🎉 Integration Testing for SSH using a docker container | Postgres Source and Destination update integration tests using ssh bastion in docker container #6312
Conversation
…gres testcontainer
…g-in-docker-containers
VitaliiMaltsev
changed the title
github-actions
bot
added
the
area/documentation
…ource and destination to 0.3.12
VitaliiMaltsev
changed the title
|
I would only recommend not to increase the version at files |
There was a problem hiding this comment.
Looks great! a few comments:
- Is there a reason we can't treat the bastion as a normal object the same way other test containers are? Right now it's static/global which could introduce isolation issues
- could you remove the places where we inject secrets in
ci_credentials.shfor the current postgres ssh test case and once you merge this pr remove them from environment secrets as well in github? - you actually don't need to bump the postgres container versions since this is just changing their tests not the connector itself
| @@ -263,14 +263,21 @@ Using this feature requires additional configuration, when creating the source. | |||
| 6. If you are using `Password Authentication`, then `SSH Login Username` should be set to the password of the User from the previous step. If you are using `SSH Key Authentication` leave this blank. Again, this is not the Postgres password, but the password for the OS-user that Airbyte is using to perform commands on the bastion. | |||
| 7. If you are using `SSH Key Authentication`, then `SSH Private Key` should be set to the RSA Private Key that you are using to create the SSH connection. This should be the full contents of the key file starting with `-----BEGIN RSA PRIVATE KEY-----` and ending with `-----END RSA PRIVATE KEY-----`. | |||
|
|
|||
|
|
|||
| ## Integration tests to Postgres via an SSH Tunnel with bastion in docker container | |||
There was a problem hiding this comment.
this should go in the README for the connector rather than this doc. This doc is meant for consumption by Airbyte users, and this is an implementation detail of how we test the connector
There was a problem hiding this comment.
this should go in the README for the connector rather than this doc. This doc is meant for consumption by Airbyte users, and this is an implementation detail of how we test the connector
removed description from this doc
| private static final String SSH_USER = "sshuser"; | ||
| private static final String SSH_PASSWORD = "secret"; | ||
| private static Network network; | ||
| private static GenericContainer bastion; |
There was a problem hiding this comment.
why is this all static instead of instance variables?
There was a problem hiding this comment.
why is this all static instead of instance variables?
replaced with instance variables
| import org.testcontainers.containers.Network; | ||
| import org.testcontainers.images.builder.ImageFromDockerfile; | ||
|
|
||
| public class SshBastion { |
There was a problem hiding this comment.
I suggest adding the word Container to the. name e.g: SshBastionContainer to make it clear it's containerized
There was a problem hiding this comment.
I suggest adding the word
Containerto the. name e.g:SshBastionContainerto make it clear it's containerized
good point! Renamed class to SshBastionContainer
| @@ -24,45 +24,79 @@ | |||
|
|
|||
| package io.airbyte.integrations.io.airbyte.integration_tests.sources; | |||
|
|
|||
| import static io.airbyte.integrations.base.ssh.SshBastion.*; | |||
There was a problem hiding this comment.
style: prefer using explicit import instead of star imports
There was a problem hiding this comment.
style: prefer using explicit import instead of star imports
replaced star import with explicit
…stionContainer, removed ci credentials for ssh Postgres Source and Destination
github-actions
bot
removed
the
area/documentation
|
…g-in-docker-containers # Conflicts: # tools/bin/ci_credentials.sh
VitaliiMaltsev
deleted the
vmaltsev/5811ssh-tunnel-integration-testing-in-docker-containers
branch
|
@VitaliiMaltsev this is awesome! it will make developing new ssh connectors much easier. great work. |
| ### Acceptance Testing via ssh tunnel using SshBastion and JdbcDatabaseContainer in Docker | ||
| 1. The `SshBastion` class provides 3 helper functions: | ||
| `initAndStartBastion()`to initialize and start SSH Bastion server in Docker test container and creates new `Network` for bastion and tested jdbc container | ||
| `getTunnelConfig()`which return JsoneNode with all necessary configuration to establish ssh tunnel. Connection configuration for integration tests is now taken directly from container settings and does not require a real database connection | ||
| `stopAndCloseContainers` to stop and close SshBastion and JdbcDatabaseContainer at the end of the test | ||
|
|
There was a problem hiding this comment.
- Does this mean we can update the
Future Worksection of this readme.md file and remove the bullet point?
Improve the process of acceptance testing by allowing doing acceptance testing using a bastion running in a docker container instead of having to use dedicated infrastructure and a static database.
- How could we enable these ssh integration tests to other destinations too?
- Would these integration tests catch errors in ssh tunnels handling with normalization too? see https://github.com/airbytehq/oncall/issues/145
What
Improve the process of acceptance testing by allowing doing acceptance / integration testing using a bastion running in a docker container. Right now we have a dedicated host in AWS that we use.
Why do we care?
We'd rather not maintain the bastion infra if we don't have to
It means that the tests require secrets as an input which adds a bit more friction. If we use docker that would not be necessary.
It requires having a static instance of the database we trying to test running! Because the bastion is static it also needs to be forwarding to some database in our VPC so we need a statically running db as well. This limits the tests we can right and means we're paying for and maintaining a database for no good reason. Ideally we could spin up dbs and bastion all in docker!
How
A new SshBastion class has been implemented, which allows you to initialize and run a bastion ssh server created in a docker test container. The test database and bastion run in containers on the same network. Connection configuration for integration tests is now taken directly from container settings and does not require a real database connection. Establishing an ssh tunnel implies 2 authentication options - using a password or using a private key
Recommended reading order
x.javay.pythonPre-merge Checklist
Expand the relevant checklist and delete the others.
New Connector
Community member or Airbyter
airbyte_secret./gradlew :airbyte-integrations:connectors:<name>:integrationTest.README.mdbootstrap.md. See description and examplesdocs/SUMMARY.mddocs/integrations/<source or destination>/<name>.mdincluding changelog. See changelog exampledocs/integrations/README.mdairbyte-integrations/builds.mdAirbyter
If this is a community PR, the Airbyte engineer reviewing this PR is responsible for the below items.
/test connector=connectors/<name>command is passing./publishcommand described hereUpdating a connector
Community member or Airbyter
airbyte_secret./gradlew :airbyte-integrations:connectors:<name>:integrationTest.README.mdbootstrap.md. See description and examplesdocs/integrations/<source or destination>/<name>.mdincluding changelog. See changelog exampleAirbyter
If this is a community PR, the Airbyte engineer reviewing this PR is responsible for the below items.
/test connector=connectors/<name>command is passing./publishcommand described hereConnector Generator
-scaffoldin their name) have been updated with the latest scaffold by running./gradlew :airbyte-integrations:connector-templates:generator:testScaffoldTemplatesthen checking in your changes