From 94a45c1ecdaa87791e97bed73d0468f056532570 Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Fri, 30 Oct 2020 16:29:28 -0400
Subject: [PATCH] Add FIPS gate job

Add a new FIPS enabled gate job  This job will be
for Centos 8 with FIPS enabled, and will use a playbook in
zuul-jobs to enable FIPS.

The dogtag bindep dependencies are curently broken.  Lets
temporarily remove them here until we can figure out how to
fix them and thereby fix the dogtag gate.

Change-Id: Ibcd8cb6fc356e27266ba04cd972834dcd97c1a9b
Depends-On: https://review.opendev.org/c/zuul/zuul-jobs/+/788778
---
 .zuul.yaml                 | 9 +++++++++
 bindep.txt                 | 9 ++++++---
 playbooks/enable-fips.yaml | 4 ++++
 3 files changed, 19 insertions(+), 3 deletions(-)
 create mode 100644 playbooks/enable-fips.yaml

diff --git a/.zuul.yaml b/.zuul.yaml
index 315b909f1..93ee8eaa2 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -22,6 +22,14 @@
       devstack_services:
         barbican-dogtag: true
 
+- job:
+    name: barbican-tox-functional-fips
+    nodeset: devstack-single-node-centos-8-stream
+    parent: barbican-tox-functional
+    description: |
+      Functional testing for a FIPS enabled Centos 8 system
+    pre-run: playbooks/enable-fips.yaml
+
 - job:
     name: barbican-vault-tox-functional
     parent: barbican-tox-functional
@@ -94,6 +102,7 @@
         - barbican-tempest-plugin-simple-crypto
         - barbican-tempest-plugin-simple-crypto-secure-rbac
         - barbican-tempest-plugin-simple-crypto-ipv6-only
+        - barbican-tox-functional-fips
         - octavia-v2-dsvm-tls-barbican
         # TripleO jobs that deploy Barbican.
         # Note we don't use a project-template here, so it's easier
diff --git a/bindep.txt b/bindep.txt
index 25e0047a9..644a31f93 100644
--- a/bindep.txt
+++ b/bindep.txt
@@ -7,9 +7,12 @@ libnss3-dev [platform:dpkg]
 gettext [test]
 
 # Required for the Dogtag plugin
-389-ds-base [platform:rpm]
-pki-ca [platform:rpm]
-pki-kra [platform:rpm]
+# Comment out for now -- these are not installing due to need to
+# enable idm module
+# yum module enable idm:DL1
+# 389-ds-base [platform:rpm]
+# pki-ca [platform:rpm]
+# pki-kra [platform:rpm]
 
 #Required for cryptography lib
 libssl-dev [platform:dpkg]
diff --git a/playbooks/enable-fips.yaml b/playbooks/enable-fips.yaml
new file mode 100644
index 000000000..c8f042dba
--- /dev/null
+++ b/playbooks/enable-fips.yaml
@@ -0,0 +1,4 @@
+- hosts: all
+  tasks:
+    - include_role:
+        name: enable-fips