2222 results :
2323 - name : image-url
2424 description : Container image URL to test
25+ - name : ldap-server-image-url
26+ description : Container image URL for the pre-built LDAP server
27+ - name : ldap-server-present
28+ description : Whether the ldap-server component is present in the Snapshot
2529 - name : git-url
2630 description : Git repository URL
2731 - name : git-revision
4246 echo ""
4347 echo "Image to test: $IMAGE_URL"
4448
49+ # Extract ldap-server image URL. If the ldap-server component is absent
50+ # from the Snapshot (e.g. no ldap-server build was triggered for this PR
51+ # because no relevant files changed, and no stable build exists yet), set
52+ # ldap-server-present to "false" so the test pipeline is skipped rather
53+ # than trying to pull a non-existent image.
54+ LDAP_SERVER_IMAGE_URL=$(echo "$SNAPSHOT" | jq -r '(.components[] | select(.name=="ldap-server") | .containerImage) // empty')
55+ if [ -z "$LDAP_SERVER_IMAGE_URL" ]; then
56+ echo "ldap-server not found in Snapshot; skipping integration test"
57+ echo -n "" | tee $(results.ldap-server-image-url.path)
58+ echo -n "false" | tee $(results.ldap-server-present.path)
59+ else
60+ echo -n "$LDAP_SERVER_IMAGE_URL" | tee $(results.ldap-server-image-url.path)
61+ echo -n "true" | tee $(results.ldap-server-present.path)
62+ fi
63+ echo ""
64+ echo "LDAP server image: $LDAP_SERVER_IMAGE_URL"
65+ echo ""
66+
4567 # Extract git repository URL
4668 GIT_URL=$(echo "$SNAPSHOT" | jq -r '.components[] | select(.name=="cts") | .source.git.url')
4769 echo -n "$GIT_URL" | tee $(results.git-url.path)
6082 - name : provision-environment
6183 runAfter :
6284 - parse-snapshot
85+ when :
86+ - input : $(tasks.parse-snapshot.results.ldap-server-present)
87+ operator : in
88+ values :
89+ - " true"
6390 taskRef :
6491 params :
6592 - name : name
@@ -80,10 +107,17 @@ spec:
80107 - name : deploy-openldap
81108 runAfter :
82109 - provision-environment
110+ when :
111+ - input : $(tasks.parse-snapshot.results.ldap-server-present)
112+ operator : in
113+ values :
114+ - " true"
83115 taskSpec :
84116 params :
85117 - name : kubeconfig-secret
86118 type : string
119+ - name : ldap-server-image
120+ type : string
87121 steps :
88122 - name : create-openldap
89123 image : quay.io/konflux-ci/appstudio-utils:latest
@@ -96,89 +130,13 @@ spec:
96130 export KUBECONFIG
97131
98132 echo "=========================================="
99- echo "Deploying LDAP Server (Python/ldaptor )"
133+ echo "Deploying LDAP Server (pre-built image )"
100134 echo "=========================================="
101135
102- # Deploy a Python-based in-memory LDAP server using ldaptor.
103- # osixia/openldap:1.5.0 requires root and fails in OpenShift's
104- # restricted-v2 SCC. ldaptor runs as an arbitrary UID on a
105- # non-privileged port (1389), so no SCC changes are needed.
136+ LDAP_IMAGE="$(params.ldap-server-image)"
137+ echo "Using LDAP server image: $LDAP_IMAGE"
106138
107- kubectl apply -f - <<'EOFYAML'
108- apiVersion: v1
109- kind: ConfigMap
110- metadata:
111- name: ldap-server-script
112- data:
113- server.py: |
114- """
115- Minimal in-memory LDAP server using ldaptor.
116-
117- Serves posixGroup entries under ou=groups,dc=example,dc=com with
118- anonymous-read access so that CTS's query_ldap_groups() can
119- retrieve group membership without a bind DN.
120- """
121- import io
122- from twisted.internet import reactor
123- from twisted.internet.protocol import ServerFactory
124- from twisted.python.components import registerAdapter
125- from ldaptor.inmemory import fromLDIFFile
126- from ldaptor.interfaces import IConnectedLDAPEntry
127- from ldaptor.protocols.ldap.ldapserver import LDAPServer
128-
129- LDIF = b"""\
130- dn: dc=example,dc=com
131- dc: example
132- objectClass: top
133- objectClass: domain
134-
135- dn: ou=groups,dc=example,dc=com
136- ou: groups
137- objectClass: top
138- objectClass: organizationalUnit
139-
140- dn: cn=cts-builders,ou=groups,dc=example,dc=com
141- cn: cts-builders
142- objectClass: top
143- objectClass: posixGroup
144- gidNumber: 5501
145- memberUid: builder@example.com
146-
147- dn: cn=readonly-users,ou=groups,dc=example,dc=com
148- cn: readonly-users
149- objectClass: top
150- objectClass: posixGroup
151- gidNumber: 5502
152- memberUid: readonly@example.com
153-
154- """
155-
156- class LDAPServerFactory(ServerFactory):
157- protocol = LDAPServer
158-
159- def __init__(self, root):
160- self.root = root
161-
162- def buildProtocol(self, addr):
163- proto = self.protocol()
164- proto.factory = self
165- return proto
166-
167- registerAdapter(
168- lambda f: f.root, LDAPServerFactory, IConnectedLDAPEntry
169- )
170-
171- def start(root):
172- factory = LDAPServerFactory(root)
173- reactor.listenTCP(1389, factory, interface="0.0.0.0")
174- print("LDAP server listening on port 1389", flush=True)
175-
176- d = fromLDIFFile(io.BytesIO(LDIF))
177- d.addCallback(start)
178- reactor.run()
179- EOFYAML
180-
181- kubectl apply -f - <<'EOFYAML'
139+ kubectl apply -f - <<EOFYAML
182140 apiVersion: apps/v1
183141 kind: Deployment
184142 metadata:
@@ -197,18 +155,7 @@ spec:
197155 spec:
198156 containers:
199157 - name: openldap
200- image: quay.io/konflux-ci/appstudio-utils:latest
201- command: ["/bin/bash", "-c"]
202- args:
203- - |
204- set -e
205- export HOME=/tmp
206- echo "Installing ldaptor and twisted..."
207- python3 -m ensurepip
208- python3 -m pip install --target /tmp/ldap-deps --quiet ldaptor twisted
209- echo "Starting LDAP server..."
210- export PYTHONPATH=/tmp/ldap-deps
211- exec python3 /scripts/server.py
158+ image: $LDAP_IMAGE
212159 ports:
213160 - containerPort: 1389
214161 name: ldap
@@ -226,14 +173,6 @@ spec:
226173 limits:
227174 memory: "256Mi"
228175 cpu: "200m"
229- volumeMounts:
230- - name: ldap-script
231- mountPath: /scripts
232- readOnly: true
233- volumes:
234- - name: ldap-script
235- configMap:
236- name: ldap-server-script
237176 ---
238177 apiVersion: v1
239178 kind: Service
@@ -262,10 +201,17 @@ spec:
262201 params :
263202 - name : kubeconfig-secret
264203 value : $(tasks.provision-environment.results.secretRef)
204+ - name : ldap-server-image
205+ value : $(tasks.parse-snapshot.results.ldap-server-image-url)
265206
266207 - name : deploy-dex
267208 runAfter :
268209 - provision-environment
210+ when :
211+ - input : $(tasks.parse-snapshot.results.ldap-server-present)
212+ operator : in
213+ values :
214+ - " true"
269215 taskSpec :
270216 params :
271217 - name : kubeconfig-secret
@@ -460,6 +406,11 @@ spec:
460406 - name : deploy-database
461407 runAfter :
462408 - provision-environment
409+ when :
410+ - input : $(tasks.parse-snapshot.results.ldap-server-present)
411+ operator : in
412+ values :
413+ - " true"
463414 taskSpec :
464415 params :
465416 - name : kubeconfig-secret
@@ -597,6 +548,11 @@ spec:
597548 - deploy-database
598549 - deploy-openldap
599550 - deploy-dex
551+ when :
552+ - input : $(tasks.parse-snapshot.results.ldap-server-present)
553+ operator : in
554+ values :
555+ - " true"
600556 taskSpec :
601557 params :
602558 - name : kubeconfig-secret
@@ -851,6 +807,11 @@ spec:
851807 - name : run-tests
852808 runAfter :
853809 - deploy-cts
810+ when :
811+ - input : $(tasks.parse-snapshot.results.ldap-server-present)
812+ operator : in
813+ values :
814+ - " true"
854815 taskSpec :
855816 params :
856817 - name : kubeconfig-secret
@@ -969,6 +930,35 @@ spec:
969930 - name : git-revision
970931 value : $(tasks.parse-snapshot.results.git-revision)
971932
933+ finally :
934+ - name : report-result
935+ params :
936+ - name : ldap-server-present
937+ value : $(tasks.parse-snapshot.results.ldap-server-present)
938+ - name : test-result
939+ value : $(tasks.run-tests.results.test-result)
940+ taskSpec :
941+ params :
942+ - name : ldap-server-present
943+ type : string
944+ - name : test-result
945+ type : string
946+ default : " "
947+ results :
948+ - name : test-output
949+ description : Final test output result
950+ steps :
951+ - name : emit-result
952+ image : quay.io/konflux-ci/appstudio-utils:latest
953+ script : |
954+ #!/usr/bin/env bash
955+ if [ "$(params.ldap-server-present)" = "false" ]; then
956+ echo "ldap-server image was not available in the Snapshot; test skipped."
957+ echo -n "skipped" | tee $(results.test-output.path)
958+ else
959+ echo -n "$(params.test-result)" | tee $(results.test-output.path)
960+ fi
961+
972962 results :
973963 - name : TEST_OUTPUT
974- value : $(tasks.run-tests .results.test-result )
964+ value : $(finally.report-result .results.test-output )
0 commit comments