particle-os/debian-koji-osbuild
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test: switch to using oauth/sso

Browse source 
Switch the authentication method that the koji builder plugin
uses from mTLS to SSO. Since we are using the mock openid
server from the `osbuild-composer-tests` package. Make this
package a dependency of `koji-osbuild-tests`.
This commit is contained in:
Christian Kellner 2022-01-31 00:59:45 +00:00
parent 4e1039bed7
commit c1a887a9a9
5 changed files with 19 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
test/container/builder/osbuild-koji.conf
View file

@ -1,7 +1,11 @@
[composer]
server = https://composer/
ssl_cert = /share/client-crt.pem, /share/client-key.pem
ssl_verify = /share/client-ca.pem
[composer:oauth]
client_id = "koji"
client_secret = "koji"
token_url = https://composer:8081/token
[koji]
server = https://localhost:4343/kojihub/

7
test/data/osbuild-composer.toml
View file

@ -1,6 +1,11 @@
[koji]
allowed_domains = ["client.osbuild.local", "localhost", "::1"]
ca = "/etc/osbuild-composer/ca-crt.pem"
enable_tls = true
enable_mtls = false
enable_jwt = true
jwt_keys_url = "https://localhost:8081/certs"
jwt_ca_file = "/etc/osbuild-composer/ca-crt.pem"
jwt_acl_file = ""
[koji.servers.localhost.kerberos]
principal = "osbuild-krb@LOCAL"

6
test/integration.sh
View file

@ -29,6 +29,9 @@ sudo /usr/libexec/koji-osbuild-tests/make-certs.sh /usr/share/koji-osbuild-tests
greenprint "Starting osbuild-composer's socket"
sudo systemctl enable --now osbuild-composer-api.socket
greenprint "Starting mock OpenID server"
sudo /usr/libexec/koji-osbuild-tests/run-openid.sh start
greenprint "Building containers"
sudo /usr/libexec/koji-osbuild-tests/build-container.sh /usr/share/koji-osbuild-tests
@ -59,6 +62,9 @@ sudo /usr/libexec/koji-osbuild-tests/run-builder.sh stop /usr/share/koji-osbuild
greenprint "Stopping containers"
sudo /usr/libexec/koji-osbuild-tests/run-koji-container.sh stop
greenprint "Stopping mock OpenID server"
sudo /usr/libexec/koji-osbuild-tests/run-openid.sh stop
greenprint "Removing generated CA cert"
sudo rm /etc/pki/ca-trust/source/anchors/osbuild-ca-crt.pem
sudo update-ca-trust