Auto seed Keycloak from CTST and introduce coordinate

Author: williamlardier

.github/scripts/end2end/run-e2e-ctst.sh

@@ -54,8 +54,9 @@ kubectl run $POD_NAME \
         --rm \
         --attach=True \
         --image-pull-policy=IfNotPresent \
-        --env=TARGET_VERSION=$VERSION  \
-        --env=AZURE_BLOB_URL=$AZURE_BACKEND_ENDPOINT  \
+        --env=TARGET_VERSION=$VERSION \
+        --env=SEED_KEYCLOAK_DEFAULT_ROLES=true \
+        --env=AZURE_BLOB_URL=$AZURE_BACKEND_ENDPOINT \
         --env=AZURE_QUEUE_URL=$AZURE_BACKEND_QUEUE_ENDPOINT \
         --env=VERBOSE=1 \
         --override-type strategic \

.github/workflows/end2end.yaml

@@ -393,12 +393,12 @@ jobs:
           GIT_ACCESS_TOKEN: ${{ steps.app-token.outputs.token }}
       - uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           cache: yarn
           cache-dependency-path: tests/ctst/yarn.lock
       - name: Install ctst test dependencies
         working-directory: tests/ctst
-        run: yarn install
+        run: yarn install --network-concurrency=1
       - name: Lint ctst tests
         working-directory: tests/ctst
         run: yarn lint
@@ -421,6 +421,9 @@ jobs:
           SORBET_TAG=$(yq eval '.sorbet.tag' deps.yaml)
           DRCTL_TAG=$(yq eval .drctl.tag deps.yaml)
           EOF
+      - name: Prepare build context
+        run: cp .github/scripts/mocks/aws/mock-metadata.tar.gz tests/ctst/mock-metadata.tar.gz
+        
       - name: Build and push CI image
         uses: docker/build-push-action@v5
         with:
@@ -430,6 +433,7 @@ jobs:
             CTST_TAG=${{ env.CTST_TAG }}
             SORBET_TAG=${{ env.SORBET_TAG }}
             DRCTL_TAG=${{ env.DRCTL_TAG}}
+            GIT_ACCESS_TOKEN=${{ steps.app-token.outputs.token }}
           tags: "${{ env.E2E_CTST_IMAGE_NAME }}:${{ env.E2E_IMAGE_TAG }}"
           cache-from: type=gha,scope=end2end-ctst
           cache-to: type=gha,mode=max,scope=end2end-ctst

tests/ctst/Dockerfile

@@ -1,6 +1,7 @@
 ARG SORBET_TAG=latest
 ARG CTST_TAG=latest
 ARG DRCTL_TAG=latest
+ARG GIT_ACCESS_TOKEN=
 
 FROM ghcr.io/scality/sorbet:$SORBET_TAG AS sorbet
 FROM ghcr.io/scality/zenko-drctl:$DRCTL_TAG AS drctl
@@ -9,7 +10,12 @@ FROM ghcr.io/scality/cli-testing:$CTST_TAG
 COPY package.json /tmp/package.json
 
 USER root
-RUN npm install typescript@5.8.3 -g
+RUN npm install typescript@5.9.2 -g
+
+# Configure git to use the access token for private repositories
+RUN git config --global url.https://x-access-token:${GIT_ACCESS_TOKEN}@github.com/.insteadOf https://github.com/ && \
+    git config --global url.https://x-access-token:${GIT_ACCESS_TOKEN}@github.com/.insteadOf github.com: && \
+    git config --global url.https://x-access-token:${GIT_ACCESS_TOKEN}@github.com/.insteadOf ssh://git@github.com/
 
 # CTST does it if needed, but better to merge dependencies
 # here so we benefit from Docker layer caching

tests/ctst/common/utils.ts

@@ -1,7 +1,7 @@
 import { exec } from 'child_process';
 import http from 'http';
 import { createHash } from 'crypto';
-import { Command, IAM, Identity, IdentityEnum } from 'cli-testing';
+import { Command, coordinate, IAM, Identity, IdentityEnum } from 'cli-testing';
 import {
     AttachedPolicy,
     Group,
@@ -12,7 +12,6 @@ import {
 import { AWSCliOptions } from 'cli-testing';
 import Zenko from 'world/Zenko';
 import fs from 'fs';
-import lockFile from 'proper-lockfile';
 import { ITestCaseHookParameter } from '@cucumber/cucumber';
 import { AWSCredentials, Constants, Utils } from 'cli-testing';
 import { createBucketWithConfiguration, putObject } from '../steps/utils/utils';
@@ -323,83 +322,64 @@ export async function prepareMetricsScenarios(
     const { gherkinDocument, pickle } = scenarioConfiguration;
     const featureName = gherkinDocument.feature?.name?.replace(/ /g, '-').toLowerCase() || 'metrics';
     const filePath = `/tmp/${featureName}`;
-    let initiated = false;
-    let releaseLock: (() => Promise<void>) | false = false;
-    const output: Record<string, AWSCredentials> = {};
 
     const {
         versioning = '',
         jobName = 'end2end-ops-count-items',
         jobNamespace = `${featureName}-setup`
     } = options;
 
-    if (!fs.existsSync(filePath)) {
-        fs.writeFileSync(filePath, JSON.stringify({
-            ready: false,
-        }));
-    } else {
-        initiated = true;
-    }
-
-    if (!initiated) {
-        try {
-            releaseLock = await lockFile.lock(filePath, { stale: Constants.DEFAULT_TIMEOUT / 2 });
-        } catch (err) {
-            world.logger.error('Unable to acquire lock', { err });
-            releaseLock = false;
-        }
-    }
-
-    if (releaseLock) {
-        const scenarioIds = new Set<string>();
-        
-        for (const scenario of gherkinDocument.feature?.children || []) {
-            for (const example of scenario.scenario?.examples || []) {
-                for (const values of example.tableBody || []) {
-                    const scenarioWithExampleID = hashStringAndKeepFirst20Characters(`${values.id}`);
-                    scenarioIds.add(scenarioWithExampleID);
+    await coordinate(
+        {
+            lockName: featureName,
+            timeout: Constants.DEFAULT_TIMEOUT,
+            logger: world.logger,
+        },
+        // Work function: executed exactly once
+        async () => {
+            const output: Record<string, AWSCredentials> = {};
+            const scenarioIds = new Set<string>();
+            
+            for (const scenario of gherkinDocument.feature?.children || []) {
+                for (const example of scenario.scenario?.examples || []) {
+                    for (const values of example.tableBody || []) {
+                        const scenarioWithExampleID = hashStringAndKeepFirst20Characters(`${values.id}`);
+                        scenarioIds.add(scenarioWithExampleID);
+                    }
                 }
             }
-        }
-        
-        for (const scenarioId of scenarioIds) {
-            await world.createAccount(scenarioId, true);
-            await createBucketWithConfiguration(world, scenarioId, versioning);
-            await putObject(world);
-            output[scenarioId] = Identity.getCurrentCredentials()!;
-        }
-
-        await createJobAndWaitForCompletion(world, jobName, jobNamespace);
-        
-        await Utils.sleep(2000);
-        fs.writeFileSync(filePath, JSON.stringify({
-            ready: true,
-            ...output,
-        }));
-
-        await releaseLock();
-    } else {
-        while (!fs.existsSync(filePath)) {
-            await Utils.sleep(100);
-        }
+            
+            for (const scenarioId of scenarioIds) {
+                await world.createAccount(scenarioId, true);
+                await createBucketWithConfiguration(world, scenarioId, versioning);
+                await putObject(world);
+                output[scenarioId] = Identity.getCurrentCredentials()!;
+            }
 
-        let configuration: { ready: boolean } = JSON.parse(fs.readFileSync(filePath, 'utf8')) as { ready: boolean };
-        while (!configuration.ready) {
-            await Utils.sleep(100);
-            configuration = JSON.parse(fs.readFileSync(filePath, 'utf8')) as { ready: boolean };
+            await createJobAndWaitForCompletion(world, jobName, jobNamespace);
+            
+            await Utils.sleep(2000);
+            
+            // Store output in a temporary file for other workers to read
+            fs.writeFileSync(filePath, JSON.stringify({
+                ready: true,
+                ...output,
+            }));
+        },
+        // Post-processing: all workers read the configuration
+        async () => {
+            const configuration: Record<string, AWSCredentials> = JSON.parse(fs.readFileSync(filePath, 'utf8'));
+            const key = hashStringAndKeepFirst20Characters(`${pickle.astNodeIds[1]}`);
+            world.logger.debug('Scenario key', { key, from: `${pickle.astNodeIds[1]}`, configuration });
+            
+            world.addToSaved('bucketName', key);
+            world.addToSaved('accountName', key);
+            world.addToSaved('accountNameForScenario', key);
+            world.addToSaved('metricsEnvironmentSetup', true);
+            
+            if (configuration[key]) {
+                Identity.addIdentity(IdentityEnum.ACCOUNT, key, configuration[key], undefined, true, true);
+            }
         }
-    }
-
-    const configuration: typeof output = JSON.parse(fs.readFileSync(filePath, 'utf8')) as typeof output;
-    const key = hashStringAndKeepFirst20Characters(`${pickle.astNodeIds[1]}`);
-    world.logger.debug('Scenario key', { key, from: `${pickle.astNodeIds[1]}`, configuration });
-    
-    world.addToSaved('bucketName', key);
-    world.addToSaved('accountName', key);
-    world.addToSaved('accountNameForScenario', key);
-    world.addToSaved('metricsEnvironmentSetup', true);
-    
-    if (configuration[key]) {
-        Identity.addIdentity(IdentityEnum.ACCOUNT, key, configuration[key], undefined, true, true);
-    }
+    );
 }

tests/ctst/package.json

@@ -9,24 +9,24 @@
   "private": true,
   "dependencies": {
     "@kubernetes/client-node": "^0.21.0",
+    "@types/node": "^18.19.121",
     "@types/proper-lockfile": "^4.1.4",
     "@types/qs": "^6.9.15",
     "assert": "^2.1.0",
     "aws4-axios": "^3.3.8",
     "kafkajs": "^2.2.4",
     "node-gyp": "^10.2.0",
     "prometheus-query": "^3.4.0",
-    "proper-lockfile": "^4.1.2",
     "qs": "^6.13.0",
-    "scubaclient": "git+https://github.com/scality/scubaclient#^1.1.2",
+    "scubaclient": "git+https://github.com/scality/scubaclient#^1.1.3",
     "werelogs": "scality/werelogs#8.2.2"
   },
   "devDependencies": {
     "@aws-sdk/client-iam": "^3.582.0",
     "@aws-sdk/client-s3": "^3.583.0",
     "@aws-sdk/client-sts": "^3.583.0",
     "@eslint/compat": "^1.1.1",
-    "cli-testing": "github:scality/cli-testing.git#1.2.4",
+    "cli-testing": "github:scality/cli-testing.git#827cd4683b55b8b7222ed3f5672ee5d826d3685f",
     "eslint": "^9.9.1",
     "eslint-config-scality": "scality/Guidelines#8.3.0",
     "typescript-eslint": "^8.4.0"