wireapp · battermann · Feb 8, 2023 · Jan 31, 2023 · Jan 31, 2023 · Jan 31, 2023
diff --git a/.gitignore b/.gitignore
@@ -112,3 +112,6 @@ result-*
 
 /integration-ca-key.pem
 /integration-ca.pem
+
+services/nginz/third_party/headers-more-nginx-module
+services/nginz/third_party/nginx-module-vts
-services/nginz/third_party/headers-more-nginx-module
-services/nginz/third_party/nginx-module-vts
+/services/nginz/third_party/headers-more-nginx-module
+/services/nginz/third_party/nginx-module-vts
-services/nginz/third_party/headers-more-nginx-module
-services/nginz/third_party/nginx-module-vts
+/services/nginz/third_party/headers-more-nginx-module
+/services/nginz/third_party/nginx-module-vts
diff --git a/Makefile b/Makefile
@@ -20,6 +20,7 @@ elasticsearch-ephemeral minio-external cassandra-external						\
 nginx-ingress-controller nginx-ingress-services reaper sftd restund coturn		\
 inbucket k8ssandra-test-cluster
 KIND_CLUSTER_NAME     := wire-server
+HELM_PARALLELISM      ?= 1 # 1 for sequential tests; 6 for all-parallel tests
 
 package ?= all
 EXE_SCHEMA := ./dist/$(package)-schema
@@ -315,15 +316,15 @@ kube-integration:  kube-integration-setup kube-integration-test
 
 .PHONY: kube-integration-setup
 kube-integration-setup: charts-integration
-	export NAMESPACE=$(NAMESPACE); ./hack/bin/integration-setup-federation.sh
+	export NAMESPACE=$(NAMESPACE); export HELM_PARALLELISM=$(HELM_PARALLELISM); ./hack/bin/integration-setup-federation.sh
 
 .PHONY: kube-integration-test
 kube-integration-test:
-	export NAMESPACE=$(NAMESPACE); ./hack/bin/integration-test.sh
+	export NAMESPACE=$(NAMESPACE); export HELM_PARALLELISM=$(HELM_PARALLELISM); ./hack/bin/integration-test.sh
 
 .PHONY: kube-integration-teardown
 kube-integration-teardown:
-	export NAMESPACE=$(NAMESPACE); ./hack/bin/integration-teardown-federation.sh
+	export NAMESPACE=$(NAMESPACE); export HELM_PARALLELISM=$(HELM_PARALLELISM); ./hack/bin/integration-teardown-federation.sh
 
 .PHONY: kube-integration-e2e-telepresence
 kube-integration-e2e-telepresence:

diff --git a/changelog.d/4-docs/federation-error-type b/changelog.d/4-docs/federation-error-type
@@ -0,0 +1 @@
+Extend the docs on the federation error type
diff --git a/changelog.d/4-docs/pr-3038 b/changelog.d/4-docs/pr-3038
@@ -0,0 +1 @@
+Update SAML/SCIM docs
diff --git a/changelog.d/5-internal/deflake-metrics b/changelog.d/5-internal/deflake-metrics
@@ -0,0 +1 @@
+Deflake integration test: metrics
diff --git a/changelog.d/5-internal/federator-log b/changelog.d/5-internal/federator-log
@@ -0,0 +1 @@
+Lower the log level of federator inotify
diff --git a/changelog.d/5-internal/helm-setup b/changelog.d/5-internal/helm-setup
@@ -0,0 +1 @@
+CI integration setup time should be reduced: tweak the way cassandra-ephemeral is started
diff --git a/changelog.d/5-internal/helm-test b/changelog.d/5-internal/helm-test
@@ -0,0 +1 @@
+charts: Mark all service/secret/configmap test resources to be re-created by defining them as helm hooks (#3037, #3049)
diff --git a/changelog.d/5-internal/parallel-helm-tests b/changelog.d/5-internal/parallel-helm-tests
@@ -0,0 +1 @@
+Add config to allow to run helm tests for different services in parallel; improve integration test output logs
diff --git a/charts/brig/templates/tests/brig-integration.yaml b/charts/brig/templates/tests/brig-integration.yaml
@@ -2,6 +2,9 @@ apiVersion: v1
 kind: Service
 metadata:
   name: "brig-integration"
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-delete-policy": before-hook-creation
   labels:
     app: brig-integration
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
@@ -19,7 +22,7 @@ kind: Pod
 metadata:
   name: "{{ .Release.Name }}-brig-integration"
   annotations:
-    "helm.sh/hook": test-success
+    "helm.sh/hook": test
   labels:
     app: brig-integration
     release: {{ .Release.Name }}

diff --git a/charts/brig/templates/tests/configmap.yaml b/charts/brig/templates/tests/configmap.yaml
@@ -2,6 +2,9 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: "brig-integration"
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-delete-policy": before-hook-creation
 data:
   integration.yaml: |
     brig:

diff --git a/charts/brig/templates/tests/nginz-service.yaml b/charts/brig/templates/tests/nginz-service.yaml
@@ -5,6 +5,9 @@ apiVersion: v1
 kind: Service
 metadata:
   name: nginz-integration-http
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-delete-policy": before-hook-creation
 spec:
   type: ClusterIP
   ports:

diff --git a/charts/brig/templates/tests/secret.yaml b/charts/brig/templates/tests/secret.yaml
@@ -2,6 +2,9 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: brig-integration-secrets
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-delete-policy": before-hook-creation
 data:
   # These "secrets" are only used in tests and are therefore safe to be stored unencrypted
   provider-privatekey.pem: |

diff --git a/charts/cargohold/templates/tests/cargohold-integration.yaml b/charts/cargohold/templates/tests/cargohold-integration.yaml
@@ -3,7 +3,7 @@ kind: Pod
 metadata:
   name: "{{ .Release.Name }}-cargohold-integration"
   annotations:
-    "helm.sh/hook": test-success
+    "helm.sh/hook": test
 spec:
   volumes:
     - name: "cargohold-integration"

diff --git a/charts/cargohold/templates/tests/configmap.yaml b/charts/cargohold/templates/tests/configmap.yaml
@@ -2,6 +2,9 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: "cargohold-integration"
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-delete-policy": before-hook-creation
 data:
   integration.yaml: |
     cargohold:

diff --git a/charts/cassandra-ephemeral/values.yaml b/charts/cassandra-ephemeral/values.yaml
@@ -22,3 +22,14 @@ cassandra-ephemeral:
     seed_size: 1
     max_heap_size: 2048M
     heap_new_size: 1024M
+
+  livenessProbe:
+    initialDelaySeconds: 10
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 15
+  readinessProbe:
+    initialDelaySeconds: 10
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 15
diff --git a/charts/federator/templates/tests/configmap.yaml b/charts/federator/templates/tests/configmap.yaml
@@ -2,6 +2,9 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: "federator-integration"
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-delete-policy": before-hook-creation
 data:
   integration.yaml: |
     federatorInternal:

diff --git a/charts/federator/templates/tests/federator-integration.yaml b/charts/federator/templates/tests/federator-integration.yaml
@@ -3,7 +3,7 @@ kind: Pod
 metadata:
   name: "{{ .Release.Name }}-federator-integration"
   annotations:
-    "helm.sh/hook": test-success
+    "helm.sh/hook": test
 spec:
   volumes:
     - name: "federator-integration"

diff --git a/charts/galley/templates/configmap.yaml b/charts/galley/templates/configmap.yaml
@@ -72,6 +72,9 @@ data:
       {{- if .settings.disabledAPIVersions }}
       disabledAPIVersions: {{ .settings.disabledAPIVersions }}
       {{- end }}
+      {{- if $.Values.secrets.oauthPublicJwk }}
+      oauthPublicJwk: /etc/wire/galley/secrets/public_jwk_oauth.json
+      {{- end }}      
       {{- if .settings.featureFlags }}
       featureFlags:
         sso: {{ .settings.featureFlags.sso }}

diff --git a/charts/galley/templates/deployment.yaml b/charts/galley/templates/deployment.yaml
@@ -26,7 +26,7 @@ spec:
         # An annotation of the configmap checksum ensures changes to the configmap cause a redeployment upon `helm upgrade`
         checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }}
         checksum/aws-secret: {{ include (print .Template.BasePath "/aws-secret.yaml") . | sha256sum }}
-        checksum/mls-secret: {{ include (print .Template.BasePath "/mls-secret.yaml") . | sha256sum }}
+        checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }}
     spec:
       serviceAccountName: {{ .Values.serviceAccount.name }}
       volumes:
@@ -35,7 +35,7 @@ spec:
             name: "galley"
         - name: "galley-secrets"
           secret:
-            secretName: "galley-mls"
+            secretName: "galley"
       containers:
         - name: galley
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"

diff --git a/charts/galley/templates/mls-secret.yaml → charts/galley/templates/secret.yaml b/charts/galley/templates/mls-secret.yaml → charts/galley/templates/secret.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: galley-mls
+  name: galley
   labels:
     app: galley
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
@@ -14,3 +14,6 @@ data:
   removal_ed25519.pem: {{ .Values.secrets.mlsPrivateKeys.removal.ed25519 | b64enc | quote }}
   {{- end -}}
   {{- end -}}
+  {{- if .Values.secrets.oauthPublicJwk }}
+  public_jwk_oauth.json: {{ .Values.secrets.oauthPublicJwk | b64enc | quote }}
+  {{- end -}}  
diff --git a/charts/galley/templates/tests/configmap.yaml b/charts/galley/templates/tests/configmap.yaml
@@ -2,6 +2,9 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: "galley-integration"
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-delete-policy": before-hook-creation
 data:
   integration.yaml: |
     galley:

diff --git a/charts/galley/templates/tests/galley-integration.yaml b/charts/galley/templates/tests/galley-integration.yaml
@@ -2,6 +2,9 @@ apiVersion: v1
 kind: Service
 metadata:
   name: "galley-integration"
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-delete-policy": before-hook-creation
   labels:
     app: galley-integration
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
@@ -19,7 +22,7 @@ kind: Pod
 metadata:
   name: "{{ .Release.Name }}-galley-integration"
   annotations:
-    "helm.sh/hook": test-success
+    "helm.sh/hook": test
   labels:
     app: galley-integration
     release: {{ .Release.Name }}
@@ -36,7 +39,7 @@ spec:
         name: "galley-integration-secrets"
     - name: "galley-secrets"
       secret:
-        secretName: "galley-mls"
+        secretName: "galley"
   containers:
   - name: integration
     image: "{{ .Values.image.repository }}-integration:{{ .Values.image.tag }}"

diff --git a/charts/galley/templates/tests/secret.yaml b/charts/galley/templates/tests/secret.yaml
@@ -2,6 +2,9 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: galley-integration-secrets
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-delete-policy": before-hook-creation
 data:
   # These "secrets" are only used in tests and are therefore safe to be stored unencrypted
   provider-privatekey.pem: |

diff --git a/charts/gundeck/templates/tests/configmap.yaml b/charts/gundeck/templates/tests/configmap.yaml
@@ -2,6 +2,9 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: "gundeck-integration"
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-delete-policy": before-hook-creation
 data:
   integration.yaml: |
     gundeck:

diff --git a/charts/gundeck/templates/tests/gundeck-integration.yaml b/charts/gundeck/templates/tests/gundeck-integration.yaml
@@ -3,7 +3,7 @@ kind: Pod
 metadata:
   name: "{{ .Release.Name }}-gundeck-integration"
   annotations:
-    "helm.sh/hook": test-success
+    "helm.sh/hook": test
 spec:
   volumes:
     - name: "gundeck-integration"

diff --git a/charts/nginz/values.yaml b/charts/nginz/values.yaml
@@ -429,6 +429,7 @@ nginx_conf:
       envs:
       - all
       doc: true
+      enable_oauth: true
     - path: /legalhold/conversations/(.*)
       envs:
       - all
@@ -500,6 +501,7 @@ nginx_conf:
     - path: /feature-configs(.*)
       envs:
       - all
+      enable_oauth: true
     - path: /galley-api/swagger-ui
       disable_zauth: true
       envs:

diff --git a/charts/spar/templates/tests/configmap.yaml b/charts/spar/templates/tests/configmap.yaml
@@ -2,6 +2,9 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: "spar-integration"
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-delete-policy": before-hook-creation
 data:
   integration.yaml: |
     brig:

diff --git a/charts/spar/templates/tests/spar-integration.yaml b/charts/spar/templates/tests/spar-integration.yaml
@@ -3,7 +3,7 @@ kind: Pod
 metadata:
   name: "{{ .Release.Name }}-spar-integration"
   annotations:
-    "helm.sh/hook": test-success
+    "helm.sh/hook": test
   labels:
     app: spar-integration
     release: {{ .Release.Name }}

diff --git a/docs/src/developer/reference/config-options.md b/docs/src/developer/reference/config-options.md
@@ -54,6 +54,16 @@ certificate, is to run the following command:
 openssl req -nodes -newkey ed25519 -keyout ed25519.pem -out /dev/null -subj /
 ```
 
+### Public JWK for OAuth
+
+Set the path to the public JWK key for OAuth like this:
+
+```yml
+# [galley.yaml]
+settings:
+  oauthPublicJwk: test/resources/oauth/ed25519_public_jwk.json
+```
+
 ## Feature flags
 
 > Also see [Wire docs](https://docs.wire.com/how-to/install/team-feature-settings.html) where some of the feature flags are documented from an operations point of view.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Deflake integration test: metrics
Copy link Contributor fisx Feb 8, 2023 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. same here. am i reading the wrong diff?
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		CI integration setup time should be reduced: tweak the way cassandra-ephemeral is started
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		charts: Mark all service/secret/configmap test resources to be re-created by defining them as helm hooks (#3037, #3049)
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Add config to allow to run helm tests for different services in parallel; improve integration test output logs