Skip to content
This repository has been archived by the owner on Feb 12, 2024. It is now read-only.

Commit

Permalink
Restore safetyValve and singleUser when not using LDAP or OIDC (#212)
Browse files Browse the repository at this point in the history 
* Fix NOTES.txt suitable for the default ClusterIP service
* Add test to confirm persistent storage works (with possible fixes)
* Add test to confirm LDAP works (with possible fixes)
* Add test to confirm OIDC works (with possible fixes)
* Adjust github workflow definition to run in master branch too
  • Loading branch information
@wknickless
wknickless authored Jan 10, 2022
1 parent 2dcd708 commit cb3f5c0
Show file tree
Hide file tree
Showing 31 changed files with 801 additions and 352 deletions.
56 changes: 56 additions & 0 deletions .github/workflows/test-ldap.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
name: Test-LDAP

on:
push:
pull_request:

jobs:
test-ldap:
name: Test NiFi Helm Chart LDAP
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v1
- name: Setup Minikube
uses: manusa/actions-setup-minikube@v2.4.1
with:
minikube version: 'v1.20.0'
kubernetes version: 'v1.20.2'
- name: Checkout code
uses: actions/checkout@v1
- name: Install dependencies
run: |
sudo apt-get install -y jq
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add dysnix https://dysnix.github.io/charts/
helm repo update
helm dep up
- name: Install openldap
run: |
kubectl apply -f tests/03-ldap
kubectl wait --for=condition=Ready pod --selector=app.kubernetes.io/name=openldap --timeout=5m
- name: Install Nifi
run: helm install nifi . -f tests/03-ldap-values.yaml
- name: Check deployment status
run: kubectl wait --for=condition=Ready pod/nifi-0 --timeout=20m
- name: Wait for NiFi web server to start
run: |
for n in [ 0 1 2 3 4 5 6 7 8 9 ]
do
if kubectl logs pod/nifi-0 -c app-log | grep 'JettyServer NiFi has started'
then
exit 0
fi
sleep 30
done
echo NiFi did not start for 300 seconds!
exit 1
- name: Check that LDAP login works
run: |
kubectl exec nifi-0 -c server -- curl -d username=user1 -d password=password1 -sk https://localhost:8443/nifi-api/access/token | \
grep -v 'The supplied username and password are not valid.'
- name: Check that LDAP incorrect password fails
run: |
kubectl exec nifi-0 -c server -- curl -d username=user1 -d password=password2 -sk https://localhost:8443/nifi-api/access/token | \
grep 'The supplied username and password are not valid.'
59 changes: 59 additions & 0 deletions .github/workflows/test-oidc.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
name: Test-OIDC

on:
push:
pull_request:

jobs:
test-oidc:
name: Test NiFi Helm Chart OIDC
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v1
- name: Setup Minikube
uses: manusa/actions-setup-minikube@v2.4.1
with:
minikube version: 'v1.20.0'
kubernetes version: 'v1.20.2'
- name: Checkout code
uses: actions/checkout@v1
- name: Install dependencies
run: |
sudo apt-get install -y jq
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add dysnix https://dysnix.github.io/charts/
helm repo update
helm dep up
- name: Install test framework components
run: |
kubectl apply -f tests/04-oidc-test-framework
kubectl create configmap 04-oidc-login-test --from-file=tests/04-oidc-login-test.js
kubectl wait --for=condition=Ready pod/browserless-0 --timeout=5m
kubectl wait --for=condition=Ready pod/keycloak-0 --timeout=5m
kubectl wait --for=condition=Ready pod/socks5-0 --timeout=5m
tests/04-oidc-keycloak-setup.bash
- name: Install Nifi
run: helm install nifi . -f tests/04-oidc-values.yaml
- name: Check deployment status
run: kubectl wait --for=condition=Ready pod/nifi-0 --timeout=20m
- name: Wait for NiFi web server to start
run: |
for n in [ 0 1 2 3 4 5 6 7 8 9 ]
do
if kubectl logs pod/nifi-0 -c app-log | grep 'JettyServer NiFi has started'
then
exit 0
fi
sleep 30
done
echo NiFi did not start for 300 seconds!
exit 1
- name: Check that OIDC login works
run: |
kubectl apply -f tests/04-oidc-mocha-job.yaml
while ! kubectl logs -f job/oidc-mocha
do
sleep 5
done
kubectl get job/oidc-mocha -o json | jq -e -r '.status.succeeded == 1'
140 changes: 140 additions & 0 deletions .github/workflows/test-persistence.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,140 @@
name: Test-Persistence

on:
push:
pull_request:

jobs:
test-persistence:
name: Test NiFi Helm Chart Persistence
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v1
- name: Setup Minikube
uses: manusa/actions-setup-minikube@v2.4.1
with:
minikube version: 'v1.20.0'
kubernetes version: 'v1.20.2'
- name: Checkout code
uses: actions/checkout@v1
- name: Install dependencies
run: |
sudo apt-get install -y jq
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add dysnix https://dysnix.github.io/charts/
helm repo update
helm dep up
- name: Install Nifi
run: helm install nifi . -f tests/02-persistence-enabled-values.yaml
- name: Check deployment status
run: kubectl wait --for=condition=Ready pod/nifi-0 --timeout=20m
- name: Get First .processGroupFlow.uri
id: first-pgfuri
run: |
for n in [ 0 1 2 3 4 5 6 7 8 9 ]
do
if NIFI_ACCESS_TOKEN=$(kubectl exec nifi-0 -c server -- curl -d username=username -d password=changemechangeme -sk https://localhost:8443/nifi-api/access/token)
then
PGFURI=$(kubectl exec nifi-0 -c server -- curl -H "Authorization: Bearer $NIFI_ACCESS_TOKEN" -sk https://localhost:8443/nifi-api/flow/process-groups/root | jq --raw-output .processGroupFlow.uri)
echo "::set-output name=PGFURI::$PGFURI"
exit 0
fi
sleep 30
done
echo NiFi did not provide an access token for 300 seconds!
exit 1
- name: Delete chart
run: |
helm delete nifi
kubectl wait --for=delete pod/nifi-0 --timeout=120s
- name: Install NiFi
run: helm install nifi . -f tests/02-persistence-enabled-values.yaml
- name: Check deployment status
run: kubectl wait --for=condition=Ready pod/nifi-0 --timeout=20m
- name: Get Second .processGroupFlow.uri
id: second-pgfuri
run: |
for n in [ 0 1 2 3 4 5 6 7 8 9 ]
do
if NIFI_ACCESS_TOKEN=$(kubectl exec nifi-0 -c server -- curl -d username=username -d password=changemechangeme -sk https://localhost:8443/nifi-api/access/token)
then
PGFURI=$(kubectl exec nifi-0 -c server -- curl -H "Authorization: Bearer $NIFI_ACCESS_TOKEN" -sk https://localhost:8443/nifi-api/flow/process-groups/root | jq --raw-output .processGroupFlow.uri)
echo "::set-output name=PGFURI::$PGFURI"
exit 0
fi
sleep 30
done
echo NiFi did not provide an access token for 300 seconds!
exit 1
- name: Compare 2 x root processGroupFlow .processGroupFlow.uri
run: |
echo Should be the same if persistence is enabled
test ${{ steps.first-pgfuri.outputs.PGFURI }} = ${{ steps.second-pgfuri.outputs.PGFURI }}
test-non-persistence:
name: Test NiFi Helm Chart Non-Persistence
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v1
- name: Setup Minikube
uses: manusa/actions-setup-minikube@v2.4.1
with:
minikube version: 'v1.20.0'
kubernetes version: 'v1.20.2'
- name: Checkout code
uses: actions/checkout@v1
- name: Install dependencies
run: |
sudo apt-get install -y jq
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add dysnix https://dysnix.github.io/charts/
helm repo update
helm dep up
- name: Install Nifi
run: helm install nifi . -f tests/02-persistence-disabled-values.yaml
- name: Check deployment status
run: kubectl wait --for=condition=Ready pod/nifi-0 --timeout=20m
- name: Get First .processGroupFlow.uri
id: first-pgfuri
run: |
for n in [ 0 1 2 3 4 5 6 7 8 9 ]
do
if NIFI_ACCESS_TOKEN=$(kubectl exec nifi-0 -c server -- curl -d username=username -d password=changemechangeme -sk https://localhost:8443/nifi-api/access/token)
then
PGFURI=$(kubectl exec nifi-0 -c server -- curl -H "Authorization: Bearer $NIFI_ACCESS_TOKEN" -sk https://localhost:8443/nifi-api/flow/process-groups/root | jq --raw-output .processGroupFlow.uri)
echo "::set-output name=PGFURI::$PGFURI"
exit 0
fi
sleep 30
done
echo NiFi did not provide an access token for 300 seconds!
exit 1
- name: Delete chart
run: |
helm delete nifi
kubectl wait --for=delete pod/nifi-0 --timeout=120s
- name: Install NiFi
run: helm install nifi . -f tests/02-persistence-disabled-values.yaml
- name: Check deployment status
run: kubectl wait --for=condition=Ready pod/nifi-0 --timeout=20m
- name: Get Second .processGroupFlow.uri
id: second-pgfuri
run: |
for n in [ 0 1 2 3 4 5 6 7 8 9 ]
do
if NIFI_ACCESS_TOKEN=$(kubectl exec nifi-0 -c server -- curl -d username=username -d password=changemechangeme -sk https://localhost:8443/nifi-api/access/token)
then
PGFURI=$(kubectl exec nifi-0 -c server -- curl -H "Authorization: Bearer $NIFI_ACCESS_TOKEN" -sk https://localhost:8443/nifi-api/flow/process-groups/root | jq --raw-output .processGroupFlow.uri)
echo "::set-output name=PGFURI::$PGFURI"
exit 0
fi
sleep 30
done
echo NiFi did not provide an access token for 300 seconds!
exit 1
- name: Compare 2 x root processGroupFlow .processGroupFlow.uri
run: |
echo Should not be the same if persistence is not enabled
test ${{ steps.first-pgfuri.outputs.PGFURI }} != ${{ steps.second-pgfuri.outputs.PGFURI }}
16 changes: 12 additions & 4 deletions .github/workflows/test-safetyvalve.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,7 @@ name: Test-SafetyValve

on:
push:
branches:
- patch/properties-no-ldap-oidc
pull_request:
branches:
- patch/properties-no-ldap-oidc

jobs:
test-safetyvalve:
Expand Down Expand Up @@ -36,6 +32,18 @@ jobs:
run: helm install nifi . -f tests/01-safetyValve-values.yaml
- name: Check deployment status
run: kubectl wait --for=condition=Ready pod/nifi-0 --timeout=20m
- name: Wait for NiFi web server to start
run: |
for n in [ 0 1 2 3 4 5 6 7 8 9 ]
do
if kubectl logs pod/nifi-0 -c app-log | grep 'JettyServer NiFi has started'
then
exit 0
fi
sleep 30
done
echo NiFi did not start for 300 seconds!
exit 1
- name: Check safetyValve content is correct
run: |
NPFP=$(kubectl exec pod/nifi-0 -c server -- ps auxww | \
Expand Down
56 changes: 56 additions & 0 deletions .github/workflows/test-singleuser.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
name: Test-SingleUser

on:
push:
pull_request:

jobs:
test-singleuser:
name: Test NiFi Helm Chart Single User
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v1
- name: Setup Minikube
uses: manusa/actions-setup-minikube@v2.4.1
with:
minikube version: 'v1.20.0'
kubernetes version: 'v1.20.2'
- name: Checkout code
uses: actions/checkout@v1
- name: Install dependencies
run: |
sudo apt-get install -y jq
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add dysnix https://dysnix.github.io/charts/
helm repo update
helm dep up
- name: Install openldap
run: |
kubectl apply -f tests/03-ldap
kubectl wait --for=condition=Ready pod --selector=app.kubernetes.io/name=openldap --timeout=5m
- name: Install Nifi
run: helm install nifi .
- name: Check deployment status
run: kubectl wait --for=condition=Ready pod/nifi-0 --timeout=20m
- name: Wait for NiFi web server to start
run: |
for n in [ 0 1 2 3 4 5 6 7 8 9 ]
do
if kubectl logs pod/nifi-0 -c app-log | grep 'JettyServer NiFi has started'
then
exit 0
fi
sleep 30
done
echo NiFi did not start for 300 seconds!
exit 1
- name: Check that singleUser login works
run: |
kubectl exec nifi-0 -c server -- curl -d username=username -d password=changemechangeme -sk https://localhost:8443/nifi-api/access/token | \
grep -v 'The supplied username and password are not valid.'
- name: Check that singleUser incorrect password fails
run: |
kubectl exec nifi-0 -c server -- curl -d username=username -d password=donotchangeme -sk https://localhost:8443/nifi-api/access/token | \
grep 'The supplied username and password are not valid.'
2 changes: 1 addition & 1 deletion Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
apiVersion: v2
name: nifi
version: 1.0.3
version: 1.0.4
appVersion: 1.14.0
description: Apache NiFi is a software project from the Apache Software Foundation designed to automate the flow of data between software systems.
keywords:
Expand Down
7 changes: 4 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,9 +139,10 @@ The following table lists the configurable parameters of the nifi chart and the
| **Oidc authentication**
| `auth.oidc.enabled` | Enable User auth via oidc | `false` |
| `auth.oidc.discoveryUrl` | oidc discover url | `https://<provider>/.well-known/openid-configuration` |
| `auth.oidc.clientId` | oidc clientId | `nil` |
| `auth.oidc.clientSecret` | oidc clientSecret | `nil` |
| `auth.oidc.claimIdentifyingUser` | oidc claimIdentifyingUser | `email` |
| `auth.oidc.clientId` | oidc clientId | `nil` |
| `auth.oidc.clientSecret` | oidc clientSecret | `nil` |
| `auth.oidc.claimIdentifyingUser` | oidc claimIdentifyingUser | `email` |
| `auth.oidc.admin` | Default OIDC admin identity | `nifi@example.com` |
| **postStart** |
| `postStart` | Include additional libraries in the Nifi containers by using the postStart handler | `nil` |
| **Headless Service** |
Expand Down
Loading

0 comments on commit cb3f5c0

Please sign in to comment.