From 66f2ea92412a5cd1ea7cad95dcf3a2acb70c909f Mon Sep 17 00:00:00 2001
From: Lasse Tjernaes Wardenaer <lasse.tjernaes.wardenaer@cern.ch>
Date: Mon, 30 Jan 2023 09:25:51 +0100
Subject: [PATCH] Resolve "Improve tests for cta-change-storage-class and
 cta-restore-deleted-files"

---
 ReleaseNotes.md                               |  1 +
 .../orchestration/tests/changeStorageClass.sh | 19 ++++++++++---------
 .../orchestration/tests/restore_files.sh      | 17 ++++++++++-------
 3 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/ReleaseNotes.md b/ReleaseNotes.md
index 9c41cb8776..cf05e8452f 100644
--- a/ReleaseNotes.md
+++ b/ReleaseNotes.md
@@ -14,6 +14,7 @@
 - cta/CTA#218 - Do not retry during repack requests
 - cta/CTA#252 - Update cta-change-storage-class to accept json file as input
 - cta/CTA#136 - Add missing forward declarations to standalone cli tools
+- cta/CTA#284 - Add kerberos authentication for standalone cli tool tests
 ### Bug Fixes
 - cta/CTA#181 - cta-statistics-update can fail for catalogues in postgres
 - cta/CTA#189 - Avoid postgres logging frequent warnings about no transaction in progress
diff --git a/continuousintegration/orchestration/tests/changeStorageClass.sh b/continuousintegration/orchestration/tests/changeStorageClass.sh
index 1d90af811f..25938ca367 100755
--- a/continuousintegration/orchestration/tests/changeStorageClass.sh
+++ b/continuousintegration/orchestration/tests/changeStorageClass.sh
@@ -39,8 +39,14 @@ FRONTEND_IP=$(kubectl -n ${NAMESPACE} get pods ctafrontend -o json | jq .status.
 
 echo
 echo "ENABLE CTAFRONTEND TO EXECUTE CTA ADMIN COMMANDS"
-kubectl -n ${NAMESPACE} exec ctacli -- cta-admin admin add --username ctafrontend --comment "for restore files test"
-kubectl -n ${NAMESPACE} exec ctacli -- cta-admin admin add --username ctaeos --comment "for restore files test"
+kubectl --namespace=${NAMESPACE} exec kdc -- cat /root/ctaadmin2.keytab | kubectl --namespace=${NAMESPACE} exec -i ctafrontend --  bash -c "cat > /root/ctaadmin2.keytab; mkdir -p /tmp/ctaadmin2"
+kubectl -n ${NAMESPACE} cp client_helper.sh ctafrontend:/root/client_helper.sh
+rm /tmp/init_kerb.sh
+touch /tmp/init_kerb.sh
+echo '. /root/client_helper.sh; admin_kinit' >> /tmp/init_kerb.sh
+kubectl -n ${NAMESPACE} cp /tmp/init_kerb.sh ctafrontend:/tmp/init_kerb.sh
+kubectl -n ${NAMESPACE} exec ctafrontend -- bash /tmp/init_kerb.sh
+
 
 echo
 echo "ADD FRONTEND GATEWAY TO EOS"
@@ -90,8 +96,8 @@ echo
 kubectl cp ~/CTA-build/cmdline/standalone_cli_tools/change_storage_class/cta-change-storage-class ${NAMESPACE}/ctafrontend:/usr/bin/
 echo "kubectl cp ${IDS_FILEPATH} ${NAMESPACE}/ctafrontend:~/"
 kubectl cp ${IDS_FILEPATH} ${NAMESPACE}/ctafrontend:/root/
-echo "kubectl -n ${NAMESPACE} exec ctafrontend -- bash -c XrdSecPROTOCOL=sss XrdSecSSSKT=/etc/cta/eos.sss.keytab cta-change-storage-class --storageclassname ${NEW_STORAGE_CLASS_NAME} --json ${IDS_FILEPATH}"
-kubectl -n ${NAMESPACE} exec ctafrontend -- bash -c "XrdSecPROTOCOL=sss XrdSecSSSKT=/etc/cta/eos.sss.keytab cta-change-storage-class --storageclassname ${NEW_STORAGE_CLASS_NAME} --json ${IDS_FILEPATH} -t 1"
+echo "kubectl -n ${NAMESPACE} exec ctafrontend -- bash -c XrdSecPROTOCOL=krb5 KRB5CCNAME=/tmp/ctaadmin2/krb5cc_0 cta-change-storage-class --storageclassname ${NEW_STORAGE_CLASS_NAME} --json ${IDS_FILEPATH}"
+kubectl -n ${NAMESPACE} exec ctafrontend -- bash -c "XrdSecPROTOCOL=krb5 KRB5CCNAME=/tmp/ctaadmin2/krb5cc_0 cta-change-storage-class --storageclassname ${NEW_STORAGE_CLASS_NAME} --json ${IDS_FILEPATH} -t 1"
 
 EOS_METADATA_PATH_AFTER_CHANGE_1=$(mktemp -d).json
 echo "SEND EOS METADATA TO JSON FILE: ${EOS_METADATA_PATH_AFTER_CHANGE_1}"
@@ -143,8 +149,3 @@ fi
 
 echo
 echo "All tests passed"
-
-# Remove authorization
-kubectl -n ${NAMESPACE} exec ctacli -- cta-admin admin rm --username ctafrontend
-kubectl -n ${NAMESPACE} exec ctacli -- cta-admin admin rm --username ctaeos
-
diff --git a/continuousintegration/orchestration/tests/restore_files.sh b/continuousintegration/orchestration/tests/restore_files.sh
index 6802e99438..9effca5a69 100755
--- a/continuousintegration/orchestration/tests/restore_files.sh
+++ b/continuousintegration/orchestration/tests/restore_files.sh
@@ -54,7 +54,7 @@ echo "ADD FRONTEND GATEWAY TO EOS"
 echo "kubectl -n ${NAMESPACE} exec ctaeos -- bash eos root://${EOSINSTANCE} -r 0 0 vid add gateway ${FRONTEND_IP} grpc"
 kubectl -n ${NAMESPACE} exec ctaeos -- eos -r 0 0 vid add gateway ${FRONTEND_IP} grpc
 
-echo 
+echo
 echo "eos vid ls"
 kubectl -n ${NAMESPACE} exec ctaeos -- eos root://${EOSINSTANCE} vid ls
 
@@ -96,16 +96,21 @@ sudo kubectl cp /etc/cta/cta-cli.conf ${NAMESPACE}/ctafrontend:/etc/cta/cta-cli.
 
 echo
 echo "ENABLE CTAFRONTEND TO EXECUTE CTA ADMIN COMMANDS"
-kubectl -n ${NAMESPACE} exec ctacli -- cta-admin admin add --username ctafrontend --comment "for restore files test"
-kubectl -n ${NAMESPACE} exec ctacli -- cta-admin admin add --username ctaeos --comment "for restore files test"
+kubectl --namespace=${NAMESPACE} exec kdc -- cat /root/ctaadmin2.keytab | kubectl --namespace=${NAMESPACE} exec -i ctafrontend --  bash -c "cat > /root/ctaadmin2.keytab; mkdir -p /tmp/ctaadmin2"
+kubectl -n ${NAMESPACE} cp client_helper.sh ctafrontend:/root/client_helper.sh
+rm /tmp/init_kerb.sh
+touch /tmp/init_kerb.sh
+echo '. /root/client_helper.sh; admin_kinit' >> /tmp/init_kerb.sh
+kubectl -n ${NAMESPACE} cp /tmp/init_kerb.sh ctafrontend:/tmp/init_kerb.sh
+kubectl -n ${NAMESPACE} exec ctafrontend -- bash /tmp/init_kerb.sh
 
-echo 
+echo
 echo "RESTORE FILES"
 kubectl -n ${NAMESPACE} cp client_helper.sh ctafrontend:/root/client_helper.sh
 kubectl cp ~/CTA-build/cmdline/standalone_cli_tools/restore_files/cta-restore-deleted-files ${NAMESPACE}/ctafrontend:/usr/bin/cta-restore-deleted-files
 kubectl cp restore_files_ctafrontend.sh ${NAMESPACE}/ctafrontend:/root/restore_files_ctafrontend.sh
 kubectl -n ${NAMESPACE} exec ctafrontend -- chmod +x /root/restore_files_ctafrontend.sh
-kubectl -n ${NAMESPACE} exec ctafrontend -- bash -c "XrdSecPROTOCOL=sss XrdSecSSSKT=/etc/cta/eos.sss.keytab /root/restore_files_ctafrontend.sh -I ${ARCHIVE_FILE_ID} -f ${TEST_FILE_NAME} -i ${EOSINSTANCE}"
+kubectl -n ${NAMESPACE} exec ctafrontend -- bash -c "XrdSecPROTOCOL=krb5 KRB5CCNAME=/tmp/ctaadmin2/krb5cc_0 /root/restore_files_ctafrontend.sh -I ${ARCHIVE_FILE_ID} -f ${TEST_FILE_NAME} -i ${EOSINSTANCE}"
 
 SECONDS_PASSED=0
 WAIT_FOR_RETRIEVED_FILE_TIMEOUT=10
@@ -175,5 +180,3 @@ echo "kubectl -n ${NAMESPACE} exec ctacli -- cta-admin admin rm --username ctaeo
 sudo rm ${METADATA_FILE_AFTER_RESTORE_PATH}
 sudo rm ${METADATA_FILE_PATH}
 sudo rm ${EOS_METADATA_AFTER_RESTORE_PATH}
-kubectl -n ${NAMESPACE} exec ctacli -- cta-admin admin rm --username ctafrontend
-kubectl -n ${NAMESPACE} exec ctacli -- cta-admin admin rm --username ctaeos
-- 
GitLab