24c52c8d69
Extend the implementation of mock openid server to take the `grant_type` into consideration for the `/token` endpoint. In addition to the previously supported `refresh_topen`, the implementation now supports also `client_credentials`. This is necessary to make it possible to use the mock server in the `koji-osbuild` CI, because the builder plugin uses `client_credentials` to get access token. The implementation behaves in the following way: - For `refresh_token` grant type, it takes the `refresh_token` value from the request and adds it to the `rh-org-id` field in the custom claim, which is part of the returned token. - For `client_credentials` grant type, it takes the `client_secret` value from the request and adds it to the `rh-org-id` field in the custom claim, which is part of the returned token. Requests without the supported `grant_type` set are rejected. Modify affected test cases to specify `grant_type` when fetching a new access token.
92 lines
2.7 KiB
Bash
92 lines
2.7 KiB
Bash
#!/usr/bin/bash
|
|
|
|
# Reusable function, which waits for a given host to respond to SSH
|
|
function _instanceWaitSSH() {
|
|
local HOST="$1"
|
|
|
|
for LOOP_COUNTER in {0..30}; do
|
|
if ssh-keyscan "$HOST" > /dev/null 2>&1; then
|
|
echo "SSH is up!"
|
|
ssh-keyscan "$HOST" | sudo tee -a /root/.ssh/known_hosts
|
|
break
|
|
fi
|
|
echo "Retrying in 5 seconds... $LOOP_COUNTER"
|
|
sleep 5
|
|
done
|
|
}
|
|
|
|
function _instanceCheck() {
|
|
echo "✔️ Instance checking"
|
|
local _ssh="$1"
|
|
|
|
# Check if postgres is installed
|
|
$_ssh rpm -q postgresql dummy
|
|
|
|
# Verify subscribe status. Loop check since the system may not be registered such early(RHEL only)
|
|
if [[ "$ID" == "rhel" ]]; then
|
|
set +eu
|
|
for LOOP_COUNTER in {1..10}; do
|
|
subscribe_org_id=$($_ssh sudo subscription-manager identity | grep 'org ID')
|
|
if [[ "$subscribe_org_id" == "org ID: $API_TEST_SUBSCRIPTION_ORG_ID" ]]; then
|
|
echo "System is subscribed."
|
|
break
|
|
else
|
|
echo "System is not subscribed. Retrying in 30 seconds...($LOOP_COUNTER/10)"
|
|
sleep 30
|
|
fi
|
|
done
|
|
set -eu
|
|
[[ "$subscribe_org_id" == "org ID: $API_TEST_SUBSCRIPTION_ORG_ID" ]]
|
|
|
|
# Unregister subscription
|
|
$_ssh sudo subscription-manager unregister
|
|
else
|
|
echo "Not RHEL OS. Skip subscription check."
|
|
fi
|
|
}
|
|
|
|
WORKER_REFRESH_TOKEN_PATH="/etc/osbuild-worker/token"
|
|
|
|
# Fetch a JWT token.
|
|
# The token is fetched using the refresh token configured in the worker.
|
|
function access_token {
|
|
local refresh_token
|
|
refresh_token="$(cat $WORKER_REFRESH_TOKEN_PATH)"
|
|
access_token_with_org_id "$refresh_token"
|
|
}
|
|
|
|
# Fetch a JWT token.
|
|
# The token is fetched using the refresh token provided as an argument.
|
|
function access_token_with_org_id {
|
|
local refresh_token="$1"
|
|
curl --request POST \
|
|
--data "grant_type=refresh_token" \
|
|
--data "refresh_token=$refresh_token" \
|
|
--header "Content-Type: application/x-www-form-urlencoded" \
|
|
--silent \
|
|
--show-error \
|
|
--fail \
|
|
localhost:8081/token | jq -r .access_token
|
|
}
|
|
|
|
# Get the compose status using a JWT token.
|
|
# The token is fetched using the refresh token configured in the worker.
|
|
function compose_status {
|
|
local compose="$1"
|
|
local refresh_token
|
|
refresh_token="$(cat $WORKER_REFRESH_TOKEN_PATH)"
|
|
compose_status_with_org_id "$compose" "$refresh_token"
|
|
}
|
|
|
|
# Get the compose status using a JWT token.
|
|
# The token is fetched using the refresh token provided as the second argument.
|
|
function compose_status_with_org_id {
|
|
local compose="$1"
|
|
local refresh_token="$2"
|
|
curl \
|
|
--silent \
|
|
--show-error \
|
|
--fail \
|
|
--header "Authorization: Bearer $(access_token_with_org_id "$refresh_token")" \
|
|
"http://localhost:443/api/image-builder-composer/v2/composes/$compose"
|
|
}
|