Use TMT for gating tests

Signed-off-by: Julien Rische <jrische@redhat.com>
2022-11-29 16:41:27 +01:00 · 2022-11-29 16:41:27 +01:00 · 95288a2fb9
commit 95288a2fb9
parent 3668746b8f
17 changed files with 210 additions and 66 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -0,0 +1 @@
 1
--- a/gating.yaml
+++ b/gating.yaml
@ -0,0 +1,8 @@
 --- !Policy
 product_versions:
 - fedora-*
 decision_contexts:
 - bodhi_update_push_stable
 subject_type: koji_build
 rules:
 - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tests.functional}
--- a/14
+++ b/14
@ -0,0 +1,14 @@
 #!/bin/sh
 set -e
 export RPM_PACKAGE_NAME={{ name }}
 export RPM_PACKAGE_VERSION={{ version }}
 export RPM_PACKAGE_RELEASE={{ release }}
 export RPM_ARCH={{ arch }}
 testdir="$(mktemp -d)"
 trap "rm -rf ${testdir}" EXIT
 cp -rp /usr/share/{{ name }}-tests "${testdir}/"
 make -C "${testdir}/{{ name }}-tests" $(rpm --eval '%{_smp_mflags}')
 keyctl session - make -C "${testdir}/{{ name }}-tests" check
--- a/krb5.spec
+++ b/krb5.spec
@ -1,27 +1,3 @@
 %bcond_without check
 %if %{without check}
 %global skipcheck 1
 %endif
 # COPR doesn't work right with the tests.  I suspect keyring issues,
 # but can't actually debug, so...
 %if 0%{?copr_username:1}
 %global skipcheck 1
 %endif
 # There are 0 test machines for this architecture, very few builders, and
 # they're not very well provisioned / maintained.  I can't support it.
 # Patches welcome, but there's nothing I can do - it fails more than half the
 # for "infrastructure issues" that I can't hope to debug.
 %ifarch s390x
 %global skipcheck 1
 %endif
 # RHEL runs upstream's test suite in a separate pass after build.
 %if 0%{?rhel}
 %global skipcheck 1
 %endif
 # Set this so that find-lang.sh will recognize the .po files.
 %global gettext_domain mit-krb5
 # Guess where the -libs subpackage's docs are going to go.
@ -81,6 +57,7 @@ Source11: ksu.pamd
 Source12: krb5kdc.logrotate
 Source13: kadmind.logrotate
 Source14: krb5-krb5kdc.conf
 Source15: %{name}-tests
 Patch1:  0001-downstream-ksu-pam-integration.patch
 Patch2:  0002-downstream-SELinux-integration.patch
@ -115,17 +92,6 @@ BuildRequires: perl-interpreter
 # For autosetup
 BuildRequires: git
 %if 0%{?skipcheck}
 %else
 BuildRequires: dejagnu
 BuildRequires: net-tools, rpcbind
 BuildRequires: hostname
 BuildRequires: iproute
 BuildRequires: python3-pyrad
 BuildRequires: procps-ng
 BuildRequires: resolv_wrapper
 %endif
 %if 0%{?fedora} > 35
 # Need KDFs.  This is the "real" version
 BuildRequires: openssl-devel => 1:3.0.0
@ -135,6 +101,10 @@ BuildRequires: openssl-devel >= 1:1.1.1d-4
 BuildRequires: openssl-devel < 1:3.0.0
 %endif
 # Enable compilation of optional tests
 BuildRequires: resolv_wrapper
 BuildRequires: libcmocka-devel
 %description
 Kerberos V5 is a trusted-third-party network authentication system,
 which can improve your network's security by eliminating the insecure
@ -244,6 +214,53 @@ Kerberos is a network authentication system. The libkadm5 package
 contains only the libkadm5clnt and libkadm5serv shared objects. This
 interface is not considered stable.
 %package tests
 Summary: Test sources for krb5 build
 # Build dependencies
 Requires: coreutils, gawk, sed
 Requires: gcc-c++
 Requires: gettext
 Requires: libcom_err-devel
 Requires: libselinux-devel
 Requires: libss-devel
 Requires: libverto-devel
 Requires: lmdb-devel
 Requires: openldap-devel
 Requires: pam-devel
 Requires: redhat-rpm-config
 %if 0%{?fedora} > 35
 Requires: openssl-devel => 1:3.0.0
 %else
 Requires: openssl-devel >= 1:1.1.1d-4
 Requires: openssl-devel < 1:3.0.0
 %endif
 # Test dependencies
 Requires: dejagnu
 Requires: hostname
 Requires: iproute
 Requires: keyutils, keyutils-libs-devel >= 1.5.8
 Requires: libcmocka-devel
 Requires: libverto-module-base
 Requires: logrotate
 Requires: net-tools, rpcbind
 Requires: perl-interpreter
 Requires: procps-ng
 Requires: python3-kdcproxy
 Requires: python3-pyrad
 Requires: resolv_wrapper
 Requires: /etc/crypto-policies/back-ends/krb5.config
 Requires: /usr/share/dict/words
 #Requires: openldap-servers, openldap-clients
 # sssd_krb5_locator_plugin.so conflicts with t_discover_uri.py
 Conflicts: sssd-client
 %description tests
 FOR TESTING PURPOSE ONLY
 Test sources for krb5 build, with pre-defined compilation parameters
 %prep
 %autosetup -S git_am -n %{name}-%{version}%{?dashpre}
 ln NOTICE LICENSE
@ -354,17 +371,6 @@ sphinx-build -a -b man   -t pathsubs doc build-man
 sphinx-build -a -b html  -t pathsubs doc build-html
 rm -fr build-html/_sources
 %if 0%{?skipcheck}
 %else
 %check
 pushd src
 # The build system may give us a revoked session keyring, so run affected
 # tests with a new one.
 keyctl session - make check OFFLINE=yes TMPDIR=%{_tmppath}
 popd
 %endif
 %install
 [ "$RPM_BUILD_ROOT" != '/' ] && rm -rf -- "$RPM_BUILD_ROOT"
@ -481,6 +487,39 @@ rm -- "$RPM_BUILD_ROOT/%{_docdir}/krb5-libs/examples/services.append"
 # This is only needed for tests
 rm -- "$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/preauth/test.so"
 # Generate tests launching script
 sed -e 's/{{ name }}/%{name}/' \
    -e 's/{{ version }}/%{krb5_version}/' \
    -e 's/{{ release }}/%{krb5_release}/' \
    -e 's/{{ arch }}/%{_arch}/' \
    -i %{SOURCE15}
 mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
 install -pm 755 %{SOURCE15} $RPM_BUILD_ROOT%{_libexecdir}/
 # Copy source files from build folder to system data folder
 install -pdm 755 $RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests
 pushd src
 cp -p --parents -t "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/" \
    $(find . -type f -exec file -i "{}" + \
          | sed -ne 's|^\./\([^:]\+\): \+text/.\+$|\1|p')
 popd
 # Copy binary test files
 install -pm 644 src/tests/pkinit-certs/*.p12 \
    "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/tests/pkinit-certs/"
 install -pm 644 src/tests/au_dict.json \
    "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/tests/"
 # Unset executable bit if no shebang in script
 for f in $(find "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/" -type f -executable)
 do
    head -n1 "$f" | grep -Eq '^#!' || chmod a-x "$f"
 done
 # Remove broken shebang Perl scripts
 rm -- "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/config/wconfig.pl"
 rm -- "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/kadmin/kdbkeys/do-test.pl"
 %find_lang %{gettext_domain}
 %ldconfig_scriptlets libs
@ -666,6 +705,10 @@ exit 0
 %{_libdir}/libkadm5clnt_mit.so.*
 %{_libdir}/libkadm5srv_mit.so.*
 %files tests
 %{_libexecdir}/%{name}-tests
 %{_datarootdir}/%{name}-tests/
 %changelog
 * Wed Nov 23 2022 Julien Rische <jrische@redhat.com> - 1.20.1-1
 - New upstream version (1.20.1)
--- a/plans/tests.fmf
+++ b/plans/tests.fmf
@ -0,0 +1,9 @@
 summary: Tests
 discover:
  how: fmf
 prepare:
 - how: shell
  script:
  - dnf remove -y sssd-client
 execute:
  how: tmt
--- a/tests/inplace-upgrade-sanity-test/Makefile
+++ b/tests/inplace-upgrade-sanity-test/Makefile
--- a/tests/inplace-upgrade-sanity-test/PURPOSE
+++ b/tests/inplace-upgrade-sanity-test/PURPOSE
--- a/tests/inplace-upgrade-sanity/TC#0378369.fmf
+++ b/tests/inplace-upgrade-sanity/TC#0378369.fmf
@ -0,0 +1,21 @@
 tag:
  - CI-Tier-1
  - CI-Tier-1-krb5
  - Fedora 31
  - Fedora 32
  - FedoraReady
  - IDM-CI-gating
  - NoRHEL4
  - NoRHEL5
  - TIPpass
  - TIPpass_Security
  - Tier1
  - Tier1security
  - rhel_upgrade
 tier: '1'
 adjust:
  - enabled: false
    when: distro == rhel-4, rhel-5
    continue: false
 extra-nitrate: TC#0378369
 extra-summary: /CoreOS/krb5/Sanity/inplace-upgrade-sanity-test
--- a/tests/inplace-upgrade-sanity/TC#0552039.fmf
+++ b/tests/inplace-upgrade-sanity/TC#0552039.fmf
@ -0,0 +1,17 @@
 link:
  - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1394908
 tag:
  - NoRHEL4
  - NoRHEL5
  - TIPpass
  - TIPpass_Security
  - Tier2
 tier: '2'
 adjust:
  - enabled: false
    when: distro == rhel-4, rhel-5, rhel-6
    continue: false
 environment:
    TEST_ENTROPY_SOURCE: yes
 extra-nitrate: TC#0552039
 extra-summary: 'BZ#1394908: Enable faster getrandom-based entropy system'
--- a/tests/inplace-upgrade-sanity/TC#0608992.fmf
+++ b/tests/inplace-upgrade-sanity/TC#0608992.fmf
@ -0,0 +1,14 @@
 tag:
  - Fedora 31
  - Fedora 32
  - FedoraReady
  - NoRHEL4
  - NoRHEL5
  - rhel_upgrade
 adjust:
  - enabled: false
    when: distro == rhel-4, rhel-5
    continue: false
 manual: true
 extra-nitrate: TC#0608992
 extra-summary: /CoreOS/krb5/Sanity/inplace-upgrade-sanity-test-manual
--- a/tests/inplace-upgrade-sanity-test/kdc.conf
+++ b/tests/inplace-upgrade-sanity-test/kdc.conf
--- a/tests/inplace-upgrade-sanity-test/krb5.conf
+++ b/tests/inplace-upgrade-sanity-test/krb5.conf
--- a/tests/inplace-upgrade-sanity/main.fmf
+++ b/tests/inplace-upgrade-sanity/main.fmf
@ -0,0 +1,19 @@
 summary: Verifies basic scenarios which should work after inplace upgrade.
 enabled: true
 contact: Filip Dvorak <fdvorak@redhat.com>
 component:
 - krb5
 test: ./runtest.sh
 path: /tests/inplace-upgrade-sanity
 framework: beakerlib
 require:
 - expect
 - krb5-server
 - krb5-workstation
 - openssh-clients
 - openssh-server
 - rng-tools
 - setools-console
 duration: 20m
 extra-summary: /CoreOS/krb5/Sanity/inplace-upgrade-sanity-test
 extra-task: /CoreOS/krb5/Sanity/inplace-upgrade-sanity-test
--- a/tests/inplace-upgrade-sanity-test/runtest.sh
+++ b/tests/inplace-upgrade-sanity-test/runtest.sh
@ -27,7 +27,6 @@
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 # Include Beaker environment
 . /usr/bin/rhts-environment.sh
 . /usr/share/beakerlib/beakerlib.sh || exit 1
 PACKAGE="krb5"
@ -89,11 +88,17 @@ rlJournalStart
        if rlIsRHEL 6; then
            rlRun "sed -i \"s/EXAMPLE.COM/$krb5REALM1/\" $krb5conf"
            rlRun "sed -i \"s/kerberos.example.com/$krb5HostName/\" $krb5conf"
-            rlRun "sed -i \"s/example.com/$krb5DomainName/\" $krb5conf"
+            if [ "$krb5DomainName" ]; then
                rlRun "sed -i \"s/example.com/$krb5DomainName/\" $krb5conf"
            fi
        else
            rlRun "sed -i \"s/\[libdefaults\]/[libdefaults]\n default_realm = $krb5REALM1/\" $krb5conf"
            rlRun "sed -i \"s/\[realms\]/[realms]\n $krb5REALM1 = {\n  kdc = $krb5HostName\n  admin_server = $krb5HostName\n }/\" $krb5conf"
-            rlRun "sed -i \"s/\[domain_realm\]/[domain_realm]\n .$krb5DomainName = $krb5REALM1\n $krb5DomainName = $krb5REALM1/\" $krb5conf"
+            if [ "$krb5DomainName" ]; then
                rlRun "sed -i \"s/\[domain_realm\]/[domain_realm]\n .$krb5DomainName = $krb5REALM1\n $krb5DomainName = $krb5REALM1/\" $krb5conf"
            else
                rlRun "sed -i \"s/\[domain_realm\]/[domain_realm]\n $krb5HostName = $krb5REALM1/\" $krb5conf"
            fi
        fi
        rlRun "sed -i s/EXAMPLE.COM/$krb5REALM1/ $krb5kdcconf"
        # Configure the kadmin ACL
@ -368,4 +373,4 @@ _EOF
        rlRun "rm -r $TmpDir"
    rlPhaseEnd
 rlJournalPrintText
-rlJournalEnd
+rlJournalEnd
--- a/tests/tests.yml
+++ b/tests/tests.yml
@ -1,16 +0,0 @@
 ---
 # This first play always runs on the local staging system
 - hosts: localhost
  roles:
  - role: standard-test-beakerlib
    tags:
    - classic
    tests:
    - inplace-upgrade-sanity-test
    required_packages:
    - expect            # Required for inplace-upgrade-sanity-test
    - krb5-server       # Required for inplace-upgrade-sanity-test
    - krb5-workstation  # Required for inplace-upgrade-sanity-test
    - openssh-clients   # Required for inplace-upgrade-sanity-test
    - openssh-server    # Required for inplace-upgrade-sanity-test
    - rng-tools         # Required for inplace-upgrade-sanity-test
--- a/tests/upstream/main.fmf
+++ b/tests/upstream/main.fmf
@ -0,0 +1,7 @@
 summary: Run upstream tests
 test: ./test.sh
 enabled: true
 path: /tests/upstream
 require:
 - krb5-tests
 duration: 20m
--- a/tests/upstream/test.sh
+++ b/tests/upstream/test.sh
@ -0,0 +1,2 @@
 #!/bin/sh -eux
 /usr/libexec/krb5-tests