Skip to content

[tests-only][full-ci] Test: run Core-API-3 test suite over k8s #11823

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Ashim-Stha merged 1 commit into from
Dec 29, 2025
Merged

[tests-only][full-ci] Test: run Core-API-3 test suite over k8s #11823

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 14 additions & 20 deletions .drone.star
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -329,6 +329,7 @@ config = {
],
"skip": False,
"withRemotePhp": [False],
"k8s": True,
},
"4": {
"suites": [
Expand Down Expand Up @@ -1120,7 +1121,7 @@ def localApiTestPipeline(ctx):
([] if run_on_k8s else restoreBuildArtifactCache(ctx, "ocis-binary-amd64", "ocis/bin")) +
(tikaService() if params["tikaNeeded"] and not run_on_k8s else tikaServiceK8s() if params["tikaNeeded"] and run_on_k8s else []) +
(waitForServices("online-offices", ["collabora:9980", "onlyoffice:443", "fakeoffice:8080"]) if params["collaborationServiceNeeded"] else []) +
(waitK3sCluster() + (enableAntivirusServiceK8s() if params["antivirusNeeded"] and run_on_k8s else []) + (emailServiceK8s() if params["emailNeeded"] and run_on_k8s else []) + prepareOcisDeployment(name) + setupOcisConfigMaps(name) + deployOcis() + waitForOcis(ocis_url = ocis_url) + ociswrapper() + waitForOciswrapper() if run_on_k8s else ocisServer(storage, extra_server_environment = params["extraServerEnvironment"], with_wrapper = True, tika_enabled = params["tikaNeeded"], volumes = ([stepVolumeOcisStorage]))) +
(waitK3sCluster() + (enableAntivirusServiceK8s() if params["antivirusNeeded"] and run_on_k8s else []) + (emailServiceK8s() if params["emailNeeded"] and run_on_k8s else []) + prepareOcisDeployment() + setupOcisConfigMaps() + deployOcis() + waitForOcis(ocis_url = ocis_url) + ociswrapper() + waitForOciswrapper() if run_on_k8s else ocisServer(storage, extra_server_environment = params["extraServerEnvironment"], with_wrapper = True, tika_enabled = params["tikaNeeded"], volumes = ([stepVolumeOcisStorage]))) +
(waitForClamavService() if params["antivirusNeeded"] and not run_on_k8s else exposeAntivirusServiceK8s() if params["antivirusNeeded"] and run_on_k8s else []) +
(waitForEmailService() if params["emailNeeded"] and not run_on_k8s else exposeEmailServiceK8s() if params["emailNeeded"] and run_on_k8s else []) +
(ocisServer(storage, deploy_type = "federation", extra_server_environment = params["extraServerEnvironment"]) if params["federationServer"] else []) +
Expand Down Expand Up @@ -1422,7 +1423,7 @@ def coreApiTestPipeline(ctx):
(tikaService() if params["tikaNeeded"] else []) +
(waitForClamavService() if params["antivirusNeeded"] else []) +
(waitForEmailService() if params["emailNeeded"] else []) +
(waitK3sCluster() + prepareOcisDeployment(name) + setupOcisConfigMaps(name) + deployOcis() + waitForOcis(ocis_url = ocis_url) + ociswrapper() + waitForOciswrapper() if run_on_k8s else ocisServer(storage, extra_server_environment = params["extraServerEnvironment"], with_wrapper = True, tika_enabled = params["tikaNeeded"], volumes = ([stepVolumeOcisStorage]))) +
(waitK3sCluster() + prepareOcisDeployment() + setupOcisConfigMaps() + deployOcis() + waitForOcis(ocis_url = ocis_url) + ociswrapper() + waitForOciswrapper() if run_on_k8s else ocisServer(storage, extra_server_environment = params["extraServerEnvironment"], with_wrapper = True, tika_enabled = params["tikaNeeded"], volumes = ([stepVolumeOcisStorage]))) +
[
{
"name": "run-api-tests",
Expand Down Expand Up @@ -3824,7 +3825,7 @@ def waitK3sCluster():
],
}]

def prepareOcisDeployment(suite_name = ""):
def prepareOcisDeployment():
commands = [
"make -C %s build" % dirs["ocisWrapper"],
"mv %s/tests/config/drone/k8s/values.yaml %s/ocis-charts/charts/ocis/ci/deployment-values.yaml" % (dirs["base"], dirs["base"]),
Expand All @@ -3834,18 +3835,16 @@ def prepareOcisDeployment(suite_name = ""):
"sed -i '/- name: IDM_ADMIN_PASSWORD/{n;N;N;N;d;}' ./charts/ocis/templates/idm/deployment.yaml",
"sed -i '/- name: IDM_ADMIN_PASSWORD/a\\\\\\n value: \"admin\"' ./charts/ocis/templates/idm/deployment.yaml",
"sed -i '/- name: PROXY_HTTP_ADDR/i\\\\ - name: PROXY_ENABLE_BASIC_AUTH\\\n value: \"true\"' ./charts/ocis/templates/proxy/deployment.yaml",
"sed -i 's|/etc/ocis/sharing-banned-passwords.txt|config/drone/banned-password-list.txt|' ./charts/ocis/templates/sharing/deployment.yaml",
"sed -i 's|- name: configs|- name: banned-passwords|' ./charts/ocis/templates/sharing/deployment.yaml",
"sed -i 's|mountPath: /etc/ocis$|mountPath: /etc/ocis/config/drone|' ./charts/ocis/templates/sharing/deployment.yaml",
"sed -i 's|name: sharing-banned-passwords-{{ .appName }}|name: sharing-banned-passwords|' ./charts/ocis/templates/sharing/deployment.yaml",
"sed -i 's|/etc/ocis/sharing-banned-passwords.txt|config/drone/banned-password-list.txt|' ./charts/ocis/templates/frontend/deployment.yaml",
"sed -i 's|- name: configs|- name: banned-passwords|' ./charts/ocis/templates/frontend/deployment.yaml",
"sed -i 's|mountPath: /etc/ocis$|mountPath: /etc/ocis/config/drone|' ./charts/ocis/templates/frontend/deployment.yaml",
"sed -i 's|name: sharing-banned-passwords-{{ .appName }}|name: sharing-banned-passwords|' ./charts/ocis/templates/frontend/deployment.yaml",
]

# Only add banned password patches for sharingNgLinkShare suite
if suite_name == "sharingNgLinkShare":
commands.extend([
# Patch sharing deployment for banned password list
"sed -i 's|/etc/ocis/sharing-banned-passwords.txt|/etc/ocis/config/drone/banned-password-list.txt|' ./charts/ocis/templates/sharing/deployment.yaml",
"sed -i 's|- name: configs|- name: banned-passwords|' ./charts/ocis/templates/sharing/deployment.yaml",
"sed -i 's|mountPath: /etc/ocis$|mountPath: /etc/ocis/config/drone|' ./charts/ocis/templates/sharing/deployment.yaml",
"sed -i 's|name: sharing-banned-passwords-{{ .appName }}|name: sharing-banned-passwords|' ./charts/ocis/templates/sharing/deployment.yaml",
])

return [{
"name": "prepare-ocis-deployment",
"image": "owncloudci/golang:latest",
Expand All @@ -3858,19 +3857,14 @@ def prepareOcisDeployment(suite_name = ""):
],
}]

def setupOcisConfigMaps(suite_name = ""):
def setupOcisConfigMaps():
commands = [
"export KUBECONFIG=%s/kubeconfig-$${DRONE_BUILD_NUMBER}.yaml" % dirs["base"],
# Create namespace for oCIS deployment
"kubectl create namespace ocis || true",
"kubectl create configmap -n ocis sharing-banned-passwords --from-file=banned-password-list.txt=%s/tests/config/drone/banned-password-list.txt" % dirs["base"],
]

# Only create banned password ConfigMap for sharingNgLinkShare suite
if suite_name == "sharingNgLinkShare":
commands.append(
"kubectl create configmap -n ocis sharing-banned-passwords --from-file=banned-password-list.txt=%s/tests/config/drone/banned-password-list.txt" % dirs["base"],
)

return [{
"name": "setup-configmaps",
"image": K3D_IMAGE,
Expand Down
52 changes: 32 additions & 20 deletions tests/acceptance/features/coreApiSharePublicLink2/enforcePasswordPublicLink.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,10 @@ Feature: enforce password on public link
Scenario Outline: create a public link with viewer permission without a password when enforce-password is enabled
Given the following configs have been set:
| service | config | value |
| sharing | OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD | false |
| sharing | OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD | true |
| sharing | SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD | false |
| sharing | SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD | true |
| frontend | OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD | false |
| frontend | OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD | true |
And user "Alice" has been created with default attributes
And user "Alice" has uploaded file with content "test file" to "/testfile.txt"
And using OCS API version "<ocs-api-version>"
Expand All @@ -57,6 +59,8 @@ Feature: enforce password on public link
| service | config | value |
| sharing | SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD | false |
| sharing | SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD | true |
| frontend | OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD | false |
| frontend | OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD | true |
And user "Alice" has been created with default attributes
And user "Alice" has uploaded file with content "test file" to "/testfile.txt"
And using OCS API version "<ocs-api-version>"
Expand Down Expand Up @@ -179,14 +183,19 @@ Feature: enforce password on public link

Scenario Outline: try to update a public link with a password that does not comply with the password policy
Given the following configs have been set:
| service | config | value |
| sharing | OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD | false |
| sharing | OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD | true |
| sharing | OCIS_PASSWORD_POLICY_MIN_CHARACTERS | 13 |
| sharing | OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS | 3 |
| sharing | OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS | 2 |
| sharing | OCIS_PASSWORD_POLICY_MIN_DIGITS | 1 |
| sharing | OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 2 |
| service | config | value |
| sharing | SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD | false |
| sharing | SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD | true |
| sharing | SHARING_PASSWORD_POLICY_MIN_CHARACTERS | 13 |
| sharing | SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS | 3 |
| sharing | SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS | 2 |
| sharing | SHARING_PASSWORD_POLICY_MIN_DIGITS | 1 |
| sharing | SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 2 |
| frontend | FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS | 13 |
| frontend | FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS | 3 |
| frontend | FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS | 2 |
| frontend | FRONTEND_PASSWORD_POLICY_MIN_DIGITS | 1 |
| frontend | FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 2 |
And user "Alice" has been created with default attributes
And user "Alice" has uploaded file with content "test file" to "/testfile.txt"
And using OCS API version "<ocs-api-version>"
Expand Down Expand Up @@ -215,7 +224,10 @@ Feature: enforce password on public link


Scenario Outline: create a public link with a password in accordance with the password policy (valid cases)
Given the config "<config>" has been set to "<config-value>" for "<service>" service
Given the following configs have been set:
| service | config | value |
| sharing | <sharing-config> | <config-value> |
| frontend | <frontend-config> | <config-value> |
And using OCS API version "2"
And user "Alice" has been created with default attributes
And user "Alice" has uploaded file with content "test file" to "/testfile.txt"
Expand All @@ -230,15 +242,15 @@ Feature: enforce password on public link
And the public should not be able to download file "/testfile.txt" from inside the last public link shared folder using the public WebDAV API with password "wrong pass"
But the public should be able to download file "/testfile.txt" from inside the last public link shared folder using the public WebDAV API with password "<password>"
Examples:
| service | config | config-value | password |
| sharing | OCIS_PASSWORD_POLICY_MIN_CHARACTERS | 4 | Ps-1 |
| sharing | SHARING_PASSWORD_POLICY_MIN_CHARACTERS | 14 | Ps1:with space |
| sharing | SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS | 4 | PS1:test |
| sharing | SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS | 3 | PS1:TeƒsT |
| sharing | SHARING_PASSWORD_POLICY_MIN_DIGITS | 2 | PS1:test2 |
| sharing | SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 2 | PS1:test pass |
| sharing | SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 33 | pS1! #$%&'()*+,-./:;<=>?@[\]^_`{ }~ |
| sharing | SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 5 | 1sameCharacterShouldWork!!!!! |
| sharing-config | frontend-config | config-value | password |
| SHARING_PASSWORD_POLICY_MIN_CHARACTERS | FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS | 4 | Ps-1 |
| SHARING_PASSWORD_POLICY_MIN_CHARACTERS | FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS | 14 | Ps1:with space |
| SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS | FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS | 4 | PS1:test |
| SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS | FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS | 3 | PS1:TeƒsT |
| SHARING_PASSWORD_POLICY_MIN_DIGITS | FRONTEND_PASSWORD_POLICY_MIN_DIGITS | 2 | PS1:test2 |
| SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 2 | PS1:test pass |
| SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 33 | pS1! #$%&'()*+,-./:;<=>?@[\]^_`{ }~ |
| SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS | 5 | 1sameCharacterShouldWork!!!!! |


Scenario Outline: try to create a public link with a password that does not comply with the password policy (invalid cases)
Expand Down