diff --git a/build-backend.sh b/build-backend.sh index 922e374ad10..d80d24f5d1d 100755 --- a/build-backend.sh +++ b/build-backend.sh @@ -5,8 +5,6 @@ set -e # Builds the server-side golang resources for tectonic-console. For a # complete build, you must also run build-frontend -PROJECT_DIR=$(basename ${PWD}) - # Use deps from vendor dir. export GOFLAGS="-mod=vendor" diff --git a/builder-run.sh b/builder-run.sh index b68ac9ee73f..fd6df2282a2 100755 --- a/builder-run.sh +++ b/builder-run.sh @@ -14,22 +14,22 @@ set -e BUILDER_IMAGE="quay.io/coreos/tectonic-console-builder:v19" # forward whitelisted env variables to docker -ENV_STR="" -VOLUME_MOUNT="" +ENV_STR=() +VOLUME_MOUNT=() for VAR in ${DOCKER_ENV//,/ }; do if [ "$VAR" = 'KUBECONFIG' ] then - VOLUME_MOUNT="-v $KUBECONFIG:/kube/config" - ENV_STR="$ENV_STR -e KUBECONFIG=/kube/config" + VOLUME_MOUNT=("-v" "$KUBECONFIG:/kube/config") + ENV_STR+=("-e" "KUBECONFIG=/kube/config") else - ENV_STR="$ENV_STR -e $VAR=${!VAR}" + ENV_STR+=("-e" "$VAR=${!VAR}") fi done -docker run $ENV_STR --rm --net=host \ +docker run "${ENV_STR[@]}" --rm --net=host \ --user="${BUILDER_RUN_USER}" \ - $VOLUME_MOUNT \ + "${VOLUME_MOUNT[@]}" \ -v "$(pwd)":/go/src/github.com/openshift/console \ --shm-size=512m \ -w /go/src/github.com/openshift/console \ - $BUILDER_IMAGE "$@" + "$BUILDER_IMAGE" "$@" diff --git a/chromium-version.sh b/chromium-version.sh index b43a07cd398..9d80e7f693f 100644 --- a/chromium-version.sh +++ b/chromium-version.sh @@ -1,3 +1,6 @@ +# shellcheck shell=bash +# Source this script: "source ./chromium-version.sh" + # Chrome Version 76.0.3809.0 (Developer Build) (64-bit) export FORCE_CHROME_BRANCH_BASE="665006" export FORCE_CHROME_BRANCH_SHA256SUM="a1ae2e0950828f991119825f62c24464ab3765aa219d150a94fb782a4c66a744" diff --git a/contrib/environment.sh b/contrib/environment.sh index c0cd041a1fc..c59308479f8 100644 --- a/contrib/environment.sh +++ b/contrib/environment.sh @@ -1,27 +1,39 @@ -# This file is an example of how you might set up your environment to -# run the tectonic console during development. To use it for running -# bridge, do +# shellcheck shell=bash +# +# NOTE: This script is for native Kubernetes. If connecting to an OpenShift +# cluster instead, use contrib/oc-environment.sh. +# +# This file is an example of how you might set up your environment to run the +# OpenShift console during development when connecting to a native Kubernetes +# cluster. To use it for running bridge, do # # . contrib/environment.sh # ./bin/bridge # +# You'll need a working kubectl, and you'll need jq installed and in your path +# for this script to work correctly. +# +# This will use the first secret it finds in the default namespace. All secrets +# must be valid or removed from the namespace. +# +# The environment variables beginning with "BRIDGE_" act just like bridge +# command line arguments - in fact. to get more information about any of them, +# you can run ./bin/bridge --help -# You'll need a working kubectl, and you'll need jq installed and in -# your path for this script to work correctly. - -# This will use the first secret it finds in the default namespace. -# All secrets must be valid or removed from the namespace. +BRIDGE_USER_AUTH="disabled" +export BRIDGE_USER_AUTH -# The environment variables beginning with "BRIDGE_" act just like -# bridge command line arguments - in fact. to get more information -# about any of them, you can run ./bin/bridge --help +BRIDGE_K8S_MODE="off-cluster" +export BRIDGE_K8S_MODE -export BRIDGE_USER_AUTH="disabled" -export BRIDGE_K8S_MODE="off-cluster" BRIDGE_K8S_MODE_OFF_CLUSTER_ENDPOINT=$(kubectl config view -o json | jq '{myctx: .["current-context"], ctxs: .contexts[], clusters: .clusters[]}' | jq 'select(.myctx == .ctxs.name)' | jq 'select(.ctxs.context.cluster == .clusters.name)' | jq '.clusters.cluster.server' -r) export BRIDGE_K8S_MODE_OFF_CLUSTER_ENDPOINT -export BRIDGE_K8S_MODE_OFF_CLUSTER_SKIP_VERIFY_TLS=true -export BRIDGE_K8S_AUTH="bearer-token" + +BRIDGE_K8S_MODE_OFF_CLUSTER_SKIP_VERIFY_TLS=true +export BRIDGE_K8S_MODE_OFF_CLUSTER_SKIP_VERIFY_TLS + +BRIDGE_K8S_AUTH="bearer-token" +export BRIDGE_K8S_AUTH secretname=$(kubectl get serviceaccount default --namespace=kube-system -o jsonpath='{.secrets[0].name}') BRIDGE_K8S_AUTH_BEARER_TOKEN=$(kubectl get secret "$secretname" --namespace=kube-system -o template --template='{{.data.token}}' | base64 --decode) diff --git a/contrib/oc-environment.sh b/contrib/oc-environment.sh index 6212e2bc84e..c8d42de0809 100644 --- a/contrib/oc-environment.sh +++ b/contrib/oc-environment.sh @@ -1,26 +1,43 @@ -# This file is an example of how you might set up your environment to -# run the tectonic console against OpenShift during development. To use it for running -# bridge, do +# shellcheck shell=bash +# +# This file is an example of how you might set up your environment to run the +# console against an OpenShift cluster during development. To use it for +# running bridge, do # # . contrib/oc-environment.sh # ./bin/bridge # +# You'll need oc, and you'll need to be logged into a cluster. +# +# The environment variables beginning with "BRIDGE_" act just like bridge +# command line arguments - in fact. to get more information about any of them, +# you can run ./bin/bridge --help + +BRIDGE_USER_AUTH="disabled" +export BRIDGE_USER_AUTH + +BRIDGE_K8S_MODE="off-cluster" +export BRIDGE_K8S_MODE + +BRIDGE_K8S_MODE_OFF_CLUSTER_ENDPOINT=$(oc whoami --show-server) +export BRIDGE_K8S_MODE_OFF_CLUSTER_ENDPOINT + +BRIDGE_K8S_MODE_OFF_CLUSTER_SKIP_VERIFY_TLS=true +export BRIDGE_K8S_MODE_OFF_CLUSTER_SKIP_VERIFY_TLS + +BRIDGE_K8S_MODE_OFF_CLUSTER_THANOS=$(oc -n openshift-monitoring get configmap sharing-config -o jsonpath='{.data.thanosURL}') +export BRIDGE_K8S_MODE_OFF_CLUSTER_THANOS + +BRIDGE_K8S_MODE_OFF_CLUSTER_PROMETHEUS=$(oc -n openshift-monitoring get configmap sharing-config -o jsonpath='{.data.prometheusURL}') +export BRIDGE_K8S_MODE_OFF_CLUSTER_PROMETHEUS + +BRIDGE_K8S_MODE_OFF_CLUSTER_ALERTMANAGER=$(oc -n openshift-monitoring get configmap sharing-config -o jsonpath='{.data.alertmanagerURL}') +export BRIDGE_K8S_MODE_OFF_CLUSTER_ALERTMANAGER + +BRIDGE_K8S_AUTH="bearer-token" +export BRIDGE_K8S_AUTH -# You'll need a working oc logged in, and you'll need jq installed and in your -# path for this script to work correctly. - -# The environment variables beginning with "BRIDGE_" act just like -# bridge command line arguments - in fact. to get more information -# about any of them, you can run ./bin/bridge --help - -export BRIDGE_USER_AUTH="disabled" -export BRIDGE_K8S_MODE="off-cluster" -export BRIDGE_K8S_MODE_OFF_CLUSTER_ENDPOINT=$(oc whoami --show-server) -export BRIDGE_K8S_MODE_OFF_CLUSTER_SKIP_VERIFY_TLS=true -export BRIDGE_K8S_MODE_OFF_CLUSTER_THANOS=$(oc -n openshift-monitoring get configmap sharing-config -o jsonpath='{.data.thanosURL}') -export BRIDGE_K8S_MODE_OFF_CLUSTER_PROMETHEUS=$(oc -n openshift-monitoring get configmap sharing-config -o jsonpath='{.data.prometheusURL}') -export BRIDGE_K8S_MODE_OFF_CLUSTER_ALERTMANAGER=$(oc -n openshift-monitoring get configmap sharing-config -o jsonpath='{.data.alertmanagerURL}') -export BRIDGE_K8S_AUTH="bearer-token" -export BRIDGE_K8S_AUTH_BEARER_TOKEN=$(oc whoami --show-token) +BRIDGE_K8S_AUTH_BEARER_TOKEN=$(oc whoami --show-token) +export BRIDGE_K8S_AUTH_BEARER_TOKEN echo "Using $BRIDGE_K8S_MODE_OFF_CLUSTER_ENDPOINT" diff --git a/e2e.Dockerfile b/e2e.Dockerfile deleted file mode 100644 index 7eb08dc5d24..00000000000 --- a/e2e.Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM node:8 - -# Install Chrome for installer gui tests -# Use Chrome beta because v60 or higher is needed for headless mode -RUN wget --quiet -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - && \ - sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list' - -RUN apt-get update \ - && apt-get install --no-install-recommends -y -q \ - curl ca-certificates google-chrome-beta libnss3-tools - -RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.8.2/bin/linux/amd64/kubectl && \ - chmod +x ./kubectl && \ - mv ./kubectl /usr/local/bin/kubectl - -COPY . /opt/bridge/ -WORKDIR /opt/bridge/frontend -RUN ./node_modules/.bin/webdriver-manager update -CMD ./test-e2e.sh diff --git a/examples/run-bridge.sh b/examples/run-bridge.sh index 1e6fd154795..bc9b5f0b68d 100755 --- a/examples/run-bridge.sh +++ b/examples/run-bridge.sh @@ -7,7 +7,7 @@ set -exuo pipefail --ca-file=examples/ca.crt \ --k8s-auth=openshift \ --k8s-mode=off-cluster \ - --k8s-mode-off-cluster-endpoint=$(oc whoami --show-server) \ + --k8s-mode-off-cluster-endpoint="$(oc whoami --show-server)" \ --k8s-mode-off-cluster-skip-verify-tls=true \ --listen=http://127.0.0.1:9000 \ --public-dir=./frontend/public/dist \ @@ -15,6 +15,6 @@ set -exuo pipefail --user-auth-oidc-client-id=console-oauth-client \ --user-auth-oidc-client-secret-file=examples/console-client-secret \ --user-auth-oidc-ca-file=examples/ca.crt \ - --k8s-mode-off-cluster-prometheus=$(oc -n openshift-monitoring get configmap sharing-config -o jsonpath='{.data.prometheusURL}') \ - --k8s-mode-off-cluster-alertmanager=$(oc -n openshift-monitoring get configmap sharing-config -o jsonpath='{.data.alertmanagerURL}') \ - --k8s-mode-off-cluster-thanos=$(oc -n openshift-monitoring get configmap sharing-config -o jsonpath='{.data.prometheusURL}') + --k8s-mode-off-cluster-prometheus="$(oc -n openshift-monitoring get configmap sharing-config -o jsonpath='{.data.prometheusURL}')" \ + --k8s-mode-off-cluster-alertmanager="$(oc -n openshift-monitoring get configmap sharing-config -o jsonpath='{.data.alertmanagerURL}')" \ + --k8s-mode-off-cluster-thanos="$(oc -n openshift-monitoring get configmap sharing-config -o jsonpath='{.data.prometheusURL}')" diff --git a/frontend/test-e2e.sh b/frontend/test-e2e.sh deleted file mode 100755 index 23b6701f6b3..00000000000 --- a/frontend/test-e2e.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/env bash - -set -e - -if [ -z "$CONSOLE_URL" ] && [ -z "$BRIDGE_BASE_ADDRESS" ] -then - echo 'No CONSOLE_URL or BRIDGE_BASE_ADDRESS. Defaulting to http://localhost:9000/' - CONSOLE_URL='http://localhost:9000/' -fi - -if [ -z "$CONSOLE_URL" ] -then - if [ -z "$BRIDGE_BASE_PATH" ] - then - echo 'No BRIDGE_BASE_PATH. Defaulting to /' - BRIDGE_BASE_PATH=/ - fi - CONSOLE_URL="${BRIDGE_BASE_ADDRESS}${BRIDGE_BASE_PATH}" -fi - -proto=$(echo "$CONSOLE_URL" | grep :// | sed -e 's,^\(.*://\).*,\1,g') -url="${CONSOLE_URL/$proto/}" # url without protocol -host_with_port=$(echo "$url" | sed 's/\/.*$//') -# shellcheck disable=SC2001 -host=$(echo "$host_with_port" | sed 's/:.*$//') -port=$(echo "$host_with_port" | grep : | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g') - -BRIDGE_BASE_ADDRESS="${proto}${host_with_port}" -BRIDGE_BASE_PATH="/$(echo "$url" | grep / | cut -d/ -f2-)" - -# Run chrome to create cert db -timeout 30 google-chrome --no-sandbox --headless --disable-gpu --dump-dom "$CONSOLE_URL" - -if [ "$proto" == 'https://' ] -then - if [ -z "$port" ]; then - port=443 - fi - echo 'GET /' | timeout 30 openssl s_client -showcerts -connect "$host:$port" | openssl x509 -outform PEM > bridge-e2e.pem - certutil -d "sql:$HOME/.pki/nssdb" -A -n bridge -t Pu,, -i bridge-e2e.pem -fi - -export BRIDGE_BASE_ADDRESS -export BRIDGE_BASE_PATH - -# get the branch base position for a specific chromium version using https://omahaproxy.appspot.com/ -source ../chromium-version.sh - -out=/out -set +e -mkdir -p $out -failed=1 -if TAP_LOG="$out/tap.log" yarn run test-gui --output $out; then - failed=0 -fi -cp -a ./gui_test_screenshots $out/ - -exit $failed diff --git a/push.sh b/push.sh deleted file mode 100755 index d2128fcdd9c..00000000000 --- a/push.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/env bash - -set -e - -# Build, tag, and push container image to quay.io/coreos/tectonic-console -# Will push a sha-named image at every run. -# If it appears to be the tip of master, will tag that image with a -# git tag if one is present. -# If IMAGE_TAG is set, will use IMAGE_TAG as the tag instead. - -# This script relies on .dockercfg or other external configuration to -# grant the appropriate permissions and identity for pushing images quay.io - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -pushd $SCRIPT_DIR - -set -x -: ${REPO:=quay.io/coreos/tectonic-console} -: ${TESTER_REPO:=quay.io/coreos/tectonic-console-tester} - -GIT_VERSION=$(./git-version.sh) - -if [[ "$GIT_VERSION" == *dirty ]]; then - echo "Won't push from a dirty git repo. Commit your changes before you push." - echo "Changes:" - git diff - exit 1 -fi - -if [ -n "$IMAGE_TAG" ]; then - echo "IMAGE_TAG detected, using instead of the git version." - GIT_VERSION="$IMAGE_TAG" -fi - -docker build -q --rm=true -f Dockerfile -t $REPO:$GIT_VERSION . -docker push $REPO:$GIT_VERSION - -TAG=$(git describe --exact-match --abbrev=0 --tags ${COMMIT} 2> /dev/null || true) -if [ -n "$TAG" ]; then - echo "Release tag is $TAG. Uploading test image to quay." - docker build -q --rm=true -f e2e.Dockerfile -t $TESTER_REPO:$GIT_VERSION . - docker push $TESTER_REPO:$GIT_VERSION -fi - -popd diff --git a/shellcheck.sh b/shellcheck.sh new file mode 100755 index 00000000000..091cc2389ec --- /dev/null +++ b/shellcheck.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +shellcheck --external-sources -- *.sh contrib/*.sh examples/*.sh diff --git a/test-backend.sh b/test-backend.sh index ec20b112684..52b2f50a199 100755 --- a/test-backend.sh +++ b/test-backend.sh @@ -21,12 +21,12 @@ export GOFLAGS="-mod=vendor" COVER=${COVER:-"-cover"} TESTABLE="pkg/auth pkg/proxy pkg/server pkg/helm/actions pkg/helm/handlers" -FORMATTABLE="cmd pkg" +FORMATTABLE=(cmd pkg) # user has not provided PKG override if [ -z "${PKG}" ]; then TEST=${TESTABLE} - FMT=${FORMATTABLE} + FMT=("${FORMATTABLE[@]}") # user has provided PKG override else @@ -35,28 +35,28 @@ else TEST=${TEST//./} # only run gofmt on packages provided by user - FMT="${TEST}" + FMT=("${TEST[@]}") fi # split TEST into an array and prepend repo path to each local package -split=(${TEST// / }) -TEST=${split[@]/#/github.com/openshift/console/} +read -ra split <<<"$TEST" +TEST=("${split[@]/#/github.com/openshift/console/}") echo "Running tests..." -go test ${COVER} $@ ${TEST} +go test "${COVER}" "$@" "${TEST[@]}" echo "Checking gofmt..." -fmtRes=$(gofmt -l ${FMT}) +fmtRes=$(gofmt -l "${FMT[@]}") if [ -n "${fmtRes}" ]; then echo -e "gofmt checking failed:\n${fmtRes}" exit 255 fi echo "Checking govet..." -vetRes=$(go vet ${TEST}) +vetRes=$(go vet "${TEST[@]}") if [ -n "${vetRes}" ]; then - echo -e "govet checking failed:\n${vetRes}" - exit 255 + echo -e "govet checking failed:\n${vetRes}" + exit 255 fi echo "Success" diff --git a/test-ciphers.sh b/test-ciphers.sh index 975a4e8e161..a153415dc86 100755 --- a/test-ciphers.sh +++ b/test-ciphers.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash CONSOLE_URL=$(oc get console.config.openshift.io cluster --template '{{.status.consoleURL}}') if [ -z "${CONSOLE_URL}" ] @@ -22,8 +22,7 @@ VALID_CIPHER_SAMPLE=( for CIPHER in "${VALID_CIPHER_SAMPLE[@]}" do - RESULT=$(openssl s_client -connect "${SERVER}" -cipher "${CIPHER}" -CAfile /tmp/default-ingress-cert-file.txt 2>&1) - if [[ $? -eq 0 ]] + if openssl s_client -connect "${SERVER}" -cipher "${CIPHER}" -CAfile /tmp/default-ingress-cert-file.txt 2>&1 then echo "valid cipher was correctly accepted (${CIPHER})" else @@ -47,12 +46,11 @@ INVALID_CIPHER_SAMPLE=( for CIPHER in "${INVALID_CIPHER_SAMPLE[@]}" do - RESULT=$(openssl s_client -connect "${SERVER}" -cipher "${CIPHER}" -CAfile /tmp/default-ingress-cert-file.txt 2>&1) - if [[ $? -eq 0 ]] + if openssl s_client -connect "${SERVER}" -cipher "${CIPHER}" -CAfile /tmp/default-ingress-cert-file.txt 2>&1 then echo "invalid cipher suite used to connect to console (${CIPHER})" exit 1 else echo "invalid cipher was correctly denied (${CIPHER})" fi -done \ No newline at end of file +done diff --git a/test-gui.sh b/test-gui.sh index 7a9ef713a86..29bf781ecde 100755 --- a/test-gui.sh +++ b/test-gui.sh @@ -25,9 +25,9 @@ then unzip "${CHROME_DIR}/chrome-linux-${BRANCH_BASE}.zip" -d "${CHROME_DIR}/${BRANCH_BASE}" # check sha256sum - if [ "$(sha256sum ${CHROME_DIR}/chrome-linux-${BRANCH_BASE}.zip | cut -f 1 -d ' ')" != "${FORCE_CHROME_BRANCH_SHA256SUM}" ]; + if [ "$(sha256sum "${CHROME_DIR}/chrome-linux-${BRANCH_BASE}.zip" | cut -f 1 -d ' ')" != "${FORCE_CHROME_BRANCH_SHA256SUM}" ]; then - rm -rf "${CHROME_DIR}/${BRANCH_BASE}" + rm -rf "${CHROME_DIR:?}/${BRANCH_BASE}" echo "ERROR: chrmoe binary sha256 missmatch" exit 1 diff --git a/test-prow-e2e.sh b/test-prow-e2e.sh index 5f0f5530bb7..c30ac84ed86 100755 --- a/test-prow-e2e.sh +++ b/test-prow-e2e.sh @@ -17,9 +17,11 @@ trap copyArtifacts EXIT # don't log kubeadmin-password set +x -export BRIDGE_KUBEADMIN_PASSWORD="$(cat "${INSTALLER_DIR}/auth/kubeadmin-password")" +BRIDGE_KUBEADMIN_PASSWORD="$(cat "${INSTALLER_DIR}/auth/kubeadmin-password")" +export BRIDGE_KUBEADMIN_PASSWORD set -x -export BRIDGE_BASE_ADDRESS="$(oc get consoles.config.openshift.io cluster -o jsonpath='{.status.consoleURL}')" +BRIDGE_BASE_ADDRESS="$(oc get consoles.config.openshift.io cluster -o jsonpath='{.status.consoleURL}')" +export BRIDGE_BASE_ADDRESS # Add htpasswd IDP oc apply -f ./frontend/integration-tests/data/htpasswd-secret.yaml @@ -28,6 +30,6 @@ oc patch oauths cluster --patch "$(cat ./frontend/integration-tests/data/patch-h # get the branch base position for a specific chromium version using https://omahaproxy.appspot.com/ source ./chromium-version.sh -./test-gui.sh ${1:-e2e} +./test-gui.sh "${1:-e2e}" ./test-ciphers.sh