From bfb84462feee8d50a83db1a946c0131c920c4af2 Mon Sep 17 00:00:00 2001
From: Shalini Khandelwal <skhandel@redhat.com>
Date: Thu, 3 Jun 2021 13:48:57 +0530
Subject: [PATCH] Added tier0 gating tests for RHEL9

Resolves: #1954562

Signed-off-by: Shalini Khandelwal <skhandel@redhat.com>
---
 gating.yaml                               |  7 ++++++
 tests/roles/Test_Setup/files/ca.cfg       | 25 +++++++++++++++++++
 tests/roles/Test_Setup/files/ds-create.sh | 24 ++++++++++++++++++
 tests/roles/Test_Setup/files/kra.cfg      | 27 ++++++++++++++++++++
 tests/roles/Test_Setup/tasks/main.yml     | 26 ++++++++++++++++++++
 tests/tests.yml                           | 30 +++++++++++++++++++++++
 6 files changed, 139 insertions(+)
 create mode 100644 gating.yaml
 create mode 100644 tests/roles/Test_Setup/files/ca.cfg
 create mode 100644 tests/roles/Test_Setup/files/ds-create.sh
 create mode 100644 tests/roles/Test_Setup/files/kra.cfg
 create mode 100644 tests/roles/Test_Setup/tasks/main.yml
 create mode 100644 tests/tests.yml

diff --git a/gating.yaml b/gating.yaml
new file mode 100644
index 0000000..388958f
--- /dev/null
+++ b/gating.yaml
@@ -0,0 +1,7 @@
+# recipients: rhcs-team
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
diff --git a/tests/roles/Test_Setup/files/ca.cfg b/tests/roles/Test_Setup/files/ca.cfg
new file mode 100644
index 0000000..158c1d5
--- /dev/null
+++ b/tests/roles/Test_Setup/files/ca.cfg
@@ -0,0 +1,25 @@
+[DEFAULT]
+pki_server_database_password=Secret.123
+
+[CA]
+pki_admin_email=caadmin@example.com
+pki_admin_name=caadmin
+pki_admin_nickname=caadmin
+pki_admin_password=Secret.123
+pki_admin_uid=caadmin
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
+pki_ds_database=ca
+pki_ds_password=Secret.123
+
+pki_security_domain_name=EXAMPLE
+
+pki_ca_signing_nickname=ca_signing
+pki_ocsp_signing_nickname=ca_ocsp_signing
+pki_audit_signing_nickname=ca_audit_signing
+pki_sslserver_nickname=sslserver
+pki_subsystem_nickname=subsystem
diff --git a/tests/roles/Test_Setup/files/ds-create.sh b/tests/roles/Test_Setup/files/ds-create.sh
new file mode 100644
index 0000000..825d83f
--- /dev/null
+++ b/tests/roles/Test_Setup/files/ds-create.sh
@@ -0,0 +1,24 @@
+#!/bin/bash -ex
+
+# This command needs to be executed as it pulls the machine name
+# dynamically.
+dscreate create-template /tmp/test_dir/ds.inf
+
+sed -i \
+    -e "s/;instance_name = .*/instance_name = localhost/g" \
+    -e "s/;root_password = .*/root_password = Secret.123/g" \
+    -e "s/;suffix = .*/suffix = dc=example,dc=com/g" \
+    -e "s/;self_sign_cert = .*/self_sign_cert = False/g" \
+    /tmp/test_dir/ds.inf
+
+dscreate from-file /tmp/test_dir/ds.inf
+
+ldapadd -h $HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF
+dn: dc=example,dc=com
+objectClass: domain
+dc: example
+
+dn: dc=pki,dc=example,dc=com
+objectClass: domain
+dc: pki
+EOF
diff --git a/tests/roles/Test_Setup/files/kra.cfg b/tests/roles/Test_Setup/files/kra.cfg
new file mode 100644
index 0000000..d93f4bb
--- /dev/null
+++ b/tests/roles/Test_Setup/files/kra.cfg
@@ -0,0 +1,27 @@
+[DEFAULT]
+pki_server_database_password=Secret.123
+
+[KRA]
+pki_admin_email=kraadmin@example.com
+pki_admin_name=kraadmin
+pki_admin_nickname=kraadmin
+pki_admin_password=Secret.123
+pki_admin_uid=kraadmin
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=kra,dc=pki,dc=example,dc=com
+pki_ds_database=kra
+pki_ds_password=Secret.123
+
+pki_security_domain_name=EXAMPLE
+pki_security_domain_user=caadmin
+pki_security_domain_password=Secret.123
+
+pki_storage_nickname=kra_storage
+pki_transport_nickname=kra_transport
+pki_audit_signing_nickname=kra_audit_signing
+pki_sslserver_nickname=sslserver
+pki_subsystem_nickname=subsystem
diff --git a/tests/roles/Test_Setup/tasks/main.yml b/tests/roles/Test_Setup/tasks/main.yml
new file mode 100644
index 0000000..02afe43
--- /dev/null
+++ b/tests/roles/Test_Setup/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+
+- name: Install ldapjdk
+  dnf:
+    name: >
+      ldapjdk
+
+- name: Install required packages
+  dnf:
+    name: >
+      389-ds-base, pki-ca, pki-kra
+
+- name: Creates directory
+  file: path=/tmp/test_files state=directory
+
+- name: Copying templates to /tmp folder
+  copy : src=.  dest=/tmp/test_dir
+
+- name: Setup DS Service
+  shell: sh /tmp/test_dir/ds-create.sh
+
+- name: Install CA subsystem
+  shell: pkispawn -f /tmp/test_dir/ca.cfg -s CA -v
+
+- name: Install KRA subsystem
+  shell: pkispawn -f /tmp/test_dir/kra.cfg -s KRA -v
diff --git a/tests/tests.yml b/tests/tests.yml
new file mode 100644
index 0000000..65d38d0
--- /dev/null
+++ b/tests/tests.yml
@@ -0,0 +1,30 @@
+- hosts: localhost
+  remote_user: root
+  roles:
+  - role: Test_Setup
+  - role: standard-test-basic
+    tags:
+    - classic
+    tests:
+    - verify_spawn_ca:
+        dir: .
+        run: "curl http://localhost:8080/ca/admin/ca/getStatus | grep '<Status>running</Status>'"
+    - verify_spawn_kra:
+        dir: .
+        run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep '<Status>running</Status>'"
+    - destroy_kra:
+        dir: .
+        run: "pkidestroy -i pki-tomcat -s KRA && sleep 5"
+    - verify_destroy_kra:
+        dir: .
+        run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep 'HTTP Status 404'"
+    - destroy_ca:
+        dir: .
+        run: "pkidestroy -i pki-tomcat -s CA"
+    - verify_destroy_ca:
+        dir: .
+        run: "curl http://localhost:8080/ca/admin/ca/getStatus  &> testfile.log || true && grep 'Connection refused' testfile.log"
+    required_packages:
+    - ldapjdk
+    - pki-ca
+    - pki-kra