authservice icon indicating copy to clipboard operation
authservice copied to clipboard

Published 20 hours ago verified publisher icon istio-ecosystem

introduce integration test for authorization code grant flow

Open Shikugawa opened this issue 3 years ago • 5 comments

Signed-off-by: Shikugawa [email protected]

Shikugawa avatar Jan 21 '22 06:01 Shikugawa

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Shikugawa

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

istio-testing avatar Jan 21 '22 06:01 istio-testing

Thanks! I have a quick comment: people working or need to try out this project are mostly from Istio/k8s background. So they are familiar with k8s, and we use k8s cluster in bookinfo example as well.

Could we use kind cluster as testing environment? So that devs above don't have to learn another tool (docker compose) to debug e2e test failure in future.

Moreover, let's say later we want to include helm release package, we want to use the same config in our e2e tests to guard our release. These configs will be k8s config.

I hope the change won't be that large. We will need to install YAMLs, install kubectl kind in the ubuntu vm instances. to access the port, we can either do port-forwarding in python test or figure out the locally accessible ingress ip from kind cluster somehow.

incfly avatar Jan 21 '22 07:01 incfly

@ZackButcher @incfly I found that GITHUB_TOKEN has only permission to read ghcr.io on the organization level. Thus we can't run to push built images to the registry on gha. But I don't belong to this organization. (only having repository level admin permission) Therefore, I ask the members in this organization to change the GITHUB_TOKEN default permission to allow both write and read.

Shikugawa avatar Feb 10 '22 12:02 Shikugawa

I checked some doc and our settings, seem only authservice repo itself need to have the read/write permission, which is already the case?

https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#upgrading-a-workflow-that-accesses-ghcrio

perm

https://github.com/orgs/istio-ecosystem/packages/container/authservice%2Fauthservice/settings

incfly avatar Feb 10 '22 15:02 incfly

@incfly It seems that permission is not enough. (All permissions are readonly)

Screenshot from 2022-02-11 00-46-23

We should configure it on the organization level. (This screenshot have taken from my organization which I have admin permission.)

Screenshot from 2022-02-11 00-47-19

Shikugawa avatar Feb 10 '22 15:02 Shikugawa