FEAT: test integration

.github/workflows/ci.yaml

@@ -8,22 +8,12 @@ on:
   pull_request:
     types: [opened, synchronize, reopened]
 env:
-  OS_AUTH_URL: ${{ secrets.OS_AUTH_URL }}
-  OS_USERNAME: ${{ secrets.OS_USERNAME }}
-  OS_PASSWORD: ${{ secrets.OS_PASSWORD }}
-  OS_DOMAIN_ID: ${{ secrets.OS_DOMAIN_ID }}
-  OS_DOMAIN_NAME: ${{ secrets.OS_DOMAIN_NAME }}
-  OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
-  OS_APPLICATION_CREDENTIAL_NAME: ${{ secrets.OS_APPLICATION_CREDENTIAL_NAME }}
-  OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
-  OS_PROJECT_NAME: ${{ secrets.OS_PROJECT_NAME }}
-  OS_CLOUD: ${{ secrets.OS_CLOUD }}
-  TEST_ZONE_NAME: ${{ secrets.TEST_ZONE_NAME }}
   REGISTRY: ${{ secrets.REGISTRY }}
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
   SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
   DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
   DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+
 jobs:
   build:
     name: Build
@@ -75,18 +65,27 @@ jobs:
           name: binaries
           path: out
           if-no-files-found: error
-      - name: active test
-        if: "${{ env.OS_AUTH_URL != '' }}"
-        run: echo "run_test=true" >> "$GITHUB_OUTPUT"
 
   test:
-    if: needs.build.outputs.run_test == 'true'
     name: Test
     runs-on: ubuntu-latest
     needs: build
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+      - name:  Setup Go environment
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.21
+      - name: Cache vendor
+        uses: actions/cache@v4
+        env:
+          cache-name: cache-vendor
+        with:
+          path: vendor
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('go.mod') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
       - name: Prepare
         id: prep
         run: |
@@ -98,19 +97,28 @@ jobs:
           fi
           echo "tag=${TAG}" >> $GITHUB_OUTPUT
           echo "Build with tag=${TAG}"
-      - name: Cache vendor
-        uses: actions/cache@v4
-        env:
-          cache-name: cache-vendor
-        with:
-          path: vendor
-          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('go.mod') }}
-          restore-keys: |
-            ${{ runner.os }}-build-${{ env.cache-name }}-
+      - name: docker compose
+        shell: bash
+        run: |
+          pushd compose
+          docker compose up -d
+          popd
       - name: fetch hack
         shell: bash
         run: ./scripts/fetch-test-binaries.sh
       - name: test
+        env:
+          OS_PROJECT_DOMAIN_NAME: Default
+          OS_USER_DOMAIN_NAME: Default
+          OS_PROJECT_NAME: admin
+          OS_USERNAME: admin
+          OS_PASSWORD: password
+          OS_AUTH_URL: http://127.0.01:5000/v3/
+          OS_IDENTITY_API_VERSION: 3
+          OS_IMAGE_API_VERSION: 2
+          OS_CLOUD: designate
+          TEST_ZONE_NAME: example.com
+          TEST_DNS_SERVER: 127.0.0.1:1053
         shell: bash
         run: ./scripts/test.sh
       - name: Fix directory owner
@@ -120,6 +128,12 @@ jobs:
           if [ -d vendor ]; then
             sudo chown -R $USER vendor
           fi
+      - name: Stop containers
+        if: always()
+        run: |
+          pushd compose
+          docker compose down
+          popd
 
   sonarcloud:
     if: startsWith(github.ref, 'refs/heads/')
@@ -131,14 +145,15 @@ jobs:
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
       - name: SonarCloud Scan
-        uses: SonarSource/sonarcloud-github-action@master
+        uses: SonarSource/sonarcloud-github-action@v2.1.1
       # Directory created with a docker run having user root
       - name: Prepare SonarCloud
         shell: bash
         run: sudo chown -R $USER .scannerwork
+
   deploy:
     if: startsWith(github.ref, 'refs/tags/v')
-    needs: build
+    needs: test
     name: Deploy
     runs-on: ubuntu-latest
     steps:

.gitignore

@@ -7,3 +7,4 @@ testcertificate.yaml
 .env
 
 .secrets
+*.key

compose/README.md

@@ -0,0 +1,5 @@
+# Test environment
+
+This directory contains every to create a subset of openstack to test the cert-manager web hook.
+
+It use docker compose and create a local named server target by the designate component.

compose/bind9/Dockerfile

@@ -0,0 +1,11 @@
+FROM ubuntu/bind9
+
+RUN export DEBIAN_FRONTEND=noninteractive ; \
+	apt update ; \
+	apt upgrade -y ; \
+	apt install dnsutils -y; \
+	mkdir -p /var/log/named ; \
+	chown bind:bind /var/log/named
+
+COPY health-check.sh /usr/local/bin/health-check.sh
+COPY named.conf.options /etc/bind/named.conf.options

compose/bind9/README.md

@@ -0,0 +1,3 @@
+# Bind9
+
+Everything needed to create a custom image of bind9 for test locally

compose/bind9/build.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+CURDIR=$(dirname $0)
+
+docker buildx build --pull --platform linux/amd64,linux/arm64 --push -t fred78290/ubuntu-bind9:latest ${CURDIR}

compose/bind9/docker-entrypoint.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+export DEBIAN_FRONTEND=noninteractive
+
+if [ -n "${RNDC_KEY_B64}" ]; then
+	echo -n "${RNDC_KEY_B64}" | base64 -d > /etc/bind/rndc.key
+fi
+
+apt update
+apt upgrade -y
+apt install dnsutils -y
+
+mkdir -p /var/log/named
+chown bind:bind /var/log/named
+
+/usr/local/bin/docker-entrypoint.sh $@

compose/bind9/health-check.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/bin/dig +short +retry=0 @127.0.0.1 github.com >> /tmp/dig.log || exit 1

compose/bind9/named.conf.options

@@ -0,0 +1,45 @@
+include "/etc/bind/rndc.key";
+
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// Set the IP addresses of your ISP's DNS servers:
+	forwarders {
+		8.8.8.8;
+	};
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	allow-new-zones yes;
+	request-ixfr no;
+	listen-on port 53 { any; };
+	recursion yes;
+	allow-recursion { any; };
+	allow-transfer { any; };
+	allow-query { any; };
+};
+
+controls {
+	inet 0.0.0.0 port 953 allow { any; } keys { "rndc-key"; };
+};
+
+logging {
+	channel querylog {
+		file "/var/log/named/query.log" versions unlimited size 10m;
+		severity debug 3;
+	};
+};
+

compose/compose.yaml

@@ -0,0 +1,123 @@
+services:
+  named:
+    image: fred78290/ubuntu-bind9
+    container_name: named
+    hostname: named
+    healthcheck:
+      test: [ "CMD", "usr/local/bin/health-check.sh" ]
+      interval: 5s
+      timeout: 5s
+      retries: 10
+      start_period: 10s
+    ports:
+      - 1053:53/udp
+      - 1053:53/tcp
+      - 953:953
+      - 5354:5354
+    networks:
+      - local
+
+  mariadb:
+    image: mariadb
+    container_name: mariadb
+    hostname: mariadb
+    env_file:
+      - path: ./test.env
+        required: true
+    healthcheck:
+      test: [ "CMD", "healthcheck.sh", "--su-mysql", "--connect", "--innodb_initialized" ]
+      interval: 10s
+      retries: 3
+      timeout: 30s
+      start_period: 5s
+    ports:
+      - 3306:3306
+    volumes:
+      - ./mariadb:/docker-entrypoint-initdb.d
+    networks:
+      - local
+
+  rabbitmq:
+    image: rabbitmq
+    container_name: rabbitmq
+    hostname: rabbitmq
+    environment:
+      RABBITMQ_DEFAULT_USER: keystone
+      RABBITMQ_DEFAULT_PASS: password
+    healthcheck:
+      test: rabbitmq-diagnostics -q ping
+      interval: 10s
+      timeout: 10s
+      retries: 5
+      start_period: 5s
+    ports:
+      - 5672:5672
+    volumes:
+      - ./rabbitmq:/docker-entrypoint-initdb.d
+    networks:
+      - local
+
+  keystone:
+    image: fred78290/ubuntu-keystone
+    container_name: keystone
+    hostname: keystone
+    depends_on:
+      mariadb:
+        condition: service_healthy
+    env_file:
+      - path: test.env
+        required: true
+    healthcheck:
+      test: [ "CMD", "wget", "-q", "http://localhost:5000/v3/" ]
+      interval: 10s
+      timeout: 10s
+      retries: 5
+      start_period: 10s
+    ports:
+      - 5000:5000
+    networks:
+      - local
+
+  designate:
+    image: fred78290/ubuntu-designate
+    container_name: designate
+    hostname: designate
+    depends_on:
+      mariadb:
+        condition: service_healthy
+      rabbitmq:
+        condition: service_healthy
+      keystone:
+        condition: service_healthy
+      named:
+        condition: service_healthy
+    env_file:
+      - path: test.env
+        required: true
+    healthcheck:
+      test: [ "CMD", "wget", "-q", "http://localhost:9001/" ]
+      interval: 10s
+      timeout: 10s
+      retries: 10
+      start_period: 20s
+    ports:
+      - 9001:9001
+    networks:
+      - local
+
+  openstack-client:
+    image: fred78290/openstack-client
+    container_name: openstack-client
+    hostname: openstack-client
+    depends_on:
+      designate:
+        condition: service_healthy
+    env_file:
+      - path: test.env
+        required: true
+    command: [ "openstack", "zone", "create", "--email", "dnsmaster@example.com", "example.com." ]
+    networks:
+      - local
+
+networks:
+  local:

compose/designate/Dockerfile

@@ -0,0 +1,34 @@
+FROM ubuntu:jammy
+
+ENV DESIGNATE_USER=designate
+ENV DESIGNATE_PASSWORD=password
+ENV KEYSTONE_HOSTNAME=keystone
+ENV MARIADB_USER=designate
+ENV MARIADB_PASSWORD=password
+ENV MARIADB_SERVER=mariadb
+ENV RABBITMQ_DEFAULT_USER=rabbitmq
+ENV RABBITMQ_DEFAULT_PASS=password
+ENV RABBITMQ_HOSTNAME=rabbitmq
+ENV NAMED_HOSTNAME=named
+ENV NAMED_DNS_PORT=53
+ENV NAMED_RNDC_PORT=953
+ENV OS_PROJECT_DOMAIN_NAME=Default
+ENV OS_USER_DOMAIN_NAME=Default
+ENV OS_PROJECT_NAME=admin
+ENV OS_USERNAME=admin
+ENV OS_PASSWORD=password
+ENV OS_AUTH_URL=http://keystone:5000/v3/
+ENV OS_IDENTITY_API_VERSION=3
+ENV OS_IMAGE_API_VERSION=2
+
+RUN export DEBIAN_FRONTEND=noninteractive ; apt update ; \
+	apt upgrade -y ; \
+	apt install iproute2 net-tools dnsutils bind9utils designate designate-worker designate-producer designate-mdns -y; \
+	apt install -y python3-openstackclient
+
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+COPY designate.sh /usr/local/bin/designate.sh
+
+EXPOSE 9001
+
+ENTRYPOINT [ "/docker-entrypoint.sh" ]

compose/designate/README.md

@@ -0,0 +1,3 @@
+# Designate
+
+Everything needed to create a custom image of designate

compose/designate/build.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+CURDIR=$(dirname $0)
+
+docker buildx build --pull --platform linux/amd64,linux/arm64 --push -t fred78290/ubuntu-designate:latest ${CURDIR}