From b2e3ec4ab4122e8523e4d5cb80a0707f7f77daa0 Mon Sep 17 00:00:00 2001
From: Artur <40683252+Artur-at-work@users.noreply.github.com>
Date: Fri, 30 Aug 2024 10:23:21 +0800
Subject: [PATCH] fix(oem_autoinstall): Fix download ISO from webdav URL with
 password (#348)

* fix(oem_autoinstall): Fix download ISO from webdav URL with password

* Update docs and fix spelling

* oem_autoinstall: copy tls certificate to DUT
---
 .../muxpi/oem_autoinstall/provision-image.sh  | 66 +++++++++++++++----
 docs/.wordlist.txt                            |  2 +
 docs/reference/device-connector-types.rst     | 15 +++++
 3 files changed, 70 insertions(+), 13 deletions(-)

diff --git a/device-connectors/src/testflinger_device_connectors/data/muxpi/oem_autoinstall/provision-image.sh b/device-connectors/src/testflinger_device_connectors/data/muxpi/oem_autoinstall/provision-image.sh
index 8778697a..d3954c13 100755
--- a/device-connectors/src/testflinger_device_connectors/data/muxpi/oem_autoinstall/provision-image.sh
+++ b/device-connectors/src/testflinger_device_connectors/data/muxpi/oem_autoinstall/provision-image.sh
@@ -94,22 +94,62 @@ create_meta_data() {
 wget_iso_on_dut() {
     # Download ISO on DUT
     URL_TOKEN="$CONFIG_REPO_PATH"/url_token
-    WGET_OPTS="--no-verbose --tries=3"
-    # Optional URL credentials
-    if [ -r "$URL_TOKEN" ]; then
-        username=$(awk -F':' '/^username:/ {print $2}' "$URL_TOKEN" | xargs)
-        token=$(awk -F':' '/^token:/ {print $2}' "$URL_TOKEN" | xargs)
-        if [ -z "$username" ] || [ -z "$token" ]; then
-            echo "Error: check username or token format in $URL_TOKEN file"
+
+    echo "Downloading ISO on DUT..."
+    if [[ "$URL_DUT" =~ "oem-share.canonical.com" ]]; then
+        # use rclone for webdav storage
+        if [ ! -f "$URL_TOKEN" ]; then
+            echo "oem-share URL requires webdav authentication. Please attach token_file"
             exit 3
         fi
-        WGET_OPTS+=" --auth-no-challenge --user=$username --password=$token"
-    fi
+        $SCP "$URL_TOKEN" "$TARGET_USER"@"$addr":/home/"$TARGET_USER"/
 
-    echo "Downloading ISO on DUT..."
-    if ! $SSH "$TARGET_USER"@"$addr" -- sudo wget "$WGET_OPTS" -O /home/"$TARGET_USER"/"$ISO" "$URL_DUT"; then
-        echo "Downloading ISO on DUT failed."
-        exit 4
+        if ! $SSH "$TARGET_USER"@"$addr" -- sudo command -v rclone  >/dev/null 2>&1; then
+            $SSH "$TARGET_USER"@"$addr" -- sudo sudo DEBIAN_FRONTEND=noninteractive apt-get update -qq
+            $SSH "$TARGET_USER"@"$addr" -- sudo sudo DEBIAN_FRONTEND=noninteractive apt-get install -yqq rclone
+        fi
+
+        if [[ "$URL_DUT" =~ "partners" ]]; then
+            PROJECT=$(echo "$URL_DUT" | cut -d "/" -f 5)
+            FILEPATH=$(echo "$URL_DUT" | sed "s/.*share\///g")
+        else
+            PROJECT=$(echo "$URL_DUT" | cut -d "/" -f 5)
+            FILEPATH=$(echo "$URL_DUT" | sed "s/.*$PROJECT\///g")
+        fi
+
+        if ! $SSH "$TARGET_USER"@"$addr" -- sudo rclone --config /home/"$TARGET_USER"/url_token copy "$PROJECT":"$FILEPATH" /home/"$TARGET_USER"/; then
+            echo "Downloading ISO on DUT from oem-share failed."
+            exit 4
+        fi
+    else
+        WGET_OPTS="--tries=3"
+        # Optional URL credentials
+        if [ -r "$URL_TOKEN" ]; then
+            username=$(awk -F':' '/^username:/ {print $2}' "$URL_TOKEN" | xargs)
+            token=$(awk -F':' '/^token:/ {print $2}' "$URL_TOKEN" | xargs)
+            if [ -z "$username" ] || [ -z "$token" ]; then
+                echo "Error: check username or token format in $URL_TOKEN file"
+                exit 3
+            fi
+            WGET_OPTS+=" --auth-no-challenge --user=$username --password=$token"
+        fi
+
+        if [[ "$URL_DUT" =~ "tel-image-cache.canonical.com" ]]; then
+            CERT_NAME="tel-image-cache-ca.crt"
+            CERT_FILEPATH=/usr/local/share/ca-certificates/"$CERT_NAME"
+            if [ -f "$CERT_FILEPATH" ]; then
+                $SCP "$CERT_FILEPATH" "$TARGET_USER"@"$addr":/home/"$TARGET_USER"
+                $SSH "$TARGET_USER"@"$addr" -- sudo cp "$CERT_NAME" "$CERT_FILEPATH"
+                $SSH "$TARGET_USER"@"$addr" -- sudo update-ca-certificates
+            else
+                echo "Warning: TLS certificate was not found on agent. Downloading ISO might fail.."
+            fi
+        fi
+
+        if ! $SSH "$TARGET_USER"@"$addr" -- sudo wget "$WGET_OPTS" -O /home/"$TARGET_USER"/"$ISO" "$URL_DUT"; then
+            echo "Downloading ISO on DUT failed."
+            exit 4
+        fi
     fi
 
     if ! $SSH "$TARGET_USER"@"$addr" -- sudo test -e /home/"$TARGET_USER"/"$ISO"; then
diff --git a/docs/.wordlist.txt b/docs/.wordlist.txt
index 1ff4b15a..1916326e 100644
--- a/docs/.wordlist.txt
+++ b/docs/.wordlist.txt
@@ -76,6 +76,7 @@ preconfigured
 preloaded
 provisionable
 provisioner
+rclone
 ReadMe
 readthedocs
 reST
@@ -112,6 +113,7 @@ USB
 UUID
 virtualenv
 VM
+webdav
 webhook
 WPA
 xenial
diff --git a/docs/reference/device-connector-types.rst b/docs/reference/device-connector-types.rst
index 1523c00e..b85cad8f 100644
--- a/docs/reference/device-connector-types.rst
+++ b/docs/reference/device-connector-types.rst
@@ -288,6 +288,21 @@ The ``oem_autoinstall`` device connector supports the following ``provision_data
 
           token: $MY_TOKEN
 
+        If ``url`` requires webdav authentication, then device will use rclone to copy the file.
+        The rclone configurations must be provided in the following format:
+
+          [$PROJECT]
+
+          type = webdav
+
+          url = $URL
+
+          vendor = other
+
+          user = $USER
+
+          pass = $PASSWORD
+
     * - ``user_data``
       - Required file provided with :ref:`file attachments <file_attachments>`.
         This file will be consumed by the autoinstall and cloud-init.