Giter VIP home page Giter VIP logo

wlcg-jwt-compliance-tests's Introduction

WLCG JWT compliance testsuite

This is the first incarnation of the WLCC JWT compliance testsuite. The objective is to have a Robot framework testsuite to check WLCG JWT profile support at services (starting with the data management services).

Storage area configuration pre-requisites

The WLCG storage area authorization at SEs tested by this testsuite should be configured as follows:

  • WLCG JWT profile capability-based authorization enabled
    • AuthZ will be based on the storage.* scopes in the token, e.g. a token with the storage.modify:/ issued by the WLCG token issuer will grant write access on the whole storage area.
  • Read-only access (i.e., the ability to list directory contents and read files) to all members of the WLCG VO, i.e.:
    • all clients presenting a valid VOMS proxy for the WLCG VO
    • all clients presenting a valid JWT token issued by the WLCG token issuer
  • Write access (with the exclusion of the /protected folder) is granted to any client presenting a valid WLCG VO proxy
  • Write-access to the /protected folder (and sub-folders) is granted to the following principals:
    • all clients presenting a valid VOMS proxy with the /wlcg/Role=test role
    • all clients presenting a valid JWT token with the /wlcg/test group

Running the testsuite with docker

This the recommended way of running the testsuite. To setup an environment for running the testsuite in docker, run the following commands:

docker-compose up trust # and wait for fetch crl to be done
docker-compose up -d ts

You can modify the compose to pickup your local oidc-agent configuration instead of the one used currently, just change the following line:

  ...
  volumes:
      - cabundle:/etc/pki
      - trustanchors:/etc/grid-security/certificates
      - .:/home/test/test-suite
      # change the following line to mount your local oidc-agent config 
      # within the container 
      - ./assets/.config/oidc-agent:/home/test/.config/oidc-agent:ro

You can now log into the testsuite container:

docker-compose exec ts bash

You will need to initialize oidc-agent inside the container.

$ eval $(oidc-agent --no-autoload)
$ oidc-add wlcg

You can then run the testsuite against one of the registered endpoint

cd test-suite
./run-testsuite.sh cnaf-amnesiac

To add an endpoint, edit the ./test/variables.yaml file.

Running the testsuite without docker

Find out all the things you need on your machine by looking at the docker image used to run the testsuite.

CI test suite run

GH actions

The test suite is run on GH actions:

  • at each commit on the master branch
  • every day at 13 UTC

Reports are stored here.

CNAF SD Jenkins

The test suite is also run on the CNAF software develop group Jenkins instance:

  • at each commit of the master branch
  • every day at 15 CET (or CEST)

Reports can be accessed here

wlcg-jwt-compliance-tests's People

Contributors

afortiorama avatar andreaceccanti avatar federicaagostini avatar ffurano avatar paulmillar avatar snafus avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.