setup gitea as oidc provider for tool vault

2024-09-27 18:21:52 +02:00
parent 1332def067
commit 407bf12165
24 changed files with 655 additions and 20 deletions
--- a/ansible/arcodange/factory/roles/playwright/defaults/main.yml
+++ b/ansible/arcodange/factory/roles/playwright/defaults/main.yml
@@ -0,0 +1,4 @@
+playwright_script: '{{ {{ role_path }}/files/loginGitea.js }}'
+playwright_use_docker: true
+playwright_version: '1.47.0'
+playwright_docker_image: playwright:{{ playwright_version }}
--- a/ansible/arcodange/factory/roles/playwright/files/Dockerfile
+++ b/ansible/arcodange/factory/roles/playwright/files/Dockerfile
@@ -0,0 +1,25 @@
+# Utiliser l'image officielle Node.js avec Playwright
+FROM mcr.microsoft.com/playwright:v1.38.0-jammy
+
+ARG playwright_version=1.47.0
+
+# Définir le répertoire de travail
+WORKDIR /app
+
+# Copier les fichiers package.json et package-lock.json
+COPY v${playwright_version}/package*.json ./
+
+# Installer les dépendances Node.js
+RUN npm install
+
+# Installer les navigateurs nécessaires pour Playwright
+RUN npx playwright install
+
+# Copier le script par défaut
+COPY loginGitea.js ./script.js
+
+# Commande pour exécuter le script
+CMD ["node", "script.js"]
+
+# RUN WITH
+# docker run -v $PWD/loginGitea.js:/app/loginGitea.js --rm playwright-gitea sh -c "sed 's/headless: false/headless: true/' loginGitea.js | node --input-type=module"
--- a/ansible/arcodange/factory/roles/playwright/files/loginGitea.js
+++ b/ansible/arcodange/factory/roles/playwright/files/loginGitea.js
@@ -0,0 +1,55 @@
+import { chromium } from 'playwright';
+
+/*
+  Initialisation
+*/
+const username = process.env.GITEA_USER;
+const password = process.env.GITEA_PASSWORD;
+const debug = Boolean(process.env.DEBUG);
+const vaultAddress = process.env.VAULT_ADDRESS || 'http://localhost:8200';
+const giteaAddress = process.env.GITEA_ADDRESS || 'https://gitea.arcodange.duckdns.org';
+
+if (!username || !password) {
+  console.error('Veuillez définir les variables d\'environnement GITEA_USER et GITEA_PASSWORD.');
+  process.exit(1);
+}
+
+const browser = await chromium.launch({
+  headless: true,
+  locale: "gb-GB", // before login gitea use gb-GB locale, after login it choose user locale
+  logger: {
+    isEnabled: (name, severity) => debug,
+    log: (name, severity, message, args) => console.warn(`${severity}| ${name} :: ${message} __ ${args}`)
+  },
+});
+const context = await browser.newContext({locale: "gb-GB"});
+const page = await context.newPage();
+
+async function doLogin() {
+  await page.goto(giteaAddress);
+  await page.click('text=Sign In');
+  await page.fill('input[name="user_name"]', username);
+  await page.fill('input[name="password"]', password);
+  await page.click('button:has-text("Sign In")');
+  await page.waitForURL(giteaAddress);
+}
+
+async function isLoggedIn() {
+  return (
+    await page.locator('text=Sign In').count() === 0
+    && await page.locator('.user-menu > .ui.header strong').count() > 0
+  )
+}
+
+async function getLoggedUsername() {
+  const loggedInUser = await page.innerText('.user-menu > .ui.header strong');
+  if (debug) console.warn(`Connecté en tant que : ${loggedInUser}`);
+  return loggedInUser;
+}
+
+if (! await isLoggedIn()) await doLogin();
+const giteaUser = await getLoggedUsername()
+
+console.log(JSON.stringify({giteaUser}));
+
+await browser.close();
--- a/ansible/arcodange/factory/roles/playwright/files/v1.47.0/package-lock.json
+++ b/ansible/arcodange/factory/roles/playwright/files/v1.47.0/package-lock.json
@@ -0,0 +1,70 @@
+{
+  "name": "playwright",
+  "version": "1.0.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "playwright",
+      "version": "1.0.0",
+      "license": "ISC",
+      "dependencies": {
+        "playwright": "^1.47.0",
+        "typescript": "^5.6.2"
+      }
+    },
+    "node_modules/fsevents": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
+      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
+      "hasInstallScript": true,
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
+    "node_modules/playwright": {
+      "version": "1.47.0",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.47.0.tgz",
+      "integrity": "sha512-jOWiRq2pdNAX/mwLiwFYnPHpEZ4rM+fRSQpRHwEwZlP2PUANvL3+aJOF/bvISMhFD30rqMxUB4RJx9aQbfh4Ww==",
+      "dependencies": {
+        "playwright-core": "1.47.0"
+      },
+      "bin": {
+        "playwright": "cli.js"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "optionalDependencies": {
+        "fsevents": "2.3.2"
+      }
+    },
+    "node_modules/playwright-core": {
+      "version": "1.47.0",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.47.0.tgz",
+      "integrity": "sha512-1DyHT8OqkcfCkYUD9zzUTfg7EfTd+6a8MkD/NWOvjo0u/SCNd5YmY/lJwFvUZOxJbWNds+ei7ic2+R/cRz/PDg==",
+      "bin": {
+        "playwright-core": "cli.js"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/typescript": {
+      "version": "5.6.2",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.6.2.tgz",
+      "integrity": "sha512-NW8ByodCSNCwZeghjN3o+JX5OFH0Ojg6sadjEKY4huZ52TqbJTJnDo5+Tw98lSy63NZvi4n+ez5m2u5d4PkZyw==",
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    }
+  }
+}
--- a/ansible/arcodange/factory/roles/playwright/files/v1.47.0/package.json
+++ b/ansible/arcodange/factory/roles/playwright/files/v1.47.0/package.json
@@ -0,0 +1,16 @@
+{
+  "name": "playwright",
+  "version": "1.0.0",
+  "main": "loginGitea.js",
+  "type": "module",
+  "scripts": {
+    "test": "node loginGitea.js"
+  },
+  "keywords": [],
+  "author": "arcodange@gmail.com",
+  "license": "ISC",
+  "description": "",
+  "dependencies": {
+    "playwright": "^1.47.0"
+  }
+}
--- a/ansible/arcodange/factory/roles/playwright/tasks/main.yml
+++ b/ansible/arcodange/factory/roles/playwright/tasks/main.yml
@@ -0,0 +1,25 @@
+- when: playwright_use_docker
+  block:
+    - name: Build {{ playwright_docker_image }} docker image
+      community.docker.docker_image_build:
+        name: '{{ playwright_docker_image }}'
+        path: '{{ role_path }}/files/'
+        args:
+          playwright_version: '{{ playwright_version }}'
+    - name: run {{ playwright_script | basename }}
+      vars:
+        cmd_env: '{{ playwright_env | default({}) }}'
+        env_arguments: >-
+          {% for e in (cmd_env.keys() | zip( cmd_env.values() ) | map('join', '=') ) %}
+          -e {{ e }} 
+          {% endfor %}
+
+      ansible.builtin.shell: >-
+        docker run
+        -v {{ playwright_script }}:/app/script.js
+        {{ env_arguments }}
+        --rm
+        {{ playwright_docker_image }}
+      #  sh -c "sed 's/headless: *false/headless: true/' script.js | node --input-type=module"
+      
+      register: playwright_job