From 5598153031d899299ecfc32b377d154671d037a8 Mon Sep 17 00:00:00 2001
From: Scott Mayhew <smayhew@redhat.com>
Date: Thu, 13 Jun 2024 10:58:25 -0400
Subject: [PATCH] Add initial gating for RHEL 10

Related: RHEL-39058
---
 .fmf/version          |  1 +
 gating.yaml           |  6 +++
 plans/sanity.fmf      | 12 ++++++
 tests/sanity/main.fmf |  2 +
 tests/sanity/test.sh  | 99 +++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 120 insertions(+)
 create mode 100644 .fmf/version
 create mode 100644 gating.yaml
 create mode 100644 plans/sanity.fmf
 create mode 100644 tests/sanity/main.fmf
 create mode 100755 tests/sanity/test.sh

diff --git a/.fmf/version b/.fmf/version
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/.fmf/version
@@ -0,0 +1 @@
+1
diff --git a/gating.yaml b/gating.yaml
new file mode 100644
index 0000000..4ca9235
--- /dev/null
+++ b/gating.yaml
@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-10
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
diff --git a/plans/sanity.fmf b/plans/sanity.fmf
new file mode 100644
index 0000000..8fd161f
--- /dev/null
+++ b/plans/sanity.fmf
@@ -0,0 +1,12 @@
+summary:
+    Basic sanity test for ktls-utils
+discover:
+    how: fmf
+prepare:
+    how: install
+    package:
+      - ktls-utils
+      - nfs-utils
+      - openssl
+execute:
+    how: tmt
diff --git a/tests/sanity/main.fmf b/tests/sanity/main.fmf
new file mode 100644
index 0000000..6840658
--- /dev/null
+++ b/tests/sanity/main.fmf
@@ -0,0 +1,2 @@
+summary: Basic sanity test for ktls-utils
+test: ./test.sh
diff --git a/tests/sanity/test.sh b/tests/sanity/test.sh
new file mode 100755
index 0000000..d6fa089
--- /dev/null
+++ b/tests/sanity/test.sh
@@ -0,0 +1,99 @@
+#!/bin/bash
+MYOLDHOSTNAME=$(hostnamectl hostname --static)
+MYHOSTNAME=nfs.ktls-utils.test
+MYIP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p')
+
+echo "Setup..."
+hostnamectl hostname --static "$MYHOSTNAME"
+cp /etc/tlshd.conf /etc/tlshd.conf.bak
+openssl req -x509 -newkey rsa:4096 -subj "/CN=ktls-utils smoketest CA" -days 365 -noenc -out ca-cert.pem -keyout ca-cert.key >/dev/null 2>&1
+openssl req -x509 -newkey rsa:4096 -subj "/CN=${MYHOSTNAME}" -addext "subjectAltName=DNS:${MYHOSTNAME},IP:${MYIP}" -days 365 -noenc -CA ca-cert.pem -CAkey ca-cert.key -extensions usr_cert -out ktls.pem -keyout ktls.key >/dev/null 2>&1
+cp ca-cert.pem /etc/pki/tls/certs
+cp ktls.pem /etc/pki/tls/certs
+cp ktls.key /etc/pki/tls/private
+
+cat <<EOF >/etc/tlshd.conf
+[debug]
+loglevel=0
+tls=0
+nl=0
+
+[authenticate]
+#keyrings= <keyring>;<keyring>;<keyring>
+
+[authenticate.client]
+x509.truststore=/etc/pki/tls/certs/ca-cert.pem
+x509.certificate=/etc/pki/tls/certs/ktls.pem
+x509.private_key=/etc/pki/tls/private/ktls.key
+
+[authenticate.server]
+x509.truststore=/etc/pki/tls/certs/ca-cert.pem
+x509.certificate=/etc/pki/tls/certs/ktls.pem
+x509.private_key=/etc/pki/tls/private/ktls.key
+EOF
+
+systemctl start tlshd
+systemctl start nfs-server
+mkdir /export
+exportfs -o rw,insecure,no_root_squash,xprtsec=tls:mtls *:/export
+
+# mount by hostname
+echo "Try to mount $MYHOSTNAME:/export without xprtsec=tls"
+mount -o v4.2 $MYHOSTNAME:/export /mnt
+if [ $? -eq 0 ]; then
+	echo "Mounted $MYHOSTNAME:/export without xprtsec=tls!"
+	exit 1
+fi
+
+echo "Try to mount $MYHOSTNAME:/export with xprtsec=tls"
+mount -o v4.2,xprtsec=tls $MYHOSTNAME:/export /mnt
+if [ $? -ne 0 ]; then
+	echo "Failed to mount $MYHOSTNAME:/export with xprtsec=tls!"
+	exit 1
+fi
+
+if ! grep "xprtsec=tls" /proc/mounts; then
+	echo "Failed to find xprtsec=tls in /proc/mounts"
+	exit 1
+fi
+umount /mnt
+
+# mount by ip address
+echo "Try to mount $MYIP:/export without xprtsec=tls"
+mount -o v4.2 $MYIP:/export /mnt
+if [ $? -eq 0 ]; then
+	echo "Mounted $MYIP:/export without xprtsec=tls!"
+	exit 1
+fi
+
+echo "Try to mount $MYIP:/export with xprtsec=tls"
+mount -o v4.2,xprtsec=tls $MYIP:/export /mnt
+if [ $? -ne 0 ]; then
+	echo "Failed to mount $MYIP:/export with xprtsec=tls!"
+	exit 1
+fi
+
+if ! grep "xprtsec=tls" /proc/mounts; then
+	echo "Failed to find xprtsec=tls in /proc/mounts"
+	exit 1
+fi
+umount /mnt
+
+echo "Success!"
+
+echo "Cleanup..."
+hostnamectl hostname --static "$MYOLDHOSTNAME"
+exportfs -ua
+systemctl stop nfs-server
+rmdir /export
+systemctl stop tlshd
+cp /etc/tlshd.conf.bak /etc/tlshd.conf
+rm -f /etc/pki/tls/certs/ca-cert.pem
+rm -f /etc/pki/tls/certs/ktls.pem
+rm -f /etc/pki/tls/private/ktls.key
+rm -f ca-cert.pem
+rm -f ca-cert.key
+rm -f ktls.pem
+rm -f ktls.key
+
+exit 0