WIP: Convert use of Vagrant to podman-compose for tests

.github/workflows/gating.yml

@@ -12,7 +12,7 @@ env:
 jobs:
   audit-and-build:
     name: Audit and build
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     container:
       image: fedora:latest
 
@@ -57,7 +57,7 @@ jobs:
   unit-tests:
     name: Unit tests
     needs: audit-and-build
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
 
@@ -75,44 +75,91 @@ jobs:
   integration-tests:
     name: Integration tests
     needs: audit-and-build
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v4
 
-      - name: Install vagrant
-        run: |
-          sudo apt -y install apt-transport-https ca-certificates curl software-properties-common
-          wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
-          echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
-          sudo apt update
-          sudo apt install vagrant vagrant-sshfs virtualbox
-
       - uses: actions/download-artifact@v4
         with:
           name: freeipa-webui-build
           path: dist
 
-      - name: Run vagrant up
-        run: vagrant up --no-provision --provider=virtualbox
+      - name: Build test image
+        id: build-image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: containerfile-fedora
+          tags: latest
+          containerfiles: tests/ipalab/containerfile-fedora
 
-      - name: Run vagrant provision
-        run: vagrant provision
+      - name: Install dependencies
+        shell: bash
+        run: |
+          sudo apt update -y
+          sudo apt install libkrb5-dev libvirt-dev
+          sudo apt install software-properties-common
+          sudo apt install ansible-core podman
 
-      - name: Put IPA Server's IP to /etc/hosts
-        run: sudo echo "$(vagrant ssh -c "hostname -I|sed 's/10\.0\.2\.15//'") server.ipa.demo" | sudo tee -a /etc/hosts
+      - name: Generate ipalab configuration
+        shell: bash
+        run: |
+          sed -e "s@CONF_DIR@$(pwd)@g" tests/ipalab/ipa.yaml.in > tests/ipalab/ipa.yaml
 
-      - name: Save server's IP address to env
-        run: echo "SERVER_IP=$(vagrant ssh -c "hostname -I|sed 's/10\.0\.2\.15//'")" >> $GITHUB_ENV
+      - name: Add podman network for tests
+        shell: bash
+        run: |
+          subnet="$(grep subnet: tests/ipalab/ipa.yaml | cut -d: -f2-)"
+          network="$(grep network: tests/ipalab/ipa.yaml | cut -d: -f2-)"
+          podman network create --disable-dns --subnet $subnet $network
 
-      - name: Print exported variable
-        run: echo "$SERVER_IP"
+      - name: Configure FreeIPA environment and set up Modern UI for it
+        uses: rjeffman/[email protected]
+        with:
+          cluster_configuration: tests/ipalab/ipa.yaml
+          test_playbooks: tests/ipalab/playbooks/webui.yaml
+
+      - name: Put IPA Server's IP to /etc/hosts
+        run: sudo echo "$(podman exec -ti server.ipa.demo hostname -I) server.ipa.demo" | sudo tee -a /etc/hosts
 
       - name: Run Cypress tests
         uses: cypress-io/github-action@v6
         with:
           browser: electron
           config-file: cypress/cypress.config.ts
+          command: |
+            podman unshare --rootless-netns \
+                   npx cypress run --config-file cypress/cypress.config.ts --browser electron ||:
+
+      - name: Collect server logs in case of a test failure
+        shell: bash
+        if: failure()
+        run: |
+          podman exec -ti server.ipa.demo dnf -y install sos
+          podman exec -ti server.ipa.demo sos report \
+                          --profile={identity,webserver,security,system,network} \
+                          -a --all-logs --batch
+          podman exec server.ipa.demo sh -c 'ls /var/tmp/sosreport*' | while read f ; do
+              podman cp server.ipa.demo:$f tests/ipalab/
+          done
+
+      - name: Upload server logs
+        uses: actions/upload-artifact@v4
+        if: failure()
+        with:
+          name: webui-server-logs
+          path: tests/ipalab/sosreport*
+          if-no-files-found: ignore
+
+      - name: Shutdown the test machines and a network
+        uses: rjeffman/[email protected]
+        with:
+          cluster_configuration: tests/ipalab/ipa.yaml
+          shutdown: true
+
+      - name: Remove ipalab configuration
+        shell: bash
+        run: rm -f tests/ipalab/ipa.yaml
 
       - name: Upload cypress screenshots
         uses: actions/upload-artifact@v4

tests/features/steps/common.ts

@@ -4,7 +4,7 @@ import { When, Then, Given } from "@badeball/cypress-cucumber-preprocessor";
 Given("I am on {string} page", (handle: string) => {
   cy.url().then(($url) => {
     if (!$url.includes(handle)) {
-      cy.visit(Cypress.env("base_url") + "/" + handle, { timeout: 6000 });
+      cy.visit(Cypress.env("base_url") + "/" + handle, { timeout: 9000 });
     }
   });
 });
@@ -46,7 +46,7 @@ Given("I am logged in as {string}", (username: string) => {
   });
   cy.get(
     "div.pf-v5-c-masthead__content button span.pf-v5-c-menu-toggle__text",
-    { timeout: 6000 }
+    { timeout: 9000 }
   ).then(($ele) => {
     if ($ele.text() !== username) {
       // @ts-ignore
@@ -97,7 +97,7 @@ When("I click on {string} page tab", (tabText: string) => {
 
 When("I click on {string} button", function (buttonText: string) {
   const regex = new RegExp("^" + buttonText + "$", "i");
-  cy.get("button", { timeout: 6000 }).contains(regex).click();
+  cy.get("button", { timeout: 9000 }).contains(regex).click();
 });
 
 When("I click on ID {string} button", function (id: string) {
@@ -243,7 +243,7 @@ When("I select entry {string} in the data table", (name: string) => {
 });
 
 When("I click on {string} entry in the data table", (name: string) => {
-  cy.get("tr[id='" + name + "'] a", { timeout: 5000 })
+  cy.get("tr[id='" + name + "'] a", { timeout: 9000 })
     .contains(name)
     .click();
 });
@@ -316,7 +316,7 @@ Then(
 
 When("I select partial entry {string} in the data table", (name: string) => {
   cy.get("tr[id^='" + name + "'] input[type=checkbox]", {
-    timeout: 6000,
+    timeout: 9000,
   }).check();
 });
 

tests/features/user_details.feature

@@ -127,7 +127,7 @@ Feature: User details
     When I click on Add key in the Certificates section
     And I put Certificate named "invalid sample - short" into the text area
     And in the modal dialog I click on "Add" button
-    Then I should see "danger" alert with text "Certificate format error: error parsing asn1 value: ParseError { kind: ShortData }"
+    Then I should see "danger" alert with text "Certificate format error: error parsing asn1 value: ParseError { kind: ShortData {needed: 109}}"
     * in the modal dialog I click on "Cancel" button
     Then I should see 1 certificates in the Certificates section
     # certificate length not divisible by 4

tests/ipalab/containerfile-fedora

@@ -0,0 +1,37 @@
+FROM registry.fedoraproject.org/fedora-toolbox:41
+MAINTAINER [FreeIPA Developers [email protected]]
+ENV container=docker LANG=en_US.utf8 LANGUAGE=en_US.utf8 LC_ALL=en_US.utf8
+
+RUN echo 'deltarpm = false' >> /etc/dnf/dnf.conf \
+    && dnf update -y python3 \
+    && (sed -i 's/%_install_langs \(.*\)/\0:fr/g' /etc/rpm/macros.image-language-conf ||:) \
+    && dnf install -y systemd \
+    && dnf install -y python3-libdnf5 \
+        git \
+        glibc-langpack-fr \
+        glibc-langpack-en \
+        iptables \
+        nss-tools \
+        openssh-server \
+        sudo \
+        wget \
+        freeipa-server \
+        freeipa-server-dns \
+        freeipa-server-trust-ad \
+        python3-libselinux \
+        firewalld \
+        nodejs \
+    && dnf clean all \
+    && sed -i 's/.*PermitRootLogin .*/#&/g' /etc/ssh/sshd_config \
+    && echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config \
+    && sed -i -e 's@^\(session.*required.*pam_loginuid\)@#\1@' /etc/pam.d/sshd \
+    && systemctl enable sshd \
+    && for i in /usr/lib/systemd/system/*-domainname.service; \
+    do sed -i 's#^ExecStart=/#ExecStart=-/#' $i ; done \
+    && { systemctl mask firewalld ||: ; } \
+    && { systemctl mask systemd-resolved ||: ; } \
+    && systemctl set-default multi-user.target
+
+STOPSIGNAL RTMIN+3
+VOLUME ["/usr/src/freeipa-webui", "/run", "/tmp"]
+ENTRYPOINT [ "/usr/sbin/init" ]

tests/ipalab/ipa.yaml.in

@@ -0,0 +1,28 @@
+---
+lab_name: webui
+container_fqdn: true
+containerfiles:
+  - containerfile-fedora
+network: ipa-webui
+subnet: 192.168.59.0/24
+ipa_deployments:
+  - name: i1
+    domain: dom-server.ipa.demo
+    realm: DOM-IPA.DEMO
+    admin_password: Secret123
+    dm_password: Secret123
+    distro: containerfile-fedora
+    cluster:
+      servers:
+        - name: server.ipa.demo
+          nolog: true
+          capabilities:
+            - DNS
+          vars:
+            ipaserver_netbios_name: DOM-SERVER
+            ipaserver_idstart: 61000
+            ipaserver_idmax: 62000
+            ipaserver_rid_base: 63000
+            ipaserver_secondary_rid_base: 70000
+          volumes:
+            - CONF_DIR:/usr/src/freeipa-webui:Z

tests/ipalab/playbooks/webui.yaml

@@ -0,0 +1,37 @@
+---
+- name: Setup Modern UI
+  hosts: ipaserver
+  become: false
+  gather_facts: false
+
+  tasks:
+    - name: Change Apache configuration
+      shell: |
+        cat >> /etc/httpd/conf.d/ipa.conf <<EOF
+
+        Alias /ipa/modern_ui "/usr/src/freeipa-webui/dist"
+        <Directory "/usr/src/freeipa-webui/dist">
+          SetHandler None
+          AllowOverride None
+          Satisfy Any
+          Require all granted
+          RewriteEngine On
+          RewriteRule ^(.*)/js/(.*)\\\\.(js|map)$ js/\\$2.\\$3 [L]
+          RewriteRule ^(.*)/public/images/(.*)$ public/images/\\$2 [L]
+          RewriteRule ^(.*)/(.*)\\\\.(css|ico|woff2)$ \\$2.\\$3 [L]
+          RewriteCond %{REQUEST_FILENAME} !-f
+          RewriteRule ^ index.html [QSA,L]
+        </Directory>
+        EOF
+
+    - name: Restart Apache
+      ansible.builtin.systemd_service:
+        state: restarted
+        daemon_reload: true
+        name: httpd
+
+    - name: Basic IPA test
+      shell: |
+        kinit -k
+        ipa env
+        kdestroy -A