Merge branch 'master' into 742-try-prometheus-kube-stack

.gitlab-ci.yml

@@ -47,13 +47,12 @@
 # using merge request pipelines (see https://gitlab.com/gitlab-org/gitlab/-/issues/326098)
 .eventrouter_rules:
   rules:
-    - changes:
-        - flux/**/$APP*.yaml
-        - ansible/roles/apps/templates/settings/$APP.yaml
-        - ansible/roles/apps/tasks/$APP.yaml
-    - if: '$TRIGGER_JOBS =~ /enable-eventrouter/'
-    - if: '$CI_COMMIT_MESSAGE =~ /TRIGGER_JOBS=.*enable-eventrouter/'
-    - if: '$CI_COMMIT_BRANCH == "master"'
+    - when: always
+
+
+.loki_stack_rules:
+  rules:
+    - when: always
 
 .nextcloud_rules:
   rules:
@@ -61,19 +60,14 @@
       - flux/**/$APP*.yaml
       - ansible/roles/apps/templates/settings/$APP.yaml
       - ansible/roles/apps/tasks/$APP.yaml
+      - test/behave/features/$APP.feature
     - if: '$TRIGGER_JOBS =~ /enable-nextcloud/'
     - if: '$CI_COMMIT_MESSAGE =~ /TRIGGER_JOBS=.*enable-nextcloud/'
     - if: '$CI_COMMIT_BRANCH == "master"'
 
 .prometheus_stack_rules:
   rules:
-    - changes:
-      - flux/**/$APP*.yaml
-      - ansible/roles/apps/templates/settings/$APP.yaml
-      - ansible/roles/apps/tasks/$APP.yaml
-    - if: '$TRIGGER_JOBS =~ /enable-prometheus-stack/'
-    - if: '$CI_COMMIT_MESSAGE =~ /TRIGGER_JOBS=.*enable-prometheus-stack/'
-    - if: '$CI_COMMIT_BRANCH == "master"'
+    - when: always
 
 .rocketchat_rules:
   rules:
@@ -81,6 +75,7 @@
       - flux/**/$APP*.yaml
       - ansible/roles/apps/templates/settings/$APP.yaml
       - ansible/roles/apps/tasks/$APP.yaml
+      - test/behave/features/$APP.feature
     - if: '$TRIGGER_JOBS =~ /enable-rocketchat/'
     - if: '$CI_COMMIT_MESSAGE =~ /TRIGGER_JOBS=.*enable-rocketchat/'
     - if: '$CI_COMMIT_BRANCH == "master"'
@@ -101,6 +96,7 @@
       - flux/**/$APP*.yaml
       - ansible/roles/apps/templates/settings/$APP.yaml
       - ansible/roles/apps/tasks/$APP.yaml
+      - test/behave/features/$APP.feature
     - if: '$TRIGGER_JOBS =~ /enable-wordpress/'
     - if: '$CI_COMMIT_MESSAGE =~ /TRIGGER_JOBS=.*enable-wordpress/'
     - if: '$CI_COMMIT_BRANCH == "master"'
@@ -169,6 +165,7 @@ ci-test-image-build:
     - if: '$CI_COMMIT_MESSAGE =~ /TRIGGER_JOBS=.*ci-test-image-build/'
   extends:
     - .kaniko_build
+  interruptible: true
 
 # Stage: create-vps
 # =================
@@ -204,7 +201,7 @@ create-vps:
     url: https://$FQDN
     on_stop: terminate-droplet
     auto_stop_in: 1 week
-
+  interruptible: true
 
 # Stage: enable-apps
 # ==================
@@ -223,6 +220,7 @@ create-vps:
     paths:
       - ./clusters
       - ./enabled_apps/$APP
+  interruptible: true
 
 enable-eventrouter:
   variables:
@@ -231,6 +229,13 @@ enable-eventrouter:
     - .enable_app_template
     - .eventrouter_rules
 
+
+enable-loki-stack:
+  variables:
+    APP: "loki-stack"
+  extends:
+    - .enable_app_template
+    - .loki_stack_rules
 enable-nextcloud:
   variables:
     APP: "nextcloud"
@@ -278,6 +283,7 @@ test-dns:
         - flux/**/*
         - test/**/*
         - openappstack/**/*
+  interruptible: true
 
 setup-openappstack:
   stage: setup-cluster
@@ -309,6 +315,7 @@ setup-openappstack:
         - openappstack/**/*
   extends:
     - .ssh_setup
+  interruptible: true
 
 
 # Stage: helm-release
@@ -333,6 +340,7 @@ setup-openappstack:
     when: always
   extends:
     - .ssh_setup
+  interruptible: true
 
 eventrouter-helm-release:
   variables:
@@ -341,6 +349,14 @@ eventrouter-helm-release:
     - .helm-release
     - .eventrouter_rules
 
+
+loki-stack-helm-release:
+  variables:
+    APP: "loki-stack"
+  extends:
+    - .helm-release
+    - .loki_stack_rules
+
 nextcloud-helm-release:
   variables:
     APP: "nextcloud"
@@ -397,6 +413,7 @@ wordpress-helm-release:
     when: always
   extends:
     - .ssh_setup
+  interruptible: true
 
 eventrouter-ready:
   variables:
@@ -407,6 +424,15 @@ eventrouter-ready:
     - .apps-ready
     - .eventrouter_rules
 
+loki-stack-ready:
+  variables:
+    APP: "loki-stack"
+  needs:
+    - job: loki-stack-helm-release
+  extends:
+    - .apps-ready
+    - .loki_stack_rules
+
 nextcloud-ready:
   variables:
     APP: "nextcloud"
@@ -470,6 +496,7 @@ wordpress-ready:
     when: always
   extends:
     - .ssh_setup
+  interruptible: true
 
 nextcloud-cert:
   variables:
@@ -537,6 +564,7 @@ testinfra:
         - openappstack/**/*
   extends:
     - .ssh_setup
+  interruptible: true
 
 prometheus-stack-alerts:
   stage: health-test
@@ -553,6 +581,7 @@ prometheus-stack-alerts:
     - .prometheus_stack_rules
   needs:
     - job: prometheus-stack-ready
+  interruptible: true
 
 
 # Stage: integration-test
@@ -574,6 +603,7 @@ prometheus-stack-alerts:
     when: on_failure
   extends:
     - .ssh_setup
+  interruptible: true
 
 prometheus-stack-behave:
   variables:
@@ -657,3 +687,4 @@ gitlab-merge-workaround:
   image: busybox
   script:
     - echo "Not building anything, no changes."
+  interruptible: true

ansible/group_vars/all/settings.yml.example

@@ -93,9 +93,9 @@ enabled_applications:
   - 'local-path-provisioner'
   # - 'single-sign-on'
   #
-  # Monitoring components
-  - 'prometheus-stack'
-  - 'loki-stack'
+  # Monitoring components (auto-enabled by GitLab CI)
+  # - 'prometheus-stack'
+  # - 'loki-stack'
   # - 'eventrouter'
   #
   # The backup system Velero is disabled by default, see settings under `backup` above.

ansible/roles/apps/tasks/velero.yml

@@ -64,6 +64,7 @@
     remote_src: true
     src: "/tmp/velero-v{{ velero.version }}.tar.gz"
     dest: "/tmp/"
+  when: velero_version.stdout != velero.version
 
 - name: Install velero CLI
   tags:
@@ -76,3 +77,4 @@
     group: root
     mode: "0755"
   become: true
+  when: velero_version.stdout != velero.version

ansible/roles/apps/templates/settings/nextcloud.yaml

@@ -13,7 +13,7 @@ nextcloud:
       smtp:
         host: "{{ outgoing_mail.smtp.host }}"
         {% if outgoing_mail.smtp.ssl %}
-        secure: "ssl"
+        secure: "tls"
         {% else %}
         secure: ""
         {% endif %}

ansible/roles/apps/templates/settings/rocketchat.yaml

@@ -21,45 +21,45 @@ extraEnv: |
   - name: Accounts_RegistrationForm_LinkReplacementText
     value: "Create a new account at admin.{{ domain }} to add users"
   # Custom OAuth rules:
-  - name: Accounts_OAuth_Custom-Openappstack
+  - name: Accounts_OAuth_Custom_Openappstack
     value: "true"
-  - name: Accounts_OAuth_Custom-Openappstack-url
+  - name: Accounts_OAuth_Custom_Openappstack_url
     value: https://sso.{{ domain }}
-  - name: Accounts_OAuth_Custom-Openappstack-token_path
+  - name: Accounts_OAuth_Custom_Openappstack_token_path
     value: /oauth2/token
-  - name: Accounts_OAuth_Custom-Openappstack-token_sent_via
+  - name: Accounts_OAuth_Custom_Openappstack_token_sent_via
     value: payload
-  - name: Accounts_OAuth_Custom-Openappstack-identity_token_sent_via
+  - name: Accounts_OAuth_Custom_Openappstack_identity_token_sent_via
     value: payload
-  - name: Accounts_OAuth_Custom-Openappstack-identity_path
+  - name: Accounts_OAuth_Custom_Openappstack_identity_path
     value: /userinfo
-  - name: Accounts_OAuth_Custom-Openappstack-authorize_path
+  - name: Accounts_OAuth_Custom_Openappstack_authorize_path
     value: /oauth2/auth
-  - name: Accounts_OAuth_Custom-Openappstack-scope
+  - name: Accounts_OAuth_Custom_Openappstack_scope
     value: openid profile openappstack_roles email
-  - name: Accounts_OAuth_Custom-Openappstack-id
+  - name: Accounts_OAuth_Custom_Openappstack_id
     value: rocketchat
-  - name: Accounts_OAuth_Custom-Openappstack-secret
+  - name: Accounts_OAuth_Custom_Openappstack_secret
     value: {{ rocketchat_oauth_client_secret }}
-  - name: Accounts_OAuth_Custom-Openappstack-login_style
+  - name: Accounts_OAuth_Custom_Openappstack_login_style
     value: redirect
-  - name: Accounts_OAuth_Custom-Openappstack-button_label_text
+  - name: Accounts_OAuth_Custom_Openappstack_button_label_text
     value: Login via OpenAppStack
-  - name: Accounts_OAuth_Custom-Openappstack-button_label_color
+  - name: Accounts_OAuth_Custom_Openappstack_button_label_color
     value: "#FFFFFF"
-  - name: Accounts_OAuth_Custom-Openappstack-button_color
+  - name: Accounts_OAuth_Custom_Openappstack_button_color
     value: "#1d74f5"
-  - name: Accounts_OAuth_Custom-Openappstack-username_field
+  - name: Accounts_OAuth_Custom_Openappstack_username_field
     value: preferred_username
-  - name: Accounts_OAuth_Custom-Openappstack-name_field
+  - name: Accounts_OAuth_Custom_Openappstack_name_field
     value: preferred_username
-  - name: Accounts_OAuth_Custom-Openappstack-roles_claim
+  - name: Accounts_OAuth_Custom_Openappstack_roles_claim
     value: openappstack_roles
-  - name: Accounts_OAuth_Custom-Openappstack-merge_roles
+  - name: Accounts_OAuth_Custom_Openappstack_merge_roles
     value: "true"
-  - name: Accounts_OAuth_Custom-Openappstack-merge_users
+  - name: Accounts_OAuth_Custom_Openappstack_merge_users
     value: "true"
-  - name: Accounts_OAuth_Custom-Openappstack-show_button
+  - name: Accounts_OAuth_Custom_Openappstack_show_button
     value: "true"
 
 
@@ -99,6 +99,5 @@ mongodb:
     size: 2Gi
 
 image:
-  repository: open.greenhost.net:4567/openappstack/openappstack/rocketchat
-  tag: 3.2.2-096aa0023
-  pullPolicy: Always
+  tag: 3.13.0
+  pullPolicy: IfNotPresent

test/behave/features/nextcloud.feature

@@ -5,7 +5,8 @@ Feature: Test nextcloud admin login
   And I want to be able to open a document in OnlyOffice
 
 Scenario: Test OnlyOffice welcome screen
-  When I open the onlyoffice URL
+  Given I have closed all but the first window
+  And I open the onlyoffice URL
   Then I wait on element "#status-ok-icon" for 1000ms to exist
 
 Scenario: Open nextcloud
@@ -32,7 +33,7 @@ Scenario: Create a new document in OnlyOffice
   When I click on the element "[aria-label='Files']"
   # Unfortunaty there's no check if the element that's already visible
   # is also clickable.
-  And I pause for 5000ms
+  And I wait on element "[class='button new']" to be clickable
   And I click on the button "[class='button new']"
   And I click on the element "[data-action='onlyofficeDocx']"
   And I add a random string to the inputfield ".filenameform input[type=text]"
@@ -40,4 +41,14 @@ Scenario: Create a new document in OnlyOffice
   And I focus the last opened tab
   Then I expect a new tab has been opened
   And I expect that element "div.toast-error" does not exist
-  And I wait on element "iframe[name='frameEditor']" for 20000ms to be visible
+
+Scenario: Assert the bold button is not activated
+  When I wait for the iframe named "frameEditor" and switch to it
+  Then I wait on element "div.asc-loadmask" for 20000ms to be visible
+  And I wait on element "div.asc-loadmask" for 20000ms to not exist
+  And I wait on element "[id='id-toolbar-btn-bold']" for 20000ms to be visible
+  And I expect that element "[id='id-toolbar-btn-bold']" does not have the class "active"
+
+Scenario: Active the bold button
+  When I click on the element "[id='id-toolbar-btn-bold']"
+  Then I expect that element "[id='id-toolbar-btn-bold']" has the class "active"

test/behave/features/prometheus-stack.feature

@@ -5,7 +5,8 @@ Feature: Test grafana admin login
   And I want to be able to look at the logs
 
 Scenario: Open grafana
-  When I open the grafana URL
+  Given I have closed all but the first window
+  And I open the grafana URL
   Then I wait on element "//input[@name='user']" for 25000ms to be visible
   And I expect that the title is "Grafana"
   And I expect that element "//input[@name='password']" is visible

test/behave/features/rocketchat.feature

@@ -4,7 +4,8 @@ Feature: Test rocketchat admin login
   I want to be able to login to rocketchat as the user admin
 
 Scenario: Open rocketchat
-  When I open the rocketchat URL
+  Given I have closed all but the first window
+  And I open the rocketchat URL
   Then I wait on element "//input[@name='emailOrUsername']" for 25000ms to be visible
   And I expect that element "#pass" is visible
 

test/behave/features/steps/steps.py

 from oas_behave.common_steps import *
-
+from selenium.webdriver.common.by import By
+from selenium.webdriver.support import expected_conditions as EC
+from selenium.webdriver.support.ui import WebDriverWait
 
 @when(u'I open the rocketchat URL')
 @given(u'I open the rocketchat URL')
@@ -21,3 +23,16 @@ def step_impl(context):
     print(helm_operator_url)
     context.behave_driver.get(helm_operator_url)
 
+@when(u'I wait on element "{element}" to be clickable')
+@given(u'I wait on element "{element}" to be clickable')
+def step_impl(context, element):
+    """Wait for element ro be clickable."""
+    wait = WebDriverWait(context.behave_driver, 30)
+    wait.until(EC.element_to_be_clickable((By.CLASS_NAME, "button.new")))
+
+@when(u'I wait for the iframe named "{name}" and switch to it')
+@given(u'I wait for the iframe named "{name}" and switch to it')
+def step_impl(context, name):
+    """Wait for the iframe with given name and switch to it."""
+    wait = WebDriverWait(context.behave_driver, 30)
+    wait.until(EC.frame_to_be_available_and_switch_to_it((By.NAME, name)))

test/behave/features/wordpress.feature

@@ -4,7 +4,8 @@ Feature: Test WordPress admin login
   I want to be able to login to WordPress as the user admin
 
 Scenario: Open WordPress
-  When I open the wordpress URL
+  Given I have closed all but the first window
+  And I open the wordpress URL
   Then I wait on element "#user_login" for 25000ms to be visible
   And I expect that element "#user_pass" is visible
 

test/pytest/test_app_deployments.py

@@ -25,24 +25,27 @@ EXPECTED_RELEASES = {
 }
 
 EXPECTED_APP_LABELS = {
+    'eventrouter': {
+        'namespace': 'oas',
+        'label_selector': 'app=eventrouter'},
+    'loki-stack': {
+        'namespace': 'oas',
+        'label_selector': 'app=loki'},
     'nextcloud': {
         'namespace': 'oas-apps',
         'label_selector': 'app.kubernetes.io/instance=nc'},
-    'wordpress': {
-        'namespace': 'oas-apps',
-        'label_selector': 'release=wordpress'},
-    'rocketchat': {
-        'namespace': 'oas-apps',
-        'label_selector': 'app.kubernetes.io/instance=rocketchat'},
     'prometheus-stack': {
         'namespace': 'oas',
         'label_selector': 'app in (grafana,prometheus)'},
-    'eventrouter': {
-        'namespace': 'oas',
-        'label_selector': 'app=eventrouter'},
+    'rocketchat': {
+        'namespace': 'oas-apps',
+        'label_selector': 'app.kubernetes.io/instance=rocketchat'},
     'single-sign-on': {
         'namespace': 'oas',
-        'label_selector': 'app.kubernetes.io/name in (hydra,hydra-maester,single-sign-on-userbackend,single-sign-on-consent,single-sign-on-userpanel,single-sign-on-login)'}
+        'label_selector': 'app.kubernetes.io/name in (hydra,hydra-maester,single-sign-on-userbackend,single-sign-on-consent,single-sign-on-userpanel,single-sign-on-login)'},
+    'wordpress': {
+        'namespace': 'oas-apps',
+        'label_selector': 'release=wordpress'}
 }