Merge lp:~jamon/mojo/apache-openid-test into lp:mojo/mojo-specs

Proposed by Jamon Camisso on 2018-07-17
Status: Merged
Approved by: Tom Haddon on 2018-07-23
Approved revision: 127
Merged at revision: 122
Proposed branch: lp:~jamon/mojo/apache-openid-test
Merge into: lp:mojo/mojo-specs
Diff against target: 124 lines (+103/-0)
4 files modified
charm-testing/apache-openid/collect (+6/-0)
charm-testing/apache-openid/deploy (+26/-0)
charm-testing/apache-openid/post-deploy (+36/-0)
charm-testing/apache-openid/templates/vhost-https.tmpl (+35/-0)
To merge this branch: bzr merge lp:~jamon/mojo/apache-openid-test
Reviewer Review Type Date Requested Status
Tom Haddon 2018-07-17 Approve on 2018-07-23
Review via email: mp+349769@code.launchpad.net

Commit message

Add apache-openid spec for bionic & xenial testing

To post a comment you must log in.

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Tom Haddon (mthaddon) wrote :

We should check if we need to remove the nagios check phase here.

review: Needs Fixing
Tom Haddon (mthaddon) wrote :

LGTM

review: Approve

Change successfully merged at revision 122

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added directory 'charm-testing/apache-openid'
2=== added file 'charm-testing/apache-openid/collect'
3--- charm-testing/apache-openid/collect 1970-01-01 00:00:00 +0000
4+++ charm-testing/apache-openid/collect 2018-07-23 16:57:58 +0000
5@@ -0,0 +1,6 @@
6+# Services, primary charms
7+apache2 cs:apache2
8+
9+# subordinates
10+apache-openid cs:~apache-openid-charmers/apache-openid
11+nrpe cs:nrpe
12
13=== added file 'charm-testing/apache-openid/deploy'
14--- charm-testing/apache-openid/deploy 1970-01-01 00:00:00 +0000
15+++ charm-testing/apache-openid/deploy 2018-07-23 16:57:58 +0000
16@@ -0,0 +1,26 @@
17+apache-openid:
18+ series: {{series}}
19+ services:
20+ apache2:
21+ charm: apache2
22+ expose: true
23+ options:
24+ servername: apache2.devel.canonical.com
25+ vhost_https_template: include-base64://{{spec_dir}}/{{stage}}/templates/vhost-https.tmpl
26+ enable_modules: headers proxy proxy_http rewrite ssl
27+ ssl_cert: SELFSIGNED
28+ ssl_chain: ""
29+ ssl_key: ""
30+ ssl_chainlocation: ssl-cert-snakeoil.crt
31+ ssl_keylocation: ssl-cert-snakeoil.key
32+ ssl_certlocation: ssl-cert-snakeoil.crt
33+ apache-openid:
34+ charm: apache-openid
35+ options:
36+ authorized_teams: "apache-openid-charmers"
37+ nrpe:
38+ charm: nrpe
39+ relations:
40+ - ["apache2", "apache-openid"]
41+ - ["nrpe:local-monitors", "apache2:local-monitors"]
42+
43
44=== added file 'charm-testing/apache-openid/post-deploy'
45--- charm-testing/apache-openid/post-deploy 1970-01-01 00:00:00 +0000
46+++ charm-testing/apache-openid/post-deploy 2018-07-23 16:57:58 +0000
47@@ -0,0 +1,36 @@
48+#!/bin/bash
49+
50+APACHE=$(juju status --format=yaml apache2 2>&1 | sed -nr '/^ {8}public-address/s/.*://p')
51+TEAMS=$(juju config apache-openid --format=json |jq -r '.settings .authorized_teams .value'| sed 's/ /\n/g')
52+
53+if [ -z "${APACHE}" ]; then
54+ echo "No apache2 instances"
55+ exit 1
56+fi
57+
58+for UNIT in ${APACHE}; do
59+
60+ echo "Calling unit to ensure it returns SSO redirect"
61+ echo "curl -sik \"https://${UNIT}\" |egrep 'location:.+openid/\+login'"
62+ curl -sik "https://${UNIT}" |egrep 'location:.+openid/\+login'
63+ if [ $? -ne 0 ]; then
64+ echo "####################"
65+ echo "# E2E Check Failed #"
66+ echo "####################"
67+ exit 1
68+ fi
69+
70+ echo "Checking unit's /etc/apache2/openid/teams.txt matches authorized_teams setting"
71+ AUTHORIZED_TEAMS=$(juju run --application apache2 'sudo cat /etc/apache2/openid/teams.txt' --format=json |jq -r '.[] .Stdout'|sed '/^$/d')
72+ if [ "${TEAMS}" != "${AUTHORIZED_TEAMS}" ]; then
73+ echo "####################"
74+ echo "# E2E Check Failed #"
75+ echo "####################"
76+ exit 1
77+ fi
78+done
79+
80+# If we are here it means no checks failed
81+echo "####################"
82+echo "# E2E Check Passed #"
83+echo "####################"
84
85=== added directory 'charm-testing/apache-openid/templates'
86=== added file 'charm-testing/apache-openid/templates/vhost-https.tmpl'
87--- charm-testing/apache-openid/templates/vhost-https.tmpl 1970-01-01 00:00:00 +0000
88+++ charm-testing/apache-openid/templates/vhost-https.tmpl 2018-07-23 16:57:58 +0000
89@@ -0,0 +1,35 @@
90+ServerName {{ servername }}
91+
92+<VirtualHost *:443>
93+ ServerName {{ servername }}
94+ DocumentRoot /var/www/html
95+
96+ SSLEngine On
97+ SSLCertificateFile /etc/ssl/certs/{{ ssl_certlocation }}
98+ SSLCertificateKeyFile /etc/ssl/private/{{ ssl_keylocation }}
99+ SSLCertificateChainFile /etc/ssl/certs/{{ ssl_chainlocation }}
100+
101+ <Proxy *>
102+ Order deny,allow
103+ Allow from all
104+ </Proxy>
105+
106+ <Location "/">
107+ PythonAccessHandler apache_openid::protect
108+ PythonOption handler openidteams
109+ PythonOption authorized-teams-list-url "file:///etc/apache2/openid/teams.txt"
110+ PythonOption action-path "/openid/"
111+ </Location>
112+
113+ <Location "/openid/">
114+ Allow from All
115+ SetHandler mod_python
116+ PythonOption handler openidteams
117+ PythonOption store-type file
118+ PythonOption store-directory /etc/apache2/openid
119+ PythonOption allowed-op-list-url "file:///etc/apache2/openid/providers.txt"
120+ PythonOption authorized-teams-list-url "file:///etc/apache2/openid/teams.txt"
121+ PythonOption action-path "/openid/"
122+ </Location>
123+
124+</VirtualHost>

Subscribers

People subscribed via source and target branches

to all changes: