Parameterized the component test to work with an external Kerberos DC

Now run.sh requires the following variables:
REUSE_DOCKER_IMAGES     use cached images, only rebuild .go files
SERVICE_LOG_FILTER      exclude ACCESS records from the service log
EXT_KDC_IP              external KDC IP
EXT_KDC_PORT            external KDC port
KEYTAB_FILE             path to keytab to use for the service
SERVICE_NAME            name to use for the service
REALM_NAME              realm for the service and the user
DOMAIN_NAME             domain name
USER_NAME               username (client)
USER_PASSWORD           password (used for both client and service)
CLIENT_IN_CONTAINER     force running the client in a container, even on
                        OS X

Author: lev

component_test/docker/client/Dockerfile

@@ -10,8 +10,8 @@ RUN apt-get -y install \
 RUN (cd /tmp && wget https://storage.googleapis.com/golang/go1.4.1.linux-amd64.tar.gz && tar xvf go1.4.1.linux-amd64.tar.gz && mv go/ /opt)
 ENV GOROOT="/opt/go"
 
-ADD krb5.conf.template /opt/go-gssapi-test-client/krb5.conf.template
-ENV KRB5_CONFIG_TEMPLATE /opt/go-gssapi-test-client/krb5.conf.template
+ADD krb5.conf.template /tmp/krb5.conf.template
+ENV KRB5_CONFIG_TEMPLATE /tmp/krb5.conf.template
 ENV KRB5_CONFIG /opt/go-gssapi-test-client/krb5.conf
 ENV GSSAPI_PATH=/usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2
 ENV TEST_DIR=/opt/go-gssapi-test-client

component_test/docker/client/entrypoint.sh

@@ -1,4 +1,4 @@
-#!/bin/sh -eu
+#!/bin/bash -eu
 
 # This script is used in the context of a docker VM when runnning the linux
 # client test, and in the context of OS X when running on the Macintosh.  The
@@ -21,26 +21,30 @@
 #
 #       TEST_DIR
 #               The directory to build the client test app in
+#
+#       SERVICE_NAME
+#       REALM_NAME
+#       DOMAIN_NAME
+#       USER_NAME
+#       USER_PASSWORD
 
 export PATH=$PATH:$GOROOT/bin
 
-sed -e "s/KDC_ADDRESS/$KDC_PORT_88_TCP_ADDR:$KDC_PORT_88_TCP_PORT/g" \
-	$KRB5_CONFIG_TEMPLATE > $KRB5_CONFIG
+cat $KRB5_CONFIG_TEMPLATE \
+        | sed -e "s/KDC_ADDRESS/$KDC_PORT_88_TCP_ADDR:$KDC_PORT_88_TCP_PORT/g" \
+        | sed -e "s/DOMAIN_NAME/${DOMAIN_NAME}/g" \
+        | sed -e "s/REALM_NAME/${REALM_NAME}/g" \
+	> $KRB5_CONFIG
 
-echo P@ssword! | kinit [email protected] >/dev/null
+echo ${USER_PASSWORD} | kinit -V ${USER_NAME}@${REALM_NAME} >/dev/null
 
 (cd $TEST_DIR && go test -c github.com/apcera/gssapi/component_test/client)
 
-while ! echo exit | nc $SERVICE_PORT_80_TCP_ADDR $SERVICE_PORT_80_TCP_PORT >/dev/null; do
-        echo "Waiting for service to start"
-        sleep 1
-done
-
+# --test.bench=.
+#--test.benchtime=2s
 $TEST_DIR/client.test \
-	--test.bench=. \
 	--test.v=false \
-	--test.benchtime=2s \
-	--service-name=HTTP/[email protected] \
+	--service-name=$SERVICE_NAME \
 	--service-address=$SERVICE_PORT_80_TCP_ADDR:$SERVICE_PORT_80_TCP_PORT \
 	--krb5-config=$KRB5_CONFIG \
 	--gssapi-path=$GSSAPI_PATH \

component_test/docker/client/krb5.conf.template

@@ -1,13 +1,13 @@
 [libdefaults]
-        default_realm = TEST.GOGSSAPI.COM
+        default_realm = REALM_NAME
         noaddresses = true
 
 [realms]
-        TEST.GOGSSAPI.COM = {
+        REALM_NAME = {
 		# will be replaced by the script
                 kdc = KDC_ADDRESS
         }
 
 [domain_realm]
-        c.gogssapi.com = TEST.GOGSSAPI.COM
-        .c.gogssapi.com = TEST.GOGSSAPI.COM
+        DOMAIN_NAME = REALM_NAME
+        .DOMAIN_NAME = REALM_NAME

component_test/docker/kdc/Dockerfile

@@ -1,22 +1,10 @@
 FROM ubuntu:14.04
+ADD krb5.conf /etc/krb5.conf
 
 RUN apt-get -y update
-ADD krb5.conf /etc/krb5.conf
 RUN apt-get -y install heimdal-kdc
 
+ADD entrypoint.sh /etc/docker-kdc/entrypoint.sh
 EXPOSE	88
-
-# Create keytab folder.
-RUN mkdir /etc/docker-kdc
-
-# Add kerberos principal/s.
-RUN /bin/echo -e '\n\n\n\n\n\nP@ssword!\nP@ssword!\n' | kadmin -l add HTTP/[email protected]
-RUN /bin/echo -e '\n\n\n\n\n\nP@ssword!\nP@ssword!\n' | kadmin -l add [email protected]
-
-# Export keytab.
-RUN kadmin -l ext_keytab -k /etc/docker-kdc/krb5.keytab HTTP/[email protected]
-
-# KDC daemon startup.
-#TODO -- what's in this config? Need to provide my own?
-ENTRYPOINT ["/usr/lib/heimdal-servers/kdc", "--config-file=/etc/heimdal-kdc/kdc.conf", "-P 88"]
+ENTRYPOINT /etc/docker-kdc/entrypoint.sh
 

component_test/docker/kdc/entrypoint.sh

@@ -0,0 +1,16 @@
+#!/bin/bash -eu
+
+# Add kerberos principal/s.
+echo -e "\n\n\n\n\n\n${USER_PASSWORD}\n${USER_PASSWORD}\n" | kadmin -l add ${SERVICE_NAME}@${REALM_NAME}
+echo -e "\n\n\n\n\n\n${USER_PASSWORD}\n${USER_PASSWORD}\n" | kadmin -l add ${USER_NAME}@${REALM_NAME}
+kadmin -l list ${USER_NAME}@${REALM_NAME}
+kadmin -l list ${SERVICE_NAME}@${REALM_NAME}
+
+# Export keytab.
+kadmin -l ext_keytab -k /etc/docker-kdc/krb5.keytab ${SERVICE_NAME}@${REALM_NAME}
+
+# KDC daemon startup.
+#TODO -- what's relevant in this config? Need to provide my own?
+exec /usr/lib/heimdal-servers/kdc --config-file=/etc/heimdal-kdc/kdc.conf -P 88
+
+

component_test/docker/kdc/krb5.conf

@@ -0,0 +1,13 @@
+[libdefaults]
+        default_realm = REALM_NAME
+        noaddresses = true
+
+[realms]
+        REALM_NAME = {
+		# will be replaced by the script
+                kdc = KDC_ADDRESS
+        }
+
+[domain_realm]
+        DOMAIN_NAME = REALM_NAME
+        .DOMAIN_NAME = REALM_NAME

component_test/docker/kdc/krb5.conf.template

@@ -10,7 +10,8 @@ RUN apt-get -y install \
 RUN (cd /tmp && wget https://storage.googleapis.com/golang/go1.4.1.linux-amd64.tar.gz && tar xvf go1.4.1.linux-amd64.tar.gz && mv go/ /opt)
 ENV GOROOT="/opt/go"
 ADD krb5.keytab /opt/go-gssapi-test-service/krb5.keytab
-ADD krb5.conf.template /opt/go-gssapi-test-service/krb5.conf.template
+ADD krb5.conf.template /tmp/krb5.conf.template
 ADD entrypoint.sh /opt/go-gssapi-test-service/entrypoint.sh
+
 EXPOSE 80
 ENTRYPOINT /opt/go-gssapi-test-service/entrypoint.sh

component_test/docker/service/Dockerfile

@@ -1,15 +1,17 @@
-#!/bin/sh -eu
+#!/bin/bash -eu
 
 export PATH=$PATH:$GOROOT/bin
 
-sed -e "s/KDC_ADDRESS/$KDC_PORT_88_TCP_ADDR:$KDC_PORT_88_TCP_PORT/g" \
-	/opt/go-gssapi-test-service/krb5.conf.template \
+cat /tmp/krb5.conf.template \
+        | sed -e "s/KDC_ADDRESS/$KDC_PORT_88_TCP_ADDR:$KDC_PORT_88_TCP_PORT/g" \
+        | sed -e "s/DOMAIN_NAME/${DOMAIN_NAME}/g" \
+        | sed -e "s/REALM_NAME/${REALM_NAME}/g" \
 	> /opt/go-gssapi-test-service/krb5.conf
 
 (cd /opt/go-gssapi-test-service && go build github.com/apcera/gssapi/component_test/service)
 
 exec /opt/go-gssapi-test-service/service \
-	-service-name=HTTP/service.s.gogssapi.com \
+	-service-name=${SERVICE_NAME} \
 	-service-address=:80 \
 	-gssapi-path=/usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 \
 	-krb5-config=/opt/go-gssapi-test-service/krb5.conf \

component_test/docker/service/entrypoint.sh

@@ -1,12 +1,13 @@
 [libdefaults]
-        default_realm = TEST.GOGSSAPI.COM
+        default_realm = REALM_NAME
         noaddresses = true
 
 [realms]
-        TEST.GOGSSAPI.COM = {
+        REALM_NAME = {
+		# will be replaced by the script
                 kdc = KDC_ADDRESS
         }
 
 [domain_realm]
-        s.gogssapi.com = TEST.GOGSSAPI.COM
-        .s.gogssapi.com = TEST.GOGSSAPI.COM
+        DOMAIN_NAME = REALM_NAME
+        .DOMAIN_NAME = REALM_NAME

component_test/docker/service/krb5.conf.template

@@ -0,0 +1,16 @@
+#!/bin/bash -eu
+
+REUSE_DOCKER_IMAGES="1" \
+SERVICE_LOG_FILTER="true" \
+EXT_KDC_IP="" \
+EXT_KDC_PORT="" \
+KEYTAB_FILE="" \
+SERVICE_NAME="HTTP/auth.www.levtest.net" \
+REALM_NAME="APSARA.IO" \
+DOMAIN_NAME="www.levtest.net" \
+USER_NAME="testuser" \
+USER_PASSWORD="P@ssword!" \
+CLIENT_IN_CONTAINER="" \
+        ./run.sh
+
+