From bc3d702594cef47fe086eaf72b26473c32cbd28f Mon Sep 17 00:00:00 2001
From: Varac <varac@varac.net>
Date: Tue, 17 Dec 2019 15:38:02 +0100
Subject: [PATCH] Use domain ansible variable for cert check
---
test/README.md | 22 +++++++++++-----------
test/pytest/test_certs.py | 26 +++++++++++++++++++-------
2 files changed, 30 insertions(+), 18 deletions(-)
diff --git a/test/README.md b/test/README.md
index 6f7a9be65..4863ae121 100644
--- a/test/README.md
+++ b/test/README.md
@@ -13,36 +13,36 @@ There are two types of tests: "testinfra" tests, and "behave" tests.
## Run *testinfra* tests
-Test host configured in `../clusters/CLUSTERNAME/inventory.yml`
+Export `INVENTORY` env var to the location of your clusters inventory file:
export INVENTORY=../clusters/CLUSTERNAME/inventory.yml
- py.test -v --ansible-inventory=${INVENTORY} --hosts='ansible://*'
+
+Run all tests:
+
+ py.test -sv --ansible-inventory=${INVENTORY} --hosts='ansible://*'
Specify host manually:
- py.test -v --hosts='ssh://root@example.openappstack.net'
+ py.test -sv --hosts='ssh://root@example.openappstack.net'
Run only tests tagged with `prometheus`:
- py.test -v --ansible-inventory=${INVENTORY} --hosts='ansible://*' -m prometheus
+ py.test -sv --ansible-inventory=${INVENTORY} --hosts='ansible://*' -m prometheus
### Cert tests
Run cert test manually using the ansible inventory file:
- ADDRESS='example.openappstack.net' py.test -v -m 'certs' \
- --connection=ansible \
- --ansible-inventory=${INVENTORY} \
- --hosts='ansible://*'
+ py.test -sv --ansible-inventory=${INVENTORY} --hosts='ansible://*' -m certs
Run cert test manually against a different cluster, not configured in any
ansible inventory file, either by using pytest:
- ADDRESS='example.openappstack.net' py.test -v -m 'certs'
+ DOMAIN='example.openappstack.net' py.test -sv -m 'certs'
-or directly (allows better debugging since pytest won't eat stdout):
+or directly:
- ADDRESS='example.openappstack.net' pytest/test_certs.py
+ DOMAIN='example.openappstack.net' pytest/test_certs.py
## Run *behave* tests
diff --git a/test/pytest/test_certs.py b/test/pytest/test_certs.py
index 472311e16..e4037ea51 100755
--- a/test/pytest/test_certs.py
+++ b/test/pytest/test_certs.py
@@ -12,12 +12,12 @@ from OpenSSL import SSL
def add_custom_cert_authorities(ca_file: str,
custom_ca_files: list,
- destination_file: str =
+ dest_file: str =
'/tmp/custom_ca_bundle.crt'):
"""Concatenates existing cert bundle with custom CAs."""
- destination = open(destination_file, 'wb')
- with open(destination_file, 'wb') as destination, open(ca_file, 'rb') as ca:
+ destination = open(dest_file, 'wb')
+ with open(dest_file, 'wb') as destination, open(ca_file, 'rb') as ca:
shutil.copyfileobj(ca, destination)
for custom_ca_file in custom_ca_files:
with open(custom_ca_file, 'rb') as custom_ca:
@@ -59,7 +59,7 @@ def print_cert_info(certs: list):
print('CN: {0} (Issuer: {1})'.format(cn, issuer))
-def read_certs_from_file(filename:str):
+def read_certs_from_file(filename: str):
"""Read cert from file for debugging/development."""
import OpenSSL.crypto
@@ -97,14 +97,26 @@ def valid_cert(domain: str, ca_file: str = '/tmp/custom_ca_bundle.crt'):
@pytest.mark.certs
def test_cert_validation(host):
- domain = os.environ.get("ADDRESS")
- assert domain, "Please export ADDRESS as environment variable."
+ """Checks for proper cluster certs of exposed services.
+ Check is executed on the local provisioning machine.
+ """
+
+ # Use DOMAIN env var if set, otherwise use domain var from
+ # settings.yml.
+ domain = os.environ.get("DOMAIN")
+ if domain:
+ print("Using domain %s from DOMAIN environment variable." % domain)
+ else:
+ ansible_vars = host.ansible.get_variables()
+ domain = ansible_vars["domain"]
+ print("Using domain %s from ansible settings.yml." % domain)
add_custom_cert_authorities(certifi.where(),
['pytest/le-staging-bundle.pem'])
- # Check nextcloud cert
assert valid_cert('files.{0}'.format(domain))
+ assert valid_cert('office.{0}'.format(domain))
+ assert valid_cert('grafana.{0}'.format(domain))
if __name__ == "__main__":
--
GitLab