Skip to content

Commit 81ff470

Browse files
author
Agent
committed
Pre-build ldap-server image for integration test
Add a Containerfile and server.py under integration-tests/images/ldap-server/ so the LDAP server used in integration tests can be pre-built as a container image instead of performing a live pip install on every test run. Add two Tekton PipelineRun files (.tekton/ldap-server-pull-request.yaml and .tekton/ldap-server-push.yaml) that build and push the ldap-server image using the Konflux build pipeline. Both pipelines are scoped to trigger only when files under integration-tests/images/ldap-server/ change, using the pathChanged() CEL expression. The push pipeline applies the 'main' tag on push to main. Update .tekton/integration-test-eaas.yaml to: - Extract the ldap-server component image URL from the Snapshot in parse-snapshot - Replace the deploy-openldap task's inline ConfigMap, pip install, and volume mount approach with a direct reference to the pre-built image from the Snapshot Closes #89 Generated-By: OpenCode (google-vertex-anthropic/claude-sonnet-4-6@default)
1 parent 37bad18 commit 81ff470

5 files changed

Lines changed: 1056 additions & 100 deletions

File tree

.tekton/integration-test-eaas.yaml

Lines changed: 17 additions & 100 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@ spec:
2222
results:
2323
- name: image-url
2424
description: Container image URL to test
25+
- name: ldap-server-image-url
26+
description: Container image URL for the pre-built LDAP server
2527
- name: git-url
2628
description: Git repository URL
2729
- name: git-revision
@@ -42,6 +44,12 @@ spec:
4244
echo ""
4345
echo "Image to test: $IMAGE_URL"
4446
47+
# Extract ldap-server image URL
48+
LDAP_SERVER_IMAGE_URL=$(echo "$SNAPSHOT" | jq -r '.components[] | select(.name=="ldap-server") | .containerImage')
49+
echo -n "$LDAP_SERVER_IMAGE_URL" | tee $(results.ldap-server-image-url.path)
50+
echo ""
51+
echo "LDAP server image: $LDAP_SERVER_IMAGE_URL"
52+
4553
# Extract git repository URL
4654
GIT_URL=$(echo "$SNAPSHOT" | jq -r '.components[] | select(.name=="cts") | .source.git.url')
4755
echo -n "$GIT_URL" | tee $(results.git-url.path)
@@ -84,6 +92,8 @@ spec:
8492
params:
8593
- name: kubeconfig-secret
8694
type: string
95+
- name: ldap-server-image
96+
type: string
8797
steps:
8898
- name: create-openldap
8999
image: quay.io/konflux-ci/appstudio-utils:latest
@@ -96,89 +106,13 @@ spec:
96106
export KUBECONFIG
97107
98108
echo "=========================================="
99-
echo "Deploying LDAP Server (Python/ldaptor)"
109+
echo "Deploying LDAP Server (pre-built image)"
100110
echo "=========================================="
101111
102-
# Deploy a Python-based in-memory LDAP server using ldaptor.
103-
# osixia/openldap:1.5.0 requires root and fails in OpenShift's
104-
# restricted-v2 SCC. ldaptor runs as an arbitrary UID on a
105-
# non-privileged port (1389), so no SCC changes are needed.
112+
LDAP_IMAGE="$(params.ldap-server-image)"
113+
echo "Using LDAP server image: $LDAP_IMAGE"
106114
107-
kubectl apply -f - <<'EOFYAML'
108-
apiVersion: v1
109-
kind: ConfigMap
110-
metadata:
111-
name: ldap-server-script
112-
data:
113-
server.py: |
114-
"""
115-
Minimal in-memory LDAP server using ldaptor.
116-
117-
Serves posixGroup entries under ou=groups,dc=example,dc=com with
118-
anonymous-read access so that CTS's query_ldap_groups() can
119-
retrieve group membership without a bind DN.
120-
"""
121-
import io
122-
from twisted.internet import reactor
123-
from twisted.internet.protocol import ServerFactory
124-
from twisted.python.components import registerAdapter
125-
from ldaptor.inmemory import fromLDIFFile
126-
from ldaptor.interfaces import IConnectedLDAPEntry
127-
from ldaptor.protocols.ldap.ldapserver import LDAPServer
128-
129-
LDIF = b"""\
130-
dn: dc=example,dc=com
131-
dc: example
132-
objectClass: top
133-
objectClass: domain
134-
135-
dn: ou=groups,dc=example,dc=com
136-
ou: groups
137-
objectClass: top
138-
objectClass: organizationalUnit
139-
140-
dn: cn=cts-builders,ou=groups,dc=example,dc=com
141-
cn: cts-builders
142-
objectClass: top
143-
objectClass: posixGroup
144-
gidNumber: 5501
145-
memberUid: builder@example.com
146-
147-
dn: cn=readonly-users,ou=groups,dc=example,dc=com
148-
cn: readonly-users
149-
objectClass: top
150-
objectClass: posixGroup
151-
gidNumber: 5502
152-
memberUid: readonly@example.com
153-
154-
"""
155-
156-
class LDAPServerFactory(ServerFactory):
157-
protocol = LDAPServer
158-
159-
def __init__(self, root):
160-
self.root = root
161-
162-
def buildProtocol(self, addr):
163-
proto = self.protocol()
164-
proto.factory = self
165-
return proto
166-
167-
registerAdapter(
168-
lambda f: f.root, LDAPServerFactory, IConnectedLDAPEntry
169-
)
170-
171-
def start(root):
172-
factory = LDAPServerFactory(root)
173-
reactor.listenTCP(1389, factory, interface="0.0.0.0")
174-
print("LDAP server listening on port 1389", flush=True)
175-
176-
d = fromLDIFFile(io.BytesIO(LDIF))
177-
d.addCallback(start)
178-
reactor.run()
179-
EOFYAML
180-
181-
kubectl apply -f - <<'EOFYAML'
115+
kubectl apply -f - <<EOFYAML
182116
apiVersion: apps/v1
183117
kind: Deployment
184118
metadata:
@@ -197,18 +131,7 @@ spec:
197131
spec:
198132
containers:
199133
- name: openldap
200-
image: quay.io/konflux-ci/appstudio-utils:latest
201-
command: ["/bin/bash", "-c"]
202-
args:
203-
- |
204-
set -e
205-
export HOME=/tmp
206-
echo "Installing ldaptor and twisted..."
207-
python3 -m ensurepip
208-
python3 -m pip install --target /tmp/ldap-deps --quiet ldaptor twisted
209-
echo "Starting LDAP server..."
210-
export PYTHONPATH=/tmp/ldap-deps
211-
exec python3 /scripts/server.py
134+
image: $LDAP_IMAGE
212135
ports:
213136
- containerPort: 1389
214137
name: ldap
@@ -226,14 +149,6 @@ spec:
226149
limits:
227150
memory: "256Mi"
228151
cpu: "200m"
229-
volumeMounts:
230-
- name: ldap-script
231-
mountPath: /scripts
232-
readOnly: true
233-
volumes:
234-
- name: ldap-script
235-
configMap:
236-
name: ldap-server-script
237152
---
238153
apiVersion: v1
239154
kind: Service
@@ -262,6 +177,8 @@ spec:
262177
params:
263178
- name: kubeconfig-secret
264179
value: $(tasks.provision-environment.results.secretRef)
180+
- name: ldap-server-image
181+
value: $(tasks.parse-snapshot.results.ldap-server-image-url)
265182

266183
- name: deploy-dex
267184
runAfter:

0 commit comments

Comments
 (0)