Commit b2b110b0 authored by Alexis Deruelle's avatar Alexis Deruelle
Browse files

ci: add proxy usage test cases 

Add two test jobs:

- test-token-with-proxy-succeeds: gcp-auth-provider should honor
  http_proxy or https_proxy variables and use it if pipeline runs on a
  runner with no direct Internet access.

- test-token-with-proxy-unavail-fails: gcp-auth-provider should fail if
  a proxy is set but the proxy is not available.

The first test currently passes as the Gitlab runner has direct Internet
access, when proxy environment variables are honnored the test would
fail if proxy handling were defective.

The second test currently fails as http proxy variables are not honored
and gcp-auth-provider still uses direct Internet access and returns a
status 200 instead of 500 as expected.
parent fd353bc9

.gitlab-ci.yml

+30 −0
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ variables: 
  VALID_GCP_OIDC_ACCOUNT: $GCP_OIDC_ACCOUNT

  DOCKER_BUILD_ARGS: "--cache-ttl=6h"

  DOCKER_PROD_PUBLISH_STRATEGY: "auto"

  PROXYPY_IMAGE: "registry.hub.docker.com/abhinavsingh/proxy.py:v2.4.3"



.test-scripts: &test-scripts |

  # BEGSCRIPT
@@ -127,6 +128,7 @@ test-token-succeeds: 
  extends: .test-base

  variables:

    CI_JOB_JWT_V2: $CI_JOB_JWT_V2

    FF_NETWORK_PER_BUILD: 1



  services:

    - name: "$DOCKER_SNAPSHOT_IMAGE"
@@ -149,3 +151,31 @@ test-token-succeeds: 
    - if: $CI_SERVER_HOST != "gitlab.com"

      when: never

    - if: '$GCP_OIDC_ACCOUNT && $GCP_OIDC_PROVIDER'



# test: get token with valid OIDC account and provider through proxy shall succeed

test-token-with-proxy-succeeds:

  extends: test-token-succeeds

  services:

    - name: "$DOCKER_SNAPSHOT_IMAGE"

      alias: "gcp-auth-provider"

      variables:

        GCP_OIDC_PROVIDER: $VALID_GCP_OIDC_PROVIDER

        GCP_OIDC_ACCOUNT: $VALID_GCP_OIDC_ACCOUNT

        https_proxy: "http://proxy:8899"

    - name: "$PROXYPY_IMAGE"

      alias: "proxy"



# test: get token with valid OIDC with proxy not available should fail

test-token-with-proxy-unavail-fails:

  extends: test-token-succeeds

  services:

    - name: "$DOCKER_SNAPSHOT_IMAGE"

      alias: "gcp-auth-provider"

      variables:

        GCP_OIDC_PROVIDER: $VALID_GCP_OIDC_PROVIDER

        GCP_OIDC_ACCOUNT: $VALID_GCP_OIDC_ACCOUNT

        https_proxy: "http://no-proxy-host"

  script:

    - |

      response_status=$(curl -s -o "resp.txt" -w "%{http_code}" "http://gcp-auth-provider/token")

      assert_eq "500" $response_status "$(cat resp.txt)"