From 72a85fd8337aac05485f1643a5c12a2baa9018fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20Mac=C3=ADk?= Date: Fri, 6 Sep 2024 15:15:37 +0200 Subject: [PATCH] fix(RHIDP-3674, RHIDP-3965): Add MVP scenario that matches latest v1.2 version of RHDH, fix oauth2 proxy for OLM install method MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Pavel MacĂ­k --- Makefile | 4 +- ci-scripts/dev-sandbox/run.sh | 6 +- ci-scripts/rhdh-setup/create_resource.sh | 71 ++++-- ci-scripts/rhdh-setup/deploy.sh | 15 +- .../backstage/olm/rhdh-oauth2.deployment.yaml | 88 +++++++ .../template/keycloak/keycloak.yaml | 2 +- .../template/keycloak/keycloakClient.yaml | 2 +- ci-scripts/scalability/test-scalability.sh | 8 +- ci-scripts/test.sh | 6 +- config/locust-k8s-operator.values.yaml | 2 + locust-test-template.yaml | 3 +- scenarios/mvp-1dot1.metrics.yaml | 40 +++ scenarios/mvp-1dot1.py | 222 ++++++++++++++++ scenarios/mvp.metrics.yaml | 60 +++-- scenarios/mvp.py | 237 +++++++++++++----- test.env | 4 +- 16 files changed, 655 insertions(+), 115 deletions(-) create mode 100644 ci-scripts/rhdh-setup/template/backstage/olm/rhdh-oauth2.deployment.yaml create mode 100644 scenarios/mvp-1dot1.metrics.yaml create mode 100644 scenarios/mvp-1dot1.py diff --git a/Makefile b/Makefile index 25cbfd1..e36950b 100644 --- a/Makefile +++ b/Makefile @@ -48,7 +48,7 @@ export RHDH_RESOURCES_MEMORY_REQUESTS ?= export RHDH_RESOURCES_MEMORY_LIMITS ?= export RHDH_KEYCLOAK_REPLICAS ?= 1 export LOCUST_EXTRA_CMD ?= -export AUTH_PROVIDER ?= +export AUTH_PROVIDER ?= keycloak # RHDH install method - one of 'helm' or 'olm' export RHDH_INSTALL_METHOD ?= helm @@ -175,7 +175,7 @@ test: $(TMP_DIR) $(ARTIFACT_DIR) ifneq ($(shell test '$(AUTH_PROVIDER)' == 'keycloak' && echo 1 || echo 0),0) $(eval key_pass := $(shell oc -n rhdh-performance get secret perf-test-secrets -o template --template='{{.data.keycloak_user_pass}}' | base64 -d)) $(eval key_host := $(shell oc -n rhdh-performance get routes/keycloak -o template --template='{{.spec.host}}' )) - $(eval LOCUST_EXTRA_CMD := --keycloak-host $(key_host) --keycloak-password $(key_pass) ) + $(eval LOCUST_EXTRA_CMD := $(LOCUST_EXTRA_CMD) --keycloak-host $(key_host) --keycloak-password $(key_pass) ) ifneq ($(shell test $(USERS) -gt $(WORKERS) && echo 1 || echo 0),0) @echo "users greater than workers " else diff --git a/ci-scripts/dev-sandbox/run.sh b/ci-scripts/dev-sandbox/run.sh index c6c533c..1c95d3a 100755 --- a/ci-scripts/dev-sandbox/run.sh +++ b/ci-scripts/dev-sandbox/run.sh @@ -44,7 +44,11 @@ collect_counts "baseline-counts-post" # testing env if [ "$RHDH_INSTALL_METHOD" == "olm" ]; then - rhdh_route="backstage-developer-hub" + if [ "$AUTH_PROVIDER" == "keycloak" ]; then + rhdh_route="rhdh" + else + rhdh_route="backstage-developer-hub" + fi elif [ "$RHDH_INSTALL_METHOD" == "helm" ]; then export RHDH_HELM_RELEASE_NAME RHDH_HELM_CHART diff --git a/ci-scripts/rhdh-setup/create_resource.sh b/ci-scripts/rhdh-setup/create_resource.sh index 5e7675d..7238ab3 100755 --- a/ci-scripts/rhdh-setup/create_resource.sh +++ b/ci-scripts/rhdh-setup/create_resource.sh @@ -45,7 +45,11 @@ backstage_url() { if [ "$RHDH_INSTALL_METHOD" == "helm" ]; then rhdh_route="${RHDH_HELM_RELEASE_NAME}-${RHDH_HELM_CHART}" else - rhdh_route="backstage-developer-hub" + if [ "$AUTH_PROVIDER" == "keycloak" ]; then + rhdh_route="rhdh" + else + rhdh_route="backstage-developer-hub" + fi fi echo -n "https://$(oc get routes "${rhdh_route}" -n "${RHDH_NAMESPACE}" -o jsonpath='{.spec.host}')" >"$f" fi @@ -149,14 +153,26 @@ create_cmp() { } create_group() { - token=$(get_token) - groupname="group${0}" - echo " g, group:default/${groupname}, role:default/perf_admin" >>"$TMP_DIR/group-rbac.yaml" - curl -s -k --location --request POST "$(keycloak_url)/auth/admin/realms/backstage/groups" \ - -H 'Content-Type: application/json' \ - -H 'Authorization: Bearer '"$token" \ - --data-raw '{"name": "'"${groupname}"'"}' |& tee -a "$TMP_DIR/create_group.log" - echo "[INFO][$(date --utc -Ins)] Group $groupname created" >>"$TMP_DIR/create_group.log" + max_attempts=5 + attempt=1 + while ((attempt <= max_attempts)); do + token=$(get_token) + groupname="group${0}" + echo " g, group:default/${groupname}, role:default/perf_admin" >>"$TMP_DIR/group-rbac.yaml" + if curl -s -k --location --request POST "$(keycloak_url)/auth/admin/realms/backstage/groups" \ + -H 'Content-Type: application/json' \ + -H 'Authorization: Bearer '"$token" \ + --data-raw '{"name": "'"${groupname}"'"}' |& tee -a "$TMP_DIR/create_group.log"; then + echo "[INFO][$(date --utc -Ins)] Group $groupname created" >>"$TMP_DIR/create_group.log" + return + else + echo "[WARNING][$(date --utc -Ins)] Unable to create the $groupname group at $attempt. attempt. Trying again up to $max_attempts times." >>"$TMP_DIR/create_group.log" + ((attempt++)) + fi + done + if [[ $attempt -gt $max_attempts ]]; then + echo "[ERROR][$(date --utc -Ins)] Unable to create the $groupname group in $max_attempts attempts, giving up!" |& tee -a "$TMP_DIR/create_group.log" + fi } create_groups() { @@ -166,16 +182,28 @@ create_groups() { } create_user() { - token=$(get_token) - grp=$(echo "${0}%${GROUP_COUNT}" | bc) - [[ $grp -eq 0 ]] && grp=${GROUP_COUNT} - username="test${0}" - groupname="group${grp}" - curl -s -k --location --request POST "$(keycloak_url)/auth/admin/realms/backstage/users" \ - -H 'Content-Type: application/json' \ - -H 'Authorization: Bearer '"$token" \ - --data-raw '{"firstName":"'"${username}"'","lastName":"tester", "email":"'"${username}"'@test.com","emailVerified":"true", "enabled":"true", "username":"'"${username}"'","groups":["/'"${groupname}"'"],"credentials":[{"type":"password","value":"'"${KEYCLOAK_USER_PASS}"'","temporary":false}]}' |& tee -a "$TMP_DIR/create_user.log" - echo "[INFO][$(date --utc -Ins)] User $username ($groupname) created" >>"$TMP_DIR/create_user.log" + max_attempts=5 + attempt=1 + while ((attempt <= max_attempts)); do + token=$(get_token) + grp=$(echo "${0}%${GROUP_COUNT}" | bc) + [[ $grp -eq 0 ]] && grp=${GROUP_COUNT} + username="test${0}" + groupname="group${grp}" + if curl -s -k --location --request POST "$(keycloak_url)/auth/admin/realms/backstage/users" \ + -H 'Content-Type: application/json' \ + -H 'Authorization: Bearer '"$token" \ + --data-raw '{"firstName":"'"${username}"'","lastName":"tester", "email":"'"${username}"'@test.com","emailVerified":"true", "enabled":"true", "username":"'"${username}"'","groups":["/'"${groupname}"'"],"credentials":[{"type":"password","value":"'"${KEYCLOAK_USER_PASS}"'","temporary":false}]}' |& tee -a "$TMP_DIR/create_user.log"; then + echo "[INFO][$(date --utc -Ins)] User $username ($groupname) created" >>"$TMP_DIR/create_user.log" + return + else + echo "[WARNING][$(date --utc -Ins)] Unable to create the $username user at $attempt. attempt. Trying again up to $max_attempts times." >>"$TMP_DIR/create_user.log" + ((attempt++)) + fi + done + if [[ $attempt -gt $max_attempts ]]; then + echo "[ERROR][$(date --utc -Ins)] Unable to create the $username user in $max_attempts attempts, giving up!" |& tee -a "$TMP_DIR/create_user.log" + fi } create_users() { @@ -267,19 +295,20 @@ get_token() { trap "rm -rf $token_lockfile; exit" INT TERM EXIT HUP timeout_timestamp=$(date -d "60 seconds" "+%s") - while [ ! -f "$token_file" ] || [ ! -s "$token_file" ] || [ "$(date +%s)" -gt "$(jq -rc '.expires_in_timestamp' "$token_file")" ]; do + while [ ! -f "$token_file" ] || [ ! -s "$token_file" ] || [ -z "$(jq -rc '.expires_in_timestamp' "$token_file")" ] || [ "$(date +%s)" -gt "$(jq -rc '.expires_in_timestamp' "$token_file")" ]; do log_token_info "Refreshing keycloak token" if [ "$(date "+%s")" -gt "$timeout_timestamp" ]; then log_token_err "Timeout getting keycloak token" exit 1 fi if [[ ${service} == 'rhdh' ]]; then + log_token_info "Refreshing RHDH token" [[ -f "$token_file" ]] && rm -rf "$token_file" && rm -rf "$TMP_DIR/cookie.jar" if ! rhdh_token >"$token_file"; then log_token_err "Unable to get token, re-attempting" fi else - keycloak_pass=$(oc -n "${RHDH_NAMESPACE}" get secret credential-example-sso -o template --template='{{.data.ADMIN_PASSWORD}}' | base64 -d) + keycloak_pass=$(oc -n "${RHDH_NAMESPACE}" get secret credential-rhdh-sso -o template --template='{{.data.ADMIN_PASSWORD}}' | base64 -d) if ! keycloak_token >"$token_file"; then log_token_err "Unable to get token, re-attempting" fi diff --git a/ci-scripts/rhdh-setup/deploy.sh b/ci-scripts/rhdh-setup/deploy.sh index 1c13739..0156453 100755 --- a/ci-scripts/rhdh-setup/deploy.sh +++ b/ci-scripts/rhdh-setup/deploy.sh @@ -173,6 +173,15 @@ keycloak_install() { envsubst