diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e9cf324654137fc2aa97d132bff39a3117b6424a..0317717cb413ed56098d2b8913f99e499407f766 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -61,7 +61,19 @@ testinfra:
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
- cd test/
- - py.test -v --connection=ansible --ansible-inventory=./inventory.yml --hosts='ansible://*'
+ - py.test -v -m 'testinfra' --connection=ansible --ansible-inventory=./inventory.yml --hosts='ansible://*'
+
+certs:
+ stage: test
+ image: "${CI_REGISTRY_IMAGE}/bootstrap-ci"
+ variables:
+ OAS_DOMAIN: 'ci-${CI_PIPELINE_ID}.ci.openappstack.net'
+ allow_failure: true
+ script:
+ - eval $(ssh-agent -s)
+ - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
+ - cd test/
+ - py.test -v -m 'certs' --connection=ansible --ansible-inventory=./inventory.yml --hosts='ansible://*'
terminate:
stage: cleanup
diff --git a/test/Dockerfile b/test/Dockerfile
index b7619d43af0faaebc9da1197cd2c1bbd40fb48dd..9ea3e9376e037bf8d896045a7fa68c8588f8f6ad 100644
--- a/test/Dockerfile
+++ b/test/Dockerfile
@@ -1,13 +1,15 @@
FROM alpine:3.9
-LABEL Name="Openappstack bootstrap CI test image"
-LABEL version="3.9"
+LABEL name="Openappstack bootstrap CI test image"
+LABEL version="4.0"
LABEL vendor1="Greenhost"
RUN apk --no-cache add \
chromium \
chromium-chromedriver \
curl \
+ # needed for installing pycurl python module
+ curl-dev \
gcc \
libffi-dev \
make \
diff --git a/test/pytest/test_certs.py b/test/pytest/test_certs.py
new file mode 100644
index 0000000000000000000000000000000000000000..75789c2126316a70639453719c1cfd1316c2403c
--- /dev/null
+++ b/test/pytest/test_certs.py
@@ -0,0 +1,44 @@
+#!/usr/bin/env python3
+"""Validates remote TLS certs."""
+
+
+import pycurl
+import certifi
+from io import BytesIO
+import os
+import pytest
+
+
+def check_cert_url(url: str):
+ print('Testing URL: ', url)
+
+ buffer = BytesIO()
+ c = pycurl.Curl()
+ c.setopt(c.URL, url)
+ c.setopt(c.WRITEDATA, buffer)
+ c.setopt(c.CAINFO, certifi.where())
+ c.setopt(c.VERBOSE, True)
+
+ try:
+ c.perform()
+ valid_cert = True
+ except pycurl.error as e:
+ valid_cert = False
+ print('Cert error!')
+ if e.args[0] == pycurl.E_COULDNT_CONNECT and c.exception:
+ print(c.exception)
+ else:
+ print(e)
+ c.close()
+
+ return valid_cert
+
+
+@pytest.mark.certs
+def test_cert_validation(host):
+
+ domain = os.environ.get("OAS_DOMAIN")
+ assert domain, "Please export OAS_DOMAIN as environment variable."
+
+ # Check traefik cert
+ assert check_cert_url('https://traefi.%s/' % domain)
diff --git a/test/pytest/test_docker.py b/test/pytest/test_docker.py
index 9b2a0052abde0f410c5a89629538c8874706f660..ff116ccda5b119218b6d67deef7d20323e470f2e 100644
--- a/test/pytest/test_docker.py
+++ b/test/pytest/test_docker.py
@@ -1,9 +1,14 @@
+import pytest
+
+
+@pytest.mark.testinfra
def test_docker_is_installed(host):
docker = host.package("docker-ce")
assert docker.is_installed
assert docker.version.startswith("5:18.09")
+@pytest.mark.testinfra
def test_docker_running_and_enabled(host):
docker = host.service("docker")
assert docker.is_running
diff --git a/test/pytest/test_system.py b/test/pytest/test_system.py
index 8df1b77e671e5c47a8b2259c89f1e9cf1af8df9c..c41d9d084e7a905fbdc61e7bd979ab04b49e66ff 100644
--- a/test/pytest/test_system.py
+++ b/test/pytest/test_system.py
@@ -1,3 +1,7 @@
+import pytest
+
+
+@pytest.mark.testinfra
def test_release_is_bionic(host):
system_info = host.system_info
assert system_info.release == '9.8'
diff --git a/test/requirements.txt b/test/requirements.txt
index bc4c4c9e431d0a43a6823ad4c59f83d9603a2754..9b4ac44ddf518dbc606b6fc4bb0602d904ecb8e4 100644
--- a/test/requirements.txt
+++ b/test/requirements.txt
@@ -1,7 +1,9 @@
ansible~=2.6.0
behave-webdriver>=0.2.2
+# Needed for ansible k8s resource
openshift>=0.8.6
psutil>=5.5.0
+pycurl>=7.43.0.2
pytest>=4.3.0
requests>=2.19.1
tabulate>=0.8.3