ci: add TMT plan for passkey testing in PRCI

[ikerexxe]

Summary

This PR introduces testing infrastructure for SSSD passkey functionality using TMT and testing farm. It is designed to automate verification across diverse environments and integrate directly into the existing Packit CI workflow.

• Integrates passkey tests with Packit CI workflow to run automatically on pull requests.
• Supports Fedora (all versions) and CentOS Stream 10.
• Support testing across multiple identity providers (IPA, LDAP, Samba) in containerized environments.

Changes Made

• Adds comprehensive TMT test plans in plans/passkey/.
• Configures Packit integration to trigger tests on pull requests.
• Implements automated provisioning logic for virtual machines and nested containers.
• Standardizes log collection and artifact storage.

Test Plan

The TMT plan follows an automated lifecycle for each PR:

1. Provisions virtual machines with sufficient resources for containerized testing.
2. Sets up sssd-ci-container environment.
3. Installs SSSD from PR-specific COPR builds.
4. Executes passkey functionality tests with detailed logging.
5. Collects test artifacts for debugging failed runs.

Constraints & known limitations

• Provisioning gap: local testing baseline is 16GB RAM to prevent memory swap. However, the Testing Farm provisions 4GB RAM. Expect swap activity during CI runs. While tests remain functional, performance may be degraded compared to local environments.
• Container mapping: To ensure low maintenance across fedora-all, containers inherit the distribution of the host VM (e.g., F44 VM hosts F44 containers). This approach links test stability to the target distribution’s stability. Rawhide environments may occasionally experience failures due to upstream shifts unrelated to SSSD.
• Environment: c10s tests are executed within a fedora-latest VM (currently Fedora 44). Attempting to run on a c10s VM host caused severe memory pressure that prevented SSSD from installing correctly within the containers.

Observability & debugging

If a test fails, kKey data can be found at: tmt-log and test artifacts directory: plans/passkey/data/artifacts/tests/

Final notes

• CentOS Stream 10 and fedora rawhide CI failures observed in this PR are unrelated to the changes proposed here. These failures stem from an environment-wide issue where sssd-ci-containers for these distributions have not been refreshed for approximately 10 days. These targets should stabilize as soon as the container images are updated.
• This PR only enables the execution of the passkey tests, it doesn't make the umockdev to vfido transformation. If you want to see the CI working with vfido update take a look at tests: migrate passkey tests from umockdev to vfido #8510.

[gemini-code-assist]

Code Review

This pull request introduces a new FMF test plan for SSSD passkey functionality across IPA, LDAP, and Samba providers. The plan automates environment provisioning, container setup, and SSSD installation from COPR builds. Feedback focuses on improving the reliability and performance of the preparation steps, specifically addressing potential Python package installation failures on newer Fedora versions, optimizing SELinux configuration speed, ensuring reliable package upgrades from COPR, and correcting a syntax error in the yq command used for configuration modification.

[justin-stephenson]

Ack, thank you.