mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-23 12:37:00 +01:00
fixing up the integration script (#2392)
This commit is contained in:
James Hodgkinson
GitHub
parent
83727b21c7
commit
0e50451715
17
.github/workflows/debian_package_kanidm.yml
vendored
17
.github/workflows/debian_package_kanidm.yml
vendored
|
|
@ -18,12 +18,14 @@ jobs:
|
|||
strategy:
|
||||
matrix:
|
||||
image:
|
||||
- ubuntu:22.04
|
||||
- debian:12
|
||||
- name: ubuntu
|
||||
version: 22.04
|
||||
- name: debian
|
||||
version: 12
|
||||
fail-fast: false
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: ${{ matrix.image }}
|
||||
image: "${{ matrix.image.name }}:${{ matrix.image.version }}"
|
||||
env:
|
||||
DEBIAN_FRONTEND: noninteractive
|
||||
steps:
|
||||
|
|
@ -45,10 +47,11 @@ jobs:
|
|||
run: cargo install wasm-pack
|
||||
- name: Build packages (kanidm-unixd)
|
||||
run: make -f platform/debian/Makefile debs/kanidm-unixd
|
||||
|
||||
- name: Upload debs
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: ubuntu-packages
|
||||
name: "${{ matrix.image.name }}${{ matrix.image.version }}"
|
||||
path: |
|
||||
target/*.deb
|
||||
upload-to-releases:
|
||||
|
|
@ -59,15 +62,12 @@ jobs:
|
|||
name: Upload to releases
|
||||
needs: build-deb-package
|
||||
runs-on: ubuntu-latest
|
||||
if: ${{ github.ref == 'refs/heads/master' && github.repository == 'kanidm/kanidm' }}
|
||||
steps:
|
||||
- name: Download previously built debs
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
name: ubuntu-packages
|
||||
- name: List packages
|
||||
run: |
|
||||
ls
|
||||
find $(pwd) -name '*.deb'
|
||||
- uses: "marvinpinto/action-automatic-releases@latest"
|
||||
with:
|
||||
repo_token: "${{ secrets.GITHUB_TOKEN }}"
|
||||
|
|
@ -75,3 +75,4 @@ jobs:
|
|||
prerelease: true
|
||||
title: ".deb Packages"
|
||||
files: "*.deb"
|
||||
if: ${{ github.ref == 'refs/heads/master' && github.repository == 'kanidm/kanidm' }}
|
||||
2
.github/workflows/kanidm_individual_book.yml
vendored
2
.github/workflows/kanidm_individual_book.yml
vendored
|
|
@ -80,7 +80,7 @@ jobs:
|
|||
# https://github.com/actions/upload-artifact
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: individual
|
||||
name: "individual${{inputs.tag }}"
|
||||
path: ${{inputs.tag }}.tar.gz
|
||||
env:
|
||||
ACTIONS_RUNNER_DEBUG: true
|
||||
|
|
|
|||
|
|
@ -83,76 +83,65 @@ if [ "${REMOVE_TEST_DB}" -eq 1 ]; then
|
|||
rm /tmp/kanidm/kanidm.db || true
|
||||
fi
|
||||
|
||||
echo "Resetting the admin user..."
|
||||
${KANIDMD} recover-account admin -o json 2>&1
|
||||
ADMIN_PASS_STR="$(${KANIDMD} recover-account admin -o json 2>&1)"
|
||||
ADMIN_PASS=$(echo "${ADMIN_PASS_STR}" | rg password | jq -r .password)
|
||||
if [ -z "${ADMIN_PASS}" ] || [ "${ADMIN_PASS}" == "null " ]; then
|
||||
echo "Failed to reset admin password!"
|
||||
echo "${ADMIN_PASS_STR}"
|
||||
exit 1
|
||||
fi
|
||||
IDM_ADMIN_USER="idm_admin@localhost"
|
||||
|
||||
|
||||
echo "admin pass: '${ADMIN_PASS}'"
|
||||
echo "Resetting the idm_admin user..."
|
||||
IDM_ADMIN_PASS=$(${KANIDMD} recover-account idm_admin -o json 2>&1 | rg password | jq -r .password)
|
||||
if [ -z "${IDM_ADMIN_PASS}" ] || [ "${IDM_ADMIN_PASS}" == "null " ]; then
|
||||
echo "Failed to reset admin password!"
|
||||
echo "Failed to reset idm_admin password!"
|
||||
exit 1
|
||||
fi
|
||||
echo "idm_admin pass: '${IDM_ADMIN_PASS}'"
|
||||
|
||||
echo "login with admin"
|
||||
${KANIDM} login -D admin --password "${ADMIN_PASS}"
|
||||
echo "login with idm_admin"
|
||||
${KANIDM} login -D idm_admin --password "${IDM_ADMIN_PASS}"
|
||||
${KANIDM} login -D "${IDM_ADMIN_USER}" --password "${IDM_ADMIN_PASS}"
|
||||
|
||||
# create group test_users
|
||||
${KANIDM} group create "${TEST_GROUP}" -D idm_admin
|
||||
${KANIDM} group create "${TEST_GROUP}" -D "${IDM_ADMIN_USER}"
|
||||
|
||||
# create testuser (person)
|
||||
${KANIDM} person create "${TEST_USER_NAME}" "${TEST_USER_DISPLAY}" -D idm_admin
|
||||
${KANIDM} person create "${TEST_USER_NAME}" "${TEST_USER_DISPLAY}" -D "${IDM_ADMIN_USER}"
|
||||
|
||||
echo "Adding ${TEST_USER_NAME} to ${TEST_GROUP}"
|
||||
${KANIDM} group add-members "${TEST_GROUP}" "${TEST_USER_NAME}" -D idm_admin
|
||||
${KANIDM} group add-members "${TEST_GROUP}" "${TEST_USER_NAME}" -D "${IDM_ADMIN_USER}"
|
||||
|
||||
echo "Enable experimental UI for admin idm_admin ${TEST_USER_NAME}"
|
||||
${KANIDM} group add-members idm_ui_enable_experimental_features admin idm_admin "${TEST_USER_NAME}" -D idm_admin
|
||||
${KANIDM} group add-members idm_ui_enable_experimental_features "${IDM_ADMIN_USER}" "${TEST_USER_NAME}" -D "${IDM_ADMIN_USER}"
|
||||
|
||||
# create oauth2 rp for kanidm.com
|
||||
echo "Creating the kanidm.com OAuth2 RP"
|
||||
${KANIDM} system oauth2 create "kanidm_com" "Kanidm.com" "https://kanidm.com" -D admin
|
||||
${KANIDM} system oauth2 create "kanidm_com" "Kanidm.com" "https://kanidm.com" -D "${IDM_ADMIN_USER}"
|
||||
echo "Creating the kanidm.com OAuth2 RP Scope Map"
|
||||
${KANIDM} system oauth2 update-scope-map "kanidm_com" "${TEST_GROUP}" openid -D admin
|
||||
${KANIDM} system oauth2 update-scope-map "kanidm_com" "${TEST_GROUP}" openid -D "${IDM_ADMIN_USER}"
|
||||
echo "Creating the kanidm.com OAuth2 RP Supplemental Scope Map"
|
||||
${KANIDM} system oauth2 update-sup-scope-map "kanidm_com" "${TEST_GROUP}" admin -D admin
|
||||
${KANIDM} system oauth2 update-sup-scope-map "kanidm_com" "${TEST_GROUP}" admin -D "${IDM_ADMIN_USER}"
|
||||
|
||||
|
||||
# create oauth2 rp for localhost:10443 - for oauth2 proxy testing
|
||||
echo "Creating the ${OAUTH2_RP_ID} OAuth2 RP"
|
||||
${KANIDM} system oauth2 create "${OAUTH2_RP_ID}" "${OAUTH2_RP_DISPLAY}" "https://localhost:10443" -D admin
|
||||
${KANIDM} system oauth2 create "${OAUTH2_RP_ID}" "${OAUTH2_RP_DISPLAY}" "https://localhost:10443" -D "${IDM_ADMIN_USER}"
|
||||
echo "Creating the ${OAUTH2_RP_ID} OAuth2 RP Scope Map - Group ${TEST_GROUP}"
|
||||
${KANIDM} system oauth2 update-scope-map "${OAUTH2_RP_ID}" "${TEST_GROUP}" openid -D admin
|
||||
${KANIDM} system oauth2 update-scope-map "${OAUTH2_RP_ID}" "${TEST_GROUP}" openid -D "${IDM_ADMIN_USER}"
|
||||
echo "Creating the ${OAUTH2_RP_ID} OAuth2 RP Supplemental Scope Map"
|
||||
${KANIDM} system oauth2 update-sup-scope-map "${OAUTH2_RP_ID}" "${TEST_GROUP}" admin -D admin
|
||||
${KANIDM} system oauth2 update-sup-scope-map "${OAUTH2_RP_ID}" "${TEST_GROUP}" admin -D "${IDM_ADMIN_USER}"
|
||||
|
||||
echo "Creating the OAuth2 RP Secondary Supplemental Crab-baite Scope Map.... wait, no that's not a thing."
|
||||
|
||||
echo "Checking the OAuth2 RP Exists"
|
||||
${KANIDM} system oauth2 list -D admin | rg -A10 "${OAUTH2_RP_ID}"
|
||||
${KANIDM} system oauth2 list -D "${IDM_ADMIN_USER}" | rg -A10 "${OAUTH2_RP_ID}"
|
||||
|
||||
# config auth2
|
||||
echo "Pulling secret for the ${OAUTH2_RP_ID} OAuth2 RP"
|
||||
OAUTH2_SECRET="$(${KANIDM} system oauth2 show-basic-secret -o json "${OAUTH2_RP_ID}" -D admin)"
|
||||
OAUTH2_SECRET="$(${KANIDM} system oauth2 show-basic-secret -o json "${OAUTH2_RP_ID}" -D "${IDM_ADMIN_USER}")"
|
||||
echo "${OAUTH2_SECRET}"
|
||||
|
||||
echo "Creating cred reset link for ${TEST_USER_NAME}"
|
||||
${KANIDM} person credential create-reset-token "${TEST_USER_NAME}" -D idm_admin
|
||||
${KANIDM} person credential create-reset-token "${TEST_USER_NAME}" -D "${IDM_ADMIN_USER}"
|
||||
|
||||
echo "Done!"
|
||||
|
||||
echo "###################################"
|
||||
echo "admin password: ${ADMIN_PASS}"
|
||||
echo "idm_admin password: ${IDM_ADMIN_PASS}"
|
||||
echo "UI URL: ${KANIDM_URL}"
|
||||
echo "OAuth2 RP ID: ${OAUTH2_RP_ID}"
|
||||
|
|
|
|||
Loading…
Reference in a new issue