Upstream Sync fixes

.github/workflows/ci.yaml

@@ -9,127 +9,10 @@ permissions:
   contents: read
 
 jobs:
-  test:
-    name: Test
-    runs-on: ubuntu-latest
-
-    services:
-      postgres:
-        image: postgres:10.8
-        env:
-          TZ: UTC
-        ports:
-          - 5432
-        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
-
-      postgres-ent:
-        image: postgres:10.8
-        env:
-          TZ: UTC
-        ports:
-          - 5432
-        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
-
-      mysql:
-        image: mysql:5.7
-        env:
-          MYSQL_ROOT_PASSWORD: root
-          MYSQL_DATABASE: dex
-        ports:
-          - 3306
-        options: --health-cmd "mysql -proot -e \"show databases;\"" --health-interval 10s --health-timeout 5s --health-retries 5
-
-      mysql-ent:
-        image: mysql:5.7
-        env:
-          MYSQL_ROOT_PASSWORD: root
-          MYSQL_DATABASE: dex
-        ports:
-          - 3306
-        options: --health-cmd "mysql -proot -e \"show databases;\"" --health-interval 10s --health-timeout 5s --health-retries 5
-
-      etcd:
-        image: gcr.io/etcd-development/etcd:v3.5.0
-        ports:
-          - 2379
-        env:
-          ETCD_LISTEN_CLIENT_URLS: http://0.0.0.0:2379
-          ETCD_ADVERTISE_CLIENT_URLS: http://0.0.0.0:2379
-        options: --health-cmd "ETCDCTL_API=3 etcdctl --endpoints http://localhost:2379 endpoint health" --health-interval 10s --health-timeout 5s --health-retries 5
-
-      keystone:
-        image: openio/openstack-keystone:rocky
-        ports:
-          - 5000
-          - 35357
-        options: --health-cmd "curl --fail http://localhost:5000/v3" --health-interval 10s --health-timeout 5s --health-retries 5
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Set up Go
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
-        with:
-          go-version: "1.24"
-
-      - name: Download tool dependencies
-        run: make deps
-
-      # Ensure that generated files were committed.
-      # It can help us determine, that the code is in the intermediate state, which should not be tested.
-      # Thus, heavy jobs like creating a kind cluster and testing / linting will be skipped.
-      - name: Verify
-        run: make verify
-
-      - name: Start services
-        run: docker compose -f docker-compose.test.yaml up -d
-
-      - name: Create kind cluster
-        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
-        with:
-          version: "v0.17.0"
-          node_image: "kindest/node:v1.25.3@sha256:cd248d1438192f7814fbca8fede13cfe5b9918746dfa12583976158a834fd5c5"
-
-      - name: Test
-        run: make testall
-        env:
-          DEX_MYSQL_DATABASE: dex
-          DEX_MYSQL_USER: root
-          DEX_MYSQL_PASSWORD: root
-          DEX_MYSQL_HOST: 127.0.0.1
-          DEX_MYSQL_PORT: ${{ job.services.mysql.ports[3306] }}
-
-          DEX_MYSQL_ENT_DATABASE: dex
-          DEX_MYSQL_ENT_USER: root
-          DEX_MYSQL_ENT_PASSWORD: root
-          DEX_MYSQL_ENT_HOST: 127.0.0.1
-          DEX_MYSQL_ENT_PORT: ${{ job.services.mysql-ent.ports[3306] }}
-
-          DEX_POSTGRES_DATABASE: postgres
-          DEX_POSTGRES_USER: postgres
-          DEX_POSTGRES_PASSWORD: postgres
-          DEX_POSTGRES_HOST: localhost
-          DEX_POSTGRES_PORT: ${{ job.services.postgres.ports[5432] }}
-
-          DEX_POSTGRES_ENT_DATABASE: postgres
-          DEX_POSTGRES_ENT_USER: postgres
-          DEX_POSTGRES_ENT_PASSWORD: postgres
-          DEX_POSTGRES_ENT_HOST: localhost
-          DEX_POSTGRES_ENT_PORT: ${{ job.services.postgres-ent.ports[5432] }}
-
-          DEX_ETCD_ENDPOINTS: http://localhost:${{ job.services.etcd.ports[2379] }}
-
-          DEX_LDAP_HOST: localhost
-          DEX_LDAP_PORT: 3890
-          DEX_LDAP_TLS_PORT: 6360
-
-          DEX_KEYSTONE_URL: http://localhost:${{ job.services.keystone.ports[5000] }}
-          DEX_KEYSTONE_ADMIN_URL: http://localhost:${{ job.services.keystone.ports[35357] }}
-          DEX_KEYSTONE_ADMIN_USER: demo
-          DEX_KEYSTONE_ADMIN_PASS: DEMO_PASS
-
-          DEX_KUBERNETES_CONFIG_PATH: ~/.kube/config
+  # Call the dedicated keystone workflow
+  keystone-tests:
+    name: Keystone Connector Tests
+    uses: ./.github/workflows/keystone-test.yaml
 
   lint:
     name: Lint

.github/workflows/keystone-test.yaml

@@ -0,0 +1,53 @@
+name: Keystone Tests
+
+on:
+  workflow_call:  # Allow this workflow to be called by other workflows
+  workflow_dispatch:
+  push:
+    paths:
+      - 'connector/keystone/**'
+
+permissions:
+  contents: read
+
+jobs:
+  keystone-test:
+    name: Keystone Connector Tests
+    runs-on: ubuntu-latest
+
+    services:
+      keystone:
+        image: openio/openstack-keystone:rocky
+        ports:
+          - 5000:5000
+          - 35357:35357
+        options: --health-cmd "curl --fail http://localhost:5000/v3" --health-interval 10s --health-timeout 5s --health-retries 5
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.24"
+
+      - name: Download dependencies
+        run: go mod download
+
+      - name: Wait for Keystone to be ready
+        run: |
+          timeout 60s bash -c 'until curl -f http://localhost:5000/v3; do sleep 2; done'
+
+      - name: Run Keystone unit tests
+        run: |
+          go test ./connector/keystone -v -run "Test(GetHostname|GenerateGroupName|PruneDuplicates|FindGroupByID|HTTPHelpers|GetGroups|CheckIfUserExists|Authenticate_TokenMode)"
+
+      - name: Run Keystone integration tests
+        env:
+          DEX_KEYSTONE_URL: http://localhost:5000
+          DEX_KEYSTONE_ADMIN_URL: http://localhost:35357
+          DEX_KEYSTONE_ADMIN_USER: demo
+          DEX_KEYSTONE_ADMIN_PASS: DEMO_PASS
+        run: |
+          go test ./connector/keystone -v

Makefile

@@ -38,8 +38,8 @@ examples: bin/grpc-client bin/example-app ## Build example app.
 .PHONY: release-binary
 release-binary: LD_FLAGS = "-w -X main.version=$(VERSION) -extldflags \"-static\""
 release-binary: ## Build release binaries (used to build a final container image).
-	@go build -o /go/bin/dex -v -ldflags $(LD_FLAGS) $(REPO_PATH)/cmd/dex
-	@go build -o /go/bin/docker-entrypoint -v -ldflags $(LD_FLAGS) $(REPO_PATH)/cmd/docker-entrypoint
+	@go build -buildvcs=false -o /go/bin/dex -v -ldflags $(LD_FLAGS) $(REPO_PATH)/cmd/dex
+	@go build -buildvcs=false -o /go/bin/docker-entrypoint -v -ldflags $(LD_FLAGS) $(REPO_PATH)/cmd/docker-entrypoint
 
 bin/dex:
 	@mkdir -p bin/
@@ -53,12 +53,6 @@ bin/example-app:
 	@mkdir -p bin/
 	@cd examples/ && go install -v -ldflags $(LD_FLAGS) $(REPO_PATH)/examples/example-app
 
-.PHONY: release-binary
-release-binary: LD_FLAGS = "-w -X main.version=$(VERSION) -extldflags \"-static\""
-release-binary: generate
-	@go build -o /go/bin/dex -v -buildvcs=false -ldflags $(LD_FLAGS) $(REPO_PATH)/cmd/dex
-	@go build -o /go/bin/docker-entrypoint -v -buildvcs=false -ldflags $(LD_FLAGS) $(REPO_PATH)/cmd/docker-entrypoint
-
 ##@ Generate
 
 .PHONY: generate
@@ -68,51 +62,6 @@ generate: generate-proto generate-proto-internal generate-ent go-mod-tidy ## Run
 generate-ent: ## Generate code for database ORM.
 	@go generate $(REPO_PATH)/storage/ent/
 
-test:
-	@go test -v ./...
-
-testrace:
-	@go test -v --race ./...
-
-.PHONY: kind-up kind-down kind-tests
-kind-up:
-	@mkdir -p bin/test
-	@kind create cluster --image ${KIND_NODE_IMAGE} --kubeconfig ${KIND_TMP_DIR}
-
-kind-down:
-	@kind delete cluster
-	rm ${KIND_TMP_DIR}
-
-kind-tests: export DEX_KUBERNETES_CONFIG_PATH=${KIND_TMP_DIR}
-kind-tests: testall
-
-.PHONY: lint lint-fix
-lint: ## Run linter
-	golangci-lint run
-
-.PHONY: fix
-fix: ## Fix lint violations
-	golangci-lint run --fix
-
-.PHONY: docker-image
-docker-image:
-	docker build -t $(DOCKER_IMAGE) .
-
-.PHONY: verify-proto
-verify-proto: proto
-	@./scripts/git-diff
-
-clean:
-	@rm -rf bin/
-
-testall: testrace
-
-FORCE:
-
-.PHONY: test testrace testall
-
-.PHONY: proto
-proto:
 .PHONY: generate-proto
 generate-proto: ## Generate the Dex client's protobuf code.
 	@protoc --go_out=paths=source_relative:. --go-grpc_out=paths=source_relative:. api/v2/*.proto

connector/keystone/keystone.go

@@ -314,7 +314,6 @@ func (p *conn) authenticate(ctx context.Context, username, pass string) (string,
 	req = req.WithContext(ctx)
 
 	resp, err := p.client.Do(req)
-
 	if err != nil {
 		return "", nil, fmt.Errorf("keystone: error %v", err)
 	}
@@ -370,7 +369,6 @@ func (p *conn) getAdminTokenUnscoped(ctx context.Context) (string, error) {
 	req.Header.Set("Content-Type", "application/json")
 	req = req.WithContext(ctx)
 	resp, err := p.client.Do(req)
-
 	if err != nil {
 		return "", fmt.Errorf("keystone: error %v", err)
 	}