Compare commits
No commits in common. "c8-stream-DL1" and "stream-idm-DL1-rhel-8.9.0" have entirely different histories.
c8-stream-
...
stream-idm
9
gating.yaml
Normal file
9
gating.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# recipients: abokovoy, twoerner, rcritten, ftrivino
|
||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-8
|
||||||
|
decision_context: osci_compose_gate_modules
|
||||||
|
subject_type: redhat-module
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: baseos-ci.redhat-module.tier0.functional}
|
||||||
|
- !PassingTestCaseRule {test_case_name: idm-ci.redhat-module.tier1.functional}
|
@ -60,44 +60,44 @@ data:
|
|||||||
rpms:
|
rpms:
|
||||||
bind-dyndb-ldap:
|
bind-dyndb-ldap:
|
||||||
rationale: Driver for BIND to store DNS information in LDAP
|
rationale: Driver for BIND to store DNS information in LDAP
|
||||||
ref: stream-idm-DL1-rhel-8.8.0
|
ref: stream-idm-DL1-rhel-8.9.0
|
||||||
custodia:
|
custodia:
|
||||||
rationale: Remote access to secrets and credentials in IdM topology
|
rationale: Remote access to secrets and credentials in IdM topology
|
||||||
ref: stream-idm-DL1-rhel-8.8.0
|
ref: stream-idm-DL1-rhel-8.9.0
|
||||||
buildorder: 2
|
buildorder: 2
|
||||||
ipa:
|
ipa:
|
||||||
rationale: Module API
|
rationale: Module API
|
||||||
ref: stream-idm-DL1-rhel-8.8.0
|
ref: stream-idm-DL1-rhel-8.9.0
|
||||||
ipa-healthcheck:
|
ipa-healthcheck:
|
||||||
rationale: A tool to detect issues in IdM clusters
|
rationale: A tool to detect issues in IdM clusters
|
||||||
ref: stream-DL1-rhel-8.8.0
|
ref: stream-idm-DL1-rhel-8.9.0
|
||||||
buildorder: 3
|
buildorder: 3
|
||||||
opendnssec:
|
opendnssec:
|
||||||
rationale: An implementation of DNSSEC support for IdM integrated DNS server
|
rationale: An implementation of DNSSEC support for IdM integrated DNS server
|
||||||
ref: stream-idm-DL1-rhel-8.8.0
|
ref: stream-idm-DL1-rhel-8.9.0
|
||||||
python-jwcrypto:
|
python-jwcrypto:
|
||||||
rationale: JSON Web Cryptographic Tokens used by Custodia
|
rationale: JSON Web Cryptographic Tokens used by Custodia
|
||||||
ref: stream-idm-DL1-rhel-8.8.0
|
ref: stream-idm-DL1-rhel-8.9.0
|
||||||
buildorder: 1
|
buildorder: 1
|
||||||
python-kdcproxy:
|
python-kdcproxy:
|
||||||
rationale: MS-KKDCP (kerberos proxy) WSGI module
|
rationale: MS-KKDCP (kerberos proxy) WSGI module
|
||||||
ref: stream-idm-DL1-rhel-8.8.0
|
ref: stream-idm-DL1-rhel-8.9.0
|
||||||
python-qrcode:
|
python-qrcode:
|
||||||
rationale: QR code generator for IdM two-factor authentication
|
rationale: QR code generator for IdM two-factor authentication
|
||||||
ref: stream-idm-DL1-rhel-8.8.0
|
ref: stream-idm-DL1-rhel-8.9.0
|
||||||
python-yubico:
|
python-yubico:
|
||||||
rationale: Support for Yubikey-based tokens for IdM two-factor authentication
|
rationale: Support for Yubikey-based tokens for IdM two-factor authentication
|
||||||
ref: stream-idm-DL1-rhel-8.8.0
|
ref: stream-idm-DL1-rhel-8.9.0
|
||||||
buildorder: 2
|
buildorder: 2
|
||||||
pyusb:
|
pyusb:
|
||||||
rationale: Python USB support to access USB tokens for IdM two-factor authentication
|
rationale: Python USB support to access USB tokens for IdM two-factor authentication
|
||||||
ref: stream-idm-DL1-rhel-8.8.0
|
ref: stream-idm-DL1-rhel-8.9.0
|
||||||
buildorder: 1
|
buildorder: 1
|
||||||
slapi-nis:
|
slapi-nis:
|
||||||
rationale: Compatibility plugin to serve legacy clients
|
rationale: Compatibility plugin to serve legacy clients
|
||||||
ref: stream-idm-DL1-rhel-8.8.0
|
ref: stream-idm-DL1-rhel-8.9.0
|
||||||
arches: [aarch64, ppc64le, s390x, x86_64]
|
arches: [aarch64, ppc64le, s390x, x86_64]
|
||||||
softhsm:
|
softhsm:
|
||||||
rationale: Software version of a PKCS#11 Hardware Security Module
|
rationale: Software version of a PKCS#11 Hardware Security Module
|
||||||
ref: stream-idm-DL1-rhel-8.8.0
|
ref: stream-idm-DL1-rhel-8.9.0
|
||||||
...
|
...
|
30
tests/python-qrcode/test_ipa_otptoken.py
Executable file
30
tests/python-qrcode/test_ipa_otptoken.py
Executable file
@ -0,0 +1,30 @@
|
|||||||
|
#!/usr/libexec/platform-python
|
||||||
|
"""Simple test for APIs used by python3-qrcode
|
||||||
|
"""
|
||||||
|
import io
|
||||||
|
import logging
|
||||||
|
import hashlib
|
||||||
|
|
||||||
|
import qrcode
|
||||||
|
|
||||||
|
logging.basicConfig(level=logging.INFO)
|
||||||
|
log = logging.getLogger()
|
||||||
|
|
||||||
|
TEXT = "example data"
|
||||||
|
HASH = "4d0186bad6cb0ea83f634959bba9bd2494f2b15cc785285e0914521246452e06"
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
qr_output = io.StringIO()
|
||||||
|
qr = qrcode.QRCode()
|
||||||
|
qr.add_data(TEXT)
|
||||||
|
qr.make()
|
||||||
|
qr.print_ascii(out=qr_output, tty=False)
|
||||||
|
value = qr_output.getvalue()
|
||||||
|
print(value)
|
||||||
|
assert hashlib.sha256(value.encode('utf-8')).hexdigest() == HASH
|
||||||
|
log.info("PASS")
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
28
tests/python-yubico/test_ipa_yubikey.py
Executable file
28
tests/python-yubico/test_ipa_yubikey.py
Executable file
@ -0,0 +1,28 @@
|
|||||||
|
#!/usr/libexec/platform-python
|
||||||
|
"""Simple test for APIs used by IPA's otptoken plugin
|
||||||
|
"""
|
||||||
|
import logging
|
||||||
|
|
||||||
|
import yubico
|
||||||
|
import usb.core
|
||||||
|
|
||||||
|
logging.basicConfig(level=logging.INFO)
|
||||||
|
log = logging.getLogger()
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
try:
|
||||||
|
yk = yubico.find_yubikey()
|
||||||
|
except usb.core.USBError as e:
|
||||||
|
log.info(e)
|
||||||
|
except yubico.yubikey.YubiKeyError as e:
|
||||||
|
log.info(e)
|
||||||
|
else:
|
||||||
|
assert yk.version_num()
|
||||||
|
log.info(yk.status())
|
||||||
|
log.info(yk.status().valid_configs())
|
||||||
|
log.info("PASS")
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
33
tests/pyusb/test_ipa_yubico_api.py
Executable file
33
tests/pyusb/test_ipa_yubico_api.py
Executable file
@ -0,0 +1,33 @@
|
|||||||
|
#!/usr/libexec/platform-python
|
||||||
|
"""Simple test for APIs used by python-yubico
|
||||||
|
"""
|
||||||
|
import logging
|
||||||
|
|
||||||
|
import usb.core
|
||||||
|
import usb.legacy
|
||||||
|
|
||||||
|
logging.basicConfig(level=logging.INFO)
|
||||||
|
log = logging.getLogger()
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
for d in usb.core.find(find_all=True):
|
||||||
|
usb_device = usb.legacy.Device(d)
|
||||||
|
# import pdb; pdb.set_trace()
|
||||||
|
log.info(vars(usb_device))
|
||||||
|
assert usb_device.idVendor
|
||||||
|
assert usb_device.idProduct
|
||||||
|
usb_conf = usb_device.configurations[0]
|
||||||
|
log.info(vars(usb_conf))
|
||||||
|
usb_int = usb_conf.interfaces[0][0]
|
||||||
|
try:
|
||||||
|
usb_handle = usb_device.open()
|
||||||
|
assert usb_handle.controlMsg.__call__
|
||||||
|
usb_handle.releaseInterface()
|
||||||
|
except usb.core.USBError:
|
||||||
|
log.info("Unable to open USB device")
|
||||||
|
log.info("PASS")
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
8
tests/sanity/runtest.sh
Normal file
8
tests/sanity/runtest.sh
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
#!/bin/sh -eux
|
||||||
|
|
||||||
|
systemctl unmask gssproxy
|
||||||
|
ipa-server-install --hostname=$(hostname) -r EXAMPLE.TEST -n example.test --setup-dns --no-forwarders --allow-zone-overlap -p Secret123 -a Secret123 -U
|
||||||
|
echo Secret123 | kinit admin
|
||||||
|
ipa config-show
|
||||||
|
ipa-server-install --uninstall -U
|
||||||
|
|
42
tests/tests.yml
Normal file
42
tests/tests.yml
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
---
|
||||||
|
- hosts: localhost
|
||||||
|
tags:
|
||||||
|
- classic
|
||||||
|
pre_tasks:
|
||||||
|
- name: Enable brewroot repository (so we have all latest packages available)
|
||||||
|
command: dnf config-manager --set-enabled baseos-ci-tag-repository
|
||||||
|
- name: Enable IDM module
|
||||||
|
command: dnf module enable -y idm:DL1
|
||||||
|
- name: Install IDM packages
|
||||||
|
command: dnf module install -y idm:DL1/server idm:DL1/dns
|
||||||
|
- name: Get Custodia version
|
||||||
|
command: rpm -q --qf '%{VERSION}' custodia
|
||||||
|
register: custodia_version
|
||||||
|
roles:
|
||||||
|
- role: standard-test-basic
|
||||||
|
required_packages:
|
||||||
|
- sudo
|
||||||
|
# pytest for Custodia testing
|
||||||
|
- python3-pytest
|
||||||
|
repositories:
|
||||||
|
- repo: "https://github.com/latchset/custodia.git"
|
||||||
|
dest: "custodia_git"
|
||||||
|
# tag name is e.g. "v0.6.0"
|
||||||
|
version: "v{{ custodia_version.stdout }}"
|
||||||
|
tests:
|
||||||
|
- sanity
|
||||||
|
#- custodia_setup:
|
||||||
|
# dir: "custodia_git"
|
||||||
|
# run: "cd tests/ca && ./custodia-ca.sh"
|
||||||
|
#- custodia:
|
||||||
|
# dir: "custodia_git"
|
||||||
|
# run: "pytest-3 -k 'not test_client_no_client_cert' tests/"
|
||||||
|
- python_qrcode:
|
||||||
|
dir: "python-qrcode"
|
||||||
|
run: "./test_ipa_otptoken.py"
|
||||||
|
- python_yubico:
|
||||||
|
dir: "python-yubico"
|
||||||
|
run: "./test_ipa_yubikey.py"
|
||||||
|
- pyusb:
|
||||||
|
dir: "pyusb"
|
||||||
|
run: "./test_ipa_yubico_api.py"
|
Loading…
Reference in New Issue
Block a user