Use domain ansible variable for cert check

test/README.md

@@ -13,36 +13,36 @@ There are two types of tests: "testinfra" tests, and "behave" tests.
 
 ## Run *testinfra* tests
 
-Test host configured in `../clusters/CLUSTERNAME/inventory.yml`
+Export `INVENTORY` env var to the location of your clusters inventory file:
 
     export INVENTORY=../clusters/CLUSTERNAME/inventory.yml
-    py.test -v --ansible-inventory=${INVENTORY} --hosts='ansible://*'
+
+Run all tests:
+
+    py.test -sv --ansible-inventory=${INVENTORY} --hosts='ansible://*'
 
 Specify host manually:
 
-    py.test -v --hosts='ssh://root@example.openappstack.net'
+    py.test -sv --hosts='ssh://root@example.openappstack.net'
 
 Run only tests tagged with `prometheus`:
 
-    py.test -v --ansible-inventory=${INVENTORY} --hosts='ansible://*' -m prometheus
+    py.test -sv --ansible-inventory=${INVENTORY} --hosts='ansible://*' -m prometheus
 
 ### Cert tests
 
 Run cert test manually using the ansible inventory file:
 
-    ADDRESS='example.openappstack.net' py.test -v -m 'certs' \
-      --connection=ansible \
-      --ansible-inventory=${INVENTORY} \
-      --hosts='ansible://*'
+    py.test -sv --ansible-inventory=${INVENTORY} --hosts='ansible://*' -m certs
 
 Run cert test manually against a different cluster, not configured in any
 ansible inventory file, either by using pytest:
 
-    ADDRESS='example.openappstack.net' py.test -v -m 'certs'
+    DOMAIN='example.openappstack.net' py.test -sv -m 'certs'
 
-or directly (allows better debugging since pytest won't eat stdout):
+or directly:
 
-    ADDRESS='example.openappstack.net' pytest/test_certs.py
+    DOMAIN='example.openappstack.net' pytest/test_certs.py
 
 
 ## Run *behave* tests

test/pytest/test_certs.py

@@ -12,12 +12,12 @@ from OpenSSL import SSL
 
 def add_custom_cert_authorities(ca_file: str,
                                 custom_ca_files: list,
-                                destination_file: str =
+                                dest_file: str =
                                 '/tmp/custom_ca_bundle.crt'):
     """Concatenates existing cert bundle with custom CAs."""
 
-    destination = open(destination_file, 'wb')
-    with open(destination_file, 'wb') as destination,  open(ca_file, 'rb') as ca:
+    destination = open(dest_file, 'wb')
+    with open(dest_file, 'wb') as destination, open(ca_file, 'rb') as ca:
         shutil.copyfileobj(ca, destination)
         for custom_ca_file in custom_ca_files:
             with open(custom_ca_file, 'rb') as custom_ca:
@@ -59,7 +59,7 @@ def print_cert_info(certs: list):
         print('CN: {0} (Issuer: {1})'.format(cn, issuer))
 
 
-def read_certs_from_file(filename:str):
+def read_certs_from_file(filename: str):
     """Read cert from file for debugging/development."""
 
     import OpenSSL.crypto
@@ -97,14 +97,26 @@ def valid_cert(domain: str, ca_file: str = '/tmp/custom_ca_bundle.crt'):
 
 @pytest.mark.certs
 def test_cert_validation(host):
-    domain = os.environ.get("ADDRESS")
-    assert domain, "Please export ADDRESS as environment variable."
+    """Checks for proper cluster certs of exposed services.
+    Check is executed on the local provisioning machine.
+    """
+
+    # Use DOMAIN env var if set, otherwise use domain var from
+    # settings.yml.
+    domain = os.environ.get("DOMAIN")
+    if domain:
+        print("Using domain %s from DOMAIN environment variable." % domain)
+    else:
+        ansible_vars = host.ansible.get_variables()
+        domain = ansible_vars["domain"]
+        print("Using domain %s from ansible settings.yml." % domain)
 
     add_custom_cert_authorities(certifi.where(),
                                 ['pytest/le-staging-bundle.pem'])
 
-    # Check nextcloud cert
     assert valid_cert('files.{0}'.format(domain))
+    assert valid_cert('office.{0}'.format(domain))
+    assert valid_cert('grafana.{0}'.format(domain))
 
 
 if __name__ == "__main__":