devel: mock oauth server

Add a mock oauth server for the devel stack in order to simulate the openshift sso offline_token
2021-11-11 19:55:26 +00:00 · 2021-11-11 19:55:26 +00:00 · 90e2fefc56
commit 90e2fefc56
parent 2b45ad8984
6 changed files with 38 additions and 6 deletions
--- a/devel/.env
+++ b/devel/.env
@ -3,3 +3,4 @@ CERT_DIR=./state/x509
 COMPOSER_CONFIG_DIR=./config/composer
 WORKER_CONFIG_DIR=./config/worker
 SPANDX_CONFIG=./config/spandx/local-frontend-and-api.js
+COMPOSER_OFFLINE_TOKEN=someOfflineToken
--- a/devel/config/composer/acl.yml
+++ b/devel/config/composer/acl.yml
@ -0,0 +1,4 @@
+## hack since oauth server is
+## using http
+- claim: typ
+  pattern: ^Bearer$
--- a/devel/config/composer/osbuild-composer.toml
+++ b/devel/config/composer/osbuild-composer.toml
@ -1,7 +1,16 @@
 [worker]
+request_job_timeout = "40s"
 allowed_domains = [ "localhost", "worker.osbuild.org" ]
+enable_mtls = false
+enable_jwt = true
+jwt_keys_url = "http://fauxauth:8888/certs"
+jwt_acl_file = "/etc/osbuild-composer/acl.yml"
 ca = "/etc/osbuild-composer/ca-crt.pem"

 [koji]
 allowed_domains = [ "client.osbuild.org" ]
+enable_mtls = false
+enable_jwt = true
+jwt_keys_url = "http://fauxauth:8888/certs"
+jwt_acl_file = "/etc/osbuild-composer/acl.yml"
 ca = "/etc/osbuild-composer/ca-crt.pem"
--- a/devel/config/worker/osbuild-worker.toml
+++ b/devel/config/worker/osbuild-worker.toml
@ -0,0 +1,3 @@
+[authentication]
+oauth_url = "http://fauxauth:8888/token"
+offline_token = "/etc/osbuild-worker/token"
--- a/devel/config/worker/token
+++ b/devel/config/worker/token
@ -0,0 +1 @@
+someOfflineToken
--- a/devel/docker-compose.yml
+++ b/devel/docker-compose.yml
@ -7,6 +7,7 @@ services:
      dockerfile: ./distribution/Dockerfile-ubi
    volumes:
      - ${COMPOSER_CONFIG_DIR}/osbuild-composer.toml:/etc/osbuild-composer/osbuild-composer.toml:z
+      - ${COMPOSER_CONFIG_DIR}/acl.yml:/etc/osbuild-composer/acl.yml:z
      - ${CERT_DIR}/ca-crt.pem:/etc/osbuild-composer/ca-crt.pem:z
      - ${CERT_DIR}/composer-crt.pem:/etc/osbuild-composer/composer-crt.pem:z
      - ${CERT_DIR}/composer-key.pem:/etc/osbuild-composer/composer-key.pem:z
@ -24,8 +25,8 @@ services:
    entrypoint: [ "/usr/libexec/osbuild-composer/osbuild-worker", "composer:8700" ]
    volumes:
      - ${CERT_DIR}/ca-crt.pem:/etc/osbuild-composer/ca-crt.pem:z
-      - ${CERT_DIR}/worker-crt.pem:/etc/osbuild-composer/worker-crt.pem:z
-      - ${CERT_DIR}/worker-key.pem:/etc/osbuild-composer/worker-key.pem:z
+      - ${WORKER_CONFIG_DIR}/osbuild-worker.toml:/etc/osbuild-worker/osbuild-worker.toml:z
+      - ${WORKER_CONFIG_DIR}/token:/etc/osbuild-worker/token:z
    environment:
      - CACHE_DIRECTORY=/var/cache/osbuild-composer
    cap_add:
@ -77,11 +78,11 @@ services:
      - PGDATABASE=postgres
      - PGUSER=postgres
      - PGPASSWORD=postgres
-      - OSBUILD_URL=https://composer:8080
+      - COMPOSER_URL=https://composer:8080
+      - COMPOSER_TOKEN_URL=http://fauxauth:8888/token
+      - COMPOSER_OFFLINE_TOKEN=${COMPOSER_OFFLINE_TOKEN}
+      - COMPOSER_CA_PATH=/etc/image-builder/ca-crt.pem
      - DISTRIBUTIONS_DIR=/app/distributions
-      - OSBUILD_CERT_PATH=/etc/image-builder/client-crt.pem
-      - OSBUILD_KEY_PATH=/etc/image-builder/client-key.pem
-      - OSBUILD_CA_PATH=/etc/image-builder/ca-crt.pem
      - QUOTA_FILE=/config/quotas.json
    networks:
      net:
@ -148,6 +149,19 @@ services:
        ipv4_address: 172.31.0.80
    environment:
      - GF_SECURITY_ADMIN_PASSWORD=foobar
+  fauxauth:
+    image: local/osbuild-fauxauth
+    build:
+      context: ../../osbuild-composer
+      dockerfile: ./distribution/Dockerfile-fauxauth
+    entrypoint: [ "/opt/fauxauth.py", "-a", "0.0.0.0", "-p", "8888" ]
+    volumes:
+      - ${CERT_DIR}/:/etc/osbuild-composer/:z
+    ports:
+      - "8888:8888"
+    networks:
+      net:
+        ipv4_address: 172.31.0.90
 networks:
  net:
    ipam: