New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable https tests #379
Enable https tests #379
Conversation
|
Attached issue: https://pulp.plan.io/issues/8677 |
| @@ -146,6 +146,13 @@ fi | |||
| ansible-playbook build_container.yaml | |||
| ansible-playbook start_container.yaml | |||
|
|
|||
| # Hack: adding pulp CA to certifi.where() | |||
| sudo docker cp pulp:/etc/pulp/certs/ca.crt /usr/local/share/ca-certificates/pulp_ca.crt | |||
| CERT=$(python -c 'import certifi; print(certifi.where())') | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is Mozilla CA bundle, and I'm appending pulp CA to it
| @@ -94,7 +94,7 @@ if [[ "$TEST" = 'bindings' || "$TEST" = 'publish' ]]; then | |||
| gem install --both ./{{ plugin_snake }}_client-0.gem | |||
| cd .. | |||
| {%- endif %} | |||
| ruby $REPO_ROOT/.ci/assets/bindings/test_bindings.rb | |||
| SSL_CERT_FILE=/usr/local/share/ca-certificates/pulp_ca.crt ruby $REPO_ROOT/.ci/assets/bindings/test_bindings.rb | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ruby doesn't use certifi lib, so I had to use an OpenSSL env var to point to the CA
10e305b
to
9a02955
Compare
| # Copy pulp CA | ||
| sudo docker cp pulp:/etc/pulp/certs/pulp_webserver.crt /usr/local/share/ca-certificates/pulp_webserver.crt | ||
| sudo docker cp pulp:/etc/pulp/certs/pulp_webserver.crt /etc/ssl/certs/pulp_webserver.crt | ||
| sudo docker cp pulp:/etc/pulp/certs/pulp_webserver.key /etc/ssl/private/pulp_webserver.key |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think, we don't need the key here. We should not expose it more than needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Quite a change... But it looks good to me!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is awesome. Thank you!
|
Since this is approved should we merge it? |
|
One last thing to consider: If we apply this template to old release branches, will they have a problem? |
|
We could open a pr and find out? |
since we are deciding to have HTTP and HTTPS tags, I can change this PR for https be optional |
|
I think that makes sense. Some plugins (like pulp_ansible) required updates to their tests since they do pulp-to-pulp syncs, etc. and these test changes might be hard to backport to older release branches. I would recommend we default to https being true. |
b0273fd
to
3b003fb
Compare
bd009fb
to
18718b8
Compare
|
Blocked by pulp/pulp-oci-images#73 or pulp/pulp-oci-images#84 |
|
Hey, can you attach this to #403? |
5c64463
to
f6129b0
Compare
closes pulp#403
| @@ -33,6 +33,7 @@ DEFAULT_SETTINGS = { | |||
| 'docker_fixtures': False, | |||
| 'docs_test': True, | |||
| 'issue_tracker': 'redmine', | |||
| 'pulp_scheme': 'http', | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
made http default, for now, so I can merge it.
After merging pulp/pulp-oci-images#73 or pulp/pulp-oci-images#84
we can change it to https
closes #8677