Skip to content
Snippets Groups Projects
Unverified Commit 83ca079d authored by Varac's avatar Varac
Browse files

Dont use LE staging CA

parent 27d74ffa
No related branches found
No related tags found
1 merge request!661Dont use LE staging CA
Hide whitespace changes
Inline Side-by-side
Dockerfile
+ 0
2
View file @ 83ca079d
......@@ -10,7 +10,6 @@ ENV TAIKO_BROWSER_PATH=/usr/bin/chromium-browser
ENV TAIKO_BROWSER_ARGS=--no-sandbox,--start-maximized,--disable-dev-shm-usage,--ignore-certificate-errors
ADD https://github.com/fluxcd/flux2/releases/download/v0.22.0/flux_0.22.0_linux_amd64.tar.gz /tmp/
COPY ./test/pytest/le-staging-bundle.pem /usr/local/share/ca-certificates/le-staging-bundle.pem
COPY ./requirements.txt /requirements.txt
RUN \
# Install kubectl from alpine edge until alpine 3.16 is released
......@@ -38,7 +37,6 @@ RUN \
yq=~4.14.1-r0 && \
rm -rf /var/cache/* && \
mkdir /var/cache/apk && \
update-ca-certificates && \
pip install --no-cache-dir --ignore-installed six -r /requirements.txt && \
ln -s /usr/bin/python3 /usr/bin/python && \
tar -xzf /tmp/flux*.tar.gz && mv ./flux /usr/local/bin && \
......
test/pytest/test_certs.py
+ 9
31
View file @ 83ca079d
......@@ -2,11 +2,9 @@
"""Test if application ingress uses a valid certificate."""
import os
import shutil
import socket
import sys
import certifi
import pytest
import requests
from OpenSSL import SSL
......@@ -19,20 +17,6 @@ def test_cert_validation(host, resource): # pylint: disable=too-many-statements
Check is executed on the local provisioning machine.
"""
def add_custom_cert_authorities(ca_file: str,
custom_ca_files: list,
dest_file: str =
'/tmp/custom_ca_bundle.crt'):
"""Concatenates existing cert bundle with custom CAs."""
destination = open(dest_file, 'wb')
with open(dest_file, 'wb') as destination, open(ca_file, 'rb') as cert_auth:
shutil.copyfileobj(cert_auth, destination)
for custom_ca_file in custom_ca_files:
with open(custom_ca_file, 'rb') as custom_ca:
shutil.copyfileobj(custom_ca, destination)
def fetch_certs(domain: str, port: int = 443):
"""Fetches cert fom given domain."""
......@@ -68,9 +52,8 @@ def test_cert_validation(host, resource): # pylint: disable=too-many-statements
print('CN: {0} (Issuer: {1})'.format(common_name, issuer))
def valid_cert(domain: str, ca_file: str = '/tmp/custom_ca_bundle.crt',
app: str = "all"):
"""Validate cert of given domain against a ca_file bundle."""
def valid_cert(domain: str):
"""Validate cert of given domain."""
valid = False
......@@ -80,17 +63,14 @@ def test_cert_validation(host, resource): # pylint: disable=too-many-statements
print_cert_info(certs)
try:
requests.get(url, verify=ca_file)
requests.get(url)
except requests.exceptions.SSLError as ex:
print('SSL Verification Error {}'.format(ex))
for cert in certs:
issuer = cert.get_issuer().CN
if issuer == 'cert-manager.local':
print('Allowing exception for self-signed cert-mananger cert.')
valid = True
#for cert in certs:
# issuer = cert.get_issuer().CN
return valid
print('Successfully Verified SSL Cert.\n')
print('Successfully Verified SSL Cert. \n')
return True
......@@ -111,7 +91,8 @@ def test_cert_validation(host, resource): # pylint: disable=too-many-statements
elif resource == 'kube-prometheus-stack':
apps = ['grafana', 'prometheus']
else:
assert resource in app_subdomains, "Error: Unknown app: {}".format(app)
assert resource in app_subdomains, \
"Error: Unknown app: {}".format(resource)
apps = [resource]
print('\n')
......@@ -126,8 +107,5 @@ def test_cert_validation(host, resource): # pylint: disable=too-many-statements
domain = ansible_vars["domain"]
print("Using domain %s from ansible inventory." % domain)
add_custom_cert_authorities(certifi.where(),
['pytest/le-staging-bundle.pem'])
fqdn = app_subdomains[app_name] + '.' + domain
assert valid_cert(domain=fqdn, app=resource)
assert valid_cert(domain=fqdn)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment