Skip to content

Commit 487c889

Browse files
author
Agent
committed
Pre-build ldap-server image for integration test
Build a dedicated container image for the in-memory LDAP server used by the integration test instead of performing a live 'pip install ldaptor twisted' on every test run. New files: - integration-tests/images/ldap-server/server.py: the in-memory LDAP server script, listening on port 1389 as an arbitrary UID (OpenShift restricted-v2 SCC compatible). - integration-tests/images/ldap-server/Containerfile: builds a fedora-minimal:44-based image that installs ldaptor and twisted via pip3. - .tekton/ldap-server-pull-request.yaml: Konflux build PipelineRun for pull requests; triggers only when files under integration-tests/images/ldap-server/ change (pathChanged() CEL filter). Sets image-expires-after to 5d. - .tekton/ldap-server-push.yaml: Konflux build PipelineRun for pushes to main. Same path filter. Modified: - .tekton/integration-test-eaas.yaml: parse-snapshot now emits a ldap-server-present result; when ldap-server is absent from the Snapshot (no stable build yet, and not triggered for this PR), every downstream task is skipped via a 'when' condition and the finally task emits 'skipped' instead of failing. Generated-By: OpenCode (google-vertex-anthropic/claude-sonnet-4-6@default)
1 parent 37bad18 commit 487c889

5 files changed

Lines changed: 1232 additions & 101 deletions

File tree

.tekton/integration-test-eaas.yaml

Lines changed: 91 additions & 101 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,10 @@ spec:
2222
results:
2323
- name: image-url
2424
description: Container image URL to test
25+
- name: ldap-server-image-url
26+
description: Container image URL for the pre-built LDAP server
27+
- name: ldap-server-present
28+
description: Whether the ldap-server component is present in the Snapshot
2529
- name: git-url
2630
description: Git repository URL
2731
- name: git-revision
@@ -42,6 +46,24 @@ spec:
4246
echo ""
4347
echo "Image to test: $IMAGE_URL"
4448
49+
# Extract ldap-server image URL. If the ldap-server component is absent
50+
# from the Snapshot (e.g. no ldap-server build was triggered for this PR
51+
# because no relevant files changed, and no stable build exists yet), set
52+
# ldap-server-present to "false" so the test pipeline is skipped rather
53+
# than trying to pull a non-existent image.
54+
LDAP_SERVER_IMAGE_URL=$(echo "$SNAPSHOT" | jq -r '(.components[] | select(.name=="ldap-server") | .containerImage) // empty')
55+
if [ -z "$LDAP_SERVER_IMAGE_URL" ]; then
56+
echo "ldap-server not found in Snapshot; skipping integration test"
57+
echo -n "" | tee $(results.ldap-server-image-url.path)
58+
echo -n "false" | tee $(results.ldap-server-present.path)
59+
else
60+
echo -n "$LDAP_SERVER_IMAGE_URL" | tee $(results.ldap-server-image-url.path)
61+
echo -n "true" | tee $(results.ldap-server-present.path)
62+
fi
63+
echo ""
64+
echo "LDAP server image: $LDAP_SERVER_IMAGE_URL"
65+
echo ""
66+
4567
# Extract git repository URL
4668
GIT_URL=$(echo "$SNAPSHOT" | jq -r '.components[] | select(.name=="cts") | .source.git.url')
4769
echo -n "$GIT_URL" | tee $(results.git-url.path)
@@ -60,6 +82,11 @@ spec:
6082
- name: provision-environment
6183
runAfter:
6284
- parse-snapshot
85+
when:
86+
- input: $(tasks.parse-snapshot.results.ldap-server-present)
87+
operator: in
88+
values:
89+
- "true"
6390
taskRef:
6491
params:
6592
- name: name
@@ -80,10 +107,17 @@ spec:
80107
- name: deploy-openldap
81108
runAfter:
82109
- provision-environment
110+
when:
111+
- input: $(tasks.parse-snapshot.results.ldap-server-present)
112+
operator: in
113+
values:
114+
- "true"
83115
taskSpec:
84116
params:
85117
- name: kubeconfig-secret
86118
type: string
119+
- name: ldap-server-image
120+
type: string
87121
steps:
88122
- name: create-openldap
89123
image: quay.io/konflux-ci/appstudio-utils:latest
@@ -96,89 +130,13 @@ spec:
96130
export KUBECONFIG
97131
98132
echo "=========================================="
99-
echo "Deploying LDAP Server (Python/ldaptor)"
133+
echo "Deploying LDAP Server (pre-built image)"
100134
echo "=========================================="
101135
102-
# Deploy a Python-based in-memory LDAP server using ldaptor.
103-
# osixia/openldap:1.5.0 requires root and fails in OpenShift's
104-
# restricted-v2 SCC. ldaptor runs as an arbitrary UID on a
105-
# non-privileged port (1389), so no SCC changes are needed.
136+
LDAP_IMAGE="$(params.ldap-server-image)"
137+
echo "Using LDAP server image: $LDAP_IMAGE"
106138
107-
kubectl apply -f - <<'EOFYAML'
108-
apiVersion: v1
109-
kind: ConfigMap
110-
metadata:
111-
name: ldap-server-script
112-
data:
113-
server.py: |
114-
"""
115-
Minimal in-memory LDAP server using ldaptor.
116-
117-
Serves posixGroup entries under ou=groups,dc=example,dc=com with
118-
anonymous-read access so that CTS's query_ldap_groups() can
119-
retrieve group membership without a bind DN.
120-
"""
121-
import io
122-
from twisted.internet import reactor
123-
from twisted.internet.protocol import ServerFactory
124-
from twisted.python.components import registerAdapter
125-
from ldaptor.inmemory import fromLDIFFile
126-
from ldaptor.interfaces import IConnectedLDAPEntry
127-
from ldaptor.protocols.ldap.ldapserver import LDAPServer
128-
129-
LDIF = b"""\
130-
dn: dc=example,dc=com
131-
dc: example
132-
objectClass: top
133-
objectClass: domain
134-
135-
dn: ou=groups,dc=example,dc=com
136-
ou: groups
137-
objectClass: top
138-
objectClass: organizationalUnit
139-
140-
dn: cn=cts-builders,ou=groups,dc=example,dc=com
141-
cn: cts-builders
142-
objectClass: top
143-
objectClass: posixGroup
144-
gidNumber: 5501
145-
memberUid: builder@example.com
146-
147-
dn: cn=readonly-users,ou=groups,dc=example,dc=com
148-
cn: readonly-users
149-
objectClass: top
150-
objectClass: posixGroup
151-
gidNumber: 5502
152-
memberUid: readonly@example.com
153-
154-
"""
155-
156-
class LDAPServerFactory(ServerFactory):
157-
protocol = LDAPServer
158-
159-
def __init__(self, root):
160-
self.root = root
161-
162-
def buildProtocol(self, addr):
163-
proto = self.protocol()
164-
proto.factory = self
165-
return proto
166-
167-
registerAdapter(
168-
lambda f: f.root, LDAPServerFactory, IConnectedLDAPEntry
169-
)
170-
171-
def start(root):
172-
factory = LDAPServerFactory(root)
173-
reactor.listenTCP(1389, factory, interface="0.0.0.0")
174-
print("LDAP server listening on port 1389", flush=True)
175-
176-
d = fromLDIFFile(io.BytesIO(LDIF))
177-
d.addCallback(start)
178-
reactor.run()
179-
EOFYAML
180-
181-
kubectl apply -f - <<'EOFYAML'
139+
kubectl apply -f - <<EOFYAML
182140
apiVersion: apps/v1
183141
kind: Deployment
184142
metadata:
@@ -197,18 +155,7 @@ spec:
197155
spec:
198156
containers:
199157
- name: openldap
200-
image: quay.io/konflux-ci/appstudio-utils:latest
201-
command: ["/bin/bash", "-c"]
202-
args:
203-
- |
204-
set -e
205-
export HOME=/tmp
206-
echo "Installing ldaptor and twisted..."
207-
python3 -m ensurepip
208-
python3 -m pip install --target /tmp/ldap-deps --quiet ldaptor twisted
209-
echo "Starting LDAP server..."
210-
export PYTHONPATH=/tmp/ldap-deps
211-
exec python3 /scripts/server.py
158+
image: $LDAP_IMAGE
212159
ports:
213160
- containerPort: 1389
214161
name: ldap
@@ -226,14 +173,6 @@ spec:
226173
limits:
227174
memory: "256Mi"
228175
cpu: "200m"
229-
volumeMounts:
230-
- name: ldap-script
231-
mountPath: /scripts
232-
readOnly: true
233-
volumes:
234-
- name: ldap-script
235-
configMap:
236-
name: ldap-server-script
237176
---
238177
apiVersion: v1
239178
kind: Service
@@ -262,10 +201,17 @@ spec:
262201
params:
263202
- name: kubeconfig-secret
264203
value: $(tasks.provision-environment.results.secretRef)
204+
- name: ldap-server-image
205+
value: $(tasks.parse-snapshot.results.ldap-server-image-url)
265206

266207
- name: deploy-dex
267208
runAfter:
268209
- provision-environment
210+
when:
211+
- input: $(tasks.parse-snapshot.results.ldap-server-present)
212+
operator: in
213+
values:
214+
- "true"
269215
taskSpec:
270216
params:
271217
- name: kubeconfig-secret
@@ -460,6 +406,11 @@ spec:
460406
- name: deploy-database
461407
runAfter:
462408
- provision-environment
409+
when:
410+
- input: $(tasks.parse-snapshot.results.ldap-server-present)
411+
operator: in
412+
values:
413+
- "true"
463414
taskSpec:
464415
params:
465416
- name: kubeconfig-secret
@@ -597,6 +548,11 @@ spec:
597548
- deploy-database
598549
- deploy-openldap
599550
- deploy-dex
551+
when:
552+
- input: $(tasks.parse-snapshot.results.ldap-server-present)
553+
operator: in
554+
values:
555+
- "true"
600556
taskSpec:
601557
params:
602558
- name: kubeconfig-secret
@@ -851,6 +807,11 @@ spec:
851807
- name: run-tests
852808
runAfter:
853809
- deploy-cts
810+
when:
811+
- input: $(tasks.parse-snapshot.results.ldap-server-present)
812+
operator: in
813+
values:
814+
- "true"
854815
taskSpec:
855816
params:
856817
- name: kubeconfig-secret
@@ -969,6 +930,35 @@ spec:
969930
- name: git-revision
970931
value: $(tasks.parse-snapshot.results.git-revision)
971932

933+
finally:
934+
- name: report-result
935+
params:
936+
- name: ldap-server-present
937+
value: $(tasks.parse-snapshot.results.ldap-server-present)
938+
- name: test-result
939+
value: $(tasks.run-tests.results.test-result)
940+
taskSpec:
941+
params:
942+
- name: ldap-server-present
943+
type: string
944+
- name: test-result
945+
type: string
946+
default: ""
947+
results:
948+
- name: test-output
949+
description: Final test output result
950+
steps:
951+
- name: emit-result
952+
image: quay.io/konflux-ci/appstudio-utils:latest
953+
script: |
954+
#!/usr/bin/env bash
955+
if [ "$(params.ldap-server-present)" = "false" ]; then
956+
echo "ldap-server image was not available in the Snapshot; test skipped."
957+
echo -n "skipped" | tee $(results.test-output.path)
958+
else
959+
echo -n "$(params.test-result)" | tee $(results.test-output.path)
960+
fi
961+
972962
results:
973963
- name: TEST_OUTPUT
974-
value: $(tasks.run-tests.results.test-result)
964+
value: $(finally.report-result.results.test-output)

0 commit comments

Comments
 (0)