-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix CI build #333
Merged
Merged
Fix CI build #333
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
instead of polluting devs machine, let's rely on a docker container to spin up the service relies on osixia/openldap:1.3.0. Customizes a few things: - adds the seed on bootstrap - does not enforce client certificate - sets a hostname to avoid domain verification issues during handshake The cert domain is also added to /etc/hosts
anonymous access is not enabled in this setup, so every test needs to perform authentication first
I couldn't manage to get the container running with a cert issued to a given IP, like 127.0.0.1 or localhost. Instead, I specified a static hostname (the container uses hostname to generate the cert) and injected it in travis. Unfortunately, in local development this means changing /etc/hosts, but I feel that's a better option that having to install LDAP locally
so that all retcode tests succeed
it's a little price to pay in the current setup and allows us to have the same tests locally and dev.
all environments run the same set of tests, no env specific test
so that we are able to run a test that does not specific CACERT and so the library fallsback to system cert store
I'm not sure how to enable this in Travis
with the dockerized test openldap server, none of this is needed
the container uses HOSTNAME to generate the cert, and it really didn't like "localhost" as hostname. As a workaround, I had to add an arbitrary hostname. There may be other alternatives to get the host to be known, but the most obvious is modifying /etc/hosts
def test_bind_tls_with_multiple_hosts | ||
omit_unless ENV['TRAVIS'] == 'true' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
:) 👌🏽
mtodd
approved these changes
Nov 15, 2019
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💯 to moving to relying on Docker for the OpenLDAP dependency. And thanks for breaking down the decisions and tradeoffs!
Co-Authored-By: Matt Todd <[email protected]>
This was referenced Jan 24, 2023
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implement development/CI environment based on docker
Master CI build recently broke. The
install-openldap
script is very complex and assumes a specific environment. This is clearly not completely isolated from the fact that new versions of packages may be backported to the distribution used. I suspect this is what happened (noticed builds started breaking with a new version ofslapd
).Instead of fixing the script, I decided I could reuse open-source maintained OpenLDAP docker containers. The https://github.com/osixia/docker-openldap project handles a lot of the work performed by
install-openldap
. As a consequence. we can remove a lot of stuff from this repo:script/install-openldap
script/generate-fixture-ca
test/support
(vagrant stuff)In general, it's a lot of less code to maintain, and less code that can break as dependencies change.
Docker is also fairly ubiquitous in CI systems, and it would help closing the gap between CI and local development environment. Travis supports it nicely and it could open the door to adopt GitHub Actions too?
Extra niceties
The not so nice part
/etc/hosts
. I feel it's a small price to pay to simplify the setup considerably, but I'll try to explore alternatives (if I managed to name the containers hostnamelocalhost
it would get fixed)TODO
/etc/hosts
for integration tests