github.com/minio/minio@v0.0.0-20240328213742-3f72439b8a27/.github/workflows/iam-integrations.yaml (about) 1 name: IAM integration 2 3 on: 4 pull_request: 5 branches: 6 - master 7 - next 8 9 # This ensures that previous jobs for the PR are canceled when the PR is 10 # updated. 11 concurrency: 12 group: ${{ github.workflow }}-${{ github.head_ref }} 13 cancel-in-progress: true 14 15 permissions: 16 contents: read 17 18 jobs: 19 iam-matrix-test: 20 name: "[Go=${{ matrix.go-version }}|ldap=${{ matrix.ldap }}|etcd=${{ matrix.etcd }}|openid=${{ matrix.openid }}]" 21 runs-on: ubuntu-latest 22 23 services: 24 openldap: 25 image: quay.io/minio/openldap 26 ports: 27 - "389:389" 28 - "636:636" 29 env: 30 LDAP_ORGANIZATION: "MinIO Inc" 31 LDAP_DOMAIN: "min.io" 32 LDAP_ADMIN_PASSWORD: "admin" 33 etcd: 34 image: "quay.io/coreos/etcd:v3.5.1" 35 env: 36 ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379" 37 ETCD_ADVERTISE_CLIENT_URLS: "http://0.0.0.0:2379" 38 ports: 39 - "2379:2379" 40 options: >- 41 --health-cmd "etcdctl endpoint health" 42 --health-interval 10s 43 --health-timeout 5s 44 --health-retries 5 45 openid: 46 image: quay.io/minio/dex 47 ports: 48 - "5556:5556" 49 env: 50 DEX_LDAP_SERVER: "openldap:389" 51 openid2: 52 image: quay.io/minio/dex 53 ports: 54 - "5557:5557" 55 env: 56 DEX_LDAP_SERVER: "openldap:389" 57 DEX_ISSUER: "http://127.0.0.1:5557/dex" 58 DEX_WEB_HTTP: "0.0.0.0:5557" 59 60 strategy: 61 # When ldap, etcd or openid vars are empty below, those external servers 62 # are turned off - i.e. if ldap="", then ldap server is not enabled for 63 # the tests. 64 matrix: 65 go-version: [1.21.x] 66 ldap: ["", "localhost:389"] 67 etcd: ["", "http://localhost:2379"] 68 openid: ["", "http://127.0.0.1:5556/dex"] 69 exclude: 70 # exclude combos where all are empty. 71 - ldap: "" 72 etcd: "" 73 openid: "" 74 # exclude combos where both ldap and openid IDPs are specified. 75 - ldap: "localhost:389" 76 openid: "http://127.0.0.1:5556/dex" 77 78 steps: 79 - uses: actions/checkout@v3 80 - uses: actions/setup-go@v3 81 with: 82 go-version: ${{ matrix.go-version }} 83 check-latest: true 84 - name: Test LDAP/OpenID/Etcd combo 85 env: 86 _MINIO_LDAP_TEST_SERVER: ${{ matrix.ldap }} 87 _MINIO_ETCD_TEST_SERVER: ${{ matrix.etcd }} 88 _MINIO_OPENID_TEST_SERVER: ${{ matrix.openid }} 89 run: | 90 sudo sysctl net.ipv6.conf.all.disable_ipv6=0 91 sudo sysctl net.ipv6.conf.default.disable_ipv6=0 92 make test-iam 93 - name: Test with multiple OpenID providers 94 if: matrix.openid == 'http://127.0.0.1:5556/dex' 95 env: 96 _MINIO_LDAP_TEST_SERVER: ${{ matrix.ldap }} 97 _MINIO_ETCD_TEST_SERVER: ${{ matrix.etcd }} 98 _MINIO_OPENID_TEST_SERVER: ${{ matrix.openid }} 99 _MINIO_OPENID_TEST_SERVER_2: "http://127.0.0.1:5557/dex" 100 run: | 101 sudo sysctl net.ipv6.conf.all.disable_ipv6=0 102 sudo sysctl net.ipv6.conf.default.disable_ipv6=0 103 make test-iam 104 - name: Test with Access Management Plugin enabled 105 env: 106 _MINIO_LDAP_TEST_SERVER: ${{ matrix.ldap }} 107 _MINIO_ETCD_TEST_SERVER: ${{ matrix.etcd }} 108 _MINIO_OPENID_TEST_SERVER: ${{ matrix.openid }} 109 _MINIO_POLICY_PLUGIN_TEST_ENDPOINT: "http://127.0.0.1:8080" 110 run: | 111 sudo sysctl net.ipv6.conf.all.disable_ipv6=0 112 sudo sysctl net.ipv6.conf.default.disable_ipv6=0 113 go run docs/iam/access-manager-plugin.go & 114 make test-iam 115 - name: Test LDAP for automatic site replication 116 if: matrix.ldap == 'localhost:389' 117 run: | 118 make test-site-replication-ldap 119 - name: Test OIDC for automatic site replication 120 if: matrix.openid == 'http://127.0.0.1:5556/dex' 121 run: | 122 make test-site-replication-oidc