diff --git a/.github/spellcheck-ignore b/.github/spellcheck-ignore index b54b4171a..43c55e39d 100644 --- a/.github/spellcheck-ignore +++ b/.github/spellcheck-ignore @@ -5,3 +5,4 @@ ser childs ot marshalling +te diff --git a/.packit.yaml b/.packit.yaml index 3456256e8..926341af1 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -37,6 +37,16 @@ jobs: additional_repos: - https://kojipkgs.fedoraproject.org/repos/eln-build/latest/$basearch/ + - job: tests + trigger: pull_request + identifier: onboarding + fmf_path: test/fmf + tmt_plan: plans/onboarding + targets: + epel-9: {} + fedora-latest-stable: {} + fedora-developement: {} + - <<: *fdo_copr_build trigger: commit branch: main diff --git a/test/fmf/.fmf/version b/test/fmf/.fmf/version new file mode 100644 index 000000000..d00491fd7 --- /dev/null +++ b/test/fmf/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/test/fmf/plans/onboarding.fmf b/test/fmf/plans/onboarding.fmf new file mode 100644 index 000000000..f7b321a5a --- /dev/null +++ b/test/fmf/plans/onboarding.fmf @@ -0,0 +1,14 @@ +summary: Fido Device Onboarding Tests +discover: + how: fmf +execute: + how: tmt +prepare: + - how: install + copr: ${PACKIT_COPR_PROJECT} + - how: shell + script: dnf install -y ${PACKIT_COPR_RPMS} postgresql-server sqlite +provision: + how: virtual + memory: 4096 + disk: 30 diff --git a/test/fmf/tests/onboarding/main.fmf b/test/fmf/tests/onboarding/main.fmf new file mode 100644 index 000000000..2d790fdf9 --- /dev/null +++ b/test/fmf/tests/onboarding/main.fmf @@ -0,0 +1,20 @@ +summary: Run full device onboarding +test: ./run-onboarding.sh + +/directory: + summary: Run full device onboard using Directory as OV backend + duration: 5m + environment: + OV_STORE_DRIVER: Directory + +/postgres: + summary: Run full device onboard using PostgreSQL as OV backend + duration: 5m + environment: + OV_STORE_DRIVER: Postgres + +/sqlite: + summary: Run full device onboard using SQLite as OV backend + duration: 5m + environment: + OV_STORE_DRIVER: Sqlite diff --git a/test/fmf/tests/onboarding/run-onboarding.sh b/test/fmf/tests/onboarding/run-onboarding.sh new file mode 100755 index 000000000..54f54db2e --- /dev/null +++ b/test/fmf/tests/onboarding/run-onboarding.sh @@ -0,0 +1,269 @@ +#! /bin/bash + +set -xeuo pipefail + +CONF_DIR="/etc/fdo" +KEYS_DIR="${CONF_DIR}/keys" +STORES_DIR="${CONF_DIR}/stores" +MIGRATIONS_BASE_DIR=/usr/share/doc/fdo/migrations/ +PRIMARY_IP=$(hostname -I | cut -f 1 -d ' ') +DEVICE_CREDENTIAL=/etc/device-credentials +ONBOARDIG_PERFORMED=/etc/device_onboarding_performed + +OWNER_DATABASE="owner_onboarding" +MANUFACTURER_DATABASE="manufacturing" +RENDEZVOUS_DATABASE="rendezvous" +DATABASES="${MANUFACTURER_DATABASE} ${OWNER_DATABASE} ${RENDEZVOUS_DATABASE}" + +OV_STORE_DRIVER="${OV_STORE_DRIVER:-Directory}" + +DATABASE_DRIVER="None" +[ "${OV_STORE_DRIVER}" != "Postgres" ] || DATABASE_DRIVER="postgresql" +[ "${OV_STORE_DRIVER}" != "Sqlite" ] || DATABASE_DRIVER="sqlite" + +DATABASE_DIR=/var/lib/fdo +DATABASE_USER="fdo" +DATABASE_PASSWORD="redhat" + +generate_keys() { + ORGANIZATION="Red Hat" + COUNTRY="US" + VALIDITY="3650" + for SUBJECT in diun manufacturer device-ca owner; do + fdo-admin-tool generate-key-and-cert --organization "${ORGANIZATION}" \ + --country "${COUNTRY}" \ + --validity-ends "${VALIDITY}" \ + --destination-dir "${KEYS_DIR}" \ + $SUBJECT + done +} + +setup_postgresql() { + systemctl stop postgresql.service + rm -rf /var/lib/pgsql/data + postgresql-setup --initdb + sed -ie 's|^host\(\s*\)all\(\s*\)all\(.*\)ident|host\1all\2all\3password|' /var/lib/pgsql/data/pg_hba.conf + systemctl enable --now postgresql.service + su - postgres -c "dropuser -e --if-exists ${DATABASE_USER}" + su - postgres -c "createuser -e ${DATABASE_USER}" + su - postgres -c "psql -e -c \"ALTER USER ${DATABASE_USER} WITH PASSWORD '${DATABASE_PASSWORD}'\"" + for DATABASE in ${DATABASES}; do + su - postgres -c "dropdb -e --if-exists ${DATABASE}" + su - postgres -c "createdb -e -O ${DATABASE_USER} ${DATABASE}" + su - postgres -c "PGPASSWORD=${DATABASE_PASSWORD} psql --host 127.0.0.1 --username ${DATABASE_USER} --echo-queries $DATABASE < ${MIGRATIONS_BASE_DIR}/migrations_${DATABASE}_server_postgres/up.sql" + done +} + +setup_sqlite() { + mkdir -p ${DATABASE_DIR} + for DATABASE in ${DATABASES}; do + DATABASE_FILE="${DATABASE_DIR}/${DATABASE}.db" + > ${DATABASE_FILE} + sqlite3 ${DATABASE_FILE} < "${MIGRATIONS_BASE_DIR}/migrations_${DATABASE}_server_sqlite/up.sql" + done +} + +setup_systemd() { + for DATABASE in ${DATABASES}; do + SYSTEMD_OVERWRITE_DIR=/etc/systemd/system/fdo-${DATABASE/_/-}-server.service.d/ + rm -rf "$SYSTEMD_OVERWRITE_DIR}" + if [ "${OV_STORE_DRIVER}" != "Directory" ]; then + mkdir -p "${SYSTEMD_OVERWRITE_DIR}" + DATABASE_ENV_VAR="$(tr [:lower:] [:upper:] <<<${OV_STORE_DRIVER})_$(tr [:lower:] [:upper:] <<<$DATABASE |sed -e 's|MANUFACTURING|MANUFACTURER|' -e 's|OWNER_ONBOARDING|OWNER|')_DATABASE_URL" + [ "$DATABASE_DRIVER" != "postgresql" ] || DATABASE_URL="${DATABASE_DRIVER}://${DATABASE_USER}:${DATABASE_PASSWORD}@127.0.0.1/${DATABASE}" + [ "$DATABASE_DRIVER" != "sqlite" ] || DATABASE_URL="${DATABASE_DRIVER}://${DATABASE_DIR}/${DATABASE}.db" + tee "$SYSTEMD_OVERWRITE_DIR/override.conf" <