From 1847a6ae05a64d469af39c2defd48b97e10a4b16 Mon Sep 17 00:00:00 2001
From: Ygal Blum <ygal.blum@gmail.com>
Date: Thu, 28 Jul 2022 13:18:45 +0300
Subject: [PATCH] tests/api: add container related test

Add a new cloud API test that will build an edge-container,
upload it to the gitlab CI registry, fetch it from there,
run it and compare that the OSTree commit contained in it
is indeed the one we expect.

Co-Developed-By: Christian Kellner <christian@kellner.me>
---
 .gitlab-ci.yml                        |   1 +
 cmd/osbuild-worker/config.go          |   2 +-
 cmd/osbuild-worker/jobimpl-osbuild.go |   4 +-
 cmd/osbuild-worker/main.go            |   6 +-
 test/cases/api.sh                     |   9 ++-
 test/cases/api/container.registry.sh  | 106 ++++++++++++++++++++++++++
 test/cases/api/generic.s3.sh          |   2 +-
 7 files changed, 122 insertions(+), 8 deletions(-)
 create mode 100644 test/cases/api/container.registry.sh

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8d477cba2..48cb4d620 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -509,6 +509,7 @@ cross-distro.sh:
     - gcp
     - vsphere
     - edge-commit generic.s3
+    - edge-container
 
 API:
   stage: test
diff --git a/cmd/osbuild-worker/config.go b/cmd/osbuild-worker/config.go
index 9a3c917dd..d68a02e3b 100644
--- a/cmd/osbuild-worker/config.go
+++ b/cmd/osbuild-worker/config.go
@@ -53,7 +53,7 @@ type authenticationConfig struct {
 type containersConfig struct {
 	AuthFilePath string `toml:"auth_file_path"`
 	Domain       string `toml:"domain"`
-	Account      string `toml:"account"`
+	PathPrefix   string `toml:"path_prefix"`
 	CertPath     string `toml:"cert_path"`
 	TLSVerify    bool   `toml:"tls_verify"`
 }
diff --git a/cmd/osbuild-worker/jobimpl-osbuild.go b/cmd/osbuild-worker/jobimpl-osbuild.go
index 635904c0b..f0007718a 100644
--- a/cmd/osbuild-worker/jobimpl-osbuild.go
+++ b/cmd/osbuild-worker/jobimpl-osbuild.go
@@ -43,7 +43,7 @@ type S3Configuration struct {
 type ContainersConfiguration struct {
 	AuthFilePath string
 	Domain       string
-	Account      string
+	PathPrefix   string
 	CertPath     string
 	TLSVerify    *bool
 }
@@ -208,7 +208,7 @@ func uploadToS3(a *awscloud.AWS, outputDirectory, exportPath, bucket, key, filen
 }
 
 func (impl *OSBuildJobImpl) getContainerClient(destination string, targetOptions *target.ContainerTargetOptions) (*container.Client, error) {
-	destination, appliedDefaults := container.ApplyDefaultDomainPath(destination, impl.ContainersConfig.Domain, impl.ContainersConfig.Account)
+	destination, appliedDefaults := container.ApplyDefaultDomainPath(destination, impl.ContainersConfig.Domain, impl.ContainersConfig.PathPrefix)
 	client, err := container.NewClient(destination)
 	if err != nil {
 		return nil, err
diff --git a/cmd/osbuild-worker/main.go b/cmd/osbuild-worker/main.go
index e744b2f90..552383147 100644
--- a/cmd/osbuild-worker/main.go
+++ b/cmd/osbuild-worker/main.go
@@ -379,13 +379,13 @@ func main() {
 
 	var containersAuthFilePath string
 	var containersDomain = ""
-	var containersAccount = ""
+	var containersPathPrefix = ""
 	var containersCertPath = ""
 	var containersTLSVerify = true
 	if config.Containers != nil {
 		containersAuthFilePath = config.Containers.AuthFilePath
 		containersDomain = config.Containers.Domain
-		containersAccount = config.Containers.Account
+		containersPathPrefix = config.Containers.PathPrefix
 		containersCertPath = config.Containers.CertPath
 		containersTLSVerify = config.Containers.TLSVerify
 	}
@@ -446,7 +446,7 @@ func main() {
 			ContainersConfig: ContainersConfiguration{
 				AuthFilePath: containersAuthFilePath,
 				Domain:       containersDomain,
-				Account:      containersAccount,
+				PathPrefix:   containersPathPrefix,
 				CertPath:     containersCertPath,
 				TLSVerify:    &containersTLSVerify,
 			},
diff --git a/test/cases/api.sh b/test/cases/api.sh
index a1eaf1be3..be96376b2 100755
--- a/test/cases/api.sh
+++ b/test/cases/api.sh
@@ -21,6 +21,7 @@ CLOUD_PROVIDER_GCP="gcp"
 CLOUD_PROVIDER_AZURE="azure"
 CLOUD_PROVIDER_AWS_S3="aws.s3"
 CLOUD_PROVIDER_GENERIC_S3="generic.s3"
+CLOUD_PROVIDER_CONTAINER_IMAGE_REGISTRY="container"
 
 #
 # Supported Image type names
@@ -62,7 +63,10 @@ case ${IMAGE_TYPE} in
     "$IMAGE_TYPE_GCP")
         CLOUD_PROVIDER="${CLOUD_PROVIDER_GCP}"
         ;;
-    "$IMAGE_TYPE_EDGE_COMMIT"|"$IMAGE_TYPE_EDGE_CONTAINER"|"$IMAGE_TYPE_EDGE_INSTALLER"|"$IMAGE_TYPE_IMAGE_INSTALLER"|"$IMAGE_TYPE_GUEST"|"$IMAGE_TYPE_VSPHERE")
+    "$IMAGE_TYPE_EDGE_CONTAINER")
+        CLOUD_PROVIDER="${CLOUD_PROVIDER_CONTAINER_IMAGE_REGISTRY}"
+        ;;
+    "$IMAGE_TYPE_EDGE_COMMIT"|"$IMAGE_TYPE_EDGE_INSTALLER"|"$IMAGE_TYPE_IMAGE_INSTALLER"|"$IMAGE_TYPE_GUEST"|"$IMAGE_TYPE_VSPHERE")
         # blobby image types: upload to s3 and provide download link
         CLOUD_PROVIDER="${2:-$CLOUD_PROVIDER_AWS_S3}"
         if [ "${CLOUD_PROVIDER}" != "${CLOUD_PROVIDER_AWS_S3}" ] && [ "${CLOUD_PROVIDER}" != "${CLOUD_PROVIDER_GENERIC_S3}" ]; then
@@ -174,6 +178,9 @@ case $CLOUD_PROVIDER in
   "$CLOUD_PROVIDER_AZURE")
     source /usr/libexec/tests/osbuild-composer/api/azure.sh
     ;;
+  "$CLOUD_PROVIDER_CONTAINER_IMAGE_REGISTRY")
+    source /usr/libexec/tests/osbuild-composer/api/container.registry.sh
+    ;;
   *)
     echo "Unknown cloud provider: ${CLOUD_PROVIDER}"
     exit 1
diff --git a/test/cases/api/container.registry.sh b/test/cases/api/container.registry.sh
new file mode 100644
index 000000000..854ae4609
--- /dev/null
+++ b/test/cases/api/container.registry.sh
@@ -0,0 +1,106 @@
+#!/usr/bin/bash
+
+source /usr/libexec/tests/osbuild-composer/api/common/common.sh
+
+function checkEnv() {
+    printenv CI_REGISTRY_USER > /dev/null
+    printenv CI_JOB_TOKEN > /dev/null
+    printenv CI_REGISTRY > /dev/null
+    printenv CI_PROJECT_PATH > /dev/null
+}
+
+# Global var for ostree ref
+export OSTREE_REF="test/osbuild/edge"
+
+function cleanup() {
+    CONTAINER_NAME="${OSTREE_CONTAINER_NAME:-}"
+    if [ -n "${CONTAINER_NAME}" ]; then
+        sudo "${CONTAINER_RUNTIME}" kill "${CONTAINER_NAME}"
+    fi
+}
+
+function installClient() {
+    local WORKER_CONFIG_DIR="/etc/osbuild-worker"
+    local AUTH_FILE_PATH="${WORKER_CONFIG_DIR}/containerauth.json"
+
+    sudo mkdir -p "${WORKER_CONFIG_DIR}"
+
+    sudo "${CONTAINER_RUNTIME}" login --authfile "${AUTH_FILE_PATH}" --username "${CI_REGISTRY_USER}" --password "${CI_JOB_TOKEN}" "${CI_REGISTRY_IMAGE}"
+
+    cat <<EOF | sudo tee "${WORKER_CONFIG_DIR}/osbuild-worker.toml"
+[containers]
+auth_file_path="${AUTH_FILE_PATH}"
+domain="${CI_REGISTRY}"
+path_prefix="${CI_PROJECT_PATH}"
+EOF
+
+  sudo systemctl restart "osbuild-worker@1"
+}
+
+function createReqFile() {
+      cat > "$REQUEST_FILE" << EOF
+{
+  "distribution": "$DISTRO",
+  "customizations": {
+    "payload_repositories": [
+      {
+        "baseurl": "$PAYLOAD_REPO_URL"
+      }
+    ],
+    "packages": [
+      "postgresql",
+      "dummy"
+    ],
+    "users":[
+      {
+        "name": "user1",
+        "groups": ["wheel"],
+        "key": "$(cat "${WORKDIR}/usertest.pub")"
+      },
+      {
+        "name": "user2",
+        "key": "$(cat "${WORKDIR}/usertest.pub")"
+      }
+    ]
+  },
+  "image_request": {
+    "architecture": "$ARCH",
+    "image_type": "${IMAGE_TYPE}",
+    "repositories": $(jq ".\"$ARCH\"" /usr/share/tests/osbuild-composer/repositories/"$DISTRO".json),
+    "ostree": {
+      "ref": "${OSTREE_REF}"
+    },
+    "upload_options": {
+      "name": "${DISTRO}-${IMAGE_TYPE}",
+      "tag": "${CI_COMMIT_REF_SLUG}"
+    }
+  }
+}
+EOF
+}
+
+function checkUploadStatusOptions() {
+  local IMAGE_URL
+  IMAGE_URL=$(echo "$UPLOAD_OPTIONS" | jq -r '.url')
+
+  test "${IMAGE_URL}" = "${CI_REGISTRY}/${CI_PROJECT_PATH}/${DISTRO}-${IMAGE_TYPE}:${CI_COMMIT_REF_SLUG}"
+}
+
+function verify() {
+  OSTREE_CONTAINER_NAME=osbuild-test
+  local IMAGE_URL
+  IMAGE_URL=$(echo "$UPLOAD_OPTIONS" | jq -r '.url')
+  sudo "${CONTAINER_RUNTIME}" run -d --name osbuild-test -p 8080:8080 "${IMAGE_URL}"
+
+  GET_METADATA_CURL_REQUEST="curl --silent \
+      --show-error \
+      --cacert /etc/osbuild-composer/ca-crt.pem \
+      --key /etc/osbuild-composer/client-key.pem \
+      --cert /etc/osbuild-composer/client-crt.pem \
+      https://localhost/api/image-builder-composer/v2/composes/${COMPOSE_ID}/metadata"
+
+  BUILD_OSTREE_COMMIT=$(${GET_METADATA_CURL_REQUEST} | jq -r '.ostree_commit')
+  SERVICED_OSTREE_COMMIT=$(curl http://localhost:8080/repo/refs/heads/${OSTREE_REF})
+
+  test "${BUILD_OSTREE_COMMIT}" = "${SERVICED_OSTREE_COMMIT}"
+}
diff --git a/test/cases/api/generic.s3.sh b/test/cases/api/generic.s3.sh
index b0e2926df..a7f6ec936 100644
--- a/test/cases/api/generic.s3.sh
+++ b/test/cases/api/generic.s3.sh
@@ -96,7 +96,7 @@ EOF
 # implementation
 function createReqFile() {
     case ${IMAGE_TYPE} in
-        "$IMAGE_TYPE_EDGE_COMMIT"|"$IMAGE_TYPE_EDGE_CONTAINER"|"$IMAGE_TYPE_EDGE_INSTALLER"|"$IMAGE_TYPE_IMAGE_INSTALLER")
+        "$IMAGE_TYPE_EDGE_COMMIT"|"$IMAGE_TYPE_EDGE_INSTALLER"|"$IMAGE_TYPE_IMAGE_INSTALLER")
             AWS_REGION='' createReqFileEdge
             ;;
         "$IMAGE_TYPE_VSPHERE")