test: add copy-creds.sh to copy credentials

This script is intended to be called between "run-koji-container"
and "run-builder". It will copy the kerberos keytabs out of the
temporary directory generated by "run-koji-container" as well as
copying the SSL/TLS certificates from host to the share dir so
that the plugin ca use it to authenticate itself to composer.

test/copy-creds.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+set -euo pipefail
+
+# this script must be run as root
+if [ $UID != 0 ]; then
+  echo This script must be run as root.
+  exit 1
+fi
+
+TEST_DATA=${TEST_DATA:-test/data}
+SHARE_DIR=${SHARE_DIR:-/tmp/osbuild-composer-koji-test}
+
+if [[ -f "/etc/osbuild-composer/worker-key.pem" ]]; then
+  echo "Copying worker certificates"
+
+  cp /etc/osbuild-composer/worker-key.pem ${SHARE_DIR}
+  cp /etc/osbuild-composer/worker-crt.pem ${SHARE_DIR}
+  cp /etc/osbuild-composer/ca-crt.pem ${SHARE_DIR}/worker-ca.pem
+fi
+
+mkdir -p /etc/osbuild-composer
+mkdir -p /etc/osbuild-worker
+
+echo "Copying kerberos keytabs"
+cp ${SHARE_DIR}/client.keytab \
+   /etc/osbuild-composer/client.keytab
+
+cp ${SHARE_DIR}/client.keytab \
+   /etc/osbuild-worker/client.keytab
+
+echo "Copying composer kerberos configuration"
+cp ${TEST_DATA}/osbuild-composer.toml \
+   /etc/osbuild-composer/
+
+mkdir -p /etc/osbuild-worker
+cp ${TEST_DATA}/osbuild-worker.toml \
+   /etc/osbuild-worker/
+
+echo "Copying system kerberos configuration"
+cp ${TEST_DATA}/krb5.local.conf \
+   /etc/krb5.conf.d/local
+
+echo "Updating system trust chain"
+cp ${SHARE_DIR}/ca-crt.pem \
+   /etc/pki/ca-trust/source/anchors/koji-ca-crt.pem
+
+update-ca-trust

test/data/osbuild-composer.toml

@@ -0,0 +1,3 @@
+[koji.localhost.kerberos]
+principal = "osbuild-krb@LOCAL"
+keytab = "/etc/osbuild-composer/client.keytab"

test/data/osbuild-worker.toml

@@ -0,0 +1,3 @@
+[koji.localhost.kerberos]
+principal = "osbuild-krb@LOCAL"
+keytab = "/etc/osbuild-worker/client.keytab"