Tests: integrate iam docker-compose into the main one

Run the additional containers starting docker-compose with `--profile iam`
rcarpa · Oct 18, 2023 · 401a9c1 · 401a9c1
1 parent 1188639
commit 401a9c1
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 200 deletions.
diff --git a/etc/docker/dev/docker-compose-storage-iam.yml b/etc/docker/dev/docker-compose-storage-iam.yml
diff --git a/etc/docker/dev/docker-compose.ports.yml b/etc/docker/dev/docker-compose.ports.yml
@@ -64,3 +64,12 @@ services:
   grafana:
     ports:
       - "127.0.0.1:3000:3000"
+  db-iam:
+    ports:
+      - "127.0.0.1:3307:3306"
+  nginx-iam:
+    ports:
+      - "127.0.0.1:9443:443"
+  iam:
+    ports:
+      - "127.0.0.1:8090:8090"
diff --git a/etc/docker/dev/docker-compose.yml b/etc/docker/dev/docker-compose.yml
@@ -242,3 +242,59 @@ services:
     image: docker.io/grafana/grafana:latest
     profiles:
       - monitoring
+  db-iam:
+    image: mariadb:10.11
+    profiles:
+      - iam
+    environment:
+      - TZ=Europe/Paris
+      - MYSQL_ROOT_PASSWORD=supersecret
+      - MYSQL_USER=iam
+      - MYSQL_PASSWORD=secret
+      - MYSQL_DATABASE=iam_db
+  nginx-iam:
+    image: nginx
+    profiles:
+      - iam
+    dns_search: cern.ch
+    environment:
+      TZ: Europe/Paris
+      NGINX_HOST: iam
+      NGINX_PORT: 443
+    volumes:
+      - ../../certs/rucio_ca.pem:/etc/grid-security/certificates/5fca1cb1.0:z
+      # - ../../certs/hostcert_rucio.pem:/etc/grid-security/hostcert.pem:z
+      # - ../../certs/hostcert_rucio.key.pem:/etc/grid-security/hostkey.pem:z
+      - /etc/grid-security/:/etc/grid-security/
+      - /dev/urandom:/dev/random
+      - ../../iam-assets/iam.conf:/etc/nginx/conf.d/default.conf:ro
+  iam:
+    profiles:
+      - iam
+    image: indigoiam/iam-login-service:v1.8.2
+    volumes:
+      - ../../iam-assets/keystore.jwks:/keystore.jwks:ro
+    environment:
+      - IAM_JAVA_OPTS=-Djava.security.egd=file:/dev/urandom -Dspring.profiles.active=prod,oidc,cern,registration,wlcg-scopes -agentlib:jdwp=transport=dt_socket,server=y,address=1044,suspend=n -Dlogging.file.name=/var/log/iam/iam.log
+      - IAM_HOST=<IAM_HOSTNAME>
+      - IAM_PORT=8090
+      - IAM_BASE_URL=https://<IAM_HOSTNAME>
+      - IAM_ISSUER=https://<IAM_HOSTNAME>
+      - IAM_FORWARD_HEADERS_STRATEGY=native
+      - IAM_KEY_STORE_LOCATION=file:/keystore.jwks
+      - IAM_JWK_CACHE_LIFETIME=21600
+      # - IAM_X509_TRUST_ANCHORS_DIR=/etc/grid-security/certificates
+      # - IAM_X509_TRUST_ANCHORS_REFRESH=14400
+      - IAM_TOMCAT_ACCESS_LOG_ENABLED=false
+      - IAM_TOMCAT_ACCESS_LOG_DIRECTORY=/tmp
+      - IAM_ACTUATOR_USER_USERNAME=user
+      - IAM_ACTUATOR_USER_PASSWORD=secret
+      - IAM_LOCAL_RESOURCES_ENABLE=true
+      - IAM_LOCAL_RESOURCES_LOCATION=file:/indigo-iam/local-resources
+      - IAM_ORGANISATION_NAME=rucio-dc
+      - IAM_TOPBAR_TITLE="INDIGO IAM for rucio-dc"
+      - IAM_DB_HOST=<IAM_DB_HOSTNAME>
+      - IAM_DB_PORT=3307
+      - IAM_DB_NAME=iam_db
+      - IAM_DB_USERNAME=iam
+      - IAM_DB_PASSWORD=secret