upload/koji: add support for GSSAPI/Kerberos auth

Prior this commit we only had support for username/password authentication in the koji integration. This wasn't particularly useful because this auth type isn't used in any production instance. This commit adds the support for GSSAPI/Kerberos authentication. The implementation uses kerby library which is very lightweight wrapper around C gssapi library. Also, the koji unit test and the run-koji-container script were modified so the GSSAPI auth is fully tested.
2020-08-19 15:14:20 +02:00 · 2020-08-19 15:14:20 +02:00 · 05fd221bd4
commit 05fd221bd4
parent ecc7340570
21 changed files with 1637 additions and 31 deletions
--- a/.github/koji.conf
+++ b/.github/koji.conf
@ -66,3 +66,5 @@ plugins = runroot

 ; use the fast upload feature of koji by default
 use_fast_upload = yes
+
+serverca = /tmp/osbuild-composer-koji-test/ca-crt.pem
--- a/.github/krb5.conf
+++ b/.github/krb5.conf
@ -0,0 +1,7 @@
+include /etc/krb5.conf
+
+[realms]
+    LOCAL = {
+        kdc = localhost
+        admin_server = localhost
+    }
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@ -40,6 +40,10 @@ jobs:
      - name: Install golangci-lint
        run: curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh| sh -s -- -b $(go env GOPATH)/bin v1.30.0

+        # This is needed to lint internal/upload/koji package
+      - name: Install kerberos devel package
+        run: sudo apt-get install -y libkrb5-dev
+
      - name: Run golangci-lint
        run: $(go env GOPATH)/bin/golangci-lint run --timeout 5m0s

@ -73,7 +77,7 @@ jobs:
        # and installed here. See the last line of the script.
      - name: Install koji client
        run: |
-          sudo apt-get install -y libkrb5-dev
+          sudo apt-get install -y libkrb5-dev krb5-config
          python -m pip install --upgrade pip
          pip install koji
          sudo cp .github/koji.conf /etc/koji.conf
@ -81,7 +85,7 @@ jobs:
      - name: Run unit tests
        run: |
          sudo internal/upload/koji/run-koji-container.sh start
-          go test -v -race -covermode atomic -coverprofile=coverage.txt -tags koji_test ./internal/upload/koji
+          env KRB5_CONFIG=../../../.github/krb5.conf go test -v -race -covermode atomic -coverprofile=coverage.txt -tags koji_test ./internal/upload/koji
          sudo internal/upload/koji/run-koji-container.sh stop

      - name: Send coverage to codecov.io