e2e: oc login with --insecure-skip-tls-verify

crc-org · Mar 14, 2024 · 4960590 · 4960590
1 parent 9bf6f4d
commit 4960590
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 7 deletions.
diff --git a/test/e2e/features/story_openshift.feature b/test/e2e/features/story_openshift.feature
@@ -4,10 +4,6 @@ Feature: 4 Openshift stories
 	Background:
 		Given ensuring CRC cluster is running
 		And ensuring oc command is available
-		And executing "oc config view --raw -o jsonpath="{.clusters[?(@.name=='api-crc-testing:6443')].cluster.certificate-authority-data}" > ca.base64" succeeds
-		And decode base64 file "ca.base64" to "ca.crt"
-		And executing "echo QUIT | openssl s_client -connect api.crc.testing:6443 | openssl x509 -out server.crt" succeeds
-		And executing "openssl verify -CAfile ca.crt server.crt" succeeds
 		And ensuring user is logged in succeeds
 
 	# End-to-end health check

diff --git a/test/e2e/testsuite/testsuite.go b/test/e2e/testsuite/testsuite.go
@@ -842,10 +842,36 @@ func EnsureCRCIsRunning() error {
 }
 
 func EnsureUserIsLoggedIntoClusterSucceedsOrFails(expected string) error {
+
 	if err := setOcEnv(); err != nil {
 		return err
 	}
-	return util.LoginToOcClusterSucceedsOrFails(expected)
+
+	err := util.LoginToOcCluster([]string{})
+	if expected == "succeeds" && err != nil && strings.Contains(err.Error(), "The server uses a certificate signed by unknown authority") {
+		// do some logging
+
+		err1 := util.ExecuteCommand("oc config view --raw -o jsonpath=\"{.clusters[?(@.name=='api-crc-testing:6443')].cluster.certificate-authority-data}\" > ca.base64")
+		if err1 != nil {
+			fmt.Println(err1)
+		}
+		err1 = DecodeBase64File("ca.base64", "ca.crt")
+		if err1 != nil {
+			fmt.Println(err1)
+		}
+		err1 = util.ExecuteCommand("echo QUIT | openssl s_client -connect api.crc.testing:6443 | openssl x509 -out server.crt")
+		if err1 != nil {
+			fmt.Println(err1)
+		}
+		err1 = util.ExecuteCommand("openssl verify -CAfile ca.crt server.crt")
+		if err1 != nil {
+			fmt.Println(err1)
+		}
+
+		// login with ignorance
+		err = util.LoginToOcCluster([]string{"--insecure-skip-tls-verify"})
+	}
+	return err
 }
 
 func EnsureOCCommandIsAvailable() error {

diff --git a/test/extended/util/util.go b/test/extended/util/util.go
@@ -253,7 +253,9 @@ func AddOCToPath() error {
 	return nil
 }
 
-func LoginToOcClusterSucceedsOrFails(expected string) error {
+// LoginToOcCluster logs into the cluster as admin with oc command
+// 'options' should have a form of a string slice like: [--option1 --option2 --option3] (string slice)
+func LoginToOcCluster(options []string) error {
 
 	credentialsCommand := "crc console --credentials" //#nosec G101
 	err := ExecuteCommand(credentialsCommand)
@@ -263,5 +265,24 @@ func LoginToOcClusterSucceedsOrFails(expected string) error {
 	out := GetLastCommandOutput("stdout")
 	ocLoginAsAdminCommand := strings.Split(out, "'")[3]
 
-	return ExecuteCommandSucceedsOrFails(ocLoginAsAdminCommand, expected)
+	for _, option := range options {
+		ocLoginAsAdminCommand = ocLoginAsAdminCommand + " " + option
+	}
+
+	return ExecuteCommand(ocLoginAsAdminCommand)
+}
+
+// LoginToOcClusterSucceedsOrFails is a wrapper for LoginToOcCluster
+func LoginToOcClusterSucceedsOrFails(expected string) error {
+
+	if expected == "fails" {
+		err := LoginToOcCluster([]string{})
+		if err != nil {
+			return nil
+		}
+		_ = LogMessage("error:", "Login succeeded but was not supposed to")
+		return fmt.Errorf("Login succeeded but was not supposed to")
+	}
+
+	return LoginToOcCluster([]string{})
 }