Merge pull request #11851 from owncloud/test/run-api-sharingNgLinkShare-suite-in-k8

[tests-only][full-ci] Test: Run sharingNgLinkShare suite in K8s

.drone.star

@@ -208,6 +208,7 @@ config = {
                 "apiSharingNgLinkShareManagement",
             ],
             "skip": False,
+            "k8s": True,
             "withRemotePhp": [False],
         },
         "antivirus": {
@@ -1119,7 +1120,7 @@ def localApiTestPipeline(ctx):
                                      ([] if run_on_k8s else restoreBuildArtifactCache(ctx, "ocis-binary-amd64", "ocis/bin")) +
                                      (tikaService() if params["tikaNeeded"] and not run_on_k8s else tikaServiceK8s() if params["tikaNeeded"] and run_on_k8s else []) +
                                      (waitForServices("online-offices", ["collabora:9980", "onlyoffice:443", "fakeoffice:8080"]) if params["collaborationServiceNeeded"] else []) +
-                                     (waitK3sCluster() + (enableAntivirusServiceK8s() if params["antivirusNeeded"] and run_on_k8s else []) + (emailServiceK8s() if params["emailNeeded"] and run_on_k8s else []) + deployOcis() + waitForOcis(ocis_url = ocis_url) + ociswrapper() + waitForOciswrapper() if run_on_k8s else ocisServer(storage, extra_server_environment = params["extraServerEnvironment"], with_wrapper = True, tika_enabled = params["tikaNeeded"], volumes = ([stepVolumeOcisStorage]))) +
+                                     (waitK3sCluster() + (enableAntivirusServiceK8s() if params["antivirusNeeded"] and run_on_k8s else []) + (emailServiceK8s() if params["emailNeeded"] and run_on_k8s else []) + prepareOcisDeployment(name) + setupOcisConfigMaps(name) + deployOcis() + waitForOcis(ocis_url = ocis_url) + ociswrapper() + waitForOciswrapper() if run_on_k8s else ocisServer(storage, extra_server_environment = params["extraServerEnvironment"], with_wrapper = True, tika_enabled = params["tikaNeeded"], volumes = ([stepVolumeOcisStorage]))) +
                                      (waitForClamavService() if params["antivirusNeeded"] and not run_on_k8s else exposeAntivirusServiceK8s() if params["antivirusNeeded"] and run_on_k8s else []) +
                                      (waitForEmailService() if params["emailNeeded"] and not run_on_k8s else exposeEmailServiceK8s() if params["emailNeeded"] and run_on_k8s else []) +
                                      (ocisServer(storage, deploy_type = "federation", extra_server_environment = params["extraServerEnvironment"]) if params["federationServer"] else []) +
@@ -1421,7 +1422,7 @@ def coreApiTestPipeline(ctx):
                                  (tikaService() if params["tikaNeeded"] else []) +
                                  (waitForClamavService() if params["antivirusNeeded"] else []) +
                                  (waitForEmailService() if params["emailNeeded"] else []) +
-                                 (waitK3sCluster() + deployOcis() + waitForOcis(ocis_url = ocis_url) + ociswrapper() + waitForOciswrapper() if run_on_k8s else ocisServer(storage, extra_server_environment = params["extraServerEnvironment"], with_wrapper = True, tika_enabled = params["tikaNeeded"], volumes = ([stepVolumeOcisStorage]))) +
+                                 (waitK3sCluster() + prepareOcisDeployment(name) + setupOcisConfigMaps(name) + deployOcis() + waitForOcis(ocis_url = ocis_url) + ociswrapper() + waitForOciswrapper() if run_on_k8s else ocisServer(storage, extra_server_environment = params["extraServerEnvironment"], with_wrapper = True, tika_enabled = params["tikaNeeded"], volumes = ([stepVolumeOcisStorage]))) +
                                  [
                                      {
                                          "name": "run-api-tests",
@@ -3823,20 +3824,67 @@ def waitK3sCluster():
         ],
     }]
 
+def prepareOcisDeployment(suite_name = ""):
+    commands = [
+        "make -C %s build" % dirs["ocisWrapper"],
+        "mv %s/tests/config/drone/k8s/values.yaml %s/ocis-charts/charts/ocis/ci/deployment-values.yaml" % (dirs["base"], dirs["base"]),
+        "cp -r %s/tests/config/drone/k8s/authbasic %s/ocis-charts/charts/ocis/templates/" % (dirs["base"], dirs["base"]),
+        "cd %s/ocis-charts" % dirs["base"],
+        "sed -i '/{{- define \"ocis.basicServiceTemplates\" -}}/a\\\\  {{- $_ := set .scope \"appNameAuthBasic\" \"authbasic\" -}}' ./charts/ocis/templates/_common/_tplvalues.tpl",
+        "sed -i '/- name: IDM_ADMIN_PASSWORD/{n;N;N;N;d;}' ./charts/ocis/templates/idm/deployment.yaml",
+        "sed -i '/- name: IDM_ADMIN_PASSWORD/a\\\\\\n              value: \"admin\"' ./charts/ocis/templates/idm/deployment.yaml",
+        "sed -i '/- name: PROXY_HTTP_ADDR/i\\\\            - name: PROXY_ENABLE_BASIC_AUTH\\\n              value: \"true\"' ./charts/ocis/templates/proxy/deployment.yaml",
+    ]
+
+    # Only add banned password patches for sharingNgLinkShare suite
+    if suite_name == "sharingNgLinkShare":
+        commands.extend([
+            # Patch sharing deployment for banned password list
+            "sed -i 's|/etc/ocis/sharing-banned-passwords.txt|/etc/ocis/config/drone/banned-password-list.txt|' ./charts/ocis/templates/sharing/deployment.yaml",
+            "sed -i 's|- name: configs|- name: banned-passwords|' ./charts/ocis/templates/sharing/deployment.yaml",
+            "sed -i 's|mountPath: /etc/ocis$|mountPath: /etc/ocis/config/drone|' ./charts/ocis/templates/sharing/deployment.yaml",
+            "sed -i 's|name: sharing-banned-passwords-{{ .appName }}|name: sharing-banned-passwords|' ./charts/ocis/templates/sharing/deployment.yaml",
+        ])
+
+    return [{
+        "name": "prepare-ocis-deployment",
+        "image": "owncloudci/golang:latest",
+        "commands": commands,
+        "volumes": [
+            {
+                "name": "gopath",
+                "path": "/go",
+            },
+        ],
+    }]
+
+def setupOcisConfigMaps(suite_name = ""):
+    commands = [
+        "export KUBECONFIG=%s/kubeconfig-$${DRONE_BUILD_NUMBER}.yaml" % dirs["base"],
+        # Create namespace for oCIS deployment
+        "kubectl create namespace ocis || true",
+    ]
+
+    # Only create banned password ConfigMap for sharingNgLinkShare suite
+    if suite_name == "sharingNgLinkShare":
+        commands.append(
+            "kubectl create configmap -n ocis sharing-banned-passwords --from-file=banned-password-list.txt=%s/tests/config/drone/banned-password-list.txt" % dirs["base"],
+        )
+
+    return [{
+        "name": "setup-configmaps",
+        "image": K3D_IMAGE,
+        "user": "root",
+        "commands": commands,
+    }]
+
 def deployOcis():
     return [{
         "name": "deploy-ocis",
         "image": "owncloudci/golang:latest",
         "commands": [
-            "make -C %s build" % dirs["ocisWrapper"],
-            "mv %s/tests/config/drone/k8s/values.yaml %s/ocis-charts/charts/ocis/ci/deployment-values.yaml" % (dirs["base"], dirs["base"]),
-            "cp -r %s/tests/config/drone/k8s/authbasic %s/ocis-charts/charts/ocis/templates/" % (dirs["base"], dirs["base"]),
-            "cd %s/ocis-charts" % dirs["base"],
-            "sed -i '/{{- define \"ocis.basicServiceTemplates\" -}}/a\\\\  {{- $_ := set .scope \"appNameAuthBasic\" \"authbasic\" -}}' ./charts/ocis/templates/_common/_tplvalues.tpl",
-            "sed -i '/- name: IDM_ADMIN_PASSWORD/{n;N;N;N;d;}' ./charts/ocis/templates/idm/deployment.yaml",
-            "sed -i '/- name: IDM_ADMIN_PASSWORD/a\\\\\\n              value: \"admin\"' ./charts/ocis/templates/idm/deployment.yaml",
-            "sed -i '/- name: PROXY_HTTP_ADDR/i\\\\            - name: PROXY_ENABLE_BASIC_AUTH\\\n              value: \"true\"' ./charts/ocis/templates/proxy/deployment.yaml",
             "export KUBECONFIG=%s/kubeconfig-$${DRONE_BUILD_NUMBER}.yaml" % dirs["base"],
+            "cd %s/ocis-charts" % dirs["base"],
             "make helm-install-atomic",
         ],
         "volumes": [

tests/acceptance/bootstrap/OcisConfigContext.php

@@ -235,14 +235,17 @@ class OcisConfigContext implements Context {
 	 * @throws GuzzleException
 	 */
 	public function theConfigHasBeenSetToPath(string $configVariable, string $path, ?string $serviceName = null): void {
-		$path = \dirname(__FILE__) . "/../../" . $path;
 		if (getenv("K8S") === "true") {
+			// In K8s, use the path where the ConfigMap is mounted
+			// For example: The banned-password-list.txt is mounted at /etc/ocis/config/drone/
+			$k8sPath = "/etc/ocis/" . $path;
 			$envs = [
-				$serviceName => [$configVariable => $path],
+				$serviceName => [$configVariable => $k8sPath],
 			];
 			$response = OcisConfigHelper::reConfigureOcisK8s($envs);
 
 		} else {
+			$path = \dirname(__FILE__) . "/../../" . $path;
 			$envs = [
 				$configVariable => $path,
 			];
@@ -267,7 +270,7 @@ class OcisConfigContext implements Context {
 		$envs = [];
 		if (getenv("K8S") === "true") {
 			foreach ($table->getHash() as $row) {
-				$envs[$row['service']] = [$row['config'] => $row['value']];
+				$envs[$row['service']][$row['config']] = $row['value'];
 			}
 			$response = OcisConfigHelper::reConfigureOcisK8s($envs);
 		} else {

tests/acceptance/features/apiSharingNgLinkShareManagement/passwordPolicy.feature

@@ -11,17 +11,12 @@ Feature: Password policy for public links password
 
   Background:
     Given the following configs have been set:
-      | service | config                                        | value |
-      | sharing | OCIS_PASSWORD_POLICY_MIN_CHARACTERS           | 13    |
-      | sharing | OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS | 3     |
-      | sharing | OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS | 2     |
-      | sharing | OCIS_PASSWORD_POLICY_MIN_DIGITS               | 2     |
-      | sharing | OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS   | 2     |
-      | frontend | OCIS_PASSWORD_POLICY_MIN_CHARACTERS           | 13    |
-      | frontend | OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS | 3     |
-      | frontend | OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS | 2     |
-      | frontend | OCIS_PASSWORD_POLICY_MIN_DIGITS               | 2     |
-      | frontend | OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS   | 2     |
+      | service | config                                           | value |
+      | sharing | SHARING_PASSWORD_POLICY_MIN_CHARACTERS           | 13    |
+      | sharing | SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS | 3     |
+      | sharing | SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS | 2     |
+      | sharing | SHARING_PASSWORD_POLICY_MIN_DIGITS               | 2     |
+      | sharing | SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS   | 2     |
     And user "Alice" has been created with default attributes
     And using SharingNG
 

tests/acceptance/features/apiSharingNgLinkShareManagement/writableShareEnforcePassword.feature

@@ -7,11 +7,9 @@ Feature: enforce password on writable shares
 
   Background:
     Given the following configs have been set:
-      | service | config                                                 | value |
-      | sharing | OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD           | false |
-      | sharing | OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD | true  |
-      | frontend | OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD           | false |
-      | frontend | OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD | true  |
+      | service | config                                            | value |
+      | sharing | SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD           | false |
+      | sharing | SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD | true  |
     And user "Alice" has been created with default attributes
     And using spaces DAV path