Skip to content

Commit d852a80

Browse files
authored
Develop (#174)
* Synching develop branch with master. (#161) * Feature/157 (#158) * Initial creation of terraform setup for AWS static-content site hosting. * Website deployment run locally works. Terraform AWS resource build run locally works. * Creating test self-hosted environment. Alwways run terraform in docker containers. * Removing all run on PR creation / modification. * Making redirect_uri and logout URL field defaults parameterized. * OIDC Authorization Code Flow with local keycoak is now working for test and prod hosted static-content site. * Updating Token History grouping. * Test suite works against test and prod sites with a local keycloak instance. The introspection endpoint in keycloak cannot be invoked from the browser. So, the static content site cannot call the keycloak instrospection site. The test suite looks for hte expected CORS error. Test suite must be run against a local build for full validation. * Feature/158 (#160) * Initial creation of terraform setup for AWS static-content site hosting. * Website deployment run locally works. Terraform AWS resource build run locally works. * Creating test self-hosted environment. Alwways run terraform in docker containers. * Removing all run on PR creation / modification. * Making redirect_uri and logout URL field defaults parameterized. * OIDC Authorization Code Flow with local keycoak is now working for test and prod hosted static-content site. * Updating Token History grouping. * Test suite works against test and prod sites with a local keycloak instance. The introspection endpoint in keycloak cannot be invoked from the browser. So, the static content site cannot call the keycloak instrospection site. The test suite looks for hte expected CORS error. Test suite must be run against a local build for full validation. * Minimize javascript for static content sites. Google analytics for static content sites. * feature/152 (#163) * Feature/157 (#158) * Initial creation of terraform setup for AWS static-content site hosting. * Website deployment run locally works. Terraform AWS resource build run locally works. * Creating test self-hosted environment. Alwways run terraform in docker containers. * Removing all run on PR creation / modification. * Making redirect_uri and logout URL field defaults parameterized. * OIDC Authorization Code Flow with local keycoak is now working for test and prod hosted static-content site. * Updating Token History grouping. * Test suite works against test and prod sites with a local keycloak instance. The introspection endpoint in keycloak cannot be invoked from the browser. So, the static content site cannot call the keycloak instrospection site. The test suite looks for hte expected CORS error. Test suite must be run against a local build for full validation. * Feature/158 (#160) * Initial creation of terraform setup for AWS static-content site hosting. * Website deployment run locally works. Terraform AWS resource build run locally works. * Creating test self-hosted environment. Alwways run terraform in docker containers. * Removing all run on PR creation / modification. * Making redirect_uri and logout URL field defaults parameterized. * OIDC Authorization Code Flow with local keycoak is now working for test and prod hosted static-content site. * Updating Token History grouping. * Test suite works against test and prod sites with a local keycloak instance. The introspection endpoint in keycloak cannot be invoked from the browser. So, the static content site cannot call the keycloak instrospection site. The test suite looks for hte expected CORS error. Test suite must be run against a local build for full validation. * Minimize javascript for static content sites. Google analytics for static content sites. * Feature/152 (#162) * Synching develop branch with master. (#161) * Feature/157 (#158) * Initial creation of terraform setup for AWS static-content site hosting. * Website deployment run locally works. Terraform AWS resource build run locally works. * Creating test self-hosted environment. Alwways run terraform in docker containers. * Removing all run on PR creation / modification. * Making redirect_uri and logout URL field defaults parameterized. * OIDC Authorization Code Flow with local keycoak is now working for test and prod hosted static-content site. * Updating Token History grouping. * Test suite works against test and prod sites with a local keycloak instance. The introspection endpoint in keycloak cannot be invoked from the browser. So, the static content site cannot call the keycloak instrospection site. The test suite looks for hte expected CORS error. Test suite must be run against a local build for full validation. * Feature/158 (#160) * Initial creation of terraform setup for AWS static-content site hosting. * Website deployment run locally works. Terraform AWS resource build run locally works. * Creating test self-hosted environment. Alwways run terraform in docker containers. * Removing all run on PR creation / modification. * Making redirect_uri and logout URL field defaults parameterized. * OIDC Authorization Code Flow with local keycoak is now working for test and prod hosted static-content site. * Updating Token History grouping. * Test suite works against test and prod sites with a local keycloak instance. The introspection endpoint in keycloak cannot be invoked from the browser. So, the static content site cannot call the keycloak instrospection site. The test suite looks for hte expected CORS error. Test suite must be run against a local build for full validation. * Minimize javascript for static content sites. Google analytics for static content sites. * Updated docker build instructions. * Initial page + test creation. (#164) * Initial page + test creation. * Adding ability to take a JWT and decompose it into JWT Header and JWT Payload fields on jwt_tools.html page. Updated test suite to test this. * Moving back to postgres18. Not sure when we lost that change. * Fixing test #13. * Fix coverage report. * Another change attempting to fix the code coverage bug. * Successful deployment to test.idptools.com and selenium test run. * Terraform creates IAM role with minimmum permissions. * Terraform creates IAM role with minimmum permissions. * Automatically run terraform against test when commmits / merge made to develop. * Updating develop / test 'test suite run' + terraform + static-content site deployment. * Test change to kick off pipelines. * Kick-off another workflow run. * Terraform deploy job didn't run as expected on push. * Initiate workflows by push. Test. * Run hosted site test suite after deployment. * Live website test should run better now. * Triggering another workflow. * Another fix to live-test workflow.
1 parent c704b33 commit d852a80

5 files changed

Lines changed: 47 additions & 52 deletions

File tree

.github/workflows/website-test-live-prod.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ name: Live Site Test (idptools.com)
22

33
# Runs the full Selenium suite against the DEPLOYED PROD site
44
# (https://idptools.com), using a throwaway Keycloak spun up locally (browser
5-
# reaches it at http://keycloak:8080 on the compose network). Same mechanism as
5+
# reaches it at http://localhost:8080 via host networking). Same mechanism as
66
# the test-site live test (docker-compose-live-tests.yml), pointed at prod via
77
# LIVE_DEBUGGER_BASE_URL / LIVE_CONFIG_FILE.
88
#

.github/workflows/website-test-live.yml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,9 @@
11
name: Live Site Test (test.idptools.com)
22

33
# Runs the full Selenium suite against the DEPLOYED test.idptools.com site,
4-
# using a throwaway Keycloak spun up locally (postgres + keycloak on a compose
5-
# network, same stack as the containerized suite). The browser in the tests
6-
# container reaches that Keycloak at http://keycloak:8080 while it drives the
7-
# public HTTPS site. See docker-compose-live-tests.yml.
4+
# using a throwaway Keycloak spun up locally over host networking. The browser
5+
# in the tests container reaches that Keycloak at http://localhost:8080 while it
6+
# drives the public HTTPS site. See docker-compose-live-tests.yml.
87
#
98
# Runs automatically after a successful test-site deploy (post-deploy
109
# verification), plus nightly and on demand.

README.md

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -281,5 +281,3 @@ Thanks to the following:
281281
![alt text](docs/images/image-6.png)
282282
10. If successful, the debugger will return "Access token", "Refresh Token" and optionally "ID Token". You can view additional information for each of the tokens if you click on their links (1). You can also introspect the access and refresh token using the identity provider introspection endpoint (2). For ID tokens, you can also decode their userinfo data (3)
283283
![alt text](docs/images/image-15.png)
284-
285-

docker-compose-live-tests.yml

Lines changed: 15 additions & 45 deletions
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,19 @@
11
# Runs the Selenium suite against a DEPLOYED debugger site (default:
22
# https://test.idptools.com) while talking to a throwaway Keycloak spun up
3-
# locally. This is the same stack as docker-compose-run-tests.yml (postgres +
4-
# keycloak + tests on the "keycloak" bridge network) MINUS the containerized
5-
# api/client — the debugger under test is the hosted site instead.
3+
# locally. Same idea as docker-compose-run-tests.yml, but the debugger under
4+
# test is the hosted site instead of a containerized client — only Keycloak and
5+
# the test runner are started here.
66
#
7-
# The browser inside the tests container reaches the local Keycloak at
8-
# http://keycloak:8080 (compose DNS), exactly as the containerized suite does.
9-
# It drives the public HTTPS site and makes its OIDC/OAuth calls to that local
10-
# Keycloak; the suite's Chrome flags (--allow-running-insecure-content +
11-
# private-network overrides) permit the HTTPS-page -> http://keycloak calls.
7+
# HOST NETWORKING is required (not the bridge network the containerized suite
8+
# uses): the browser drives the public HTTPS site and must call the local
9+
# Keycloak from that HTTPS page. Chrome treats http://localhost (loopback) as
10+
# potentially-trustworthy and exempt from mixed-content / private-network
11+
# blocking, but a private-IP host (e.g. a bridge service name) is blocked. So
12+
# both containers share the host network and Keycloak is reached at
13+
# http://localhost:8080 — exactly the scenario remote-run-tests.sh proves.
1214
#
13-
# Keycloak's clients are (re)created at run time by common.sh configureKeycloak
14-
# with redirectUris/webOrigins matching DEBUGGER_BASE_URL, so the deployed
15-
# site's redirect back to <site>/callback validates.
16-
#
17-
# Compose format 2.x for `depends_on: condition: service_healthy` support.
15+
# Readiness: instead of a Docker healthcheck (flaky under host networking), the
16+
# tests container waits for Keycloak itself (docker-run-tests.sh waitForKeycloak).
1817
#
1918
# Override the target via the environment:
2019
# LIVE_DEBUGGER_BASE_URL (default https://test.idptools.com)
@@ -53,51 +52,22 @@ services:
5352
KEYCLOAK_ADMIN: keycloak
5453
KEYCLOAK_ADMIN_PASSWORD: keycloak
5554
KC_HEALTH_ENABLED: "true"
56-
hostname: keycloak
57-
healthcheck:
58-
test: [
59-
"CMD-SHELL",
60-
"exec 3<>/dev/tcp/localhost/9000; \
61-
echo -en 'GET /health/ready' >&3; \
62-
# Give the server a moment to respond, then search for 'UP'
63-
if timeout 3 cat <&3 | grep -m 1 'UP'; then \
64-
exec 3<&-; exec 3>&-; exit 0; \
65-
else \
66-
exec 3<&-; exec 3>&-; exit 1; \
67-
fi"
68-
]
69-
interval: 10s
70-
timeout: 60s
71-
retries: 5
72-
start_period: 30s
73-
depends_on:
74-
postgres:
75-
condition: service_healthy
76-
networks:
77-
- keycloak
7855

7956
tests:
8057
image: rcbj/test-live
8158
build:
8259
context: .
8360
dockerfile: tests/Dockerfile
8461
environment:
85-
# Target the deployed site; talk to the local Keycloak by service name.
62+
# Target the deployed site; talk to the local Keycloak over loopback.
8663
- DEBUGGER_BASE_URL=${LIVE_DEBUGGER_BASE_URL:-https://test.idptools.com}
8764
- KEYCLOAK_BASE_URL=http://keycloak:8080
8865
- KEYCLOAK_LOCALHOST_BASE_URL=http://keycloak:8080
8966
- CONFIG_FILE=${LIVE_CONFIG_FILE:-./env/test-idptools-com.js}
9067
# Persist the generated report/logs to the host (gitignored).
9168
volumes:
9269
- ./tests/report:/usr/src/app/report
70+
# Start-order only (host networking healthchecks are unreliable); the test
71+
# runner waits for Keycloak to answer before configuring it.
9372
depends_on:
94-
keycloak:
95-
condition: service_healthy
96-
networks:
9773
- keycloak
98-
99-
volumes:
100-
postgres_data:
101-
102-
networks:
103-
keycloak:

docker-run-tests.sh

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,8 +39,36 @@ runReport()
3939
node "${NODEJS_BASE_DIR}/run-report.js"
4040
}
4141

42+
# Poll until Keycloak answers before configuring it. In the fully-containerized
43+
# stack Keycloak is already up (compose depends_on: service_healthy), so this
44+
# returns immediately; in the live-site stack (host networking, no healthcheck
45+
# gate) this is what actually waits for Keycloak to come up.
46+
waitForKeycloak()
47+
{
48+
echo "Waiting for Keycloak at ${KEYCLOAK_LOCALHOST_BASE_URL} ..."
49+
local i=0
50+
local max=60
51+
local code
52+
while [ $i -lt $max ];
53+
do
54+
code=$(curl -s -o /dev/null -w '%{http_code}' \
55+
"${KEYCLOAK_LOCALHOST_BASE_URL}/realms/master/.well-known/openid-configuration" || true)
56+
if [ "${code}" = "200" ];
57+
then
58+
echo "Keycloak is ready."
59+
return 0
60+
fi
61+
i=$((i + 1))
62+
sleep 3
63+
done
64+
echo "ERROR: Keycloak did not become ready at ${KEYCLOAK_LOCALHOST_BASE_URL} within timeout." >&2
65+
exit 1
66+
}
67+
4268
init
4369
check_return_code $?
70+
waitForKeycloak
71+
check_return_code $?
4472
configureKeycloak
4573
check_return_code $?
4674
runReport

0 commit comments

Comments
 (0)