particle-os/debian-koji-osbuild
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test: switch to using oauth/sso

Browse source 
Switch the authentication method that the koji builder plugin
uses from mTLS to SSO. Since we are using the mock openid
server from the `osbuild-composer-tests` package. Make this
package a dependency of `koji-osbuild-tests`.
This commit is contained in:
Christian Kellner 2022-01-31 00:59:45 +00:00
parent 4e1039bed7
commit c1a887a9a9
5 changed files with 19 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
koji-osbuild.spec
View file

@ -134,6 +134,7 @@ Requires: koji
Requires: krb5-workstation Requires: krb5-workstation
Requires: openssl Requires: openssl
Requires: osbuild-composer >= 22 Requires: osbuild-composer >= 22
Requires: osbuild-composer-tests
Requires: podman Requires: podman
Requires: podman-plugins Requires: podman-plugins

2
schutzbot/deploy.sh
View file

@ -21,7 +21,7 @@ function retry {
# Variables for where to find osbuild-composer RPMs to test against # Variables for where to find osbuild-composer RPMs to test against
DNF_REPO_BASEURL=http://osbuild-composer-repos.s3-website.us-east-2.amazonaws.com DNF_REPO_BASEURL=http://osbuild-composer-repos.s3-website.us-east-2.amazonaws.com
OSBUILD_COMMIT=bb30ffa0629e16ecff103aaaeb7e931f3f8ff79e # release 46 OSBUILD_COMMIT=bb30ffa0629e16ecff103aaaeb7e931f3f8ff79e # release 46
OSBUILD_COMPOSER_COMMIT=b5987a5ca51826f29a3bce742d693a55f16f016f # commit newer than release 30 (we need one with rhel-8-cdn) OSBUILD_COMPOSER_COMMIT=f3d0a4ac89561f3970e18ef28a868f0b43ba98f1 # commit with mock-openid enhancements
# Get OS details. # Get OS details.
source /etc/os-release source /etc/os-release

6
test/container/builder/osbuild-koji.conf
View file

@ -1,7 +1,11 @@
[composer] [composer]
server = https://composer/ server = https://composer/
ssl_cert = /share/client-crt.pem, /share/client-key.pem
ssl_verify = /share/client-ca.pem ssl_verify = /share/client-ca.pem
[composer:oauth]
client_id = "koji"
client_secret = "koji"
token_url = https://composer:8081/token
[koji] [koji]
server = https://localhost:4343/kojihub/ server = https://localhost:4343/kojihub/

7
test/data/osbuild-composer.toml
View file

@ -1,6 +1,11 @@
[koji] [koji]
allowed_domains = ["client.osbuild.local", "localhost", "::1"]
ca = "/etc/osbuild-composer/ca-crt.pem" ca = "/etc/osbuild-composer/ca-crt.pem"
enable_tls = true
enable_mtls = false
enable_jwt = true
jwt_keys_url = "https://localhost:8081/certs"
jwt_ca_file = "/etc/osbuild-composer/ca-crt.pem"
jwt_acl_file = ""
[koji.servers.localhost.kerberos] [koji.servers.localhost.kerberos]
principal = "osbuild-krb@LOCAL" principal = "osbuild-krb@LOCAL"

6
test/integration.sh
View file

@ -29,6 +29,9 @@ sudo /usr/libexec/koji-osbuild-tests/make-certs.sh /usr/share/koji-osbuild-tests
greenprint "Starting osbuild-composer's socket" greenprint "Starting osbuild-composer's socket"
sudo systemctl enable --now osbuild-composer-api.socket sudo systemctl enable --now osbuild-composer-api.socket
greenprint "Starting mock OpenID server"
sudo /usr/libexec/koji-osbuild-tests/run-openid.sh start
greenprint "Building containers" greenprint "Building containers"
sudo /usr/libexec/koji-osbuild-tests/build-container.sh /usr/share/koji-osbuild-tests sudo /usr/libexec/koji-osbuild-tests/build-container.sh /usr/share/koji-osbuild-tests
@ -59,6 +62,9 @@ sudo /usr/libexec/koji-osbuild-tests/run-builder.sh stop /usr/share/koji-osbuild
greenprint "Stopping containers" greenprint "Stopping containers"
sudo /usr/libexec/koji-osbuild-tests/run-koji-container.sh stop sudo /usr/libexec/koji-osbuild-tests/run-koji-container.sh stop
greenprint "Stopping mock OpenID server"
sudo /usr/libexec/koji-osbuild-tests/run-openid.sh stop
greenprint "Removing generated CA cert" greenprint "Removing generated CA cert"
sudo rm /etc/pki/ca-trust/source/anchors/osbuild-ca-crt.pem sudo rm /etc/pki/ca-trust/source/anchors/osbuild-ca-crt.pem
sudo update-ca-trust sudo update-ca-trust