chaos/docker-salt-master
Archived
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #39 from cdalvaro/fix/salt_api_ssl_error

Browse Source 
Add ci steps for testing salt-api
This commit is contained in:
Carlos D. Álvaro
2020-10-02 21:42:18 +02:00
committed by GitHub
parent e04015df50 a9fbefee9a
commit 9e86e3aed8
2 changed files with 67 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
.github/workflows/build-and-test.yml vendored
View File

@@ -69,6 +69,10 @@ jobs:
platform: [linux/amd64, linux/arm64]
env:
DOCKER_CLI_EXPERIMENTAL: enabled
SALTAPI_URL: https://localhost:8000/
SALTAPI_USER: salt_api
SALTAPI_PASS: 4wesome-Pass0rd
SALTAPI_EAUTH: pam
steps:
- name: Download Docker registry data from build job
uses: actions/download-artifact@v2
@@ -95,7 +99,26 @@ jobs:
run: docker pull --platform ${{ matrix.platform }} ${IMAGE_NAME}
- name: Launch docker container
run: docker run --rm -d --name saltstack_master ${IMAGE_NAME}
run: |
# Create configuration files
mkdir -p config/
cat > config/salt-api.conf <<EOF
external_auth:
${SALTAPI_EAUTH}:
${SALTAPI_USER}:
- .*
- '@runner'
- '@wheel'
- '@jobs'
EOF
# Run test instance
docker run --rm --detach --name saltstack_master \
--publish 4505:4505 --publish 4506:4506 --publish 8000:8000 \
--env 'SALT_API_SERVICE_ENABLED=true' \
--env 'SALT_API_USER_PASS=${{ env.SALTAPI_PASS }}' \
--volume $(pwd)/config/:/home/salt/data/config/ \
${IMAGE_NAME}
- name: Show container info
run: docker container ls
@@ -109,6 +132,37 @@ jobs:
- name: Test image calling healthcheck
run: docker exec saltstack_master /usr/local/sbin/healthcheck
- name: Test salt-api authentication
id: salt_api_auth
run: |
SALTAPI_TOKEN=$(curl -sSk https://localhost:8000/login \
-H 'Accept: application/x-yaml' \
-d username=${{ env.SALTAPI_USER }} \
-d password=${{ env.SALTAPI_PASS }} \
-d eauth=${{ env.SALTAPI_EAUTH }} | grep 'token:' | cut -d' ' -f 4)
[ -n "${SALTAPI_TOKEN}" ] || exit 1
echo "::set-output name=token::${SALTAPI_TOKEN}"
- name: Test salt-api command
run: |
curl -sSk https://localhost:8000 \
-H 'Accept: application/x-yaml' \
-H 'X-Auth-Token: ${{ steps.salt_api_auth.outputs.token }}' \
-d client=runner \
-d tgt='*' \
-d fun=test.stream
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: 3.8
- name: Install salt-pepper
run: pip install salt-pepper
- name: Test salt-pepper
run: pepper --client runner test.stream
- name: Cleanup
run: |
docker stop saltstack_master registry
@@ -138,7 +192,13 @@ jobs:
docker run -d -p 5000:5000 -v ${REGISTRY_PATH}:/var/lib/registry --name registry registry:2
- name: Import Docker images
run: docker pull --platform linux/amd64 ${IMAGE_NAME}
run: |
RETRY_MAX=5
for i in $(seq 1 $RETRY_MAX); do
[ "$i" != "1" ] && echo "Retrying docker pull"
docker pull --platform linux/amd64 ${IMAGE_NAME} && break
echo "Command failed with code $?"
done
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master

6
README.md
View File

@@ -171,9 +171,10 @@ your `docker run` command or in your `docker-compose.yml` file.
docker run --name salt_stack --detach \
--publish 4505:4505 --publish 4506:4506 --publish 8000:8000 \
--env 'SALT_API_SERVICE_ENABLED=true' \
--env 'SALT_API_USER_PASS=SuperCool/Password10'
--env 'SALT_API_USER_PASS=SuperCool/Password10' \
--volume $(pwd)/roots/:/home/salt/data/srv/ \
--volume $(pwd)/keys/:/home/salt/data/keys/ \
--volume $(pwd)/config/:/home/salt/data/config/ \
cdalvaro/docker-salt-master:3001.1
```
@@ -194,6 +195,9 @@ external_auth:
pam:
salt_api:
- .*
- '@runner'
- '@wheel'
- '@jobs'
```
More information is available in the following link: [External Authentication System (eAuth)](https://docs.saltstack.com/en/latest/topics/eauth/index.html#acl-eauth).