python/requests-kerberos/.travis.sh - phoenix-queryserver - Git at Google

 #!/bin/bash

 set -e

 IP_ADDRESS=$(hostname -I)
 HOSTNAME=$(cat /etc/hostname)
 PY_MAJOR=${PYENV:0:1}

 export KERBEROS_HOSTNAME=$HOSTNAME.$KERBEROS_REALM
 export DEBIAN_FRONTEND=noninteractive

 echo "Configure the hosts file for Kerberos to work in a container"
 cp /etc/hosts ~/hosts.new
 sed -i "/.*$HOSTNAME/c\\$IP_ADDRESS\t$KERBEROS_HOSTNAME" ~/hosts.new
 cp -f ~/hosts.new /etc/hosts

 echo "Setting up Kerberos config file at /etc/krb5.conf"
 cat > /etc/krb5.conf << EOL
 [libdefaults]
     default_realm = ${KERBEROS_REALM^^}
     dns_lookup_realm = false
     dns_lookup_kdc = false

 [realms]
     ${KERBEROS_REALM^^} = {
         kdc = $KERBEROS_HOSTNAME
         admin_server = $KERBEROS_HOSTNAME
     }

 [domain_realm]
     .$KERBEROS_REALM = ${KERBEROS_REALM^^}

 [logging]
     kdc = FILE:/var/log/krb5kdc.log
     admin_server = FILE:/var/log/kadmin.log
     default = FILE:/var/log/krb5lib.log
 EOL

 echo "Setting up kerberos ACL configuration at /etc/krb5kdc/kadm5.acl"
 mkdir /etc/krb5kdc
 echo -e "*/*@${KERBEROS_REALM^^}\t*" > /etc/krb5kdc/kadm5.acl

 echo "Installing all the packages required in this test"
 apt-get update
 apt-get \
     -y \
     -qq \
     install \
     krb5-{user,kdc,admin-server,multidev} \
     libkrb5-dev \
     wget \
     curl \
     apache2 \
     libapache2-mod-auth-gssapi \
     python-dev \
     libffi-dev \
     build-essential \
     libssl-dev \
     zlib1g-dev \
     libbz2-dev

 echo "Creating KDC database"
 # krb5_newrealm returns non-0 return code as it is running in a container, ignore it for this command only
 set +e
 printf "$KERBEROS_PASSWORD\n$KERBEROS_PASSWORD" | krb5_newrealm
 set -e

 echo "Creating principals for tests"
 kadmin.local -q "addprinc -pw $KERBEROS_PASSWORD $KERBEROS_USERNAME"

 echo "Adding HTTP principal for Kerberos and create keytab"
 kadmin.local -q "addprinc -randkey HTTP/$KERBEROS_HOSTNAME"
 kadmin.local -q "ktadd -k /etc/krb5.keytab HTTP/$KERBEROS_HOSTNAME"
 chmod 777 /etc/krb5.keytab

 echo "Restarting Kerberos KDS service"
 service krb5-kdc restart

 echo "Add ServerName to Apache config"
 grep -q -F "ServerName $KERBEROS_HOSTNAME" /etc/apache2/apache2.conf || echo "ServerName $KERBEROS_HOSTNAME" >> /etc/apache2/apache2.conf

 echo "Deleting default virtual host file"
 rm /etc/apache2/sites-enabled/000-default.conf
 rm /etc/apache2/sites-available/000-default.conf
 rm /etc/apache2/sites-available/default-ssl.conf

 echo "Create website directory structure and pages"
 mkdir -p /var/www/example.com/public_html
 chmod -R 755 /var/www
 echo "<html><head><title>Title</title></head><body>body mesage</body></html>" > /var/www/example.com/public_html/index.html

 echo "Create self signed certificate for HTTPS endpoint"
 mkdir /etc/apache2/ssl
 openssl req \
     -x509 \
     -nodes \
     -days 365 \
     -newkey rsa:2048 \
     -keyout /etc/apache2/ssl/https.key \
     -out /etc/apache2/ssl/https.crt \
     -subj "/CN=$KERBEROS_HOSTNAME/o=Testing LTS./C=US"

 echo "Create virtual host files"
 cat > /etc/apache2/sites-available/example.com.conf << EOL
 <VirtualHost *:80>
     ServerName $KERBEROS_HOSTNAME
     ServerAlias $KERBEROS_HOSTNAME
     DocumentRoot /var/www/example.com/public_html
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
     <Directory "/var/www/example.com/public_html">
         AuthType GSSAPI
         AuthName "GSSAPI Single Sign On Login"
         Require user $KERBEROS_USERNAME@${KERBEROS_REALM^^}
         GssapiCredStore keytab:/etc/krb5.keytab
     </Directory>
 </VirtualHost>
 <VirtualHost *:443>
     ServerName $KERBEROS_HOSTNAME
     ServerAlias $KERBEROS_HOSTNAME
     DocumentRoot /var/www/example.com/public_html
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
     SSLEngine on
     SSLCertificateFile /etc/apache2/ssl/https.crt
     SSLCertificateKeyFile /etc/apache2/ssl/https.key
     <Directory "/var/www/example.com/public_html">
         AuthType GSSAPI
         AuthName "GSSAPI Single Sign On Login"
         Require user $KERBEROS_USERNAME@${KERBEROS_REALM^^}
         GssapiCredStore keytab:/etc/krb5.keytab
     </Directory>
 </VirtualHost>
 EOL

 echo "Enabling virtual host site"
 a2enmod ssl
 a2ensite example.com.conf
 service apache2 restart

 echo "Getting ticket for Kerberos user"
 echo -n "$KERBEROS_PASSWORD" | kinit "$KERBEROS_USERNAME@${KERBEROS_REALM^^}"

 echo "Try out the HTTP connection with curl"
 CURL_OUTPUT=$(curl --negotiate -u : "http://$KERBEROS_HOSTNAME")

 if [ "$CURL_OUTPUT" != "<html><head><title>Title</title></head><body>body mesage</body></html>" ]; then
     echo -e "ERROR: Did not get success message, cannot continue with actual tests:\nActual Output:\n$CURL_OUTPUT"
     exit 1
 else
     echo -e "SUCCESS: Apache site built and set for Kerberos auth\nActual Output:\n$CURL_OUTPUT"
 fi

 echo "Try out the HTTPS connection with curl"
 CURL_OUTPUT=$(curl --negotiate -u : "https://$KERBEROS_HOSTNAME" --insecure)

 if [ "$CURL_OUTPUT" != "<html><head><title>Title</title></head><body>body mesage</body></html>" ]; then
     echo -e "ERROR: Did not get success message, cannot continue with actual tests:\nActual Output:\n$CURL_OUTPUT"
     exit 1
 else
     echo -e "SUCCESS: Apache site built and set for Kerberos auth\nActual Output:\n$CURL_OUTPUT"
 fi

 if [ "$IMAGE" == "ubuntu:16.04" ]; then
     echo "Downloading Python $PYENV"
     wget -q "https://www.python.org/ftp/python/$PYENV/Python-$PYENV.tgz"
     tar xzf "Python-$PYENV.tgz"
     cd "Python-$PYENV"

     echo "Configuring Python install"
     ./configure &> /dev/null

     echo "Running make install on Python"
     make install &> /dev/null
     cd ..
     rm -rf "Python-$PYENV"
     rm "Python-$PYENV.tgz"
 fi

 echo "Installing Pip"
 wget -q https://bootstrap.pypa.io/get-pip.py
 python$PY_MAJOR get-pip.py
 rm get-pip.py

 echo "Updating pip and installing library"
 pip$PY_MAJOR install -U pip setuptools
 pip$PY_MAJOR install .
 pip$PY_MAJOR install -r requirements-test.txt

 echo "Outputting build info before tests"
 echo "Python Version: $(python$PY_MAJOR --version 2>&1)"
 echo "Pip Version: $(pip$PY_MAJOR --version)"
 echo "Pip packages: $(pip$PY_MAJOR list)"

 echo "Running Python tests"
 export KERBEROS_PRINCIPAL="$KERBEROS_USERNAME@${KERBEROS_REALM^^}"
 export KERBEROS_URL="http://$KERBEROS_HOSTNAME"
 python$PY_MAJOR -m pytest -v --cov=requests_kerberos\

 echo "Running Python test over HTTPS for basic CBT test"
 export KERBEROS_URL="https://$KERBEROS_HOSTNAME"
 python$PY_MAJOR -m pytest -v --cov=requests_kerberos\
	#!/bin/bash

	set -e

	IP_ADDRESS=$(hostname -I)
	HOSTNAME=$(cat /etc/hostname)
	PY_MAJOR=${PYENV:0:1}

	export KERBEROS_HOSTNAME=$HOSTNAME.$KERBEROS_REALM
	export DEBIAN_FRONTEND=noninteractive

	echo "Configure the hosts file for Kerberos to work in a container"
	cp /etc/hosts ~/hosts.new
	sed -i "/.*$HOSTNAME/c\\$IP_ADDRESS\t$KERBEROS_HOSTNAME" ~/hosts.new
	cp -f ~/hosts.new /etc/hosts

	echo "Setting up Kerberos config file at /etc/krb5.conf"
	cat > /etc/krb5.conf << EOL
	[libdefaults]
	default_realm = ${KERBEROS_REALM^^}
	dns_lookup_realm = false
	dns_lookup_kdc = false

	[realms]
	${KERBEROS_REALM^^} = {
	kdc = $KERBEROS_HOSTNAME
	admin_server = $KERBEROS_HOSTNAME
	}

	[domain_realm]
	.$KERBEROS_REALM = ${KERBEROS_REALM^^}

	[logging]
	kdc = FILE:/var/log/krb5kdc.log
	admin_server = FILE:/var/log/kadmin.log
	default = FILE:/var/log/krb5lib.log
	EOL

	echo "Setting up kerberos ACL configuration at /etc/krb5kdc/kadm5.acl"
	mkdir /etc/krb5kdc
	echo -e "/@${KERBEROS_REALM^^}\t*" > /etc/krb5kdc/kadm5.acl

	echo "Installing all the packages required in this test"
	apt-get update
	apt-get \
	-y \
	-qq \
	install \
	krb5-{user,kdc,admin-server,multidev} \
	libkrb5-dev \
	wget \
	curl \
	apache2 \
	libapache2-mod-auth-gssapi \
	python-dev \
	libffi-dev \
	build-essential \
	libssl-dev \
	zlib1g-dev \
	libbz2-dev

	echo "Creating KDC database"
	# krb5_newrealm returns non-0 return code as it is running in a container, ignore it for this command only
	set +e
	printf "$KERBEROS_PASSWORD\n$KERBEROS_PASSWORD" \| krb5_newrealm
	set -e

	echo "Creating principals for tests"
	kadmin.local -q "addprinc -pw $KERBEROS_PASSWORD $KERBEROS_USERNAME"

	echo "Adding HTTP principal for Kerberos and create keytab"
	kadmin.local -q "addprinc -randkey HTTP/$KERBEROS_HOSTNAME"
	kadmin.local -q "ktadd -k /etc/krb5.keytab HTTP/$KERBEROS_HOSTNAME"
	chmod 777 /etc/krb5.keytab

	echo "Restarting Kerberos KDS service"
	service krb5-kdc restart

	echo "Add ServerName to Apache config"
	grep -q -F "ServerName $KERBEROS_HOSTNAME" /etc/apache2/apache2.conf \|\| echo "ServerName $KERBEROS_HOSTNAME" >> /etc/apache2/apache2.conf

	echo "Deleting default virtual host file"
	rm /etc/apache2/sites-enabled/000-default.conf
	rm /etc/apache2/sites-available/000-default.conf
	rm /etc/apache2/sites-available/default-ssl.conf

	echo "Create website directory structure and pages"
	mkdir -p /var/www/example.com/public_html
	chmod -R 755 /var/www
	echo "<html><head><title>Title</title></head><body>body mesage</body></html>" > /var/www/example.com/public_html/index.html

	echo "Create self signed certificate for HTTPS endpoint"
	mkdir /etc/apache2/ssl
	openssl req \
	-x509 \
	-nodes \
	-days 365 \
	-newkey rsa:2048 \
	-keyout /etc/apache2/ssl/https.key \
	-out /etc/apache2/ssl/https.crt \
	-subj "/CN=$KERBEROS_HOSTNAME/o=Testing LTS./C=US"

	echo "Create virtual host files"
	cat > /etc/apache2/sites-available/example.com.conf << EOL
	<VirtualHost *:80>
	ServerName $KERBEROS_HOSTNAME
	ServerAlias $KERBEROS_HOSTNAME
	DocumentRoot /var/www/example.com/public_html
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	<Directory "/var/www/example.com/public_html">
	AuthType GSSAPI
	AuthName "GSSAPI Single Sign On Login"
	Require user $KERBEROS_USERNAME@${KERBEROS_REALM^^}
	GssapiCredStore keytab:/etc/krb5.keytab
	</Directory>
	</VirtualHost>
	<VirtualHost *:443>
	ServerName $KERBEROS_HOSTNAME
	ServerAlias $KERBEROS_HOSTNAME
	DocumentRoot /var/www/example.com/public_html
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	SSLEngine on
	SSLCertificateFile /etc/apache2/ssl/https.crt
	SSLCertificateKeyFile /etc/apache2/ssl/https.key
	<Directory "/var/www/example.com/public_html">
	AuthType GSSAPI
	AuthName "GSSAPI Single Sign On Login"
	Require user $KERBEROS_USERNAME@${KERBEROS_REALM^^}
	GssapiCredStore keytab:/etc/krb5.keytab
	</Directory>
	</VirtualHost>
	EOL

	echo "Enabling virtual host site"
	a2enmod ssl
	a2ensite example.com.conf
	service apache2 restart

	echo "Getting ticket for Kerberos user"
	echo -n "$KERBEROS_PASSWORD" \| kinit "$KERBEROS_USERNAME@${KERBEROS_REALM^^}"

	echo "Try out the HTTP connection with curl"
	CURL_OUTPUT=$(curl --negotiate -u : "http://$KERBEROS_HOSTNAME")

	if [ "$CURL_OUTPUT" != "<html><head><title>Title</title></head><body>body mesage</body></html>" ]; then
	echo -e "ERROR: Did not get success message, cannot continue with actual tests:\nActual Output:\n$CURL_OUTPUT"
	exit 1
	else
	echo -e "SUCCESS: Apache site built and set for Kerberos auth\nActual Output:\n$CURL_OUTPUT"
	fi

	echo "Try out the HTTPS connection with curl"
	CURL_OUTPUT=$(curl --negotiate -u : "https://$KERBEROS_HOSTNAME" --insecure)

	if [ "$CURL_OUTPUT" != "<html><head><title>Title</title></head><body>body mesage</body></html>" ]; then
	echo -e "ERROR: Did not get success message, cannot continue with actual tests:\nActual Output:\n$CURL_OUTPUT"
	exit 1
	else
	echo -e "SUCCESS: Apache site built and set for Kerberos auth\nActual Output:\n$CURL_OUTPUT"
	fi

	if [ "$IMAGE" == "ubuntu:16.04" ]; then
	echo "Downloading Python $PYENV"
	wget -q "https://www.python.org/ftp/python/$PYENV/Python-$PYENV.tgz"
	tar xzf "Python-$PYENV.tgz"
	cd "Python-$PYENV"

	echo "Configuring Python install"
	./configure &> /dev/null

	echo "Running make install on Python"
	make install &> /dev/null
	cd ..
	rm -rf "Python-$PYENV"
	rm "Python-$PYENV.tgz"
	fi

	echo "Installing Pip"
	wget -q https://bootstrap.pypa.io/get-pip.py
	python$PY_MAJOR get-pip.py
	rm get-pip.py

	echo "Updating pip and installing library"
	pip$PY_MAJOR install -U pip setuptools
	pip$PY_MAJOR install .
	pip$PY_MAJOR install -r requirements-test.txt

	echo "Outputting build info before tests"
	echo "Python Version: $(python$PY_MAJOR --version 2>&1)"
	echo "Pip Version: $(pip$PY_MAJOR --version)"
	echo "Pip packages: $(pip$PY_MAJOR list)"

	echo "Running Python tests"
	export KERBEROS_PRINCIPAL="$KERBEROS_USERNAME@${KERBEROS_REALM^^}"
	export KERBEROS_URL="http://$KERBEROS_HOSTNAME"
	python$PY_MAJOR -m pytest -v --cov=requests_kerberos\

	echo "Running Python test over HTTPS for basic CBT test"
	export KERBEROS_URL="https://$KERBEROS_HOSTNAME"
	python$PY_MAJOR -m pytest -v --cov=requests_kerberos\