tests: add scripts for creating and deleting domain member

Signed-off-by: Michael Adam <[email protected]>

Author: obnoxxx

tests/common.sh

@@ -5,6 +5,10 @@ BASE_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)"
 
 AD_DEPLOYMENT_YAML="${SCRIPT_DIR}/files/samba-ad-server-deployment.yml"
 AD_DEPLOYMENT_NAME="samba-ad-server"
+MEMBER_POD_YAML="${SCRIPT_DIR}/files/samba-domain-member-pod.yml"
+MEMBER_POD_NAME="samba-dm"
+MEMBER_CM_NAME="samba-container-config"
+MEMBER_SECRET_NAME="ad-join-secret"
 
 KEEP=${KEEP:-0}
 

tests/files/samba-domain-member-pod.yml

@@ -0,0 +1,204 @@
+---
+# Configuration for the samba domain member pod.
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: samba-container-config
+data:
+  config.json: |
+    {
+      "samba-container-config": "v0",
+      "configs": {
+        "sambadm1": {
+          "shares": [
+            "share"
+          ],
+          "globals": [
+            "noprinting",
+            "sambadm1"
+          ],
+          "instance_name": "SMBDM1"
+        }
+      },
+      "shares": {
+        "share": {
+          "options": {
+            "path": "/share",
+            "read only": "no"
+          }
+        }
+      },
+      "_NOTE": "Change the security and workgroup keys to match your domain.",
+      "globals": {
+        "noprinting": {
+          "options": {
+            "load printers": "no",
+            "printing": "bsd",
+            "printcap name": "/dev/null",
+            "disable spoolss": "yes"
+          }
+        },
+        "sambadm1": {
+          "options": {
+            "log level": "10",
+            "security": "ads",
+            "workgroup": "DOMAIN1",
+            "realm": "DOMAIN1.SINK.TEST",
+            "server min protocol": "SMB2",
+            "idmap config * : backend": "autorid",
+            "idmap config * : range": "2000-9999999"
+          }
+        }
+      }
+    }
+---
+# Secret used to pass a AD join password to the winbind pod.
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ad-join-secret
+type: Opaque
+stringData:
+  # Change the value below to match the username and password for a user that
+  # can join systems your test AD Domain
+  join.json: |
+    {"username": "Administrator", "password": "Passw0rd"}
+---
+# The pod itself.
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    app: samba-dm-example
+  name: samba-dm
+spec:
+  shareProcessNamespace: true
+  containers:
+    - image: samba-container:latest
+      # Need imagePullPolicy Never for working with local images.
+      # Otherwise we get "ErrImagePull".
+      imagePullPolicy: Never
+      name: smb
+      command:
+      - "samba-container"
+      - "--debug-delay=1"
+      - "run"
+      - "smbd"
+      env:
+      - name: SAMBACC_CONFIG
+        value: /etc/samba-container/config.json
+      - name: SAMBA_CONTAINER_ID
+        value: sambadm1
+      - name: SAMBACC_VERSION
+        value: "0.1"
+      - name: HOSTNAME
+        value: sambadm1
+      ports:
+      - containerPort: 445
+        hostPort: 455
+        protocol: TCP
+        name: "smb"
+      securityContext:
+        allowPrivilegeEscalation: true
+      volumeMounts:
+      - mountPath: "/share"
+        name: samba-sharedir
+      - mountPath: "/etc/samba-container"
+        name: samba-container-config
+      - mountPath: "/var/lib/samba"
+        name: samba-state-dir
+      - mountPath: "/run/samba/winbindd"
+        name: samba-sockets-dir
+    - image: quay.io/samba.org/samba-server:latest
+      name: winbind
+      command:
+      - "samba-container"
+      - "run"
+      - "winbindd"
+      env:
+      - name: SAMBACC_VERSION
+        value: "0.1"
+      - name: SAMBACC_CONFIG
+        value: /etc/samba-container/config.json
+      - name: SAMBA_CONTAINER_ID
+        value: sambadm1
+      - name: HOSTNAME
+        value: sambadm1
+      securityContext:
+        allowPrivilegeEscalation: true
+      volumeMounts:
+      - mountPath: "/etc/samba-container"
+        name: samba-container-config
+      - mountPath: "/var/lib/samba"
+        name: samba-state-dir
+      - mountPath: "/run/samba/winbindd"
+        name: samba-sockets-dir
+  initContainers:
+    - image: quay.io/samba.org/samba-server:latest
+      name: init
+      args:
+      - "init"
+      env:
+      - name: SAMBACC_VERSION
+        value: "0.1"
+      - name: SAMBACC_CONFIG
+        value: /etc/samba-container/config.json
+      - name: SAMBA_CONTAINER_ID
+        value: sambadm1
+      - name: HOSTNAME
+        value: sambadm1
+      securityContext:
+        allowPrivilegeEscalation: true
+      volumeMounts:
+      - mountPath: "/etc/samba-container"
+        name: samba-container-config
+      - mountPath: "/var/lib/samba"
+        name: samba-state-dir
+    - image: quay.io/samba.org/samba-server:latest
+      name: must-join
+      args:
+      - "must-join"
+      - "--files"
+      - "--join-file=/etc/join-data/join.json"
+      env:
+      - name: SAMBACC_VERSION
+        value: "0.1"
+      - name: SAMBACC_CONFIG
+        value: /etc/samba-container/config.json
+      - name: SAMBA_CONTAINER_ID
+        value: sambadm1
+      - name: HOSTNAME
+        value: sambadm1
+      securityContext:
+        allowPrivilegeEscalation: true
+      volumeMounts:
+      - mountPath: "/etc/samba-container"
+        name: samba-container-config
+      - mountPath: "/var/lib/samba"
+        name: samba-state-dir
+      - mountPath: "/etc/join-data"
+        name: samba-join-data
+        readOnly: true
+  volumes:
+  - configMap:
+      name: samba-container-config
+    name: samba-container-config
+  - secret:
+      secretName: ad-join-secret
+      items:
+      - key: join.json
+        path: join.json
+    name: samba-join-data
+  - emptyDir:
+      medium: Memory
+    name: samba-sockets-dir
+  - emptyDir: {}
+    name: samba-state-dir
+# Comment out the section below to skip using a PVC for the share
+#  - persistentVolumeClaim:
+#      claimName: mypvc
+#    name: samba-sharedir
+# Uncomment the section below to use an empty dir for the share
+  - emptyDir:
+      medium: Memory
+    name: samba-sharedir

tests/test-deploy-ad-member.sh

@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR="$(cd "$(dirname "${0}")" && pwd)"
+
+source "${SCRIPT_DIR}/common.sh"
+
+echo "Creating ad member pod..."
+ERROR_MSG=$(kubectl create -f "${MEMBER_POD_YAML}" 2>&1 1>/dev/null)
+if [ $? -ne 0 ] ; then
+	if [[ "${ERROR_MSG}" =~ "AlreadyExists" ]] ; then
+		echo "pod exists already. Continuing."
+	else
+		_error "Error creating member pod."
+	fi
+fi
+
+kubectl get pod
+
+podname="$(kubectl get pod | grep "${MEMBER_POD_NAME}" | awk '{ print $1 }')"
+[ $? -eq 0 ] || _error "Error getting podname"
+
+echo "Samba ad member pod is $podname"
+
+echo "waiting for pod to be in Running state"
+tries=0
+podstatus="none"
+until [ $tries -ge 120 ] || echo $podstatus | grep -q 'Running'; do
+	sleep 1
+	echo -n "."
+	tries=$(( tries + 1 ))
+	podstatus="$(kubectl get pod $podname -o go-template='{{.status.phase}}')"
+done
+echo
+kubectl get pod
+echo
+echo $podstatus | grep -q 'Running' || _error "Pod did not reach Running state"
+
+echo "waiting for samba to become reachable"
+tries=0
+rc=1
+while [ $tries -lt 120 ] && [ $rc -ne 0 ]; do
+	sleep 1
+	tries=$(( tries + 1 ))
+	kubectl exec "${podname}" -c "smb" -- smbclient -N -L 127.0.0.1 2>/dev/null 1>/dev/null
+	rc=$?
+	echo -n "."
+done
+echo
+[ $rc -eq 0 ] || _error "Error: samba ad did not become reachable"
+
+echo "member setup done"

tests/test-remove-ad-member.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR="$(cd "$(dirname "${0}")" && pwd)"
+
+source "${SCRIPT_DIR}/common.sh"
+
+if [ ${KEEP} -eq 1 ]; then
+	echo "keeping ad member pod (KEEP=1)"
+	exit 0
+fi
+
+echo "removing ad member pod..."
+kubectl delete pod "${MEMBER_POD_NAME}"
+[ $? -eq 0 ] || _error "Error deleting pod"
+echo
+
+kubectl delete cm "${MEMBER_CM_NAME}"
+[ $? -eq 0 ] || _error "Error deleting configmap"
+echo
+
+kubectl delete secret "${MEMBER_SECRET_NAME}"
+[ $? -eq 0 ] || _error "Error deleting secret"
+echo
+
+echo "ad member pod removed"