Merge branch 'feature-rebac' into logging-improvements

canonical · Sep 7, 2023 · 3c18ac4 · 3c18ac4
2 parents 6425f16 + b525868
commit 3c18ac4
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 9 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -47,8 +47,29 @@ jobs:
         run: go test -mod readonly ./...
         env:
           JIMM_DSN: postgresql://jimm:jimm@localhost:5432/jimm
+          JIMM_TEST_PGXDSN: postgresql://jimm:jimm@localhost:5432/jimm
           PGHOST: localhost
           PGPASSWORD: jimm
           PGSSLMODE: disable
           PGUSER: jimm
           PGPORT: 5432
+
+  smoke_test:
+    name: Smoke Test
+    runs-on: ubuntu-20.04
+    # The docker compose has a healthcheck on the JIMM container.
+    # So if the compose returns with exit code 0 then the JIMM server successfully started.
+    steps:
+      - uses: actions/checkout@v3
+      - name: Pull candid repo for test environment
+        run: |
+          git clone https://github.com/canonical/candid.git ./tmp/candid
+          cd ./tmp/candid
+          make image
+          docker image ls candid
+      - name: Add volume files
+        run: |
+          touch ./local/vault/approle.json
+          touch ./local/vault/roleid.txt
+      - run: go mod vendor
+      - run: docker compose --profile dev up -d --wait --timestamps
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -82,14 +82,16 @@ services:
       test: [ "CMD", "curl", "http://jimm.localhost:80" ]
       interval: 5s
       timeout: 5s
-      retries: 5
+      retries: 40
     depends_on:
       db:
         condition: service_healthy
       openfga:
         condition: service_healthy
       traefik:
         condition: service_healthy
+      insert-hardcoded-auth-model:
+        condition: service_completed_successfully
     labels:
       traefik.enable: true
       traefik.http.routers.jimm.rule: Host(`jimm.localhost`)
@@ -128,11 +130,6 @@ services:
       VAULT_DEV_ROOT_TOKEN_ID: "token"
     cap_add:
       - IPC_LOCK
-    healthcheck:
-      test: [ "CMD", "curl", "http://127.0.0.1:8200/v1/sys/health" ]
-      interval: 5s
-      timeout: 5s
-      retries: 10
     volumes:
       - ./local/vault/vault.hcl:/vault/config/vault.hcl
       - ./local/vault/init.sh:/vault/init.sh

diff --git a/internal/db/pgx_test.go b/internal/db/pgx_test.go
@@ -37,6 +37,7 @@ func (s *postgresSuite) Init(c *qt.C) {
 	dsn := os.Getenv("JIMM_TEST_PGXDSN")
 	if dsn == "" {
 		c.Skip("postgresql not configured")
+		return
 	}
 
 	connCfg, err := pgx.ParseConfig(dsn)

diff --git a/internal/db/secrets_test.go b/internal/db/secrets_test.go
@@ -32,7 +32,7 @@ func (s *dbSuite) TestInsertSecret(c *qt.C) {
 	secret := dbmodel.Secret{}
 	tx := s.Database.DB.First(&secret)
 	c.Assert(tx.Error, qt.IsNil)
-	c.Assert(secret.Time, qt.Equals, testTime)
+	c.Assert(secret.Time, qt.DeepEquals, testTime)
 	c.Assert(secret.Type, qt.Equals, "generic")
 	c.Assert(secret.Tag, qt.Equals, "123")
 	c.Assert(secret.Data, qt.IsNil)
@@ -61,7 +61,7 @@ func (s *dbSuite) TestUpsertSecret(c *qt.C) {
 	secret := dbmodel.Secret{}
 	tx := s.Database.DB.First(&secret)
 	c.Assert(tx.Error, qt.IsNil)
-	c.Assert(secret.Time, qt.Equals, newTime)
+	c.Assert(secret.Time, qt.DeepEquals, newTime)
 	c.Assert([]byte(secret.Data), qt.DeepEquals, []byte("123"))
 }
 
@@ -79,7 +79,7 @@ func (s *dbSuite) TestGetSecret(c *qt.C) {
 	c.Assert(s.Database.DB.Create(&u).Error, qt.IsNil)
 	secret := dbmodel.Secret{Type: "generic", Tag: "123"}
 	c.Assert(s.Database.GetSecret(ctx, &secret), qt.IsNil)
-	c.Assert(secret.Time, qt.Equals, testTime)
+	c.Assert(secret.Time, qt.DeepEquals, testTime)
 	c.Assert(secret.Type, qt.Equals, "generic")
 	c.Assert(secret.Tag, qt.Equals, "123")
 }