Skip to content

Commit

Permalink
test: switch to using oauth/sso
Browse files Browse the repository at this point in the history
Switch the authentication method that the koji builder plugin
uses from mTLS to SSO. Since we are using the mock openid
server from the `osbuild-composer-tests` package. Make this
package a dependency of `koji-osbuild-tests`.
gicmo committed Feb 2, 2022

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
1 parent 4e1039b commit c1a887a
Showing 5 changed files with 19 additions and 3 deletions.
1 change: 1 addition & 0 deletions koji-osbuild.spec
Original file line number Diff line number Diff line change
@@ -134,6 +134,7 @@ Requires: koji
Requires: krb5-workstation
Requires: openssl
Requires: osbuild-composer >= 22
Requires: osbuild-composer-tests
Requires: podman
Requires: podman-plugins

2 changes: 1 addition & 1 deletion schutzbot/deploy.sh
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@ function retry {
# Variables for where to find osbuild-composer RPMs to test against
DNF_REPO_BASEURL=http://osbuild-composer-repos.s3-website.us-east-2.amazonaws.com
OSBUILD_COMMIT=bb30ffa0629e16ecff103aaaeb7e931f3f8ff79e # release 46
OSBUILD_COMPOSER_COMMIT=b5987a5ca51826f29a3bce742d693a55f16f016f # commit newer than release 30 (we need one with rhel-8-cdn)
OSBUILD_COMPOSER_COMMIT=f3d0a4ac89561f3970e18ef28a868f0b43ba98f1 # commit with mock-openid enhancements

# Get OS details.
source /etc/os-release
6 changes: 5 additions & 1 deletion test/container/builder/osbuild-koji.conf
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
[composer]
server = https://composer/
ssl_cert = /share/client-crt.pem, /share/client-key.pem
ssl_verify = /share/client-ca.pem

[composer:oauth]
client_id = "koji"
client_secret = "koji"
token_url = https://composer:8081/token

[koji]
server = https://localhost:4343/kojihub/
7 changes: 6 additions & 1 deletion test/data/osbuild-composer.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
[koji]
allowed_domains = ["client.osbuild.local", "localhost", "::1"]
ca = "/etc/osbuild-composer/ca-crt.pem"
enable_tls = true
enable_mtls = false
enable_jwt = true
jwt_keys_url = "https://localhost:8081/certs"
jwt_ca_file = "/etc/osbuild-composer/ca-crt.pem"
jwt_acl_file = ""

[koji.servers.localhost.kerberos]
principal = "osbuild-krb@LOCAL"
6 changes: 6 additions & 0 deletions test/integration.sh
Original file line number Diff line number Diff line change
@@ -29,6 +29,9 @@ sudo /usr/libexec/koji-osbuild-tests/make-certs.sh /usr/share/koji-osbuild-tests
greenprint "Starting osbuild-composer's socket"
sudo systemctl enable --now osbuild-composer-api.socket

greenprint "Starting mock OpenID server"
sudo /usr/libexec/koji-osbuild-tests/run-openid.sh start

greenprint "Building containers"
sudo /usr/libexec/koji-osbuild-tests/build-container.sh /usr/share/koji-osbuild-tests

@@ -59,6 +62,9 @@ sudo /usr/libexec/koji-osbuild-tests/run-builder.sh stop /usr/share/koji-osbuild
greenprint "Stopping containers"
sudo /usr/libexec/koji-osbuild-tests/run-koji-container.sh stop

greenprint "Stopping mock OpenID server"
sudo /usr/libexec/koji-osbuild-tests/run-openid.sh stop

greenprint "Removing generated CA cert"
sudo rm /etc/pki/ca-trust/source/anchors/osbuild-ca-crt.pem
sudo update-ca-trust

0 comments on commit c1a887a

Please sign in to comment.