diff --git a/.drone.star b/.drone.star index d29ed4568e4..76d70663acc 100644 --- a/.drone.star +++ b/.drone.star @@ -329,6 +329,7 @@ config = { ], "skip": False, "withRemotePhp": [False], + "k8s": True, }, "4": { "suites": [ @@ -1120,7 +1121,7 @@ def localApiTestPipeline(ctx): ([] if run_on_k8s else restoreBuildArtifactCache(ctx, "ocis-binary-amd64", "ocis/bin")) + (tikaService() if params["tikaNeeded"] and not run_on_k8s else tikaServiceK8s() if params["tikaNeeded"] and run_on_k8s else []) + (waitForServices("online-offices", ["collabora:9980", "onlyoffice:443", "fakeoffice:8080"]) if params["collaborationServiceNeeded"] else []) + - (waitK3sCluster() + (enableAntivirusServiceK8s() if params["antivirusNeeded"] and run_on_k8s else []) + (emailServiceK8s() if params["emailNeeded"] and run_on_k8s else []) + prepareOcisDeployment(name) + setupOcisConfigMaps(name) + deployOcis() + waitForOcis(ocis_url = ocis_url) + ociswrapper() + waitForOciswrapper() if run_on_k8s else ocisServer(storage, extra_server_environment = params["extraServerEnvironment"], with_wrapper = True, tika_enabled = params["tikaNeeded"], volumes = ([stepVolumeOcisStorage]))) + + (waitK3sCluster() + (enableAntivirusServiceK8s() if params["antivirusNeeded"] and run_on_k8s else []) + (emailServiceK8s() if params["emailNeeded"] and run_on_k8s else []) + prepareOcisDeployment() + setupOcisConfigMaps() + deployOcis() + waitForOcis(ocis_url = ocis_url) + ociswrapper() + waitForOciswrapper() if run_on_k8s else ocisServer(storage, extra_server_environment = params["extraServerEnvironment"], with_wrapper = True, tika_enabled = params["tikaNeeded"], volumes = ([stepVolumeOcisStorage]))) + (waitForClamavService() if params["antivirusNeeded"] and not run_on_k8s else exposeAntivirusServiceK8s() if params["antivirusNeeded"] and run_on_k8s else []) + (waitForEmailService() if params["emailNeeded"] and not run_on_k8s else exposeEmailServiceK8s() if params["emailNeeded"] and run_on_k8s else []) + (ocisServer(storage, deploy_type = "federation", extra_server_environment = params["extraServerEnvironment"]) if params["federationServer"] else []) + @@ -1422,7 +1423,7 @@ def coreApiTestPipeline(ctx): (tikaService() if params["tikaNeeded"] else []) + (waitForClamavService() if params["antivirusNeeded"] else []) + (waitForEmailService() if params["emailNeeded"] else []) + - (waitK3sCluster() + prepareOcisDeployment(name) + setupOcisConfigMaps(name) + deployOcis() + waitForOcis(ocis_url = ocis_url) + ociswrapper() + waitForOciswrapper() if run_on_k8s else ocisServer(storage, extra_server_environment = params["extraServerEnvironment"], with_wrapper = True, tika_enabled = params["tikaNeeded"], volumes = ([stepVolumeOcisStorage]))) + + (waitK3sCluster() + prepareOcisDeployment() + setupOcisConfigMaps() + deployOcis() + waitForOcis(ocis_url = ocis_url) + ociswrapper() + waitForOciswrapper() if run_on_k8s else ocisServer(storage, extra_server_environment = params["extraServerEnvironment"], with_wrapper = True, tika_enabled = params["tikaNeeded"], volumes = ([stepVolumeOcisStorage]))) + [ { "name": "run-api-tests", @@ -3824,7 +3825,7 @@ def waitK3sCluster(): ], }] -def prepareOcisDeployment(suite_name = ""): +def prepareOcisDeployment(): commands = [ "make -C %s build" % dirs["ocisWrapper"], "mv %s/tests/config/drone/k8s/values.yaml %s/ocis-charts/charts/ocis/ci/deployment-values.yaml" % (dirs["base"], dirs["base"]), @@ -3834,18 +3835,16 @@ def prepareOcisDeployment(suite_name = ""): "sed -i '/- name: IDM_ADMIN_PASSWORD/{n;N;N;N;d;}' ./charts/ocis/templates/idm/deployment.yaml", "sed -i '/- name: IDM_ADMIN_PASSWORD/a\\\\\\n value: \"admin\"' ./charts/ocis/templates/idm/deployment.yaml", "sed -i '/- name: PROXY_HTTP_ADDR/i\\\\ - name: PROXY_ENABLE_BASIC_AUTH\\\n value: \"true\"' ./charts/ocis/templates/proxy/deployment.yaml", + "sed -i 's|/etc/ocis/sharing-banned-passwords.txt|config/drone/banned-password-list.txt|' ./charts/ocis/templates/sharing/deployment.yaml", + "sed -i 's|- name: configs|- name: banned-passwords|' ./charts/ocis/templates/sharing/deployment.yaml", + "sed -i 's|mountPath: /etc/ocis$|mountPath: /etc/ocis/config/drone|' ./charts/ocis/templates/sharing/deployment.yaml", + "sed -i 's|name: sharing-banned-passwords-{{ .appName }}|name: sharing-banned-passwords|' ./charts/ocis/templates/sharing/deployment.yaml", + "sed -i 's|/etc/ocis/sharing-banned-passwords.txt|config/drone/banned-password-list.txt|' ./charts/ocis/templates/frontend/deployment.yaml", + "sed -i 's|- name: configs|- name: banned-passwords|' ./charts/ocis/templates/frontend/deployment.yaml", + "sed -i 's|mountPath: /etc/ocis$|mountPath: /etc/ocis/config/drone|' ./charts/ocis/templates/frontend/deployment.yaml", + "sed -i 's|name: sharing-banned-passwords-{{ .appName }}|name: sharing-banned-passwords|' ./charts/ocis/templates/frontend/deployment.yaml", ] - # Only add banned password patches for sharingNgLinkShare suite - if suite_name == "sharingNgLinkShare": - commands.extend([ - # Patch sharing deployment for banned password list - "sed -i 's|/etc/ocis/sharing-banned-passwords.txt|/etc/ocis/config/drone/banned-password-list.txt|' ./charts/ocis/templates/sharing/deployment.yaml", - "sed -i 's|- name: configs|- name: banned-passwords|' ./charts/ocis/templates/sharing/deployment.yaml", - "sed -i 's|mountPath: /etc/ocis$|mountPath: /etc/ocis/config/drone|' ./charts/ocis/templates/sharing/deployment.yaml", - "sed -i 's|name: sharing-banned-passwords-{{ .appName }}|name: sharing-banned-passwords|' ./charts/ocis/templates/sharing/deployment.yaml", - ]) - return [{ "name": "prepare-ocis-deployment", "image": "owncloudci/golang:latest", @@ -3858,19 +3857,14 @@ def prepareOcisDeployment(suite_name = ""): ], }] -def setupOcisConfigMaps(suite_name = ""): +def setupOcisConfigMaps(): commands = [ "export KUBECONFIG=%s/kubeconfig-$${DRONE_BUILD_NUMBER}.yaml" % dirs["base"], # Create namespace for oCIS deployment "kubectl create namespace ocis || true", + "kubectl create configmap -n ocis sharing-banned-passwords --from-file=banned-password-list.txt=%s/tests/config/drone/banned-password-list.txt" % dirs["base"], ] - # Only create banned password ConfigMap for sharingNgLinkShare suite - if suite_name == "sharingNgLinkShare": - commands.append( - "kubectl create configmap -n ocis sharing-banned-passwords --from-file=banned-password-list.txt=%s/tests/config/drone/banned-password-list.txt" % dirs["base"], - ) - return [{ "name": "setup-configmaps", "image": K3D_IMAGE, diff --git a/tests/acceptance/features/coreApiSharePublicLink2/enforcePasswordPublicLink.feature b/tests/acceptance/features/coreApiSharePublicLink2/enforcePasswordPublicLink.feature index ef0327fafa1..0cef5d18281 100644 --- a/tests/acceptance/features/coreApiSharePublicLink2/enforcePasswordPublicLink.feature +++ b/tests/acceptance/features/coreApiSharePublicLink2/enforcePasswordPublicLink.feature @@ -36,8 +36,10 @@ Feature: enforce password on public link Scenario Outline: create a public link with viewer permission without a password when enforce-password is enabled Given the following configs have been set: | service | config | value | - | sharing | OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD | false | - | sharing | OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD | true | + | sharing | SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD | false | + | sharing | SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD | true | + | frontend | OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD | false | + | frontend | OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD | true | And user "Alice" has been created with default attributes And user "Alice" has uploaded file with content "test file" to "/testfile.txt" And using OCS API version "" @@ -57,6 +59,8 @@ Feature: enforce password on public link | service | config | value | | sharing | SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD | false | | sharing | SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD | true | + | frontend | OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD | false | + | frontend | OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD | true | And user "Alice" has been created with default attributes And user "Alice" has uploaded file with content "test file" to "/testfile.txt" And using OCS API version "" @@ -179,14 +183,19 @@ Feature: enforce password on public link Scenario Outline: try to update a public link with a password that does not comply with the password policy Given the following configs have been set: - | service | config | value | - | sharing | OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD | false | - | sharing | OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD | true | - | sharing | OCIS_PASSWORD_POLICY_MIN_CHARACTERS | 13 | - | sharing | OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS | 3 | - | sharing | OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS | 2 | - | sharing | OCIS_PASSWORD_POLICY_MIN_DIGITS | 1 | - | sharing | OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 2 | + | service | config | value | + | sharing | SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD | false | + | sharing | SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD | true | + | sharing | SHARING_PASSWORD_POLICY_MIN_CHARACTERS | 13 | + | sharing | SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS | 3 | + | sharing | SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS | 2 | + | sharing | SHARING_PASSWORD_POLICY_MIN_DIGITS | 1 | + | sharing | SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 2 | + | frontend | FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS | 13 | + | frontend | FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS | 3 | + | frontend | FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS | 2 | + | frontend | FRONTEND_PASSWORD_POLICY_MIN_DIGITS | 1 | + | frontend | FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 2 | And user "Alice" has been created with default attributes And user "Alice" has uploaded file with content "test file" to "/testfile.txt" And using OCS API version "" @@ -215,7 +224,10 @@ Feature: enforce password on public link Scenario Outline: create a public link with a password in accordance with the password policy (valid cases) - Given the config "" has been set to "" for "" service + Given the following configs have been set: + | service | config | value | + | sharing | | | + | frontend | | | And using OCS API version "2" And user "Alice" has been created with default attributes And user "Alice" has uploaded file with content "test file" to "/testfile.txt" @@ -230,15 +242,15 @@ Feature: enforce password on public link And the public should not be able to download file "/testfile.txt" from inside the last public link shared folder using the public WebDAV API with password "wrong pass" But the public should be able to download file "/testfile.txt" from inside the last public link shared folder using the public WebDAV API with password "" Examples: - | service | config | config-value | password | - | sharing | OCIS_PASSWORD_POLICY_MIN_CHARACTERS | 4 | Ps-1 | - | sharing | SHARING_PASSWORD_POLICY_MIN_CHARACTERS | 14 | Ps1:with space | - | sharing | SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS | 4 | PS1:test | - | sharing | SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS | 3 | PS1:TeƒsT | - | sharing | SHARING_PASSWORD_POLICY_MIN_DIGITS | 2 | PS1:test2 | - | sharing | SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 2 | PS1:test pass | - | sharing | SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 33 | pS1! #$%&'()*+,-./:;<=>?@[\]^_`{ }~ | - | sharing | SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 5 | 1sameCharacterShouldWork!!!!! | + | sharing-config | frontend-config | config-value | password | + | SHARING_PASSWORD_POLICY_MIN_CHARACTERS | FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS | 4 | Ps-1 | + | SHARING_PASSWORD_POLICY_MIN_CHARACTERS | FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS | 14 | Ps1:with space | + | SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS | FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS | 4 | PS1:test | + | SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS | FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS | 3 | PS1:TeƒsT | + | SHARING_PASSWORD_POLICY_MIN_DIGITS | FRONTEND_PASSWORD_POLICY_MIN_DIGITS | 2 | PS1:test2 | + | SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 2 | PS1:test pass | + | SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 33 | pS1! #$%&'()*+,-./:;<=>?@[\]^_`{ }~ | + | SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 5 | 1sameCharacterShouldWork!!!!! | Scenario Outline: try to create a public link with a password that does not comply with the password policy (invalid cases)