test: switch to using oauth/sso

Switch the authentication method that the koji builder plugin
uses from mTLS to SSO. Since we are using the mock openid
server from the `osbuild-composer-tests` package. Make this
package a dependency of `koji-osbuild-tests`.

koji-osbuild.spec

@@ -134,6 +134,7 @@ Requires:       koji
 Requires:       krb5-workstation
 Requires:       openssl
 Requires:       osbuild-composer >= 22
+Requires:       osbuild-composer-tests
 Requires:       podman
 Requires:       podman-plugins
 

schutzbot/deploy.sh

@@ -21,7 +21,7 @@ function retry {
 # Variables for where to find osbuild-composer RPMs to test against
 DNF_REPO_BASEURL=http://osbuild-composer-repos.s3-website.us-east-2.amazonaws.com
 OSBUILD_COMMIT=bb30ffa0629e16ecff103aaaeb7e931f3f8ff79e             # release 46
-OSBUILD_COMPOSER_COMMIT=b5987a5ca51826f29a3bce742d693a55f16f016f    # commit newer than release 30 (we need one with rhel-8-cdn)
+OSBUILD_COMPOSER_COMMIT=f3d0a4ac89561f3970e18ef28a868f0b43ba98f1    # commit with mock-openid enhancements
 
 # Get OS details.
 source /etc/os-release

test/container/builder/osbuild-koji.conf

@@ -1,7 +1,11 @@
 [composer]
 server = https://composer/
-ssl_cert = /share/client-crt.pem, /share/client-key.pem
 ssl_verify = /share/client-ca.pem
 
+[composer:oauth]
+client_id = "koji"
+client_secret = "koji"
+token_url = https://composer:8081/token
+
 [koji]
 server = https://localhost:4343/kojihub/

test/data/osbuild-composer.toml

@@ -1,6 +1,11 @@
 [koji]
-allowed_domains = ["client.osbuild.local", "localhost", "::1"]
 ca = "/etc/osbuild-composer/ca-crt.pem"
+enable_tls = true
+enable_mtls = false
+enable_jwt = true
+jwt_keys_url = "https://localhost:8081/certs"
+jwt_ca_file = "/etc/osbuild-composer/ca-crt.pem"
+jwt_acl_file = ""
 
 [koji.servers.localhost.kerberos]
 principal = "osbuild-krb@LOCAL"

test/integration.sh

@@ -29,6 +29,9 @@ sudo /usr/libexec/koji-osbuild-tests/make-certs.sh /usr/share/koji-osbuild-tests
 greenprint "Starting osbuild-composer's socket"
 sudo systemctl enable --now osbuild-composer-api.socket
 
+greenprint "Starting mock OpenID server"
+sudo /usr/libexec/koji-osbuild-tests/run-openid.sh start
+
 greenprint "Building containers"
 sudo /usr/libexec/koji-osbuild-tests/build-container.sh /usr/share/koji-osbuild-tests
 
@@ -59,6 +62,9 @@ sudo /usr/libexec/koji-osbuild-tests/run-builder.sh stop /usr/share/koji-osbuild
 greenprint "Stopping containers"
 sudo /usr/libexec/koji-osbuild-tests/run-koji-container.sh stop
 
+greenprint "Stopping mock OpenID server"
+sudo /usr/libexec/koji-osbuild-tests/run-openid.sh stop
+
 greenprint "Removing generated CA cert"
 sudo rm /etc/pki/ca-trust/source/anchors/osbuild-ca-crt.pem
 sudo update-ca-trust