is contained in:
Stéphane Lesimple 2020-12-08 14:27:13 +00:00
parent b82f80defb
commit dca45a44c5
No known key found for this signature in database
GPG key ID: 4B4A3289E9D35658
5 changed files with 67 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/tests.yml vendored
View file

@ -20,7 +20,7 @@ jobs:
name: Full name: Full
strategy: strategy:
matrix: matrix:
platform: [centos7, centos8, debian10, debian8, debian9, opensuse150, opensuse151, opensuse152, ubuntu1404, ubuntu1604, ubuntu1804, ubuntu2004] platform: [centos7@centos:7.7.1908, centos7@centos:7.8.2003, centos7@centos:7.9.2009, centos8@centos:8.1.1911, centos8@centos:8.2.2004, centos8@centos:8.3.2011, debian10, debian8, debian9, opensuse150, opensuse151, opensuse152, ubuntu1404, ubuntu1604, ubuntu1804, ubuntu2004]
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'tests:full') if: contains(github.event.pull_request.labels.*.name, 'tests:full')
steps: steps:

2
bin/admin/packages-check.sh
View file

@ -74,7 +74,7 @@ elif echo "$DISTRO_LIKE" | grep -q -w rhel; then
perl-JSON-XS inotify-tools lsof curl perl-Term-ReadLine-Gnu \ perl-JSON-XS inotify-tools lsof curl perl-Term-ReadLine-Gnu \
perl-libwww-perl perl-Digest perl-Net-Server cryptsetup mosh \ perl-libwww-perl perl-Digest perl-Net-Server cryptsetup mosh \
expect openssh-server nc bash perl-CGI perl(Test::More) passwd \ expect openssh-server nc bash perl-CGI perl(Test::More) passwd \
cracklib-dicts perl-Time-Piece perl-Time-HiRes which \ cracklib-dicts perl-Time-Piece perl-Time-HiRes diffutils \
perl-Sys-Syslog pamtester google-authenticator qrencode-libs" perl-Sys-Syslog pamtester google-authenticator qrencode-libs"
if [ "$DISTRO_VERSION_MAJOR" = 7 ]; then if [ "$DISTRO_VERSION_MAJOR" = 7 ]; then
wanted_list="$wanted_list fortune-mod coreutils" wanted_list="$wanted_list fortune-mod coreutils"

1
docker/Dockerfile.centos7
View file

@ -24,3 +24,4 @@ RUN ["/opt/bastion/bin/admin/install","--new-install","--no-wait"]
ENTRYPOINT /opt/bastion/docker/entrypoint.sh ENTRYPOINT /opt/bastion/docker/entrypoint.sh
# TESTENV HAS_ED25519=1 HAS_BLACKLIST=0 HAS_MFA=1 HAS_PAMTESTER=1 # TESTENV HAS_ED25519=1 HAS_BLACKLIST=0 HAS_MFA=1 HAS_PAMTESTER=1
# TESTFROM centos:7.9.2009 centos:7.8.2003 centos:7.7.1908

1
docker/Dockerfile.centos8
View file

@ -24,3 +24,4 @@ RUN ["/opt/bastion/bin/admin/install","--new-install","--no-wait"]
ENTRYPOINT /opt/bastion/docker/entrypoint.sh ENTRYPOINT /opt/bastion/docker/entrypoint.sh
# TESTENV HAS_ED25519=1 HAS_BLACKLIST=0 HAS_MFA=1 HAS_PAMTESTER=1 # TESTENV HAS_ED25519=1 HAS_BLACKLIST=0 HAS_MFA=1 HAS_PAMTESTER=1
# TESTFROM centos:8.3.2011 centos:8.2.2004 centos:8.1.1911

77
tests/functional/docker/docker_build_and_run_tests.sh
View file

@ -11,22 +11,54 @@ namespace=the-bastion-test
target="$1" target="$1"
test_script="$2" test_script="$2"
get_supported_targets() {
local target targets subtarget
for dockerfile in "$(dirname "$0")"/../../../docker/Dockerfile.*; do
if grep -q '^# TESTENV ' "$dockerfile"; then
target=$(basename $dockerfile)
target=${target/Dockerfile./}
# if the file has a TESTFROM entry, then it's actually multiple similar targets
if grep -q '^# TESTFROM ' "$dockerfile"; then
for testfrom in $(grep '^# TESTFROM ' "$dockerfile" | cut -d' ' -f3-); do
subtarget="$target@$testfrom"
targets="$targets $subtarget"
done
fi
targets="$targets $target"
fi
done
echo $targets
}
print_supported_targets() {
local target
for target in $(get_supported_targets | tr " " "\n" | sort); do
echo "- $target"
done
echo
}
if [ -z "$target" ] || [ "$target" = "--list-targets" ]; then if [ -z "$target" ] || [ "$target" = "--list-targets" ]; then
targets=$(grep -l '^# TESTENV' "$(dirname "$0")"/../../../docker/Dockerfile.* | sed -re 's=^.+/Dockerfile\.==')
if [ -z "$target" ]; then if [ -z "$target" ]; then
echo "Usage: $0 <TARGET>" >&2 echo "Usage: $0 <TARGET>" >&2
echo -n "Supported targets are: " >&2 echo "Supported targets are: " >&2
grep -l '^# TESTENV' "$(dirname "$0")"/../../../docker/Dockerfile.* | sed -re 's=^.+/Dockerfile\.==' | tr '\n' " " >&2 print_supported_targets >&2
echo >&2
exit 1 exit 1
else else
# shellcheck disable=SC2086 # shellcheck disable=SC2086
echo $targets print_supported_targets
exit 0 exit 0
fi fi
fi fi
target_dockerfile="$(dirname "$0")"/../../../docker/Dockerfile."$target" if echo "$target" | grep -q '@'; then
subtarget=$(echo "$target" | cut -d@ -f2)
target_dockerfile=$(echo "$target" | cut -d@ -f1)
else
subtarget=''
target_dockerfile="$target"
fi
target_dockerfile="$(dirname "$0")"/../../../docker/Dockerfile."$target_dockerfile"
if [ ! -f "$target_dockerfile" ] ; then if [ ! -f "$target_dockerfile" ] ; then
echo "Couldn't find a Dockerfile for $target ($target_dockerfile)" >&2 echo "Couldn't find a Dockerfile for $target ($target_dockerfile)" >&2
exit 1 exit 1
@ -37,10 +69,35 @@ echo "Building test environment"
testenv_dockerfile="$(dirname "$0")/../../../docker/Dockerfile.tester" testenv_dockerfile="$(dirname "$0")/../../../docker/Dockerfile.tester"
docker build -f "$testenv_dockerfile" -t "$namespace:tester" "$(dirname "$0")"/../../.. docker build -f "$testenv_dockerfile" -t "$namespace:tester" "$(dirname "$0")"/../../..
# if we have a subtarget, we need to override the FROM of the target_dockerfile
# don't do this in place however, create a tempfile for this
if [ -n "$subtarget" ]; then
dockerfiletmp=$(mktemp)
trap 'rm -f $dockerfiletmp' EXIT
sed -re "s/^FROM .+/FROM $subtarget/" "$target_dockerfile" > "$dockerfiletmp"
target_dockerfile="$dockerfiletmp"
fi
# build target # build target
echo "Building target environment" echo "Building target environment"
target=$(echo "$target" | sed -re 's/[^a-zA-Z0-9_-]/_/g')
docker build -f "$target_dockerfile" -t "$namespace:$target" --build-arg "TEST_QUICK=$TEST_QUICK" "$(dirname "$0")"/../../.. docker build -f "$target_dockerfile" -t "$namespace:$target" --build-arg "TEST_QUICK=$TEST_QUICK" "$(dirname "$0")"/../../..
# get the target environment we want from the dockerfile
varstoadd=''
privileged=''
for var in $(grep '^# TESTENV' "$target_dockerfile" | tail -n1 | sed -re 's/^# TESTENV//')
do
echo "$var" | grep -Eq '^[A-Z0-9_]+=[01]$' && varstoadd="$varstoadd -e $var "
[ "$var" = "PRIVILEGED=1" ] && privileged='--privileged'
done
# cleanup the dockerfile temp if applicable
if [ -n "$subtarget" ]; then
rm -f "$dockerfiletmp"
trap - EXIT
fi
# create temp key # create temp key
echo "Create user and root SSH keys" echo "Create user and root SSH keys"
privdir=$(mktemp -d) privdir=$(mktemp -d)
@ -54,14 +111,6 @@ ROOT_PUBKEY_B64=$(base64 -w0 < "$privdir"/rootkey.pub)
rm -rf "$privdir" rm -rf "$privdir"
trap - EXIT trap - EXIT
varstoadd=''
privileged=''
for var in $(grep '^# TESTENV' "$target_dockerfile" | tail -n1 | sed -re 's/^# TESTENV//')
do
echo "$var" | grep -Eq '^[A-Z0-9_]+=[01]$' && varstoadd="$varstoadd -e $var "
[ "$var" = "PRIVILEGED=1" ] && privileged='--privileged'
done
echo "Configuring network" echo "Configuring network"
docker rm -f "bastion_${target}_target" 2>/dev/null || true docker rm -f "bastion_${target}_target" 2>/dev/null || true
docker rm -f "bastion_${target}_tester" 2>/dev/null || true docker rm -f "bastion_${target}_tester" 2>/dev/null || true