ci: add missing commands and tools for kafka, pulsar and storage integration tests (pingcap#1163)

wlwilliamx · web-flow · commit 5e03b03c075c · 2025-03-25T08:01:23.000Z
close pingcap#1162
diff --git a/Makefile b/Makefile
@@ -141,6 +141,9 @@ storage_consumer:
 pulsar_consumer:
 	$(GOBUILD) -ldflags '$(LDFLAGS)' -o bin/cdc_pulsar_consumer ./cmd/pulsar-consumer/main.go
 
+oauth2_server:
+	$(GOBUILD) -ldflags '$(LDFLAGS)' -o bin/oauth2-server ./cmd/oauth2-server/main.go
+
 filter_helper:
 	$(GOBUILD) -ldflags '$(LDFLAGS)' -o bin/cdc_filter_helper ./cmd/filter-helper/main.go
 
@@ -171,7 +174,7 @@ check_third_party_binary:
 	@which bin/minio
 	@which bin/bin/schema-registry-start
 
-integration_test_build: check_failpoint_ctl
+integration_test_build: check_failpoint_ctl storage_consumer kafka_consumer pulsar_consumer oauth2_server
 	$(FAILPOINT_ENABLE)
 	$(GOTEST) -ldflags '$(LDFLAGS)' -c -cover -covermode=atomic \
 		-coverpkg=github.com/pingcap/ticdc/... \
@@ -191,16 +194,16 @@ check_failpoint_ctl: tools/bin/failpoint-ctl
 
 integration_test: integration_test_mysql
 
-integration_test_mysql:
-	tests/integration_tests/run.sh mysql "$(CASE)" "$(NEWARCH)" "$(START_AT)"
+integration_test_mysql: check_third_party_binary
+	tests/integration_tests/run.sh mysql "$(CASE)" "$(START_AT)"
 
 integration_test_kafka: check_third_party_binary
 	tests/integration_tests/run.sh kafka "$(CASE)" "$(START_AT)"
 
-integration_test_storage:
+integration_test_storage: check_third_party_binary
 	tests/integration_tests/run.sh storage "$(CASE)" "$(START_AT)"
 
-integration_test_pulsar:
+integration_test_pulsar: check_third_party_binary
 	tests/integration_tests/run.sh pulsar "$(CASE)" "$(START_AT)"
 
 unit_test: check_failpoint_ctl generate-protobuf
diff --git a/cmd/oauth2-server/main.go b/cmd/oauth2-server/main.go
@@ -0,0 +1,167 @@
+// Copyright 2024 PingCAP, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/go-oauth2/oauth2/v4/errors"
+	"github.com/go-oauth2/oauth2/v4/generates"
+	"github.com/go-oauth2/oauth2/v4/manage"
+	"github.com/go-oauth2/oauth2/v4/models"
+	"github.com/go-oauth2/oauth2/v4/server"
+	"github.com/go-oauth2/oauth2/v4/store"
+	"github.com/golang-jwt/jwt"
+	"github.com/pingcap/log"
+	"github.com/spf13/cobra"
+	"go.uber.org/zap"
+)
+
+const openIDConfiguration = `
+{
+  "issuer": "http://localhost:%d/",
+  "authorization_endpoint": "http://localhost:%d/authorize",
+  "token_endpoint": "http://localhost:%d/token",
+  "scopes_supported": [
+    "openid",
+    "profile"
+  ],
+  "response_types_supported": [
+    "code",
+    "token",
+    "id_token",
+    "code token",
+    "code id_token",
+    "token id_token",
+    "code token id_token"
+  ],
+  "code_challenge_methods_supported": [
+    "HS256",
+    "plain"
+  ],
+  "response_modes_supported": [
+    "query",
+    "fragment",
+    "form_post"
+  ],
+  "subject_types_supported": [
+    "public"
+  ],
+  "id_token_signing_alg_values_supported": [
+    "HS256"
+  ],
+  "token_endpoint_auth_methods_supported": [
+    "client_secret_basic",
+    "client_secret_post",
+    "private_key_jwt"
+  ],
+  "claims_supported": [
+    "aud",
+    "created_at",
+    "email",
+    "email_verified",
+    "exp",
+    "iat",
+    "identities",
+    "iss",
+    "name"
+  ],
+  "request_uri_parameter_supported": false,
+  "request_parameter_supported": false
+}
+`
+
+type oauth2ServerConfig struct {
+	tokenSignSecret string
+	clientID        string
+	clientSecret    string
+	port            int
+}
+
+var serverConfig = newServerConfig()
+
+func newServerConfig() *oauth2ServerConfig {
+	return &oauth2ServerConfig{}
+}
+
+func main() {
+	cmd := &cobra.Command{
+		Use: "oauth2 server",
+		Run: run,
+	}
+	// Flags for the root command
+	cmd.Flags().StringVar(&serverConfig.tokenSignSecret, "token-secret",
+		"SJhX36_KapYSybBtJq35lxX_Brr4LRURSkm7QmXJGmy8pUFW9EIOcVQPsykz9-jj", "Secret to sign token")
+	cmd.Flags().StringVar(&serverConfig.clientID, "client-id", "1234", "Client ID of oauth2")
+	cmd.Flags().StringVar(&serverConfig.clientSecret, "client-secret", "e0KVlA2EiBfjoN13olyZd2kv1KL", "Client secret of oauth2")
+	cmd.Flags().IntVar(&serverConfig.port, "log-file", 9096, "log file path")
+	if err := cmd.Execute(); err != nil {
+		fmt.Println(err)
+	}
+}
+
+func run(_ *cobra.Command, _ []string) {
+	manager := manage.NewDefaultManager()
+	// token memory store
+	manager.MustTokenStorage(store.NewMemoryTokenStore())
+	manager.MapAccessGenerate(generates.NewJWTAccessGenerate("", []byte(serverConfig.tokenSignSecret), jwt.SigningMethodHS512))
+
+	// client memory store
+	clientStore := store.NewClientStore()
+	err := clientStore.Set(serverConfig.clientID, &models.Client{
+		ID:     serverConfig.clientID,
+		Secret: serverConfig.clientSecret,
+		Domain: fmt.Sprintf("http://localhost:%d", serverConfig.port),
+	})
+	if err != nil {
+		log.Panic("set client failed", zap.Error(err))
+	}
+	manager.MapClientStorage(clientStore)
+
+	srv := server.NewDefaultServer(manager)
+	srv.SetAllowGetAccessRequest(true)
+	srv.SetClientInfoHandler(server.ClientFormHandler)
+	srv.SetInternalErrorHandler(func(err error) (re *errors.Response) {
+		log.Error("Internal Error:", zap.Error(err))
+		return
+	})
+	srv.SetResponseErrorHandler(func(re *errors.Response) {
+		log.Error("Response Error:", zap.Error(re.Error))
+	})
+	http.Handle("/authorize", logMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		err := srv.HandleAuthorizeRequest(w, r)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+		}
+	})))
+	http.Handle("/token", logMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if err := srv.HandleTokenRequest(w, r); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+		}
+	})))
+	http.Handle("/.well-known/openid-configuration", logMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_, _ = w.Write([]byte(fmt.Sprintf(openIDConfiguration, serverConfig.port, serverConfig.port, serverConfig.port)))
+		w.WriteHeader(200)
+	})))
+	log.Info("starting auth2 server", zap.Int("port", serverConfig.port))
+	log.Panic("run auth2 server failed", zap.Error(http.ListenAndServe(fmt.Sprintf(":%d", serverConfig.port), nil)))
+}
+
+func logMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		next.ServeHTTP(w, r)
+		log.Info("oauth server api is called", zap.String("path", r.URL.Path))
+	})
+}
diff --git a/go.mod b/go.mod
@@ -25,9 +25,11 @@ require (
 	github.com/dustin/go-humanize v1.0.1
 	github.com/fatih/color v1.18.0
 	github.com/gin-gonic/gin v1.9.1
+	github.com/go-oauth2/oauth2/v4 v4.5.2
 	github.com/go-sql-driver/mysql v1.7.1
 	github.com/goccy/go-json v0.10.2
 	github.com/gogo/protobuf v1.3.2
+	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/golang/mock v1.6.0
 	github.com/google/btree v1.1.2
 	github.com/google/uuid v1.6.0
@@ -178,7 +180,6 @@ require (
 	github.com/goccy/go-reflect v1.2.0 // indirect
 	github.com/godbus/dbus v0.0.0-20190726142602-4481cbc300e2 // indirect
 	github.com/godbus/dbus/v5 v5.0.4 // indirect
-	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/glog v1.2.1 // indirect
@@ -294,6 +295,13 @@ require (
 	github.com/tiancaiamao/appdash v0.0.0-20181126055449-889f96f722a2 // indirect
 	github.com/tiancaiamao/gp v0.0.0-20221230034425-4025bc8a4d4a // indirect
 	github.com/tidwall/btree v1.7.0 // indirect
+	github.com/tidwall/buntdb v1.3.0 // indirect
+	github.com/tidwall/gjson v1.14.3 // indirect
+	github.com/tidwall/grect v0.1.4 // indirect
+	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/pretty v1.2.0 // indirect
+	github.com/tidwall/rtred v0.1.2 // indirect
+	github.com/tidwall/tinyqueue v0.1.1 // indirect
 	github.com/tklauser/go-sysconf v0.3.12 // indirect
 	github.com/tklauser/numcpus v0.6.1 // indirect
 	github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 // indirect
diff --git a/go.sum b/go.sum
