Succeed cert-test on self-signed certs from cert-manager

Closes #135

Succeed cert-test on self-signed certs from cert-manager
Closes #135
67a41236 · Varac · 0eae116c · 67a41236 · 67a41236
Verified Commit 67a41236 authored 5 years ago by Varac
--- a/test/README.md
+++ b/test/README.md
@@ -18,7 +18,11 @@ Run cert test manually using the ansible inventory file:
 Run cert test manually against a different cluster, not configured in any
 ansible inventory file:

-	OAS_DOMAIN='varac-oas.openappstack.net' py.test -v -m 'certs'
+    OAS_DOMAIN='varac-oas.openappstack.net' py.test -v -m 'certs'
+
+or
+
+    OAS_DOMAIN='varac-oas.openappstack.net' pytest/test_certs.py

 ## Issues


--- a/test/pytest/test_certs.py
+++ b/test/pytest/test_certs.py
@@ -59,18 +59,38 @@ def print_cert_info(certs: list):
        print('CN: {0} (Issuer: {1})'.format(cn, issuer))


+def read_certs_from_file(filename:str):
+    """Read cert from file for debugging/development."""
+
+    import OpenSSL.crypto
+    cert = OpenSSL.crypto.load_certificate(
+        OpenSSL.crypto.FILETYPE_PEM,
+        open(filename).read()
+    )
+    return [cert]
+
+
 def valid_cert(domain: str, ca_file: str = '/tmp/custom_ca_bundle.crt'):
    """Validate cert of given domain against a ca_file bundle."""

+    valid = False
+
    url = 'https://' + domain
    print('Validating cert from {0} ...'.format(url))
-    print_cert_info(fetch_certs(domain))
+    certs = fetch_certs(domain)
+    print_cert_info(certs)

    try:
        requests.get(url, verify=ca_file)
    except requests.exceptions.SSLError as ex:
        print('SSL Verification Error {}'.format(ex))
-        return False
+        for cert in certs:
+            issuer = cert.get_issuer().CN
+            if issuer == 'cert-manager.local':
+                print('Allowing exception for self-signed cert-mananger cert.')
+                valid = True
+        return valid
+
    print('Successfully Verified SSL Cert.\n')
    return True