Skip to content

Commit

Permalink
lca ibi: add coverage for cabundle reference
Browse files Browse the repository at this point in the history
The PR adds a test that covers adding a certificate
via CA bundle reference

Signed-off-by: Alexander Chuzhoy <[email protected]>
  • Loading branch information
achuzhoy committed Dec 16, 2024
1 parent 3439013 commit a44f37b
Show file tree
Hide file tree
Showing 3 changed files with 65 additions and 1 deletion.
39 changes: 38 additions & 1 deletion tests/lca/imagebasedinstall/mgmt/deploy/tests/e2e-deploy-test.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

"github.com/openshift-kni/eco-goinfra/pkg/secret"
"github.com/openshift-kni/eco-gotests/tests/internal/cluster"
"github.com/openshift-kni/eco-gotests/tests/lca/imagebasedinstall/mgmt/deploy/internal/networkconfig"
"github.com/openshift-kni/eco-gotests/tests/lca/imagebasedinstall/mgmt/deploy/internal/tsparams"
"github.com/openshift-kni/eco-gotests/tests/lca/imagebasedinstall/mgmt/internal/installconfig"
Expand All @@ -37,6 +38,7 @@ import (
"github.com/openshift-kni/eco-gotests/tests/lca/internal/brutil"
k8sScheme "k8s.io/client-go/kubernetes/scheme"

"github.com/openshift-kni/eco-gotests/tests/lca/imagebasedinstall/mgmt/internal/mgmtparams"
v1 "k8s.io/api/core/v1"
)

Expand All @@ -49,6 +51,8 @@ const (
extraManifestNamespaceConfigmapName = "extra-manifests-cm0"
extraManifestConfigmapConfigmapName = "extra-manifests-cm1"

caBundleConfigMapName = "ca-bundle-configmap"

ibiClusterTemplateName = "ibi-cluster-templates-v1"
ibiNodeTemplateName = "ibi-node-templates-v1"

Expand Down Expand Up @@ -138,6 +142,21 @@ var _ = Describe(
"error: extra manifest configmap has incorrect content")
})

It("successfully adds CA bundle", reportxml.ID("77795"), func() {
if !MGMTConfig.CABundle {
Skip("Cluster not configured with CA bundle")
}

By("Get spoke client")
spokeClient = getSpokeClient()

By("Validate adding a certificate by referencing a CA bundle", func() {
execCmd := "grep -q qebox.redhat.com /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"
_, err := cluster.ExecCmdWithStdout(spokeClient, execCmd)
Expect(err).ToNot(HaveOccurred(), "failed checking the ca bundle for expected entry: %s", err)
})
})

It("successfully configured using FIPs", reportxml.ID("76644"), func() {
if !MGMTConfig.SeedClusterInfo.HasFIPS {
Skip("Cluster not using FIPS enabled seed image")
Expand Down Expand Up @@ -214,6 +233,16 @@ func createSharedResources() {
Expect(err).NotTo(HaveOccurred(), "error creating configmap for extra manifests configmap")
}

if MGMTConfig.CABundle {
By("Create configmap for CA bundle")

_, err = configmap.NewBuilder(
APIClient, caBundleConfigMapName, MGMTConfig.Cluster.Info.ClusterName).WithData(map[string]string{
"tls-ca-bundle.pem": mgmtparams.CaBundleString,
}).Create()
Expect(err).NotTo(HaveOccurred(), "error creating configmap with CA bundle")
}

for host, info := range MGMTConfig.Cluster.Info.Hosts {
By("Create baremetalhost secret for " + host)

Expand Down Expand Up @@ -290,6 +319,10 @@ func createIBIOResouces(addressFamily string) {
WithExtraManifests(extraManifestConfigmapConfigmapName)
}

if MGMTConfig.CABundle {
imageClusterInstall.WithCABundle(caBundleConfigMapName)
}

if MGMTConfig.PublicSSHKey != "" {
imageClusterInstall.WithSSHKey(MGMTConfig.PublicSSHKey)
}
Expand Down Expand Up @@ -393,6 +426,10 @@ func createSiteConfigResouces(addressFamily string) {
WithExtraManifests(extraManifestConfigmapConfigmapName)
}

if MGMTConfig.CABundle {
clusterInstanceBuilder.WithCABundle(caBundleConfigMapName)
}

if MGMTConfig.SeedClusterInfo.Proxy.HTTPProxy != "" || MGMTConfig.SeedClusterInfo.Proxy.HTTPSProxy != "" {
clusterInstanceBuilder.WithProxy(&v1beta1.Proxy{
HTTPProxy: MGMTConfig.SeedClusterInfo.Proxy.HTTPProxy,
Expand Down Expand Up @@ -466,7 +503,7 @@ func createSiteConfigResouces(addressFamily string) {
}

return false, nil
}).WithTimeout(time.Minute*20).WithPolling(time.Second*5).Should(
}).WithTimeout(time.Minute*30).WithPolling(time.Second*10).Should(
BeTrue(), "error waiting for clusterinstance to finish provisioning")
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ type MGMTConfig struct {
PublicSSHKey string
StaticNetworking bool `envconfig:"ECO_LCA_IBI_MGMT_STATIC_NETWORK" default:"false"`
ExtraManifests bool `envconfig:"ECO_LCA_IBI_EXTRA_MANIFESTS" default:"true"`
CABundle bool `envconfig:"ECO_LCA_IBI_CA_BUNDLE" default:"true"`
SiteConfig bool `envconfig:"ECO_LCA_IBI_SITECONFIG" default:"true"`
}

Expand Down
26 changes: 26 additions & 0 deletions tests/lca/imagebasedinstall/mgmt/internal/mgmtparams/const.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,30 @@ const (

// MGMTLogLevel custom loglevel for the mgmt testing verbose mode.
MGMTLogLevel = 50

// CaBundleString is the CA bundle string.
CaBundleString = `-----BEGIN CERTIFICATE-----
MIIEBTCCAu2gAwIBAgIUKp897WUzzjMtZ2YQs7JTCvwLy1gwDQYJKoZIhvcNAQEL
BQAwgZExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEQMA4GA1UEBwwHUmFsZWln
aDETMBEGA1UECgwKUmVkSGF0IExURDELMAkGA1UECwwCUUUxGTAXBgNVBAMMEHFl
Ym94LnJlZGhhdC5jb20xJjAkBgkqhkiG9w0BCQEWF29ob2NobWFuLWFsbEByZWRo
YXQuY29tMB4XDTI0MTExOTE0MzY0N1oXDTI0MTIxOTE0MzY0N1owgZExCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJOQzEQMA4GA1UEBwwHUmFsZWlnaDETMBEGA1UECgwK
UmVkSGF0IExURDELMAkGA1UECwwCUUUxGTAXBgNVBAMMEHFlYm94LnJlZGhhdC5j
b20xJjAkBgkqhkiG9w0BCQEWF29ob2NobWFuLWFsbEByZWRoYXQuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMHan2/lttpHFfw95d8prUYGuRXH
TTrbsWjKKqBEADgw/v/9T1/2LWBJpyW210EZpoyjhBSw7We5EqQAFenPdvBNQefa
qx/8feVZpyTux+pbJomyppx4tzwS1Bgn0Myn9mNBqFylEQH1TIIwhkeBcYsLis9/
9ECBgDE8haFRxpue8psEkWc5zouuFewejvjMpjIWNpQU337tb7LD945/oWbwo1fn
ZIl19O5aryrY7fA+NAczWm83oIcMt/Sp/Cg1ZfOXszgHFF1cbQrXWFzRZAgWAxTb
swpcqbyIHRtO+mle5IOnKjLj9ikuBrkhN6wybLD01VybrlLcESuGife0hwIDAQAB
o1MwUTAdBgNVHQ4EFgQUA247p0jVYog+OcD12/FGGzVQ0VswHwYDVR0jBBgwFoAU
A247p0jVYog+OcD12/FGGzVQ0VswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAXik+/xFp/jGRDpFGgQwGJd7hbQ5WFuNt+5mGns9/Ws9fsGbbdlxc
jsM5YJoWb0sth2ovv+/4UDshGEYEunLe/AQ/xkG+7/sA0R86joUfNbdIm4AzgOC3
J3eaEmy777tsC71aMS/W7jEdwftdcRn/UHS+6oG69hpNUM3mU9EUYpeff8RbspY7
2nLwA5XqGknKE2MZrD3fSWWqIYiAqXze1lfLGIud+apQX9vryjefE9xXWXMd8mrZ
VJ/qsrFU7O5ktfvJ50DkIHLYCeTghzI0y1mTwfHF/g1N7dsIGmaL74Xp1akYPLmT
EBaAqEqwwGkygraipfs5BJSxtozhelqjpQ==
-----END CERTIFICATE-----`
)

0 comments on commit a44f37b

Please sign in to comment.