Add tests for OpenID STS creds and add to CI (#13638)

.github/workflows/iam-integrations.yaml

@@ -1,4 +1,4 @@
-name: IAM integration with external systems
+name: IAM integration
 
 on:
   pull_request:
@@ -12,75 +12,8 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  ldap-test:
-    name: LDAP Tests with Go ${{ matrix.go-version }}
-    runs-on: ubuntu-latest
-
-    services:
-      openldap:
-        image: quay.io/minio/openldap
-        ports:
-          - "389:389"
-          - "636:636"
-        env:
-          LDAP_ORGANIZATION: "MinIO Inc"
-          LDAP_DOMAIN: "min.io"
-          LDAP_ADMIN_PASSWORD: "admin"
-
-    strategy:
-      matrix:
-        go-version: [1.16.x, 1.17.x]
-
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
-        with:
-          go-version: ${{ matrix.go-version }}
-      - name: Test LDAP
-        env:
-          LDAP_TEST_SERVER: "localhost:389"
-        run: |
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          make test-iam
-
-  etcd-test:
-    name: Etcd Backend Tests with Go ${{ matrix.go-version }}
-    runs-on: ubuntu-latest
-
-    services:
-      etcd:
-        image: "quay.io/coreos/etcd:v3.5.1"
-        env:
-          ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379"
-          ETCD_ADVERTISE_CLIENT_URLS: "http://0.0.0.0:2379"
-        ports:
-          - "2379:2379"
-        options: >-
-          --health-cmd "etcdctl endpoint health"
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-
-    strategy:
-      matrix:
-        go-version: [1.16.x, 1.17.x]
-
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
-        with:
-          go-version: ${{ matrix.go-version }}
-      - name: Test Etcd IAM backend
-        env:
-          ETCD_SERVER: "http://localhost:2379"
-        run: |
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          make test-iam
-
-  iam-etcd-test:
-    name: Etcd Backend + LDAP Tests with Go ${{ matrix.go-version }}
+  iam-matrix-test:
+    name: "[Go=${{ matrix.go-version }}|ldap=${{ matrix.ldap }}|etcd=${{ matrix.etcd }}|openid=${{ matrix.openid }}]"
     runs-on: ubuntu-latest
 
     services:
@@ -105,20 +38,41 @@ jobs:
           --health-interval 10s
           --health-timeout 5s
           --health-retries 5
+      openid:
+        image: quay.io/minio/dex
+        ports:
+          - "5556:5556"
+        env:
+          DEX_LDAP_SERVER: "openldap:389"
 
     strategy:
+      # When ldap, etcd or openid vars are empty below, those external servers
+      # are turned off - i.e. if ldap="", then ldap server is not enabled for
+      # the tests.
       matrix:
         go-version: [1.16.x, 1.17.x]
+        ldap: ["", "localhost:389"]
+        etcd: ["", "http://localhost:2379"]
+        openid: ["", "http://127.0.0.1:5556/dex"]
+        exclude:
+          # exclude combos where all are empty.
+          - ldap: ""
+            etcd: ""
+            openid: ""
+          # exclude combos where both ldap and openid IDPs are specified.
+          - ldap: "localhost:389"
+            openid: "http://127.0.0.1:5556/dex"
 
     steps:
       - uses: actions/checkout@v2
       - uses: actions/setup-go@v2
         with:
           go-version: ${{ matrix.go-version }}
-      - name: Test Etcd IAM backend with LDAP IDP
+      - name: Test LDAP/OpenID with Etcd combo
         env:
-          ETCD_SERVER: "http://localhost:2379"
-          LDAP_TEST_SERVER: "localhost:389"
+          LDAP_TEST_SERVER: ${{ matrix.ldap }}
+          ETCD_SERVER: ${{ matrix.etcd }}
+          OPENID_TEST_SERVER: ${{ matrix.openid }}
         run: |
           sudo sysctl net.ipv6.conf.all.disable_ipv6=0
           sudo sysctl net.ipv6.conf.default.disable_ipv6=0