Skip to content

Commit

Permalink
Go back to using scratch space and Go client for custom CAs
Browse files Browse the repository at this point in the history
This restores support for the following scenarios:
- Now the system certs are considered as valid when a custom
CA is used.
- The custom CA will be accepted regardless of the key value
used in the configmap.

Add a test for the second scenario.

Signed-off-by: Maya Rashish <mrashish@redhat.com>
  • Loading branch information
maya-r committed Apr 8, 2021
1 parent 174f635 commit e2a43ed
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 0 deletions.
32 changes: 32 additions & 0 deletions tests/datavolume_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,14 @@ var _ = Describe("[vendor:cnv-qe@redhat.com][level:component]DataVolume tests",
return dataVolume
}

createHTTPSDataVolumeWeirdCertFilename := func(dataVolumeName, size, url string) *cdiv1.DataVolume {
dataVolume := utils.NewDataVolumeWithHTTPImport(dataVolumeName, size, url)
cm, err := utils.CreateCertConfigMapWeirdFilename(f.K8sClient, f.Namespace.Name, f.CdiInstallNs)
Expect(err).To(BeNil())
dataVolume.Spec.Source.HTTP.CertConfigMap = cm
return dataVolume
}

createCloneDataVolume := func(dataVolumeName, size, command string) *cdiv1.DataVolume {
sourcePodFillerName := fmt.Sprintf("%s-filler-pod", dataVolumeName)
pvcDef := utils.NewPVCDefinition(pvcName, size, nil, nil)
Expand Down Expand Up @@ -572,6 +580,30 @@ var _ = Describe("[vendor:cnv-qe@redhat.com][level:component]DataVolume tests",
Message: "Import Complete",
Reason: "Completed",
}}),
table.Entry("succeed creating import dv with custom https cert that has a weird filename", dataVolumeTestArguments{
name: "dv-https-import-qcow2",
size: "1Gi",
url: httpsTinyCoreQcow2URL,
dvFunc: createHTTPSDataVolumeWeirdCertFilename,
eventReason: controller.ImportSucceeded,
phase: cdiv1.Succeeded,
checkPermissions: true,
readyCondition: &cdiv1.DataVolumeCondition{
Type: cdiv1.DataVolumeReady,
Status: v1.ConditionTrue,
},
boundCondition: &cdiv1.DataVolumeCondition{
Type: cdiv1.DataVolumeBound,
Status: v1.ConditionTrue,
Message: "PVC dv-https-import-qcow2 Bound",
Reason: "Bound",
},
runningCondition: &cdiv1.DataVolumeCondition{
Type: cdiv1.DataVolumeRunning,
Status: v1.ConditionFalse,
Message: "Import Complete",
Reason: "Completed",
}}),
table.Entry("[rfe_id:1111][crit:high][test_id:1361]succeed creating blank image dv", dataVolumeTestArguments{
name: "blank-image-dv",
size: "1Gi",
Expand Down
28 changes: 28 additions & 0 deletions tests/utils/configmaps.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,34 @@ func CopyConfigMap(client kubernetes.Interface, srcNamespace, srcName, destNames
return destName, nil
}

func CreateCertConfigMapWeirdFilename(client kubernetes.Interface, destNamespace, srcNamespace string) (string, error) {
var certBytes string
srcName := FileHostCertConfigMap
srcCm, err := client.CoreV1().ConfigMaps(srcNamespace).Get(context.TODO(), srcName, metav1.GetOptions{})
if err != nil {
return "", err
}

for _, value := range srcCm.Data {
certBytes = value
}
destName := srcName + "-" + strings.ToLower(util.RandAlphaNum(8))
dst := &v1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{
Name: destName,
},
Data: map[string]string{
"weird-filename-should-still-be-accepted.crt": certBytes,
},
}
_, err = client.CoreV1().ConfigMaps(destNamespace).Create(context.TODO(), dst, metav1.CreateOptions{})
if err != nil {
return "", err
}

return destName, nil
}

const insecureRegistryKey = "test-registry"

// SetInsecureRegistry sets the configmap entry to mark the registry as okay to be insecure
Expand Down

0 comments on commit e2a43ed

Please sign in to comment.