phoenix-oss/llama-stack-mirror
0
0
Fork 1
mirror of https://github.com/meta-llama/llama-stack.git synced 2025-12-06 02:30:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: Small Auth CI refactor (#4322)

Browse source 
In preperation for ABAC addition (next PR)
```
    fix(ci): allow run_dir variable expansion in YAML heredoc
    
    Remove single quotes from EOF delimiter to allow $run_dir to
    be expanded by bash when creating the configuration file.
    Previously the literal string "$run_dir" was being written
    to the YAML instead of the actual temp directory path.
    
    drwxr-xr-x  3 runner runner   4096 Dec  5 12:56 $run_dir
```    
```
    test(ci): add test_endpoint helper function to auth tests
    
    Add reusable test_endpoint function to integration-auth-tests
    workflow for consistent API testing:
```

---------

Signed-off-by: Derek Higgins <derekh@redhat.com>
This commit is contained in:
Derek Higgins 2025-12-05 20:01:29 +00:00 committed by GitHub
parent 06f7ff2c80
commit fc4fc03606
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 33 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

53
.github/workflows/integration-auth-tests.yml vendored
View file

@ -72,7 +72,7 @@ jobs:
if: ${{ matrix.auth-provider == 'oauth2_token' }} if: ${{ matrix.auth-provider == 'oauth2_token' }}
run: | run: |
run_dir=$(mktemp -d) run_dir=$(mktemp -d)
cat <<'EOF' > $run_dir/run.yaml cat <<EOF > $run_dir/run.yaml
version: '2' version: '2'
image_name: kube image_name: kube
apis: [] apis: []
@ -137,27 +137,40 @@ jobs:
- name: Test auth - name: Test auth
run: | run: |
# Function to test API endpoint with authentication
# Usage: test_endpoint <curl_args> <user_token_file> <expected_status> [output_file]
test_endpoint() {
local curl_args="$1"
local user_token_file=$2
local expected_status=$3
local output_file=${4:-/dev/null}
local status
local extra_curl_args=(-s -L -o "$output_file" -w "%{http_code}")
if [ "$user_token_file" != "none" ]; then
extra_curl_args+=(-H "Authorization: Bearer $(cat $user_token_file)")
fi
set -x
status=$(curl $curl_args "${extra_curl_args[@]}")
set +x
if [ "$status" = "$expected_status" ]; then
echo " ✓ Status: $status (expected $expected_status)"
return 0
else
echo " ✗ Status: $status (expected $expected_status)"
exit 1
fi
}
echo "Testing /v1/version without token (should succeed)..." echo "Testing /v1/version without token (should succeed)..."
if curl -s -L -o /dev/null -w "%{http_code}" http://127.0.0.1:8321/v1/version | grep -q "200"; then test_endpoint "http://127.0.0.1:8321/v1/version" "none" "200" || exit 1
echo "/v1/version accessible without token (200)"
else
echo "/v1/version returned non-200 status without token"
exit 1
fi
echo "Testing /v1/providers without token (should fail with 401)..." echo "Testing /v1/providers without token (should fail with 401)..."
if curl -s -L -o /dev/null -w "%{http_code}" http://127.0.0.1:8321/v1/providers | grep -q "401"; then test_endpoint "http://127.0.0.1:8321/v1/providers" "none" "401" || exit 1
echo "/v1/providers blocked without token (401)"
else
echo "/v1/providers did not return 401 without token"
exit 1
fi
echo "Testing /v1/providers with valid token (should succeed)..." echo "Testing /v1/providers with valid token (should succeed)..."
curl -s -L -H "Authorization: Bearer $(cat llama-stack-auth-token)" http://127.0.0.1:8321/v1/providers | jq test_endpoint "http://127.0.0.1:8321/v1/providers" "llama-stack-auth-token" "200" "providers.json" || exit 1
if [ $? -eq 0 ]; then cat providers.json | jq . > /dev/null && echo " ✓ Valid JSON response"
echo "/v1/providers accessible with valid token"
else
echo "/v1/providers failed with valid token"
exit 1
fi