stream-idm-DL1-rhel-8.9.0
imports/c8-stream-DL1/idm-DL1-8080020230607125956.b0a6ceea
commit
ab4fe72e38
@ -0,0 +1,9 @@
|
|||||||
|
# recipients: abokovoy, twoerner, rcritten, ftrivino
|
||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-8
|
||||||
|
decision_context: osci_compose_gate_modules
|
||||||
|
subject_type: redhat-module
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: baseos-ci.redhat-module.tier0.functional}
|
||||||
|
- !PassingTestCaseRule {test_case_name: idm-ci.redhat-module.tier1.functional}
|
@ -0,0 +1,103 @@
|
|||||||
|
---
|
||||||
|
document: modulemd
|
||||||
|
version: 2
|
||||||
|
data:
|
||||||
|
stream: DL1
|
||||||
|
summary: The Red Hat Enterprise Linux Identity Management system module
|
||||||
|
description: >-
|
||||||
|
RHEL IdM is an integrated solution to provide centrally managed Identity (users,
|
||||||
|
hosts, services), Authentication (SSO, 2FA), and Authorization (host access control,
|
||||||
|
SELinux user roles, services). The solution provides features for further integration
|
||||||
|
with Linux based clients (SUDO, automount) and integration with Active Directory
|
||||||
|
based infrastructures (Trusts).
|
||||||
|
license:
|
||||||
|
module:
|
||||||
|
- MIT
|
||||||
|
dependencies:
|
||||||
|
- buildrequires:
|
||||||
|
389-ds: [1.4]
|
||||||
|
httpd: [2.4]
|
||||||
|
pki-core: [10.6]
|
||||||
|
platform: [el8]
|
||||||
|
requires:
|
||||||
|
389-ds: [1.4]
|
||||||
|
httpd: [2.4]
|
||||||
|
pki-core: [10.6]
|
||||||
|
platform: [el8]
|
||||||
|
references:
|
||||||
|
community: https://www.freeipa.org/
|
||||||
|
documentation: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/index
|
||||||
|
tracker: https://pagure.io/freeipa/issues
|
||||||
|
profiles:
|
||||||
|
adtrust:
|
||||||
|
description: RHEL IdM Server Integration with Active Directory
|
||||||
|
rpms:
|
||||||
|
- ipa-healthcheck
|
||||||
|
- ipa-healthcheck-core
|
||||||
|
- ipa-server-trust-ad
|
||||||
|
client:
|
||||||
|
description: RHEL IdM Client
|
||||||
|
rpms:
|
||||||
|
- ipa-client
|
||||||
|
common:
|
||||||
|
description: A default profile for RHEL IdM client
|
||||||
|
rpms:
|
||||||
|
- ipa-client
|
||||||
|
dns:
|
||||||
|
description: RHEL IdM with integrated DNS server and integrated CA
|
||||||
|
rpms:
|
||||||
|
- ipa-healthcheck
|
||||||
|
- ipa-healthcheck-core
|
||||||
|
- ipa-server
|
||||||
|
- ipa-server-dns
|
||||||
|
server:
|
||||||
|
description: Base RHEL IdM Server with integrated CA and no integrated DNS
|
||||||
|
rpms:
|
||||||
|
- ipa-healthcheck
|
||||||
|
- ipa-healthcheck-core
|
||||||
|
- ipa-server
|
||||||
|
components:
|
||||||
|
rpms:
|
||||||
|
bind-dyndb-ldap:
|
||||||
|
rationale: Driver for BIND to store DNS information in LDAP
|
||||||
|
ref: stream-idm-DL1-rhel-8.8.0
|
||||||
|
custodia:
|
||||||
|
rationale: Remote access to secrets and credentials in IdM topology
|
||||||
|
ref: stream-idm-DL1-rhel-8.8.0
|
||||||
|
buildorder: 2
|
||||||
|
ipa:
|
||||||
|
rationale: Module API
|
||||||
|
ref: stream-idm-DL1-rhel-8.8.0
|
||||||
|
ipa-healthcheck:
|
||||||
|
rationale: A tool to detect issues in IdM clusters
|
||||||
|
ref: stream-DL1-rhel-8.8.0
|
||||||
|
buildorder: 3
|
||||||
|
opendnssec:
|
||||||
|
rationale: An implementation of DNSSEC support for IdM integrated DNS server
|
||||||
|
ref: stream-idm-DL1-rhel-8.8.0
|
||||||
|
python-jwcrypto:
|
||||||
|
rationale: JSON Web Cryptographic Tokens used by Custodia
|
||||||
|
ref: stream-idm-DL1-rhel-8.8.0
|
||||||
|
buildorder: 1
|
||||||
|
python-kdcproxy:
|
||||||
|
rationale: MS-KKDCP (kerberos proxy) WSGI module
|
||||||
|
ref: stream-idm-DL1-rhel-8.8.0
|
||||||
|
python-qrcode:
|
||||||
|
rationale: QR code generator for IdM two-factor authentication
|
||||||
|
ref: stream-idm-DL1-rhel-8.8.0
|
||||||
|
python-yubico:
|
||||||
|
rationale: Support for Yubikey-based tokens for IdM two-factor authentication
|
||||||
|
ref: stream-idm-DL1-rhel-8.8.0
|
||||||
|
buildorder: 2
|
||||||
|
pyusb:
|
||||||
|
rationale: Python USB support to access USB tokens for IdM two-factor authentication
|
||||||
|
ref: stream-idm-DL1-rhel-8.8.0
|
||||||
|
buildorder: 1
|
||||||
|
slapi-nis:
|
||||||
|
rationale: Compatibility plugin to serve legacy clients
|
||||||
|
ref: stream-idm-DL1-rhel-8.8.0
|
||||||
|
arches: [aarch64, ppc64le, s390x, x86_64]
|
||||||
|
softhsm:
|
||||||
|
rationale: Software version of a PKCS#11 Hardware Security Module
|
||||||
|
ref: stream-idm-DL1-rhel-8.8.0
|
||||||
|
...
|
@ -0,0 +1,30 @@
|
|||||||
|
#!/usr/libexec/platform-python
|
||||||
|
"""Simple test for APIs used by python3-qrcode
|
||||||
|
"""
|
||||||
|
import io
|
||||||
|
import logging
|
||||||
|
import hashlib
|
||||||
|
|
||||||
|
import qrcode
|
||||||
|
|
||||||
|
logging.basicConfig(level=logging.INFO)
|
||||||
|
log = logging.getLogger()
|
||||||
|
|
||||||
|
TEXT = "example data"
|
||||||
|
HASH = "4d0186bad6cb0ea83f634959bba9bd2494f2b15cc785285e0914521246452e06"
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
qr_output = io.StringIO()
|
||||||
|
qr = qrcode.QRCode()
|
||||||
|
qr.add_data(TEXT)
|
||||||
|
qr.make()
|
||||||
|
qr.print_ascii(out=qr_output, tty=False)
|
||||||
|
value = qr_output.getvalue()
|
||||||
|
print(value)
|
||||||
|
assert hashlib.sha256(value.encode('utf-8')).hexdigest() == HASH
|
||||||
|
log.info("PASS")
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
@ -0,0 +1,28 @@
|
|||||||
|
#!/usr/libexec/platform-python
|
||||||
|
"""Simple test for APIs used by IPA's otptoken plugin
|
||||||
|
"""
|
||||||
|
import logging
|
||||||
|
|
||||||
|
import yubico
|
||||||
|
import usb.core
|
||||||
|
|
||||||
|
logging.basicConfig(level=logging.INFO)
|
||||||
|
log = logging.getLogger()
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
try:
|
||||||
|
yk = yubico.find_yubikey()
|
||||||
|
except usb.core.USBError as e:
|
||||||
|
log.info(e)
|
||||||
|
except yubico.yubikey.YubiKeyError as e:
|
||||||
|
log.info(e)
|
||||||
|
else:
|
||||||
|
assert yk.version_num()
|
||||||
|
log.info(yk.status())
|
||||||
|
log.info(yk.status().valid_configs())
|
||||||
|
log.info("PASS")
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
@ -0,0 +1,33 @@
|
|||||||
|
#!/usr/libexec/platform-python
|
||||||
|
"""Simple test for APIs used by python-yubico
|
||||||
|
"""
|
||||||
|
import logging
|
||||||
|
|
||||||
|
import usb.core
|
||||||
|
import usb.legacy
|
||||||
|
|
||||||
|
logging.basicConfig(level=logging.INFO)
|
||||||
|
log = logging.getLogger()
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
for d in usb.core.find(find_all=True):
|
||||||
|
usb_device = usb.legacy.Device(d)
|
||||||
|
# import pdb; pdb.set_trace()
|
||||||
|
log.info(vars(usb_device))
|
||||||
|
assert usb_device.idVendor
|
||||||
|
assert usb_device.idProduct
|
||||||
|
usb_conf = usb_device.configurations[0]
|
||||||
|
log.info(vars(usb_conf))
|
||||||
|
usb_int = usb_conf.interfaces[0][0]
|
||||||
|
try:
|
||||||
|
usb_handle = usb_device.open()
|
||||||
|
assert usb_handle.controlMsg.__call__
|
||||||
|
usb_handle.releaseInterface()
|
||||||
|
except usb.core.USBError:
|
||||||
|
log.info("Unable to open USB device")
|
||||||
|
log.info("PASS")
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
@ -0,0 +1,8 @@
|
|||||||
|
#!/bin/sh -eux
|
||||||
|
|
||||||
|
systemctl unmask gssproxy
|
||||||
|
ipa-server-install --hostname=$(hostname) -r EXAMPLE.TEST -n example.test --setup-dns --no-forwarders --allow-zone-overlap -p Secret123 -a Secret123 -U
|
||||||
|
echo Secret123 | kinit admin
|
||||||
|
ipa config-show
|
||||||
|
ipa-server-install --uninstall -U
|
||||||
|
|
@ -0,0 +1,50 @@
|
|||||||
|
---
|
||||||
|
- hosts: localhost
|
||||||
|
tags:
|
||||||
|
- classic
|
||||||
|
pre_tasks:
|
||||||
|
- name: Enable brewroot repository (so we have all latest packages available)
|
||||||
|
command: dnf config-manager --set-enabled baseos-ci-tag-repository
|
||||||
|
args:
|
||||||
|
warn: false
|
||||||
|
- name: Enable IDM module
|
||||||
|
command: dnf module enable -y idm:DL1
|
||||||
|
args:
|
||||||
|
warn: false
|
||||||
|
- name: Install IDM packages
|
||||||
|
command: dnf module install -y idm:DL1/server idm:DL1/dns
|
||||||
|
args:
|
||||||
|
warn: false
|
||||||
|
- name: Get Custodia version
|
||||||
|
command: rpm -q --qf '%{VERSION}' custodia
|
||||||
|
args:
|
||||||
|
warn: false
|
||||||
|
register: custodia_version
|
||||||
|
roles:
|
||||||
|
- role: standard-test-basic
|
||||||
|
required_packages:
|
||||||
|
- sudo
|
||||||
|
# pytest for Custodia testing
|
||||||
|
- python3-pytest
|
||||||
|
repositories:
|
||||||
|
- repo: "https://github.com/latchset/custodia.git"
|
||||||
|
dest: "custodia_git"
|
||||||
|
# tag name is e.g. "v0.6.0"
|
||||||
|
version: "v{{ custodia_version.stdout }}"
|
||||||
|
tests:
|
||||||
|
- sanity
|
||||||
|
#- custodia_setup:
|
||||||
|
# dir: "custodia_git"
|
||||||
|
# run: "cd tests/ca && ./custodia-ca.sh"
|
||||||
|
#- custodia:
|
||||||
|
# dir: "custodia_git"
|
||||||
|
# run: "pytest-3 -k 'not test_client_no_client_cert' tests/"
|
||||||
|
- python_qrcode:
|
||||||
|
dir: "python-qrcode"
|
||||||
|
run: "./test_ipa_otptoken.py"
|
||||||
|
- python_yubico:
|
||||||
|
dir: "python-yubico"
|
||||||
|
run: "./test_ipa_yubikey.py"
|
||||||
|
- pyusb:
|
||||||
|
dir: "pyusb"
|
||||||
|
run: "./test_ipa_yubico_api.py"
|
Loading…
Reference in new issue