Skip to content

Commit

Permalink
Use bitnami/openldap in integration tests instead of our old fork
Browse files Browse the repository at this point in the history
  • Loading branch information
@cfryanr
cfryanr committed Oct 4, 2023
1 parent 776e436 commit 826d823
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 67 deletions.
74 changes: 17 additions & 57 deletions test/deploy/tools/ldap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,60 +155,32 @@ stringData: #@ ldapLIDIF()
apiVersion: v1
kind: Secret
metadata:
name: ldap-server-config-before-ldif-files
name: ldap-server-additional-schema-ldif-files
namespace: tools
type: Opaque
stringData:
server-config.ldif: |
# Load the memberof module.
#! From https://github.com/bitnami/containers/issues/982#issuecomment-1220354408
memberof.ldif: |
dn: cn=module,cn=config
cn: module
objectClass: olcModuleList
objectClass: top
olcModulePath: /opt/bitnami/openldap/lib/openldap
olcModuleLoad: memberof
olcModuleLoad: memberof.so
olcModuleLoad: refint.so
dn: olcOverlay={0}memberof,olcDatabase={2}hdb,cn=config
objectClass: olcConfig
dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
# Load the refint module.
dn: cn=module,cn=config
cn: module
objectclass: olcModuleList
objectclass: top
olcmodulepath: /opt/bitnami/openldap/lib/openldap
olcmoduleload: refint
dn: olcOverlay={1}refint,olcDatabase={2}hdb,cn=config
dn: olcOverlay=refint,olcDatabase={2}mdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: {1}refint
olcOverlay: refint
olcRefintAttribute: memberof member manager owner
---
apiVersion: v1
kind: Secret
metadata:
name: ldap-server-config-after-ldif-files
namespace: tools
type: Opaque
stringData:
server-config.ldif: |
# Reject any further connections that do not use TLS or StartTLS
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcSecurity
olcSecurity: tls=1
---
apiVersion: apps/v1
kind: Deployment
metadata:
Expand Down Expand Up @@ -241,13 +213,6 @@ spec:
containerPort: 1389
- name: ldaps
containerPort: 1636
resources:
requests:
cpu: "100m" #! one-tenth of one CPU
memory: "64Mi"
limits:
#! Do not limit CPU because it was causing issues running integration tests on AKS where openldap became very slow.
memory: "64Mi"
readinessProbe:
tcpSocket:
port: ldap
Expand All @@ -274,6 +239,8 @@ spec:
value: "password" #! ok to hardcode: the LDAP server will not be available from outside the cluster
- name: LDAP_ENABLE_TLS
value: "yes"
- name: LDAP_REQUIRE_TLS
value: "yes"
- name: LDAP_TLS_CERT_FILE
value: "/var/certs/ldap.pem"
- name: LDAP_TLS_KEY_FILE
Expand All @@ -283,26 +250,22 @@ spec:
#! Note that the custom LDIF file is only read at pod start-up time.
- name: LDAP_CUSTOM_LDIF_DIR
value: "/var/ldifs"
- name: LDAP_SERVER_CONFIG_BEFORE_CUSTOM_LDIF_DIR
value: "/var/server-config-before-ldifs"
- name: LDAP_SERVER_CONFIG_AFTER_CUSTOM_LDIF_DIR
value: "/var/server-config-after-ldifs"
#! Seems like LDAP_ROOT is still required when using LDAP_CUSTOM_LDIF_DIR because it effects the admin user.
#! Presumably this needs to match the root that we create in the LDIF file.
- name: LDAP_ROOT
value: "dc=pinniped,dc=dev"
- name: LDAP_EXTRA_SCHEMAS
value: "cosine,inetorgperson,nis,memberof"
volumeMounts:
- name: certs
mountPath: /var/certs
readOnly: true
- name: ldifs
mountPath: /var/ldifs
readOnly: true
- name: server-config-before-ldifs
mountPath: /var/server-config-before-ldifs
readOnly: true
- name: server-config-after-ldifs
mountPath: /var/server-config-after-ldifs
- name: additional-schema
mountPath: /opt/bitnami/openldap/etc/schema/memberof.ldif
subPath: memberof.ldif
readOnly: true
volumes:
- name: certs
Expand All @@ -311,12 +274,9 @@ spec:
- name: ldifs
secret:
secretName: ldap-ldif-files
- name: server-config-before-ldifs
secret:
secretName: ldap-server-config-before-ldif-files
- name: server-config-after-ldifs
- name: additional-schema
secret:
secretName: ldap-server-config-after-ldif-files
secretName: ldap-server-additional-schema-ldif-files
---
apiVersion: v1
kind: Service
Expand Down
9 changes: 1 addition & 8 deletions test/deploy/tools/proxy.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
#! Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0

#@ load("@ytt:data", "data")
Expand Down Expand Up @@ -30,13 +30,6 @@ spec:
ports:
- name: http
containerPort: 3128
resources:
requests:
cpu: "100m" #! one-tenth of one CPU
memory: "64Mi"
limits:
cpu: "100m" #! one-tenth of one CPU
memory: "64Mi"
volumeMounts:
- name: log-dir
mountPath: "/var/log/squid/"
Expand Down
4 changes: 2 additions & 2 deletions test/deploy/tools/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
#! Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0

#@data/values
Expand Down Expand Up @@ -28,7 +28,7 @@ pinny_ldap_password:

#! Images for each of the deployed test components.
dex_image: ghcr.io/pinniped-ci-bot/test-dex:latest
ldap_image: ghcr.io/pinniped-ci-bot/test-ldap:latest
ldap_image: ghcr.io/pinniped-ci-bot/test-bitnami-ldap:latest
proxy_image: ghcr.io/pinniped-ci-bot/test-forward-proxy:latest
cfssl_image: ghcr.io/pinniped-ci-bot/test-cfssl:latest
kubectl_image: ghcr.io/pinniped-ci-bot/test-kubectl:latest

0 comments on commit 826d823

Please sign in to comment.