Skip to content

Commit 84d022b

Browse files
Agentlubomir
authored andcommitted
Add OIDC authentication to integration tests
Deploys Dex (OIDC provider) and a Python/ldaptor in-memory LDAP server alongside CTS in the EaaS pipeline and exercises the full mod_auth_openidc → load_openidc_user → get_user_info → query_ldap_groups → has_role auth stack end-to-end. Pipeline changes (.tekton/integration-test-eaas.yaml): - New deploy-openldap task: in-memory LDAP server (ldaptor) serving the cts-builders posixGroup, runs without root on any UID - New deploy-dex task: Dex with TLS (self-signed CA), password connector, static OAuth2 client cts-integration - Updated deploy-cts: AUTH_BACKEND=oidc_or_kerberos, httpd.conf with AuthType oauth20 / OIDCOAuthVerifyJwksUri / OIDCCABundlePath for bearer token validation; SetEnv OIDC_CLAIM_scope scoped to Bearer requests only - Updated run-tests: passes AUTH_BACKEND=oidc_or_kerberos; installs requests; writes Dex CA to /tmp and sets REQUESTS_CA_BUNDLE Test changes (tests/test_integration_api.py): - AuthHTTPClient: HTTPClient subclass that injects Authorization: Bearer - _get_oidc_token(): obtains a real access token from Dex via ROPC grant - _make_ssl_context(): builds an SSLContext from REQUESTS_CA_BUNDLE for use with urllib.request.urlopen - write_http_client fixture: returns AuthHTTPClient under OIDC or plain HTTPClient in noauth mode; pre-existing workflow tests use it - Four new tests (all four explicitly skip when not _is_oidc_backend()): - test_auth_unauthenticated_write_returns_401 - test_auth_builder_can_post_compose - test_auth_unauthorized_user_returns_403 - test_auth_get_endpoints_accessible_without_token Generated-By: OpenCode (google-vertex-anthropic/claude-sonnet-4-6@default)
1 parent 7c45869 commit 84d022b

2 files changed

Lines changed: 686 additions & 34 deletions

File tree

0 commit comments

Comments
 (0)