provision.sh: add none authentication method for on-premise scenario

`tools/provision.sh` is provisioning SUT always in the same way for both, the Service scenario and the on-premise scenario. While this is not causing any issues, it does not realistically represent how we expect osbuild-composer and worker to be used in these scenarios. The script currently supports the following authentication options: - `none` - Intended for the on-premise scenario with Weldr API. - NO certificates are generated. - NO osbuild-composer configuration file is created. - NO osbuild-worker configuration file is created. This means that no cloud provider credentials are configured directly in the worker. - Only the local worker is started and used. - Only the Weldr API socker is started. - Appropriate repository definitions are copied to `/etc/osbuild-composer/repositories/`. - `jwt` - Intended for the Service scenario with Cloud API. - Should be the only method supported in the Service scenario in the future. - Certificates are generated and copied to `/etc/osbuild-composer`. - osbuild-composer configuration file is created and configured for JWT authentication. - osbuild-worker configuration file is created, configured for JWT authentication and with appropriate cloud provider credentials. - Local worker unit is masked. Only the remote worker is used (the socket is started and one remote-worker instance is created). - Only the Cloud API socket is started (Weldr API socket is stopped). - NO repository definitions are copied to `/etc/osbuild-composer/repositories/`. - `tls` - Intended for the Service scenario with Cloud API. - Should eventually go away. - Certificates are generated and copied to `/etc/osbuild-composer`. - osbuild-composer configuration file is created and configured for TLS client cert authentication. - osbuild-worker configuration file is created, configured for TLS authentication and with appropriate cloud provider credentials. - Services and sockets are started as they used to be originally: - Both local and remote worker sockets are started. - Both Weldr and Cloud API sockets are started. - Only the local worker unit will be started automatically. - NO repository definitions are copied to `/etc/osbuild-composer/repositories/`.
2022-08-03 10:04:10 +02:00 · 2022-08-03 10:04:10 +02:00 · a4b0efb278
commit a4b0efb278
parent 31b1a383f0
28 changed files with 129 additions and 109 deletions
--- a/test/cases/aws.sh
+++ b/test/cases/aws.sh
@ -29,7 +29,7 @@ function get_build_info() {
 CONTAINER_IMAGE_CLOUD_TOOLS="quay.io/osbuild/cloud-tools:latest"

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Check available container runtime
 if which podman 2>/dev/null >&2; then
--- a/test/cases/aws_s3.sh
+++ b/test/cases/aws_s3.sh
@ -19,7 +19,7 @@ set -euo pipefail
 CONTAINER_IMAGE_CLOUD_TOOLS="quay.io/osbuild/cloud-tools:latest"

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Check available container runtime
 if which podman 2>/dev/null >&2; then
--- a/test/cases/azure.sh
+++ b/test/cases/azure.sh
@ -33,7 +33,7 @@ function get_build_info() {
 CONTAINER_IMAGE_CLOUD_TOOLS="quay.io/osbuild/cloud-tools:latest"

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Check available container runtime
 if which podman 2>/dev/null >&2; then
--- a/test/cases/base_tests.sh
+++ b/test/cases/base_tests.sh
@ -45,7 +45,7 @@ run_test_case () {


 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Change to the working directory.
 cd $WORKING_DIRECTORY
--- a/test/cases/container-embedding.sh
+++ b/test/cases/container-embedding.sh
@ -21,7 +21,7 @@ source /usr/libexec/osbuild-composer-test/set-env-variables.sh
 # Provision the software under test.
 #

-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 TEMPDIR=$(mktemp -d)
 function cleanup() {
--- a/test/cases/container-upload.sh
+++ b/test/cases/container-upload.sh
@ -21,7 +21,7 @@ source /usr/libexec/osbuild-composer-test/set-env-variables.sh
 # Provision the software under test.
 #

-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 ARTIFACTS="${ARTIFACTS:-/tmp/artifacts}"
 TEMPDIR=$(mktemp -d)
--- a/test/cases/cross-distro.sh
+++ b/test/cases/cross-distro.sh
@ -46,7 +46,7 @@ esac


 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none
 echo "====> Finished Provisioning system"
 echo "====> Starting $(basename "$0")"

--- a/test/cases/filesystem.sh
+++ b/test/cases/filesystem.sh
@ -8,7 +8,7 @@ set -euo pipefail
 source /etc/os-release

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Colorful output.
 function greenprint {
--- a/test/cases/gcp.sh
+++ b/test/cases/gcp.sh
@ -40,7 +40,7 @@ function get_build_info() {
 CONTAINER_IMAGE_CLOUD_TOOLS="quay.io/osbuild/cloud-tools:latest"

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Check available container runtime
 if which podman 2>/dev/null >&2; then
--- a/test/cases/generic_s3.sh
+++ b/test/cases/generic_s3.sh
@ -20,7 +20,7 @@ CONTAINER_MINIO_CLIENT="quay.io/minio/mc:latest"
 CONTAINER_MINIO_SERVER="quay.io/minio/minio:latest"

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Check available container runtime
 if which podman 2>/dev/null >&2; then
--- a/test/cases/image_tests.sh
+++ b/test/cases/image_tests.sh
@ -89,7 +89,7 @@ run_test_case () {
 }

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Change to the working directory.
 cd $WORKING_DIRECTORY
--- a/test/cases/installers.sh
+++ b/test/cases/installers.sh
@ -9,7 +9,7 @@ set -euo pipefail
 #

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Get OS data.
 source /usr/libexec/osbuild-composer-test/set-env-variables.sh
--- a/test/cases/libvirt.sh
+++ b/test/cases/libvirt.sh
@ -9,7 +9,7 @@ set -euo pipefail
 source /usr/libexec/osbuild-composer-test/set-env-variables.sh

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Test the images
 /usr/libexec/osbuild-composer-test/libvirt_test.sh qcow2
--- a/test/cases/manifest_tests.sh
+++ b/test/cases/manifest_tests.sh
@ -14,7 +14,7 @@ test_divider () {
 }

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Change to the working directory.
 cd $WORKING_DIRECTORY
--- a/test/cases/ostree-ng.sh
+++ b/test/cases/ostree-ng.sh
@ -2,7 +2,7 @@
 set -euo pipefail

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Get OS data.
 source /usr/libexec/osbuild-composer-test/set-env-variables.sh
--- a/test/cases/ostree-raw-image.sh
+++ b/test/cases/ostree-raw-image.sh
@ -2,7 +2,7 @@
 set -euo pipefail

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Get OS data.
 source /etc/os-release
--- a/test/cases/ostree-rebase.sh
+++ b/test/cases/ostree-rebase.sh
@ -10,7 +10,7 @@ if [[ ${ID} == "rhel" ]] && ! sudo subscription-manager status; then
 fi

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Colorful output.
 function greenprint {
--- a/test/cases/ostree-simplified-installer.sh
+++ b/test/cases/ostree-simplified-installer.sh
@ -2,7 +2,7 @@
 set -euo pipefail

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Get OS data.
 source /etc/os-release
--- a/test/cases/ostree.sh
+++ b/test/cases/ostree.sh
@ -10,7 +10,7 @@ if [[ ${ID} == "rhel" ]] && ! sudo subscription-manager status; then
 fi

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Set os-variant and boot location used by virt-install.
 case "${ID}-${VERSION_ID}" in
--- a/test/cases/regression-bigiso.sh
+++ b/test/cases/regression-bigiso.sh
@ -31,7 +31,7 @@ function get_build_info() {
 }

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none
 BLUEPRINT_FILE=/tmp/blueprint.toml
 COMPOSE_START=/tmp/compose-start.json
 COMPOSE_INFO=/tmp/compose-info.json
--- a/test/cases/regression-composer-works-behind-satellite-fallback.sh
+++ b/test/cases/regression-composer-works-behind-satellite-fallback.sh
@ -47,7 +47,7 @@ if [[ "$ID" == rhel ]] && sudo subscription-manager status; then
 fi

 # Provision the software under tet.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Discover what system is installed on the runner
 case "${ID}" in
--- a/test/cases/regression-composer-works-behind-satellite.sh
+++ b/test/cases/regression-composer-works-behind-satellite.sh
@ -76,7 +76,7 @@ if [[ "$ID" == rhel ]] && sudo subscription-manager status; then
 fi

 # Provision the software under tet.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 # Discover what system is installed on the runner
 case "${ID}" in
--- a/test/cases/regression-excluded-dependency.sh
+++ b/test/cases/regression-excluded-dependency.sh
@ -36,7 +36,7 @@ function get_build_info() {
 }

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none
 BLUEPRINT_FILE=/tmp/blueprint.toml
 COMPOSE_START=/tmp/compose-start.json
 COMPOSE_INFO=/tmp/compose-info.json
--- a/test/cases/regression-include-excluded-packages.sh
+++ b/test/cases/regression-include-excluded-packages.sh
@ -22,7 +22,7 @@ if [[ "${ID}" == "fedora" ]]; then
 fi

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none
 BLUEPRINT_FILE=/tmp/blueprint.toml
 COMPOSE_START=/tmp/compose-start.json
 COMPOSE_INFO=/tmp/compose-info.json
--- a/test/cases/regression-insecure-repo.sh
+++ b/test/cases/regression-insecure-repo.sh
@ -13,7 +13,7 @@ function greenprint {
 source /usr/libexec/osbuild-composer-test/set-env-variables.sh

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 greenprint "Registering clean ups"
 kill_pids=()
--- a/test/cases/regression-no-explicit-rootfs-definition.sh
+++ b/test/cases/regression-no-explicit-rootfs-definition.sh
@ -17,7 +17,7 @@ esac
 set -xeuo pipefail

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none


 function get_build_info() {
--- a/test/cases/vmware.sh
+++ b/test/cases/vmware.sh
@ -32,7 +32,7 @@ if [ "$ID" != "rhel" ]; then
 fi

 # Provision the software under test.
-/usr/libexec/osbuild-composer-test/provision.sh
+/usr/libexec/osbuild-composer-test/provision.sh none

 GOVC_CMD=/tmp/govc

--- a/tools/provision.sh
+++ b/tools/provision.sh
@ -10,6 +10,7 @@ mkdir -p "${ARTIFACTS}"
 # determine the authentication method used by composer
 AUTH_METHOD_TLS="tls"
 AUTH_METHOD_JWT="jwt"
+AUTH_METHOD_NONE="none"
 # default to TLS for now
 AUTH_METHOD="${1:-$AUTH_METHOD_TLS}"

@ -42,120 +43,130 @@ fi
 sudo mkdir -p /etc/osbuild-composer
 sudo mkdir -p /etc/osbuild-worker

-# Generate all X.509 certificates for the tests
-# The whole generation is done in a $CADIR to better represent how osbuild-ca
-# it.
-CERTDIR=/etc/osbuild-composer
-OPENSSL_CONFIG=/usr/share/tests/osbuild-composer/x509/openssl.cnf
-CADIR=/etc/osbuild-composer-test/ca
+# osbuild-composer and worker need to be configured in a specific way only when using
+# some authentication method (Service scenario). In such case, also credentials for
+# interacting with cloud providers are configured directly in the worker. In addition,
+# no certificates need to be generated, because they are not used anywhere in this
+# scenario.
+if [[ "$AUTH_METHOD" != "$AUTH_METHOD_NONE" ]]; then
+    # Generate all X.509 certificates for the tests
+    # The whole generation is done in a $CADIR to better represent how osbuild-ca
+    # it.
+    CERTDIR=/etc/osbuild-composer
+    OPENSSL_CONFIG=/usr/share/tests/osbuild-composer/x509/openssl.cnf
+    CADIR=/etc/osbuild-composer-test/ca

-scriptloc=$(dirname "$0")
-sudo "${scriptloc}/gen-certs.sh" "${OPENSSL_CONFIG}" "${CERTDIR}" "${CADIR}"
-sudo chown _osbuild-composer "${CERTDIR}"/composer-*.pem
+    scriptloc=$(dirname "$0")
+    sudo "${scriptloc}/gen-certs.sh" "${OPENSSL_CONFIG}" "${CERTDIR}" "${CADIR}"
+    sudo chown _osbuild-composer "${CERTDIR}"/composer-*.pem

-# Copy the appropriate configuration files
-if [[ "$AUTH_METHOD" == "$AUTH_METHOD_JWT" ]]; then
-    COMPOSER_TEST_CONFIG="/usr/share/tests/osbuild-composer/composer/osbuild-composer-jwt.toml"
-    WORKER_TEST_CONFIG="/usr/share/tests/osbuild-composer/worker/osbuild-worker-jwt.toml"
+    # Copy the appropriate configuration files
+    if [[ "$AUTH_METHOD" == "$AUTH_METHOD_JWT" ]]; then
+        COMPOSER_TEST_CONFIG="/usr/share/tests/osbuild-composer/composer/osbuild-composer-jwt.toml"
+        WORKER_TEST_CONFIG="/usr/share/tests/osbuild-composer/worker/osbuild-worker-jwt.toml"

-    # Default orgID
-    sudo tee "/etc/osbuild-worker/token" >/dev/null <<EOF
+        # Default orgID
+        sudo tee "/etc/osbuild-worker/token" >/dev/null <<EOF
 123456789
 EOF

-    /usr/libexec/osbuild-composer-test/run-mock-auth-servers.sh start
+        /usr/libexec/osbuild-composer-test/run-mock-auth-servers.sh start

-elif [[ "$AUTH_METHOD" == "$AUTH_METHOD_TLS" ]]; then
-    COMPOSER_TEST_CONFIG="/usr/share/tests/osbuild-composer/composer/osbuild-composer-tls.toml"
-    WORKER_TEST_CONFIG="/usr/share/tests/osbuild-composer/worker/osbuild-worker-tls.toml"
-fi
+    elif [[ "$AUTH_METHOD" == "$AUTH_METHOD_TLS" ]]; then
+        COMPOSER_TEST_CONFIG="/usr/share/tests/osbuild-composer/composer/osbuild-composer-tls.toml"
+        WORKER_TEST_CONFIG="/usr/share/tests/osbuild-composer/worker/osbuild-worker-tls.toml"
+    fi

-sudo cp -a "$COMPOSER_TEST_CONFIG" /etc/osbuild-composer/osbuild-composer.toml
-sudo cp -a "$WORKER_TEST_CONFIG" /etc/osbuild-worker/osbuild-worker.toml
+    sudo cp -a "$COMPOSER_TEST_CONFIG" /etc/osbuild-composer/osbuild-composer.toml
+    sudo cp -a "$WORKER_TEST_CONFIG" /etc/osbuild-worker/osbuild-worker.toml

-# if GCP credentials are defined in the ENV, add them to the worker's configuration
-GOOGLE_APPLICATION_CREDENTIALS="${GOOGLE_APPLICATION_CREDENTIALS:-}"
-if [ -n "$GOOGLE_APPLICATION_CREDENTIALS" ]; then
-    # The credentials file must be copied to a different location. Jenkins places
-    # it into /tmp and as a result, the worker would not see it due to using PrivateTmp=true.
-    GCP_CREDS_WORKER_PATH="/etc/osbuild-worker/gcp-credentials.json"
-    sudo cp "$GOOGLE_APPLICATION_CREDENTIALS" "$GCP_CREDS_WORKER_PATH"
-    echo -e "\n[gcp]\ncredentials = \"$GCP_CREDS_WORKER_PATH\"\n" | sudo tee -a /etc/osbuild-worker/osbuild-worker.toml
-fi
+    # if GCP credentials are defined in the ENV, add them to the worker's configuration
+    GOOGLE_APPLICATION_CREDENTIALS="${GOOGLE_APPLICATION_CREDENTIALS:-}"
+    if [ -n "$GOOGLE_APPLICATION_CREDENTIALS" ]; then
+        # The credentials file must be copied to a different location. Jenkins places
+        # it into /tmp and as a result, the worker would not see it due to using PrivateTmp=true.
+        GCP_CREDS_WORKER_PATH="/etc/osbuild-worker/gcp-credentials.json"
+        sudo cp "$GOOGLE_APPLICATION_CREDENTIALS" "$GCP_CREDS_WORKER_PATH"
+        echo -e "\n[gcp]\ncredentials = \"$GCP_CREDS_WORKER_PATH\"\n" | sudo tee -a /etc/osbuild-worker/osbuild-worker.toml
+    fi

-# if Azure credentials are defined in the env, create the credentials file
-V2_AZURE_CLIENT_ID="${V2_AZURE_CLIENT_ID:-}"
-V2_AZURE_CLIENT_SECRET="${V2_AZURE_CLIENT_SECRET:-}"
-if [[ -n "$V2_AZURE_CLIENT_ID" && -n "$V2_AZURE_CLIENT_SECRET" ]]; then
-    set +x
-    sudo tee /etc/osbuild-worker/azure-credentials.toml > /dev/null << EOF
+    # if Azure credentials are defined in the env, create the credentials file
+    V2_AZURE_CLIENT_ID="${V2_AZURE_CLIENT_ID:-}"
+    V2_AZURE_CLIENT_SECRET="${V2_AZURE_CLIENT_SECRET:-}"
+    if [[ -n "$V2_AZURE_CLIENT_ID" && -n "$V2_AZURE_CLIENT_SECRET" ]]; then
+        set +x
+        sudo tee /etc/osbuild-worker/azure-credentials.toml > /dev/null << EOF
 client_id =     "$V2_AZURE_CLIENT_ID"
 client_secret = "$V2_AZURE_CLIENT_SECRET"
 EOF
-    sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF
+        sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF

 [azure]
 credentials = "/etc/osbuild-worker/azure-credentials.toml"
 EOF
-    set -x
-fi
+        set -x
+    fi

-# if AWS credentials are defined in the ENV, add them to the worker's configuration
-V2_AWS_ACCESS_KEY_ID="${V2_AWS_ACCESS_KEY_ID:-}"
-V2_AWS_SECRET_ACCESS_KEY="${V2_AWS_SECRET_ACCESS_KEY:-}"
-if [[ -n "$V2_AWS_ACCESS_KEY_ID" && -n "$V2_AWS_SECRET_ACCESS_KEY" ]]; then
-    set +x
+    # if AWS credentials are defined in the ENV, add them to the worker's configuration
+    V2_AWS_ACCESS_KEY_ID="${V2_AWS_ACCESS_KEY_ID:-}"
+    V2_AWS_SECRET_ACCESS_KEY="${V2_AWS_SECRET_ACCESS_KEY:-}"
+    if [[ -n "$V2_AWS_ACCESS_KEY_ID" && -n "$V2_AWS_SECRET_ACCESS_KEY" ]]; then
+        set +x
    sudo tee /etc/osbuild-worker/aws-credentials.toml > /dev/null << EOF
 [default]
 aws_access_key_id = "$V2_AWS_ACCESS_KEY_ID"
 aws_secret_access_key = "$V2_AWS_SECRET_ACCESS_KEY"
 EOF
-    sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF
+        sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF

 [aws]
 credentials = "/etc/osbuild-worker/aws-credentials.toml"
 bucket = "${AWS_BUCKET}"
 EOF
-    set -x
-fi
+        set -x
+    fi

-# Copy rpmrepo snapshots for use in weldr tests
-REPODIR=/etc/osbuild-composer/repositories
-sudo mkdir -p $REPODIR
-# Copy all fedora repo overrides
-sudo cp -a /usr/share/tests/osbuild-composer/repositories/{fedora,centos}-*.json "$REPODIR"
-# Copy RHEL point release repos
-sudo cp /usr/share/tests/osbuild-composer/repositories/rhel-85.json "$REPODIR"
-sudo cp /usr/share/tests/osbuild-composer/repositories/rhel-86.json "$REPODIR"
-sudo cp /usr/share/tests/osbuild-composer/repositories/rhel-87.json "$REPODIR"
-sudo cp /usr/share/tests/osbuild-composer/repositories/rhel-90.json "$REPODIR"
-sudo cp /usr/share/tests/osbuild-composer/repositories/rhel-91.json "$REPODIR"
+else # AUTH_METHOD_NONE
+    # Repositories in /etc/osbuild-composer/repositories are used only in the
+    # on-premise scenario (Weldr).
+    # Copy rpmrepo snapshots for use in weldr tests
+    REPODIR=/etc/osbuild-composer/repositories
+    sudo mkdir -p $REPODIR
+    # Copy all fedora repo overrides
+    sudo cp -a /usr/share/tests/osbuild-composer/repositories/{fedora,centos}-*.json "$REPODIR"
+    # Copy RHEL point release repos
+    sudo cp /usr/share/tests/osbuild-composer/repositories/rhel-85.json "$REPODIR"
+    sudo cp /usr/share/tests/osbuild-composer/repositories/rhel-86.json "$REPODIR"
+    sudo cp /usr/share/tests/osbuild-composer/repositories/rhel-87.json "$REPODIR"
+    sudo cp /usr/share/tests/osbuild-composer/repositories/rhel-90.json "$REPODIR"
+    sudo cp /usr/share/tests/osbuild-composer/repositories/rhel-91.json "$REPODIR"

-# RHEL nightly repos need to be overridden
-case "${ID}-${VERSION_ID}" in
-    "rhel-8.6")
-        # Override old rhel-8.json and rhel-8-beta.json because RHEL 8.6 test needs nightly repos
-        sudo cp /usr/share/tests/osbuild-composer/repositories/rhel-86.json "$REPODIR/rhel-8.json"
-        # If multiple tests are run and call provision.sh the symlink will need to be overridden with -f
-        sudo ln -sf /etc/osbuild-composer/repositories/rhel-8.json "$REPODIR/rhel-8-beta.json"
-        ;;
-    "rhel-9.0")
-        # Override old rhel-90.json and rhel-90-beta.json because RHEL 9.0 test needs nightly repos
-        sudo cp /usr/share/tests/osbuild-composer/repositories/rhel-90.json "$REPODIR/rhel-90.json"
-        # If multiple tests are run and call provision.sh the symlink will need to be overridden with -f
-        sudo ln -sf /etc/osbuild-composer/repositories/rhel-90.json "$REPODIR/rhel-90-beta.json"
-        ;;
-    *) ;;
-esac
+    # RHEL nightly repos need to be overridden
+    case "${ID}-${VERSION_ID}" in
+        "rhel-8.6")
+            # Override old rhel-8.json and rhel-8-beta.json because RHEL 8.6 test needs nightly repos
+            sudo cp /usr/share/tests/osbuild-composer/repositories/rhel-86.json "$REPODIR/rhel-8.json"
+            # If multiple tests are run and call provision.sh the symlink will need to be overridden with -f
+            sudo ln -sf /etc/osbuild-composer/repositories/rhel-8.json "$REPODIR/rhel-8-beta.json"
+            ;;
+        "rhel-9.0")
+            # Override old rhel-90.json and rhel-90-beta.json because RHEL 9.0 test needs nightly repos
+            sudo cp /usr/share/tests/osbuild-composer/repositories/rhel-90.json "$REPODIR/rhel-90.json"
+            # If multiple tests are run and call provision.sh the symlink will need to be overridden with -f
+            sudo ln -sf /etc/osbuild-composer/repositories/rhel-90.json "$REPODIR/rhel-90-beta.json"
+            ;;
+        *) ;;
+    esac

-# overrides for RHEL nightly builds testing
-VERSION_SUFFIX=$(echo "${VERSION_ID}" | tr -d ".")
-if [ -f "rhel-${VERSION_ID%.*}.json" ]; then
-    sudo cp rhel-"${VERSION_ID%.*}".json "$REPODIR/rhel-${VERSION_SUFFIX}.json"
-fi
+    # overrides for RHEL nightly builds testing
+    VERSION_SUFFIX=$(echo "${VERSION_ID}" | tr -d ".")
+    if [ -f "rhel-${VERSION_ID%.*}.json" ]; then
+        sudo cp rhel-"${VERSION_ID%.*}".json "$REPODIR/rhel-${VERSION_SUFFIX}.json"
+    fi

-if [ -f "rhel-${VERSION_ID%.*}-beta.json" ]; then
-    sudo cp rhel-"${VERSION_ID%.*}"-beta.json "$REPODIR/rhel-${VERSION_SUFFIX}-beta.json"
+    if [ -f "rhel-${VERSION_ID%.*}-beta.json" ]; then
+        sudo cp rhel-"${VERSION_ID%.*}"-beta.json "$REPODIR/rhel-${VERSION_SUFFIX}-beta.json"
+    fi
 fi

 # start appropriate units
@ -175,6 +186,15 @@ case "${AUTH_METHOD}" in
        sudo systemctl start osbuild-remote-worker@localhost:8700.service
        ;;

+    "${AUTH_METHOD_NONE}")
+        # No authentication method is used on-premise with Weldr. This means that:
+        # - only local worker will be used (started automatically)
+        # - only Weldr API socket will be started
+        sudo systemctl stop 'osbuild*'
+        # enable Weldr API
+        sudo systemctl start osbuild-composer.socket
+        ;;
+
    *)
        # the default setup used previously for all tests
        sudo systemctl start osbuild-remote-worker.socket