gating.yaml

@@ -0,0 +1,9 @@
+# recipients: abokovoy, twoerner, rcritten, ftrivino
+--- !Policy
+product_versions:
+  - rhel-8
+decision_context: osci_compose_gate_modules
+subject_type: redhat-module
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.redhat-module.tier0.functional}
+  - !PassingTestCaseRule {test_case_name: idm-ci.redhat-module.tier1.functional}

idm.yaml

@@ -60,44 +60,44 @@ data:
     rpms:
       bind-dyndb-ldap:
         rationale: Driver for BIND to store DNS information in LDAP
-        ref: stream-idm-DL1-rhel-8.8.0
+        ref: stream-idm-DL1-rhel-8.9.0
       custodia:
         rationale: Remote access to secrets and credentials in IdM topology
-        ref: stream-idm-DL1-rhel-8.8.0
+        ref: stream-idm-DL1-rhel-8.9.0
         buildorder: 2
       ipa:
         rationale: Module API
-        ref: stream-idm-DL1-rhel-8.8.0
+        ref: stream-idm-DL1-rhel-8.9.0
       ipa-healthcheck:
         rationale: A tool to detect issues in IdM clusters
-        ref: stream-DL1-rhel-8.8.0
+        ref: stream-idm-DL1-rhel-8.9.0
         buildorder: 3
       opendnssec:
         rationale: An implementation of DNSSEC support for IdM integrated DNS server
-        ref: stream-idm-DL1-rhel-8.8.0
+        ref: stream-idm-DL1-rhel-8.9.0
       python-jwcrypto:
         rationale: JSON Web Cryptographic Tokens used by Custodia
-        ref: stream-idm-DL1-rhel-8.8.0
+        ref: stream-idm-DL1-rhel-8.9.0
         buildorder: 1
       python-kdcproxy:
         rationale: MS-KKDCP (kerberos proxy) WSGI module
-        ref: stream-idm-DL1-rhel-8.8.0
+        ref: stream-idm-DL1-rhel-8.9.0
       python-qrcode:
         rationale: QR code generator for IdM two-factor authentication
-        ref: stream-idm-DL1-rhel-8.8.0
+        ref: stream-idm-DL1-rhel-8.9.0
       python-yubico:
         rationale: Support for Yubikey-based tokens for IdM two-factor authentication
-        ref: stream-idm-DL1-rhel-8.8.0
+        ref: stream-idm-DL1-rhel-8.9.0
         buildorder: 2
       pyusb:
         rationale: Python USB support to access USB tokens for IdM two-factor authentication
-        ref: stream-idm-DL1-rhel-8.8.0
+        ref: stream-idm-DL1-rhel-8.9.0
         buildorder: 1
       slapi-nis:
         rationale: Compatibility plugin to serve legacy clients
-        ref: stream-idm-DL1-rhel-8.8.0
+        ref: stream-idm-DL1-rhel-8.9.0
         arches: [aarch64, ppc64le, s390x, x86_64]
       softhsm:
         rationale: Software version of a PKCS#11 Hardware Security Module
-        ref: stream-idm-DL1-rhel-8.8.0
+        ref: stream-idm-DL1-rhel-8.9.0
 ...

tests/python-qrcode/test_ipa_otptoken.py

@@ -0,0 +1,30 @@
+#!/usr/libexec/platform-python
+"""Simple test for APIs used by python3-qrcode
+"""
+import io
+import logging
+import hashlib
+
+import qrcode
+
+logging.basicConfig(level=logging.INFO)
+log = logging.getLogger()
+
+TEXT = "example data"
+HASH = "4d0186bad6cb0ea83f634959bba9bd2494f2b15cc785285e0914521246452e06"
+
+
+def main():
+    qr_output = io.StringIO()
+    qr = qrcode.QRCode()
+    qr.add_data(TEXT)
+    qr.make()
+    qr.print_ascii(out=qr_output, tty=False)
+    value = qr_output.getvalue()
+    print(value)
+    assert hashlib.sha256(value.encode('utf-8')).hexdigest() == HASH
+    log.info("PASS")
+
+
+if __name__ == "__main__":
+    main()

tests/python-yubico/test_ipa_yubikey.py

@@ -0,0 +1,28 @@
+#!/usr/libexec/platform-python
+"""Simple test for APIs used by IPA's otptoken plugin
+"""
+import logging
+
+import yubico
+import usb.core
+
+logging.basicConfig(level=logging.INFO)
+log = logging.getLogger()
+
+
+def main():
+    try:
+        yk = yubico.find_yubikey()
+    except usb.core.USBError as e:
+        log.info(e)
+    except yubico.yubikey.YubiKeyError as e:
+        log.info(e)
+    else:
+        assert yk.version_num()
+        log.info(yk.status())
+        log.info(yk.status().valid_configs())
+    log.info("PASS")
+
+
+if __name__ == "__main__":
+    main()

tests/pyusb/test_ipa_yubico_api.py

@@ -0,0 +1,33 @@
+#!/usr/libexec/platform-python
+"""Simple test for APIs used by python-yubico
+"""
+import logging
+
+import usb.core
+import usb.legacy
+
+logging.basicConfig(level=logging.INFO)
+log = logging.getLogger()
+
+
+def main():
+    for d in usb.core.find(find_all=True):
+        usb_device = usb.legacy.Device(d)
+        # import pdb; pdb.set_trace()
+        log.info(vars(usb_device))
+        assert usb_device.idVendor
+        assert usb_device.idProduct
+        usb_conf = usb_device.configurations[0]
+        log.info(vars(usb_conf))
+        usb_int = usb_conf.interfaces[0][0]
+        try:
+            usb_handle = usb_device.open()
+            assert usb_handle.controlMsg.__call__
+            usb_handle.releaseInterface()
+        except usb.core.USBError:
+            log.info("Unable to open USB device")
+    log.info("PASS")
+
+
+if __name__ == "__main__":
+    main()

tests/sanity/runtest.sh

@@ -0,0 +1,8 @@
+#!/bin/sh -eux
+
+systemctl unmask gssproxy
+ipa-server-install --hostname=$(hostname) -r EXAMPLE.TEST -n example.test --setup-dns --no-forwarders --allow-zone-overlap -p Secret123 -a Secret123 -U
+echo Secret123 | kinit admin
+ipa config-show
+ipa-server-install --uninstall -U
+

tests/tests.yml

@@ -0,0 +1,42 @@
+---
+- hosts: localhost
+  tags:
+  - classic
+  pre_tasks:
+  - name: Enable brewroot repository (so we have all latest packages available)
+    command: dnf config-manager --set-enabled baseos-ci-tag-repository
+  - name: Enable IDM module
+    command: dnf module enable -y idm:DL1
+  - name: Install IDM packages
+    command: dnf module install -y idm:DL1/server idm:DL1/dns
+  - name: Get Custodia version
+    command: rpm -q --qf '%{VERSION}' custodia
+    register: custodia_version
+  roles:
+  - role: standard-test-basic
+    required_packages:
+    - sudo
+    # pytest for Custodia testing
+    - python3-pytest
+    repositories:
+      - repo: "https://github.com/latchset/custodia.git"
+        dest: "custodia_git"
+        # tag name is e.g. "v0.6.0"
+        version: "v{{ custodia_version.stdout }}"
+    tests:
+    - sanity
+    #- custodia_setup:
+    #    dir: "custodia_git"
+    #    run: "cd tests/ca && ./custodia-ca.sh"
+    #- custodia:
+    #    dir: "custodia_git"
+    #    run: "pytest-3 -k 'not test_client_no_client_cert' tests/"
+    - python_qrcode:
+        dir: "python-qrcode"
+        run: "./test_ipa_otptoken.py"
+    - python_yubico:
+        dir: "python-yubico"
+        run: "./test_ipa_yubikey.py"
+    - pyusb:
+        dir: "pyusb"
+        run: "./test_ipa_yubico_api.py"