Go back to using scratch space and Go client for custom CAs

This restores support for the following scenarios:
- Now the system certs are considered as valid when a custom
CA is used.
- The custom CA will be accepted regardless of the key value
used in the configmap.

Add a test for the second scenario.

Signed-off-by: Maya Rashish <mrashish@redhat.com>

pkg/importer/http-datasource.go

@@ -126,8 +126,12 @@ func (hs *HTTPDataSource) Info() (ProcessingPhase, error) {
 	if hs.brokenForQemuImg {
 		return ProcessingPhaseTransferScratch, nil
 	}
+	if hs.customCA != "" {
+		klog.V(1).Infof("Custom CA requested, using scratch space")
+		return ProcessingPhaseTransferScratch, nil
+	}
 	hs.url = hs.endpoint
-	if !hs.readers.Archived && hs.customCA == "" && hs.readers.Convert {
+	if !hs.readers.Archived && hs.readers.Convert {
 		// We can pass straight to conversion from the endpoint
 		return ProcessingPhaseConvert, nil
 	}

tests/datavolume_test.go

@@ -240,6 +240,14 @@ var _ = Describe("[vendor:cnv-qe@redhat.com][level:component]DataVolume tests",
 			return dataVolume
 		}
 
+		createHTTPSDataVolumeWeirdCertFilename := func(dataVolumeName, size, url string) *cdiv1.DataVolume {
+			dataVolume := utils.NewDataVolumeWithHTTPImport(dataVolumeName, size, url)
+			cm, err := utils.CreateCertConfigMapWeirdFilename(f.K8sClient, f.Namespace.Name, f.CdiInstallNs)
+			Expect(err).To(BeNil())
+			dataVolume.Spec.Source.HTTP.CertConfigMap = cm
+			return dataVolume
+		}
+
 		createCloneDataVolume := func(dataVolumeName, size, command string) *cdiv1.DataVolume {
 			sourcePodFillerName := fmt.Sprintf("%s-filler-pod", dataVolumeName)
 			pvcDef := utils.NewPVCDefinition(pvcName, size, nil, nil)
@@ -572,6 +580,30 @@ var _ = Describe("[vendor:cnv-qe@redhat.com][level:component]DataVolume tests",
 					Message: "Import Complete",
 					Reason:  "Completed",
 				}}),
+			table.Entry("succeed creating import dv with custom https cert that has a weird filename", dataVolumeTestArguments{
+				name:             "dv-https-import-qcow2",
+				size:             "1Gi",
+				url:              httpsTinyCoreQcow2URL,
+				dvFunc:           createHTTPSDataVolumeWeirdCertFilename,
+				eventReason:      controller.ImportSucceeded,
+				phase:            cdiv1.Succeeded,
+				checkPermissions: true,
+				readyCondition: &cdiv1.DataVolumeCondition{
+					Type:   cdiv1.DataVolumeReady,
+					Status: v1.ConditionTrue,
+				},
+				boundCondition: &cdiv1.DataVolumeCondition{
+					Type:    cdiv1.DataVolumeBound,
+					Status:  v1.ConditionTrue,
+					Message: "PVC dv-https-import-qcow2 Bound",
+					Reason:  "Bound",
+				},
+				runningCondition: &cdiv1.DataVolumeCondition{
+					Type:    cdiv1.DataVolumeRunning,
+					Status:  v1.ConditionFalse,
+					Message: "Import Complete",
+					Reason:  "Completed",
+				}}),
 			table.Entry("[rfe_id:1111][crit:high][test_id:1361]succeed creating blank image dv", dataVolumeTestArguments{
 				name:             "blank-image-dv",
 				size:             "1Gi",

tests/utils/configmaps.go

@@ -81,6 +81,35 @@ func CopyConfigMap(client kubernetes.Interface, srcNamespace, srcName, destNames
 	return destName, nil
 }
 
+// CreateCertConfigMapWeirdFilename copies a configmap with a different key value
+func CreateCertConfigMapWeirdFilename(client kubernetes.Interface, destNamespace, srcNamespace string) (string, error) {
+	var certBytes string
+	srcName := FileHostCertConfigMap
+	srcCm, err := client.CoreV1().ConfigMaps(srcNamespace).Get(context.TODO(), srcName, metav1.GetOptions{})
+	if err != nil {
+		return "", err
+	}
+
+	for _, value := range srcCm.Data {
+		certBytes = value
+	}
+	destName := srcName + "-" + strings.ToLower(util.RandAlphaNum(8))
+	dst := &v1.ConfigMap{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: destName,
+		},
+		Data: map[string]string{
+			"weird-filename-should-still-be-accepted.crt": certBytes,
+		},
+	}
+	_, err = client.CoreV1().ConfigMaps(destNamespace).Create(context.TODO(), dst, metav1.CreateOptions{})
+	if err != nil {
+		return "", err
+	}
+
+	return destName, nil
+}
+
 const insecureRegistryKey = "test-registry"
 
 // SetInsecureRegistry sets the configmap entry to mark the registry as okay to be insecure