From 1384e2cd577b6a17691932c35d60b6fe25c7e70a Mon Sep 17 00:00:00 2001 From: Wangchong Zhou Date: Sat, 3 Aug 2024 15:52:26 +0800 Subject: [PATCH] chore(tests) move to docker compose --- t/fixtures/docker-compose.yml | 69 +++++++++++++++++++++++++++++++++++ t/fixtures/prepare_env.sh | 25 +++++++------ 2 files changed, 83 insertions(+), 11 deletions(-) diff --git a/t/fixtures/docker-compose.yml b/t/fixtures/docker-compose.yml index e212ef6..1d8fec7 100644 --- a/t/fixtures/docker-compose.yml +++ b/t/fixtures/docker-compose.yml @@ -20,6 +20,75 @@ services: acmenet: ipv4_address: 10.30.50.3 + consul: + image: hashicorp/consul + ports: + - "127.0.0.1:8500:8500" + command: agent -server -bootstrap-expect=1 + healthcheck: + test: ["CMD", "consul", "members"] + interval: 10s + timeout: 5s + retries: 3 + + vault: + image: hashicorp/vault + user: root + cap_add: + - IPC_LOCK + environment: + - VAULT_DEV_ROOT_TOKEN_ID=root + - VAULT_LOCAL_CONFIG={"listener":{"tcp":{"tls_key_file":"/tmp/key.pem","tls_cert_file":"/tmp/cert.pem","address":"0.0.0.0:8210"}}} + volumes: + - /tmp/key.pem:/tmp/key.pem + - /tmp/cert.pem:/tmp/cert.pem + ports: + - "127.0.0.1:8200:8200" + - "127.0.0.1:8210:8210" + command: server -dev + healthcheck: + test: ["CMD", "vault", "status", "-address", "http://127.0.0.1:8200"] + interval: 10s + timeout: 5s + retries: 3 + + etcd: + image: quay.io/coreos/etcd:v3.4.33 + volumes: + - /usr/share/ca-certificates/:/etc/ssl/certs + ports: + - "4001:4001" + - "2380:2380" + - "2379:2379" + environment: + - HOST_IP=${HOST_IP} + command: > + etcd + -name etcd0 + -advertise-client-urls http://${HOST_IP}:2379,http://${HOST_IP}:4001 + -listen-client-urls http://0.0.0.0:2379,http://0.0.0.0:4001 + -initial-advertise-peer-urls http://${HOST_IP}:2380 + -listen-peer-urls http://0.0.0.0:2380 + -initial-cluster-token etcd-cluster-1 + -initial-cluster etcd0=http://${HOST_IP}:2380 + -initial-cluster-state new + healthcheck: + test: ["CMD", "etcdctl", "endpoint", "health"] + interval: 10s + timeout: 5s + retries: 3 + + dummy: + image: ubuntu + command: tail -f /dev/null + depends_on: + consul: + condition: service_healthy + vault: + condition: service_healthy + etcd: + condition: service_healthy + networks: acmenet: driver: bridge diff --git a/t/fixtures/prepare_env.sh b/t/fixtures/prepare_env.sh index 752ecc6..40085ed 100644 --- a/t/fixtures/prepare_env.sh +++ b/t/fixtures/prepare_env.sh @@ -1,13 +1,21 @@ #!/bin/bash -echo "Prepare containers" -docker run -d -e CONSUL_CLIENT_INTERFACE='eth0' -e CONSUL_BIND_INTERFACE='eth0' -p 127.0.0.1:8500:8500 hashicorp/consul agent -server -bootstrap-expect=1 +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +export HOST_IP="$(hostname -I | awk '{print $1}')" + openssl req -x509 -newkey rsa:4096 -keyout /tmp/key.pem -out /tmp/cert.pem -days 1 -nodes -subj '/CN=some.vault' chmod 777 /tmp/key.pem /tmp/cert.pem -docker run -d --user root --cap-add=IPC_LOCK -e VAULT_DEV_ROOT_TOKEN_ID=root --name=vault -e 'VAULT_LOCAL_CONFIG={"listener":{"tcp":{"tls_key_file":"/tmp/key.pem","tls_cert_file":"/tmp/cert.pem","address":"0.0.0.0:8210"}}}' -v /tmp/key.pem:/tmp/key.pem -v /tmp/cert.pem:/tmp/cert.pem -p 127.0.0.1:8200:8200 -p 127.0.0.1:8210:8210 hashicorp/vault server -dev -docker logs vault -docker run -d -v /usr/share/ca-certificates/:/etc/ssl/certs -p 4001:4001 -p 2380:2380 -p 2379:2379 --name etcd quay.io/coreos/etcd:v2.3.8 -name etcd0 -advertise-client-urls http://${HostIP}:2379,http://${HostIP}:4001 -listen-client-urls http://0.0.0.0:2379,http://0.0.0.0:4001 -initial-advertise-peer-urls http://${HostIP}:2380 -listen-peer-urls http://0.0.0.0:2380 -initial-cluster-token etcd-cluster-1 -initial-cluster etcd0=http://${HostIP}:2380 -initial-cluster-state new -docker logs etcd + +echo "Prepare containers" +pushd "$SCRIPT_DIR" +docker compose up -d || ( + docker compose logs vault; + docker compose logs etcd; + docker compose logs consul; + exit 1 +) +popd + echo "Prepare vault for JWT auth" curl 'https://localhost:8210/v1/sys/auth/kubernetes.test' -k -X POST -H 'X-Vault-Token: root' -H 'Content-Type: application/json; charset=utf-8' --data-raw '{"path":"kubernetes.test","type":"jwt","config":{}}' @@ -15,17 +23,12 @@ curl 'https://localhost:8210/v1/auth/kubernetes.test/config' -k -X PUT -H 'X-Vau curl 'https://localhost:8210/v1/auth/kubernetes.test/role/root' -k -X POST -H 'X-Vault-Token: root' -H 'content-type: application/json; charset=utf-8' --data-raw '{"token_policies":["acme"],"role_type":"jwt","user_claim":"kubernetes.io/serviceaccount/service-account.uid","bound_subject":"system:serviceaccount:kong:gateway-kong"}' curl 'https://localhost:8210/v1/sys/policies/acl/acme' -k -X PUT -H 'X-Vault-Token: root' -H 'Content-Type: application/json; charset=utf-8' --data-raw '{"name":"acme","policy":"path \"secret/*\" {\n capabilities = [\"create\", \"read\", \"update\", \"delete\"]\n}"}' -echo "Prepare Pebble" -pushd t/fixtures -docker-compose up -d - # on macOS use host.docker.internal if [[ "$OSTYPE" == 'darwin'* ]]; then host_ip=$(docker run -it --rm alpine ping host.docker.internal -c1|grep -oE "\d+\.\d+\.\d+\.\d+"|head -n1) # update the default ip in resolver curl --request POST --data '{"ip":"'$host_ip'"}' http://localhost:8055/set-default-ipv4 fi -popd echo "Generate certs" openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out /tmp/account.key