provision.sh: don't start local worker and Weldr with TLS auth

Do not start local worker (mask the unit) and Weldr API socket when provisioning the SUT with TLS client cert authentication method. This method is used only in the Service scenario, therefore starting these units / sockets was not reflecting the intended deployment. Modify `api.sh` to not rely on local worker. Modify `base_tests.sh` to provision SUT with TLS for `osbuild-auth-tests`, while provisioning SUT with no authentication method for the rest of test cases.
2022-08-03 10:29:02 +02:00 · 2022-08-03 10:29:02 +02:00 · 45850639a0
commit 45850639a0
parent a4b0efb278
6 changed files with 20 additions and 23 deletions
--- a/test/cases/api.sh
+++ b/test/cases/api.sh
@ -431,9 +431,9 @@ waitForState "failure"
 # crashed/stopped/killed worker should result in a failed state
 sendCompose "$REQUEST_FILE"
 waitForState "building"
-sudo systemctl stop "osbuild-worker@*"
+sudo systemctl stop "osbuild-remote-worker@*"
 waitForState "failure"
-sudo systemctl start "osbuild-worker@1"
+sudo systemctl start "osbuild-remote-worker@localhost:8700.service"

 # full integration case
 INIT_COMPOSES="$(collectMetrics)"
@ -565,7 +565,7 @@ TOKEN="$(curl --request POST \
        http://localhost:443/api/image-builder-composer/v2/composes/"$COMPOSE_ID")" = "401" ]


-sudo systemctl start osbuild-remote-worker@localhost:8700.service
+sudo systemctl restart osbuild-remote-worker@localhost:8700.service
 sudo systemctl is-active --quiet osbuild-remote-worker@localhost:8700.service

 exit 0
--- a/test/cases/api/container.registry.sh
+++ b/test/cases/api/container.registry.sh
@ -34,7 +34,7 @@ domain="${CI_REGISTRY}"
 path_prefix="${CI_PROJECT_PATH}"
 EOF

-  sudo systemctl restart "osbuild-worker@1"
+  sudo systemctl restart "osbuild-remote-worker@localhost:8700"
 }

 function createReqFile() {
--- a/test/cases/api/generic.s3.sh
+++ b/test/cases/api/generic.s3.sh
@ -89,7 +89,7 @@ region = "${MINIO_REGION}"
 bucket = "${MINIO_BUCKET}"
 EOF

-  sudo systemctl restart "osbuild-worker@1"
+  sudo systemctl restart "osbuild-remote-worker@localhost:8700"
 }

 # Unset AWS_REGION, region == "" in the request the worker will look for the generic s3
--- a/test/cases/base_tests.sh
+++ b/test/cases/base_tests.sh
@ -13,10 +13,13 @@ LOGS_DIRECTORY=$(mktemp --directory --tmpdir=/tmp/logs)
 PASSED_TESTS=()
 FAILED_TESTS=()

-TEST_CASES=(
+TEST_CASES_ON_PREM=(
  "osbuild-weldr-tests"
  "osbuild-dnf-json-tests"
  "osbuild-composer-cli-tests"
+)
+
+TEST_CASES_SERVICE=(
  "osbuild-auth-tests"
 )

@ -51,7 +54,14 @@ run_test_case () {
 cd $WORKING_DIRECTORY

 # Run each test case.
-for TEST_CASE in "${TEST_CASES[@]}"; do
+for TEST_CASE in "${TEST_CASES_ON_PREM[@]}"; do
+    run_test_case ${TESTS_PATH}/"$TEST_CASE"
+done
+
+/usr/libexec/osbuild-composer-test/provision.sh tls
+
+# Run each test case.
+for TEST_CASE in "${TEST_CASES_SERVICE[@]}"; do
    run_test_case ${TESTS_PATH}/"$TEST_CASE"
 done

--- a/tools/generic_s3_test.sh
+++ b/tools/generic_s3_test.sh
@ -27,7 +27,7 @@ CONTAINER_MINIO_SERVER="quay.io/minio/minio:latest"
 CONTAINER_IMAGE_CLOUD_TOOLS="quay.io/osbuild/cloud-tools:latest"

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Check available container runtime
 if which podman 2>/dev/null >&2; then
--- a/tools/provision.sh
+++ b/tools/provision.sh
@ -171,8 +171,8 @@ fi

 # start appropriate units
 case "${AUTH_METHOD}" in
-    "${AUTH_METHOD_JWT}")
-        # JWT is used only in the "Service" scenario. This means that:
+    "${AUTH_METHOD_JWT}" | "${AUTH_METHOD_TLS}")
+        # JWT / TLS are used only in the "Service" scenario. This means that:
        # - only remote workers will be used (no local worker)
        # - only Cloud API socket will be started (no Weldr API)
        sudo systemctl stop 'osbuild*'
@ -194,17 +194,4 @@ case "${AUTH_METHOD}" in
        # enable Weldr API
        sudo systemctl start osbuild-composer.socket
        ;;
-
-    *)
-        # the default setup used previously for all tests
-        sudo systemctl start osbuild-remote-worker.socket
-        sudo systemctl start osbuild-composer.socket
-        sudo systemctl start osbuild-composer-api.socket
-
-        # The keys were regenerated but osbuild-composer might be already running.
-        # Let's try to restart it. In ideal world, this shouldn't be needed as every
-        # test case is supposed to run on a pristine machine. However, this is
-        # currently not true on Schutzbot
-        sudo systemctl try-restart osbuild-composer
-        ;;
 esac