From 6cb71f839aa0481606c95abfbf3bbd0dbf63bd1e Mon Sep 17 00:00:00 2001
From: James Poole <jpoole@redhat.com>
Date: Wed, 19 Aug 2020 10:54:47 +0100
Subject: [PATCH] Added oauth stuff to master-deployment

---
 __pycache__/locust_test.cpython-38.pyc | Bin 765 -> 0 bytes
 master-deployment.yaml                 | 252 ++++++++++++++-----------
 seed.sh                                |   7 +-
 slave-deployment.yaml                  |   2 +-
 4 files changed, 151 insertions(+), 110 deletions(-)
 delete mode 100644 __pycache__/locust_test.cpython-38.pyc

diff --git a/__pycache__/locust_test.cpython-38.pyc b/__pycache__/locust_test.cpython-38.pyc
deleted file mode 100644
index 18dbbbcc6a53206847f26df309c22559790d6e47..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 765
zcmb7C&2H2%5FR@}n}+^@kPwfsNNu=-P^BWV2eb&P3dt8MjomhE{;(YtR@}A^0>?ZN
zlCPZh6*w`op=v=~7|CB|obi0$jD5PZlLFfJ;hEfL06!?WYas?lxa?B|1&UQ5=*ufs
zbHVFC1a&Av2CqN`D!c|2YQ73Yq}T~eqcxs_`84p!%(?E=YU4wf+l8N;X?LY{Q&7TP
z3otmsWuG8u5KMvKI#5jU6&In7Mw%59v5HiD4Pv4uNR{~Aw|!YGtjmofqBXVyYmQKm
zcVpxe$1yIukMIRPz*nZ&H^#8B6Bzh>`5?=?GAr8NSbgByt}N`peOy$fZk!J;v>TWY
zt**`oFuPdf=W#}yHd`S3Wx2>+wnblKvd!Ml-em7)uk$mTRk&&0LEGuZUY6(X_l9)Z
zy2I|XPs>K>PqND|^n~P*c;L&&e>Qe_oArO4nFPz3ErM+V5<bEndOm3zxtZQQj7Dy@
zeDoLhP0kz#o=Dl`wU*MSQr4~NEAqFc{MhH!_{Y%u@mp7U>7*-bZD{m{#%}Ht+)CJZ
zq{BoAbj*_6gr%IbG}!D;V|+bW#mD0$4Gm~4Ne4DL|0?N|=cBwAbo-Wa6ZVk*0`wZJ
AYXATM

diff --git a/master-deployment.yaml b/master-deployment.yaml
index b4ae28b..49daa67 100644
--- a/master-deployment.yaml
+++ b/master-deployment.yaml
@@ -5,127 +5,167 @@ labels:
 metadata:
   name: locust-master
 objects:
-  - kind: Service
-    apiVersion: v1
-    metadata:
-      name: locust
-      namespace: ${NAMESPACE}
-    spec:
-      selector:
-        app: locust-master
-      ports:
-        - name: "communication"
-          protocol: TCP
-          port: 5557
-        - name: "communication-plus-1"
-          protocol: TCP
-          port: 5558
-        - name: "web-ui"
-          protocol: TCP
-          port: 8089
-      type: LoadBalancer
+### Oauth Stuff
+- apiVersion: v1
+  kind: ServiceAccount
+  metadata:
+    name: proxy
+    annotations:
+      serviceaccounts.openshift.io/oauth-redirectreference.primary: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"proxy"}}'
+- apiVersion: v1
+  kind: Route
+  metadata:
+    name: proxy
+  spec:
+    to:
+      kind: Service
+      name: proxy
+    tls:
+      termination: Reencrypt
+- apiVersion: v1
+  kind: Service
+  metadata:
+    name: proxy
+    annotations:
+      service.alpha.openshift.io/serving-cert-secret-name: proxy-tls
+  spec:
+    ports:
+    - name: proxy
+      port: 443
+      targetPort: 8443
+    selector:
+      app: locust-master
+###################
+- kind: Service
+  apiVersion: v1
+  metadata:
+    name: locust
+    namespace: ${NAMESPACE}
+  spec:
+    selector:
+      app: locust-master
+    ports:
+      - name: "communication"
+        protocol: TCP
+        port: 5557
+      - name: "communication-plus-1"
+        protocol: TCP
+        port: 5558
+      - name: "web-ui"
+        protocol: TCP
+        port: 8089
+    type: LoadBalancer
 
-  - apiVersion: route.openshift.io/v1
-    kind: Route
-    metadata:
-      name: app
-    spec:
-      port:
-        targetPort: web-ui
-      to:
-        kind: Service
-        name: locust
-        weight: 100
-      wildcardPolicy: None
-
-  - kind: DeploymentConfig
-    apiVersion: v1
-    metadata:
-      name: locust-master
-      namespace: ${NAMESPACE}
-    spec:
-      replicas: 1
-      template:
-        metadata:
-          labels:
-            app: locust-master
-        spec:
-          containers:
-          - name: locust-master
-            image: ${LOCUST_IMAGE}
-            env:
-              - name: CONFIG_HASH
-                value: TO_BE_CHANGED
-              - name: ATTACKED_HOST
-                valueFrom:
-                  configMapKeyRef:
-                    name: host-url
-                    key: ATTACKED_HOST
-              - name: LOCUST_MODE
-                value: MASTER
-              - name: LOCUST_OPTS
-                value: --print-stats -P=8089
-            resources:
-              limits:
-                cpu: "100m"
-                memory: "256Mi"
-            ports:
-            - name: comm
-              containerPort: 5557
-            - name: comm-plus-1
-              containerPort: 5558
-            - name: web-ui
-              containerPort: 8089
-            volumeMounts:
-            - name: locust-scripts
-              mountPath: /locust
-              readOnly: true
-          dnsPolicy: ClusterFirst
-          restartPolicy: Always
-          securityContext:
-            privileged: false
-          volumes:
+- kind: DeploymentConfig
+  apiVersion: v1
+  metadata:
+    name: locust-master
+    namespace: ${NAMESPACE}
+  spec:
+    replicas: 1
+    template:
+      metadata:
+        labels:
+          app: locust-master
+      spec:
+        serviceAccountName: proxy
+        containers:
+        - name: locust-master
+          image: ${LOCUST_IMAGE}
+          env:
+            - name: CONFIG_HASH
+              value: TO_BE_CHANGED
+            - name: ATTACKED_HOST
+              valueFrom:
+                configMapKeyRef:
+                  name: host-url
+                  key: ATTACKED_HOST
+            - name: LOCUST_MODE
+              value: MASTER
+            - name: LOCUST_OPTS
+              value: --print-stats -P=8089
+          resources:
+            limits:
+              cpu: "100m"
+              memory: "256Mi"
+          ports:
+          - name: comm
+            containerPort: 5557
+          - name: comm-plus-1
+            containerPort: 5558
+          - name: web-ui
+            containerPort: 8089
+          volumeMounts:
           - name: locust-scripts
-            configMap:
-              name: script-file
+            mountPath: /locust
+            readOnly: true
+        - name: oauth-proxy
+          image: openshift/oauth-proxy:latest
+          imagePullPolicy: IfNotPresent
+          ports:
+          - containerPort: 8443
+            name: public
+          args:
+          - --https-address=:8443
+          - --provider=openshift
+          - --openshift-service-account=proxy
+          - --upstream=http://localhost:8089
+          - --tls-cert=/etc/tls/private/tls.crt
+          - --tls-key=/etc/tls/private/tls.key
+          - --cookie-secret=SECRET
+          volumeMounts:
+          - mountPath: /etc/tls/private
+            name: proxy-tls
+        dnsPolicy: ClusterFirst
+        restartPolicy: Always
+        securityContext:
+          privileged: false
+        volumes:
+        - name: locust-scripts
+          configMap:
+            name: script-file
+        - name: proxy-tls
+          secret:
+            secretName: proxy-tls
+
 
-  - kind: ConfigMap
-    apiVersion: v1
-    metadata:
-      name: script-file
-      namespace: ${NAMESPACE}
-    data:
-      locustfile.py: |
-        from locust import HttpLocust, TaskSet, task
+- kind: ConfigMap
+  apiVersion: v1
+  metadata:
+    name: script-file
+    namespace: ${NAMESPACE}
+  data:
+    locustfile.py: |
+      from locust import HttpLocust, TaskSet, task
 
 
-        class UserTasks(TaskSet):
+      class UserTasks(TaskSet):
 
-            @task
-            def index(self):
-                self.client.get("/")
+          @task
+          def index(self):
+              self.client.get("/")
 
-            @task
-            def stats(self):
-                self.client.get("/stats/requests")
+          @task
+          def stats(self):
+              self.client.get("/stats/requests")
 
 
-        class WebsiteUser(HttpLocust):
-            task_set = UserTasks
+      class WebsiteUser(HttpLocust):
+          task_set = UserTasks
 
-  - kind: ConfigMap
-    apiVersion: v1
-    metadata:
-      name: host-url
-      namespace: ${NAMESPACE}
-    data:
-      ATTACKED_HOST: http://locust-master:8089
+- kind: ConfigMap
+  apiVersion: v1
+  metadata:
+    name: host-url
+    namespace: ${NAMESPACE}
+  data:
+    ATTACKED_HOST: http://locust-master:8089
 
 parameters:
 - name: NAMESPACE
   displayName: Namespace
   description: Namespace where the Locust is running
-  value: locust
+  value: locust-oauth-test
   required: true
 
 - name: LOCUST_IMAGE
diff --git a/seed.sh b/seed.sh
index d8453a3..6c48ea7 100755
--- a/seed.sh
+++ b/seed.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 
+namespace="locust-oauth-test"
 testFile=""
 hostName=""
 
@@ -22,7 +23,7 @@ kind: ConfigMap
 apiVersion: v1
 metadata:
   name: host-url
-  namespace: locust
+  namespace: ${namespace}
 data:
   ATTACKED_HOST: $hostName
 EOF1
@@ -39,7 +40,7 @@ kind: ConfigMap
 apiVersion: v1
 metadata:
   name: script-file
-  namespace: locust
+  namespace: ${namespace}
 data:
   locustfile.py: |
 $(cat $testFile | sed 's/^/    /')
@@ -52,7 +53,7 @@ cat config-map.yaml | oc apply -f -
 rm ./config-map.yaml
 
 # Update the environment variable to trigger a change
-oc project locust
+oc project ${namespace}
 #oc set env dc/locust-master --overwrite CONFIG_HASH=`date +%s%N`
 #oc set env dc/locust-slave --overwrite CONFIG_HASH=`date +%s%N`
 
diff --git a/slave-deployment.yaml b/slave-deployment.yaml
index 0e28510..5952692 100644
--- a/slave-deployment.yaml
+++ b/slave-deployment.yaml
@@ -95,7 +95,7 @@ parameters:
 - name: NAMESPACE
   displayName: Namespace
   description: Namespace where the Locust is running
-  value: locust
+  value: locust-oauth-test
   required: true
 
 - name: LOCUST_SLAVE_IMAGE