Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

separate tests for keycloak

pull/7160/head
chrislu 1 month ago
parent
639fa96d41
commit
b3dd6b74be
2 changed files with 165 additions and 55 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 59
      .github/workflows/s3-iam-tests.yml
  2. 161
      .github/workflows/s3-keycloak-tests.yml

59
.github/workflows/s3-iam-tests.yml
View File

@ -80,7 +80,7 @@ jobs:
timeout-minutes: 25
strategy:
matrix:
test-type: ["basic", "advanced", "policy-enforcement", "keycloak-integration"]
test-type: ["basic", "advanced", "policy-enforcement"]
steps:
- name: Check out code
@ -129,60 +129,9 @@ jobs:
make clean setup start-services wait-for-services
go test -v -timeout 15m -run "TestS3IAMPolicyEnforcement|TestS3IAMBucketPolicy|TestS3IAMContextual" ./...
;;
"keycloak-integration")
echo "Running Keycloak integration tests..."
# Start Keycloak container
docker run -d \
--name keycloak \
-p 8080:8080 \
-e KC_BOOTSTRAP_ADMIN_USERNAME=admin \
-e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \
-e KC_HTTP_ENABLED=true \
-e KC_HOSTNAME_STRICT=false \
-e KC_HOSTNAME_STRICT_HTTPS=false \
quay.io/keycloak/keycloak:26.0 \
start-dev
# Wait for Keycloak with better health checking
timeout 300 bash -c '
while true; do
if curl -s http://localhost:8080/health/ready > /dev/null 2>&1; then
echo "✅ Keycloak health check passed"
break
fi
if curl -s http://localhost:8080/realms/master > /dev/null 2>&1; then
echo "✅ Keycloak master realm accessible"
break
fi
echo "Waiting for Keycloak..."
sleep 5
done
'
# Setup Keycloak realm and users
sudo apt-get update -y
sudo apt-get install -y jq
chmod +x setup_keycloak.sh
./setup_keycloak.sh
# Wait for the test realm to be fully available
echo "Waiting for seaweedfs-test realm to be available..."
timeout 120 bash -c 'until curl -fs http://localhost:8080/realms/seaweedfs-test/.well-known/openid-configuration > /dev/null; do echo "... waiting for realm"; sleep 3; done' || {
echo "❌ seaweedfs-test realm not available"
docker logs keycloak --tail=200 || true
exit 1
}
# Start SeaweedFS services
make clean setup start-services wait-for-services
# Run Keycloak tests
export KEYCLOAK_URL="http://localhost:8080"
go test -v -timeout 15m -run "TestKeycloak" ./...
# Cleanup Keycloak
docker stop keycloak || true
docker rm keycloak || true
*)
echo "Unknown test type: ${{ matrix.test-type }}"
exit 1
;;
esac

161
.github/workflows/s3-keycloak-tests.yml
View File

@ -0,0 +1,161 @@
name: "S3 Keycloak Integration Tests"
on:
pull_request:
paths:
- 'weed/iam/**'
- 'weed/s3api/**'
- 'test/s3/iam/**'
- '.github/workflows/s3-keycloak-tests.yml'
push:
branches: [ master ]
paths:
- 'weed/iam/**'
- 'weed/s3api/**'
- 'test/s3/iam/**'
- '.github/workflows/s3-keycloak-tests.yml'
concurrency:
group: ${{ github.head_ref }}/s3-keycloak-tests
cancel-in-progress: true
permissions:
contents: read
defaults:
run:
working-directory: weed
jobs:
# Dedicated job for Keycloak integration tests
s3-keycloak-integration-tests:
name: S3 Keycloak Integration Tests
runs-on: ubuntu-22.04
timeout-minutes: 30
steps:
- name: Check out code
uses: actions/checkout@v5
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
id: go
- name: Install SeaweedFS
working-directory: weed
run: |
go install -buildvcs=false
- name: Run Keycloak Integration Tests
timeout-minutes: 25
working-directory: test/s3/iam
run: |
set -x
echo "=== System Information ==="
uname -a
free -h
df -h
echo "=== Starting S3 Keycloak Integration Tests ==="
# Set WEED_BINARY to use the installed version
export WEED_BINARY=$(which weed)
export TEST_TIMEOUT=20m
echo "Running Keycloak integration tests..."
# Start Keycloak container first
docker run -d \
--name keycloak \
-p 8080:8080 \
-e KC_BOOTSTRAP_ADMIN_USERNAME=admin \
-e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \
-e KC_HTTP_ENABLED=true \
-e KC_HOSTNAME_STRICT=false \
-e KC_HOSTNAME_STRICT_HTTPS=false \
quay.io/keycloak/keycloak:26.0 \
start-dev
# Wait for Keycloak with better health checking
timeout 300 bash -c '
while true; do
if curl -s http://localhost:8080/health/ready > /dev/null 2>&1; then
echo "✅ Keycloak health check passed"
break
fi
echo "... waiting for Keycloak to be ready"
sleep 5
done
'
# Setup Keycloak configuration
./setup_keycloak.sh
# Start SeaweedFS services
make clean setup start-services wait-for-services
# Verify service accessibility
echo "=== Verifying Service Accessibility ==="
curl -f http://localhost:8080/realms/master
curl -s http://localhost:8333
echo "✅ SeaweedFS S3 API is responding (IAM-protected endpoint)"
# Run Keycloak-specific tests
echo "=== Running Keycloak Tests ==="
export KEYCLOAK_URL=http://localhost:8080
export S3_ENDPOINT=http://localhost:8333
# Wait for realm to be properly configured
timeout 120 bash -c 'until curl -fs http://localhost:8080/realms/seaweedfs-test/.well-known/openid-configuration > /dev/null; do echo "... waiting for realm"; sleep 3; done'
# Run the Keycloak integration tests
go test -v -timeout 20m -run "TestKeycloak" ./...
- name: Show server logs on failure
if: failure()
working-directory: test/s3/iam
run: |
echo "=== Service Logs ==="
echo "--- Keycloak logs ---"
docker logs keycloak --tail=100 || echo "No Keycloak container logs"
echo "--- SeaweedFS Master logs ---"
if [ -f weed-master.log ]; then
tail -100 weed-master.log
fi
echo "--- SeaweedFS S3 logs ---"
if [ -f weed-s3.log ]; then
tail -100 weed-s3.log
fi
echo "--- SeaweedFS Filer logs ---"
if [ -f weed-filer.log ]; then
tail -100 weed-filer.log
fi
echo "=== System Status ==="
ps aux | grep -E "(weed|keycloak)" || true
netstat -tlnp | grep -E "(8333|9333|8080|8888)" || true
docker ps -a || true
- name: Cleanup
if: always()
working-directory: test/s3/iam
run: |
# Stop Keycloak container
docker stop keycloak || true
docker rm keycloak || true
# Stop SeaweedFS services
make clean || true
- name: Upload test logs on failure
if: failure()
uses: actions/upload-artifact@v4
with:
name: s3-keycloak-test-logs
path: |
test/s3/iam/*.log
test/s3/iam/test-volume-data/
retention-days: 3
Write Preview
Loading…
Cancel
Save