Enable https tests #379
Enable https tests #379
Conversation
|
Attached issue: https://pulp.plan.io/issues/8677 |
| @@ -146,6 +146,13 @@ fi | |||
| ansible-playbook build_container.yaml | |||
| ansible-playbook start_container.yaml | |||
|
|
|||
| # Hack: adding pulp CA to certifi.where() | |||
| sudo docker cp pulp:/etc/pulp/certs/ca.crt /usr/local/share/ca-certificates/pulp_ca.crt | |||
| CERT=$(python -c 'import certifi; print(certifi.where())') | |||
There was a problem hiding this comment.
This is Mozilla CA bundle, and I'm appending pulp CA to it
| @@ -94,7 +94,7 @@ if [[ "$TEST" = 'bindings' || "$TEST" = 'publish' ]]; then | |||
| gem install --both ./{{ plugin_snake }}_client-0.gem | |||
| cd .. | |||
| {%- endif %} | |||
| ruby $REPO_ROOT/.ci/assets/bindings/test_bindings.rb | |||
| SSL_CERT_FILE=/usr/local/share/ca-certificates/pulp_ca.crt ruby $REPO_ROOT/.ci/assets/bindings/test_bindings.rb | |||
There was a problem hiding this comment.
Ruby doesn't use certifi lib, so I had to use an OpenSSL env var to point to the CA
fao89
force-pushed
the
8677
branch
6 times, most recently
from
10e305b
to
9a02955
Compare
| # Copy pulp CA | ||
| sudo docker cp pulp:/etc/pulp/certs/pulp_webserver.crt /usr/local/share/ca-certificates/pulp_webserver.crt | ||
| sudo docker cp pulp:/etc/pulp/certs/pulp_webserver.crt /etc/ssl/certs/pulp_webserver.crt | ||
| sudo docker cp pulp:/etc/pulp/certs/pulp_webserver.key /etc/ssl/private/pulp_webserver.key |
There was a problem hiding this comment.
I think, we don't need the key here. We should not expose it more than needed.
|
Since this is approved should we merge it? |
|
One last thing to consider: If we apply this template to old release branches, will they have a problem? |
|
We could open a pr and find out? |
since we are deciding to have HTTP and HTTPS tags, I can change this PR for https be optional |
|
I think that makes sense. Some plugins (like pulp_ansible) required updates to their tests since they do pulp-to-pulp syncs, etc. and these test changes might be hard to backport to older release branches. I would recommend we default to https being true. |
fao89
force-pushed
the
8677
branch
3 times, most recently
from
b0273fd
to
3b003fb
Compare
fao89
force-pushed
the
8677
branch
2 times, most recently
from
bd009fb
to
18718b8
Compare
|
Blocked by pulp/pulp-oci-images#73 or pulp/pulp-oci-images#84 |
|
Hey, can you attach this to #403? |
fao89
force-pushed
the
8677
branch
2 times, most recently
from
5c64463
to
f6129b0
Compare
closes pulp#403
| @@ -33,6 +33,7 @@ DEFAULT_SETTINGS = { | |||
| 'docker_fixtures': False, | |||
| 'docs_test': True, | |||
| 'issue_tracker': 'redmine', | |||
| 'pulp_scheme': 'http', | |||
There was a problem hiding this comment.
made http default, for now, so I can merge it.
After merging pulp/pulp-oci-images#73 or pulp/pulp-oci-images#84
we can change it to https
closes #8677