changes to tls-mode from default to prefer and update test cases (#152) #348
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
# Triggers the workflow on push or pull request events but only for the main branch | |
push: | |
branches: [ master ] | |
pull_request: | |
branches: [ master ] | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
env: | |
V_HOST: localhost | |
V_PORT: 5433 | |
V_USER: dbadmin | |
V_DATABASE: VMart | |
KC_REALM: test | |
KC_USER: oauth_user | |
KC_PASSWORD: password | |
KC_CLIENT_ID: vertica | |
KC_CLIENT_SECRET: P9f8350QQIUhFfK1GF5sMhq4Dm3P6Sbs | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
#os: [ubuntu-latest, windows-latest, macos-latest] | |
# let's make it a little bit simple for now | |
# current minimal version will be 12. | |
# TODO: investigate the multipe version matrix with single Vertica instance | |
node: ['12', '14', '16', '18', '20'] | |
os: [ubuntu-latest] | |
name: Node.js ${{ matrix.node }} (${{ matrix.os }}) | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v4 | |
- name: Setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node }} | |
cache: yarn | |
- name: build | |
run: yarn | |
- name: boostrap | |
run: yarn lerna bootstrap | |
- name: Set up a Keycloak docker container | |
timeout-minutes: 5 | |
run: | | |
docker network create -d bridge my-network | |
docker run -d -p 8080:8080 \ | |
--name keycloak --network my-network \ | |
-e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin \ | |
quay.io/keycloak/keycloak:23.0.4 start-dev | |
docker container ls | |
- name: Setup Vertica server docker container | |
timeout-minutes: 15 | |
run: | | |
docker run -d -p 5433:5433 -p 5444:5444 \ | |
--mount type=volume,source=vertica-data,target=/data \ | |
--name vertica_ce --network my-network \ | |
opentext/vertica-ce:24.3.0-2 | |
echo "Vertica startup ..." | |
until docker exec vertica_ce test -f /data/vertica/VMart/agent_start.out; do \ | |
echo "..."; \ | |
sleep 3; \ | |
done; | |
echo "Vertica is up" | |
docker exec -u dbadmin vertica_ce /opt/vertica/bin/vsql -c "\l" | |
docker exec -u dbadmin vertica_ce /opt/vertica/bin/vsql -c "select version()" | |
- name: Configure Keycloak | |
run: | | |
echo "Wait for keycloak ready ..." | |
bash -c 'while true; do curl -s localhost:8080 &>/dev/null; ret=$?; [[ $ret -eq 0 ]] && break; echo "..."; sleep 3; done' | |
docker exec -i keycloak /bin/bash <<EOF | |
/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin --password admin | |
/opt/keycloak/bin/kcadm.sh create realms -s realm=${KC_REALM} -s enabled=true | |
/opt/keycloak/bin/kcadm.sh update realms/${KC_REALM} -s accessTokenLifespan=3600 | |
/opt/keycloak/bin/kcadm.sh get realms/${KC_REALM} | |
/opt/keycloak/bin/kcadm.sh create users -r ${KC_REALM} -s username=${KC_USER} -s enabled=true | |
/opt/keycloak/bin/kcadm.sh set-password -r ${KC_REALM} --username ${KC_USER} --new-password ${KC_PASSWORD} | |
/opt/keycloak/bin/kcadm.sh get users -r ${KC_REALM} | |
/opt/keycloak/bin/kcadm.sh create clients -r ${KC_REALM} -s clientId=${KC_CLIENT_ID} -s enabled=true \ | |
-s 'redirectUris=["/*"]' -s 'webOrigins=["/*"]' -s secret=${KC_CLIENT_SECRET} -s directAccessGrantsEnabled=true -o | |
EOF | |
# Retrieving an Access Token | |
curl --location --request POST http://`hostname`:8080/realms/${KC_REALM}/protocol/openid-connect/token \ | |
--header 'Content-Type: application/x-www-form-urlencoded' \ | |
--data-urlencode "username=${KC_USER}" \ | |
--data-urlencode "password=${KC_PASSWORD}" \ | |
--data-urlencode "client_id=${KC_CLIENT_ID}" \ | |
--data-urlencode "client_secret=${KC_CLIENT_SECRET}" \ | |
--data-urlencode 'grant_type=password' -o oauth.json | |
cat oauth.json | python3 -c 'import json,sys;obj=json.load(sys.stdin);print(obj["access_token"])' > access_token.txt | |
docker exec -u dbadmin vertica_ce /opt/vertica/bin/vsql -c "CREATE AUTHENTICATION v_oauth METHOD 'oauth' HOST '0.0.0.0/0';" | |
docker exec -u dbadmin vertica_ce /opt/vertica/bin/vsql -c "ALTER AUTHENTICATION v_oauth SET client_id = '${KC_CLIENT_ID}';" | |
docker exec -u dbadmin vertica_ce /opt/vertica/bin/vsql -c "ALTER AUTHENTICATION v_oauth SET client_secret = '${KC_CLIENT_SECRET}';" | |
docker exec -u dbadmin vertica_ce /opt/vertica/bin/vsql -c "ALTER AUTHENTICATION v_oauth SET discovery_url = 'http://`hostname`:8080/realms/${KC_REALM}/.well-known/openid-configuration';" | |
docker exec -u dbadmin vertica_ce /opt/vertica/bin/vsql -c "ALTER AUTHENTICATION v_oauth SET introspect_url = 'http://`hostname`:8080/realms/${KC_REALM}/protocol/openid-connect/token/introspect';" | |
docker exec -u dbadmin vertica_ce /opt/vertica/bin/vsql -c "SELECT * FROM client_auth WHERE auth_name='v_oauth';" | |
docker exec -u dbadmin vertica_ce /opt/vertica/bin/vsql -c "CREATE USER ${KC_USER};" | |
docker exec -u dbadmin vertica_ce /opt/vertica/bin/vsql -c "GRANT AUTHENTICATION v_oauth TO ${KC_USER};" | |
docker exec -u dbadmin vertica_ce /opt/vertica/bin/vsql -c "GRANT ALL ON SCHEMA PUBLIC TO ${KC_USER};" | |
# A dbadmin-specific authentication record (connect remotely) is needed after setting up an OAuth user | |
docker exec -u dbadmin vertica_ce /opt/vertica/bin/vsql -c "CREATE AUTHENTICATION v_dbadmin_hash METHOD 'hash' HOST '0.0.0.0/0';" | |
docker exec -u dbadmin vertica_ce /opt/vertica/bin/vsql -c "ALTER AUTHENTICATION v_dbadmin_hash PRIORITY 10000;" | |
docker exec -u dbadmin vertica_ce /opt/vertica/bin/vsql -c "GRANT AUTHENTICATION v_dbadmin_hash TO dbadmin;" | |
- name: test-v-connection-string | |
if: always() | |
run: | | |
cd packages/v-connection-string | |
yarn test | |
- name: test-v-pool | |
if: always() | |
run: | | |
cd packages/v-pool | |
yarn test | |
- name: test-v-protocol | |
if: always() | |
run: | | |
cd packages/v-protocol | |
yarn test | |
- name: test-vertica-nodejs | |
if: always() | |
run: | | |
export VTEST_OAUTH_ACCESS_TOKEN=`cat access_token.txt` | |
cd packages/vertica-nodejs | |
yarn test |