From 5dee2dbec8bc007f76b878f2daddf6fee147e8d2 Mon Sep 17 00:00:00 2001 From: Artem Goncharov Date: Mon, 13 Oct 2025 16:50:22 +0000 Subject: [PATCH] chore: Switch tests to use py-keystone container --- .github/actions/deploy_keystone/action.yml | 113 +++++++++ .github/workflows/functional.yml | 270 +++------------------ tools/Dockerfile.py-keystone | 2 + tools/start_keystone.sh | 5 +- typos.toml | 1 + 5 files changed, 150 insertions(+), 241 deletions(-) create mode 100644 .github/actions/deploy_keystone/action.yml diff --git a/.github/actions/deploy_keystone/action.yml b/.github/actions/deploy_keystone/action.yml new file mode 100644 index 00000000..46e4918c --- /dev/null +++ b/.github/actions/deploy_keystone/action.yml @@ -0,0 +1,113 @@ +name: 'Prepare functional environment for Keystone' +description: 'Deploy' +inputs: {} +outputs: {} +runs: + using: "composite" + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + + - name: Enable cache + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + with: + path: | + ~/.cache/pip + ~/.cargo + key: ${{ runner.os }}-integration + + - name: Install Rust + uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 # stable + with: + toolchain: stable + + - name: Fetch pre-built artifacts + uses: actions/download-artifact@abefc31eafcfbdf6c5336127c1346fdae79ff41c # v5.0.0 + with: + name: keystone + + - name: Install osc + shell: bash + run: curl --proto '=https' --tlsv1.2 -LsSf https://github.com/gtema/openstack/releases/latest/download/openstack_cli-installer.sh | sh + + - name: Fix keystone permissions + shell: bash + run: chmod u+x keystone keystone-db + + - name: Prepare keystone config file + shell: bash + run: | + mkdir -p etc + mkdir -p etc/fernet-keys + cat < etc/keystone.conf + [auth] + methods = password,token,openid,application_credential + [database] + connection = postgresql://keystone:1234@postgres:5432/keystone + [fernet_receipts] + key_repository = $(pwd)/etc/fernet-keys + [fernet_tokens] + key_repository = $(pwd)/etc/fernet-keys + EOF + cat etc/keystone.conf + echo "2Rlc-npWYOGqqG1zM-bmfBj2apLacLXhIbBsdyqQ0zg=" > etc/fernet-keys/0 + echo "sQyQVikArus5DRomTHCLPEIJO2yYkeB5nDdaasIKHVQ=" > etc/fernet-keys/1 + + - name: Start keystone + shell: bash + run: | + network=$(docker network ls --filter name=github_network_ -q | head -n 1) + docker run -d \ + --network "$network" \ + -p 5001:5001 \ + -e OS_KEYSTONE_CONFIG_DIR="${{ github.workspace }}/etc" \ + -v $PWD/etc:/etc/keystone:rw -v $PWD/etc:$PWD/etc \ + --name keystone \ + ghcr.io/gtema/keystone/py-keystone:main + + - name: Add postgres container address to /etc/hosts + shell: bash + run: | + sudo echo "127.0.0.1 postgres localhost" | sudo tee -a /etc/hosts + + - name: Prepare clouds.yaml + shell: bash + run: | + mkdir -p ~/.config/openstack + cat < ~/.config/openstack/clouds.yaml + clouds: + admin: + auth: + auth_url: http://localhost:5001 + username: admin + password: password + project_name: admin + user_domain_id: default + project_domain_id: default + interface: public + + admin-rust: + auth: + auth_url: http://localhost:8080 + username: admin + password: password + project_name: admin + user_domain_id: default + project_domain_id: default + interface: internal + EOF + + - name: Start open-policy-agent + shell: bash + run: docker run -p 8181:8181 -d -v $PWD/policy:/policy --name opa openpolicyagent/opa:1.9.0 run -s /policy --log-level debug --addr :8181 + + - name: Wait for py-keystone to bootstrap + shell: bash + run: sleep 5 + + - name: Apply Rust keystone DB changes + shell: bash + run: ./keystone-db -c ${{ github.workspace }}/etc/keystone.conf up + + - name: Start rust keystone + shell: bash + run: ./keystone -c ${{ github.workspace }}/etc/keystone.conf -vv > rust.log 2>&1 & diff --git a/.github/workflows/functional.yml b/.github/workflows/functional.yml index d4126093..48c2a91d 100644 --- a/.github/workflows/functional.yml +++ b/.github/workflows/functional.yml @@ -46,10 +46,10 @@ jobs: toolchain: stable - name: Build Keystone - run: cargo build + run: cargo build --release - name: Move artifacts to the root - run: mv target/debug/keystone* ./ + run: mv target/release/keystone* ./ - uses: taiki-e/install-action@v2 with: @@ -88,98 +88,10 @@ jobs: steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Enable cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 - with: - path: | - ~/.cache/pip - ~/.cargo - key: ${{ runner.os }}-integration - - - name: Rust Cache - uses: swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 - - - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 - with: - python-version: '3.12' - - - name: Install Rust - uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 # stable - with: - toolchain: stable + - uses: ./.github/actions/deploy_keystone - - name: Fetch pre-built artifacts - uses: actions/download-artifact@abefc31eafcfbdf6c5336127c1346fdae79ff41c # v5.0.0 - with: - name: keystone - - - name: Fix keystone permissions - run: chmod u+x keystone keystone-db - - - name: Install necessary python packages - run: pip install keystone uwsgi psycopg2 - - - name: Install osc - run: curl --proto '=https' --tlsv1.2 -LsSf https://github.com/gtema/openstack/releases/latest/download/openstack_cli-installer.sh | sh - - - name: Prepare keystone config file - run: | - mkdir -p etc - cat < etc/keystone.conf - [auth] - methods = password,token,openid,application_credential - [database] - connection = postgresql://keystone:1234@127.0.0.1:5432/keystone - [fernet_receipts] - key_repository = $(pwd)/etc/fernet - [fernet_tokens] - key_repository = $(pwd)/etc/fernet - EOF - cat etc/keystone.conf - - - name: Init keystone - run: | - mkdir -p etc/fernet - keystone-manage --config-file etc/keystone.conf db_sync - keystone-manage --config-file etc/keystone.conf fernet_setup - keystone-manage --config-file etc/keystone.conf bootstrap --bootstrap-password password --bootstrap-public-url http://localhost:5001 --bootstrap-internal-url http://localhost:8080 --bootstrap-region-id dev - - - name: Prepare clouds.yaml - run: | - mkdir -p ~/.config/openstack - cat < ~/.config/openstack/clouds.yaml - clouds: - admin: - auth: - auth_url: http://localhost:5001 - username: admin - password: password - project_name: admin - user_domain_id: default - project_domain_id: default - interface: public - - admin-rust: - auth: - auth_url: http://localhost:8080 - username: admin - password: password - project_name: admin - user_domain_id: default - project_domain_id: default - interface: internal - EOF - - - name: Start open-policy-agent - run: docker run -p 8181:8181 -d -v $PWD/policy:/policy --name opa openpolicyagent/opa:1.6.0 run -s /policy --log-level debug - - - name: Start python keystone - run: uwsgi --module "keystone.server.wsgi:initialize_public_application()" --http-socket :5001 -b 65535 --http-keepalive --so-keepalive --logformat "Request %(uri):%(method) returned %(status) in %(msecs)ms" > python.log 2>&1 & - - - name: Start rust keystone - run: ./keystone -c ${{ github.workspace }}/etc/keystone.conf -vv > rust.log 2>&1 & - - - run: sleep 1 + - name: Wait for py-keystone to bootstrap + run: sleep 5 - name: Test python keystone availability run: curl http://localhost:5001/v3 @@ -203,14 +115,18 @@ jobs: - name: Run interop tests run: cargo test --test interop - - name: Dump python keystone log + - name: Dump py-keystone logs if: failure() - run: cat python.log + run: docker logs keystone - name: Dump rust keystone log if: failure() run: cat rust.log + - name: Dump OPA log + if: failure() + run: docker logs opa + federation: runs-on: ubuntu-latest needs: @@ -240,76 +156,13 @@ jobs: steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Enable cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 - with: - path: | - ~/.cache/pip - ~/.cargo - key: ${{ runner.os }}-integration - - - name: Rust Cache - uses: swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 - - - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 - with: - python-version: '3.12' - - - name: Fetch pre-built artifacts - uses: actions/download-artifact@abefc31eafcfbdf6c5336127c1346fdae79ff41c # v5.0.0 - with: - name: keystone - - - name: Fix keystone permissions - run: chmod u+x keystone keystone-db - - - name: Install Rust - uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 # stable - with: - toolchain: stable - - name: Install browser # This is crucial for Selenium to interact with a browser run: | sudo apt-get update sudo apt-get install -y firefox - - name: Install necessary python packages - run: pip install keystone uwsgi psycopg2 - - - name: Prepare keystone config file - run: | - mkdir -p etc - cat < etc/keystone.conf - [auth] - methods = password,token,openid,application_credential - [database] - connection = postgresql://keystone:1234@127.0.0.1:5432/keystone - [fernet_receipts] - key_repository = $(pwd)/etc/fernet - [fernet_tokens] - key_repository = $(pwd)/etc/fernet - EOF - cat etc/keystone.conf - - - name: Init keystone - run: | - mkdir -p etc/fernet - keystone-manage --config-file etc/keystone.conf db_sync - keystone-manage --config-file etc/keystone.conf fernet_setup - keystone-manage --config-file etc/keystone.conf bootstrap --bootstrap-password password --bootstrap-public-url http://localhost:8080 - - - name: Apply Rust keystone DB changes - run: ./keystone-db -c ${{ github.workspace }}/etc/keystone.conf up - - - name: Start python keystone - run: uwsgi --module "keystone.server.wsgi:initialize_public_application()" --http-socket :5001 -b 65535 --http-keepalive --so-keepalive --logformat "Request %(uri):%(method) returned %(status) in %(msecs)ms" > python.log 2>&1 & - - - name: Start open-policy-agent - run: docker run -p 8181:8181 -d -v $PWD/policy:/policy --name opa openpolicyagent/opa:1.6.0 run -s /policy --log-level debug --addr :8181 - - - name: Start rust keystone - run: ./keystone -c ${{ github.workspace }}/etc/keystone.conf -vv > rust.log 2>&1 & + - uses: ./.github/actions/deploy_keystone - name: Start geckodriver for selenium run: /snap/bin/geckodriver --port=4444 > seleniumdriver.log 2>&1 & @@ -336,17 +189,21 @@ jobs: GITHUB_SUB: "repo:gtema/keystone:pull_request" run: cargo test --test github -- --nocapture - - name: Dump OPA log + - name: Dump seleniumdriver log if: failure() - run: docker logs opa + run: cat seleniumdriver.log + + - name: Dump py-keystone logs + if: failure() + run: docker logs keystone - name: Dump rust keystone log if: failure() run: cat rust.log - - name: Dump seleniumdriver log + - name: Dump OPA log if: failure() - run: cat seleniumdriver.log + run: docker logs opa loadtest: runs-on: ubuntu-latest @@ -367,80 +224,7 @@ jobs: steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Install Rust - uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 # stable - with: - toolchain: stable - - - name: Fetch pre-built artifacts - uses: actions/download-artifact@abefc31eafcfbdf6c5336127c1346fdae79ff41c # v5.0.0 - with: - name: keystone - - - name: Fix keystone permissions - run: chmod u+x keystone keystone-db - - - name: Install necessary python packages - run: pip install keystone uwsgi psycopg2 - - - name: Prepare keystone config file - run: | - mkdir -p etc - cat < etc/keystone.conf - [auth] - methods = password,token,openid,application_credential - [database] - connection = postgresql://keystone:1234@127.0.0.1:5432/keystone - [fernet_receipts] - key_repository = $(pwd)/etc/fernet - [fernet_tokens] - key_repository = $(pwd)/etc/fernet - EOF - cat etc/keystone.conf - - - name: Init keystone - run: | - mkdir -p etc/fernet - keystone-manage --config-file etc/keystone.conf db_sync - keystone-manage --config-file etc/keystone.conf fernet_setup - keystone-manage --config-file etc/keystone.conf bootstrap --bootstrap-password password --bootstrap-public-url http://localhost:5001 --bootstrap-internal-url http://localhost:8080 --bootstrap-region-id dev - - - name: Prepare clouds.yaml - run: | - mkdir -p ~/.config/openstack - cat < ~/.config/openstack/clouds.yaml - clouds: - admin: - auth: - auth_url: http://localhost:5001 - username: admin - password: password - project_name: admin - user_domain_id: default - project_domain_id: default - interface: public - - admin-rust: - auth: - auth_url: http://localhost:8080 - username: admin - password: password - project_name: admin - user_domain_id: default - project_domain_id: default - interface: internal - EOF - - - name: Start open-policy-agent - run: docker run -p 8181:8181 -d -v $PWD/policy:/policy --name opa openpolicyagent/opa:1.6.0 run -s /policy --log-level debug - - - name: Start python keystone - run: uwsgi --module "keystone.server.wsgi:initialize_public_application()" --http-socket :5001 -b 65535 --http-keepalive --so-keepalive --logformat "Request %(uri):%(method) returned %(status) in %(msecs)ms" > python.log 2>&1 & - - - name: Start rust keystone - run: ./keystone -c ${{ github.workspace }}/etc/keystone.conf -vv > rust.log 2>&1 & - - - run: sleep 1 + - uses: ./.github/actions/deploy_keystone - name: Build Load test binary working-directory: loadtest @@ -487,11 +271,19 @@ jobs: header: loadtest message: | 🦢 **Load Test Results** - ``` + ${{ steps.metrics.outputs.summary }} - ``` + [View full report](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) + - name: Dump py-keystone logs + if: failure() + run: docker logs keystone + - name: Dump rust keystone log if: failure() run: cat rust.log + + - name: Dump OPA log + if: failure() + run: docker logs opa diff --git a/tools/Dockerfile.py-keystone b/tools/Dockerfile.py-keystone index 39fab043..9d4832bd 100644 --- a/tools/Dockerfile.py-keystone +++ b/tools/Dockerfile.py-keystone @@ -1,5 +1,7 @@ FROM python:3.12-bookworm +LABEL org.opencontainers.image.description "Python Keystone container for tests of Rust Keystone compatibility" + RUN pip3 install keystone==27.0 uwsgi psycopg2-binary WORKDIR /app diff --git a/tools/start_keystone.sh b/tools/start_keystone.sh index b2add97b..6f95fbcb 100755 --- a/tools/start_keystone.sh +++ b/tools/start_keystone.sh @@ -1,4 +1,5 @@ -#!/usr/bin/bash -e +#!/usr/bin/env bash +set -e keystone-manage db_sync @@ -6,4 +7,4 @@ keystone-manage fernet_setup --keystone-user root --keystone-group root keystone-manage bootstrap --bootstrap-user admin --bootstrap-password password --bootstrap-public-url http://localhost:5001 --bootstrap-internal-url http://localhost:8080 --bootstrap-region-id dev -uwsgi --module "keystone.server.wsgi:initialize_public_application()" --http-socket :5001 -b 65535 --http-keepalive --so-keepalive --logformat "Request %(uri):%(method) returned %(status) in %(msecs)ms" +exec uwsgi --module "keystone.server.wsgi:initialize_public_application()" --http-socket :5001 -b 65535 --http-keepalive --so-keepalive --logformat "Request %(uri):%(method) returned %(status) in %(msecs)ms" diff --git a/typos.toml b/typos.toml index a98bbb6b..4ba00b4e 100644 --- a/typos.toml +++ b/typos.toml @@ -24,6 +24,7 @@ extend-ignore-re = [] [default.extend-words] ro = "ro" ratatui = "ratatui" +wrk = "wrk" [type.rust] extend-glob = []