From a44f37b82b4aae32b8c20d8b8ea6c7411b6984ba Mon Sep 17 00:00:00 2001 From: Alexander Chuzhoy Date: Mon, 9 Dec 2024 13:25:31 -0500 Subject: [PATCH] lca ibi: add coverage for cabundle reference The PR adds a test that covers adding a certificate via CA bundle reference Signed-off-by: Alexander Chuzhoy --- .../mgmt/deploy/tests/e2e-deploy-test.go | 39 ++++++++++++++++++- .../mgmt/internal/mgmtconfig/config.go | 1 + .../mgmt/internal/mgmtparams/const.go | 26 +++++++++++++ 3 files changed, 65 insertions(+), 1 deletion(-) diff --git a/tests/lca/imagebasedinstall/mgmt/deploy/tests/e2e-deploy-test.go b/tests/lca/imagebasedinstall/mgmt/deploy/tests/e2e-deploy-test.go index 5c31ea017..7f0c5a34a 100644 --- a/tests/lca/imagebasedinstall/mgmt/deploy/tests/e2e-deploy-test.go +++ b/tests/lca/imagebasedinstall/mgmt/deploy/tests/e2e-deploy-test.go @@ -29,6 +29,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/openshift-kni/eco-goinfra/pkg/secret" + "github.com/openshift-kni/eco-gotests/tests/internal/cluster" "github.com/openshift-kni/eco-gotests/tests/lca/imagebasedinstall/mgmt/deploy/internal/networkconfig" "github.com/openshift-kni/eco-gotests/tests/lca/imagebasedinstall/mgmt/deploy/internal/tsparams" "github.com/openshift-kni/eco-gotests/tests/lca/imagebasedinstall/mgmt/internal/installconfig" @@ -37,6 +38,7 @@ import ( "github.com/openshift-kni/eco-gotests/tests/lca/internal/brutil" k8sScheme "k8s.io/client-go/kubernetes/scheme" + "github.com/openshift-kni/eco-gotests/tests/lca/imagebasedinstall/mgmt/internal/mgmtparams" v1 "k8s.io/api/core/v1" ) @@ -49,6 +51,8 @@ const ( extraManifestNamespaceConfigmapName = "extra-manifests-cm0" extraManifestConfigmapConfigmapName = "extra-manifests-cm1" + caBundleConfigMapName = "ca-bundle-configmap" + ibiClusterTemplateName = "ibi-cluster-templates-v1" ibiNodeTemplateName = "ibi-node-templates-v1" @@ -138,6 +142,21 @@ var _ = Describe( "error: extra manifest configmap has incorrect content") }) + It("successfully adds CA bundle", reportxml.ID("77795"), func() { + if !MGMTConfig.CABundle { + Skip("Cluster not configured with CA bundle") + } + + By("Get spoke client") + spokeClient = getSpokeClient() + + By("Validate adding a certificate by referencing a CA bundle", func() { + execCmd := "grep -q qebox.redhat.com /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" + _, err := cluster.ExecCmdWithStdout(spokeClient, execCmd) + Expect(err).ToNot(HaveOccurred(), "failed checking the ca bundle for expected entry: %s", err) + }) + }) + It("successfully configured using FIPs", reportxml.ID("76644"), func() { if !MGMTConfig.SeedClusterInfo.HasFIPS { Skip("Cluster not using FIPS enabled seed image") @@ -214,6 +233,16 @@ func createSharedResources() { Expect(err).NotTo(HaveOccurred(), "error creating configmap for extra manifests configmap") } + if MGMTConfig.CABundle { + By("Create configmap for CA bundle") + + _, err = configmap.NewBuilder( + APIClient, caBundleConfigMapName, MGMTConfig.Cluster.Info.ClusterName).WithData(map[string]string{ + "tls-ca-bundle.pem": mgmtparams.CaBundleString, + }).Create() + Expect(err).NotTo(HaveOccurred(), "error creating configmap with CA bundle") + } + for host, info := range MGMTConfig.Cluster.Info.Hosts { By("Create baremetalhost secret for " + host) @@ -290,6 +319,10 @@ func createIBIOResouces(addressFamily string) { WithExtraManifests(extraManifestConfigmapConfigmapName) } + if MGMTConfig.CABundle { + imageClusterInstall.WithCABundle(caBundleConfigMapName) + } + if MGMTConfig.PublicSSHKey != "" { imageClusterInstall.WithSSHKey(MGMTConfig.PublicSSHKey) } @@ -393,6 +426,10 @@ func createSiteConfigResouces(addressFamily string) { WithExtraManifests(extraManifestConfigmapConfigmapName) } + if MGMTConfig.CABundle { + clusterInstanceBuilder.WithCABundle(caBundleConfigMapName) + } + if MGMTConfig.SeedClusterInfo.Proxy.HTTPProxy != "" || MGMTConfig.SeedClusterInfo.Proxy.HTTPSProxy != "" { clusterInstanceBuilder.WithProxy(&v1beta1.Proxy{ HTTPProxy: MGMTConfig.SeedClusterInfo.Proxy.HTTPProxy, @@ -466,7 +503,7 @@ func createSiteConfigResouces(addressFamily string) { } return false, nil - }).WithTimeout(time.Minute*20).WithPolling(time.Second*5).Should( + }).WithTimeout(time.Minute*30).WithPolling(time.Second*10).Should( BeTrue(), "error waiting for clusterinstance to finish provisioning") } diff --git a/tests/lca/imagebasedinstall/mgmt/internal/mgmtconfig/config.go b/tests/lca/imagebasedinstall/mgmt/internal/mgmtconfig/config.go index c3c696da0..12a0edc61 100644 --- a/tests/lca/imagebasedinstall/mgmt/internal/mgmtconfig/config.go +++ b/tests/lca/imagebasedinstall/mgmt/internal/mgmtconfig/config.go @@ -68,6 +68,7 @@ type MGMTConfig struct { PublicSSHKey string StaticNetworking bool `envconfig:"ECO_LCA_IBI_MGMT_STATIC_NETWORK" default:"false"` ExtraManifests bool `envconfig:"ECO_LCA_IBI_EXTRA_MANIFESTS" default:"true"` + CABundle bool `envconfig:"ECO_LCA_IBI_CA_BUNDLE" default:"true"` SiteConfig bool `envconfig:"ECO_LCA_IBI_SITECONFIG" default:"true"` } diff --git a/tests/lca/imagebasedinstall/mgmt/internal/mgmtparams/const.go b/tests/lca/imagebasedinstall/mgmt/internal/mgmtparams/const.go index d7c8641f8..79e2594e2 100644 --- a/tests/lca/imagebasedinstall/mgmt/internal/mgmtparams/const.go +++ b/tests/lca/imagebasedinstall/mgmt/internal/mgmtparams/const.go @@ -9,4 +9,30 @@ const ( // MGMTLogLevel custom loglevel for the mgmt testing verbose mode. MGMTLogLevel = 50 + + // CaBundleString is the CA bundle string. + CaBundleString = `-----BEGIN CERTIFICATE----- +MIIEBTCCAu2gAwIBAgIUKp897WUzzjMtZ2YQs7JTCvwLy1gwDQYJKoZIhvcNAQEL +BQAwgZExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEQMA4GA1UEBwwHUmFsZWln +aDETMBEGA1UECgwKUmVkSGF0IExURDELMAkGA1UECwwCUUUxGTAXBgNVBAMMEHFl +Ym94LnJlZGhhdC5jb20xJjAkBgkqhkiG9w0BCQEWF29ob2NobWFuLWFsbEByZWRo +YXQuY29tMB4XDTI0MTExOTE0MzY0N1oXDTI0MTIxOTE0MzY0N1owgZExCzAJBgNV +BAYTAlVTMQswCQYDVQQIDAJOQzEQMA4GA1UEBwwHUmFsZWlnaDETMBEGA1UECgwK +UmVkSGF0IExURDELMAkGA1UECwwCUUUxGTAXBgNVBAMMEHFlYm94LnJlZGhhdC5j +b20xJjAkBgkqhkiG9w0BCQEWF29ob2NobWFuLWFsbEByZWRoYXQuY29tMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMHan2/lttpHFfw95d8prUYGuRXH +TTrbsWjKKqBEADgw/v/9T1/2LWBJpyW210EZpoyjhBSw7We5EqQAFenPdvBNQefa +qx/8feVZpyTux+pbJomyppx4tzwS1Bgn0Myn9mNBqFylEQH1TIIwhkeBcYsLis9/ +9ECBgDE8haFRxpue8psEkWc5zouuFewejvjMpjIWNpQU337tb7LD945/oWbwo1fn +ZIl19O5aryrY7fA+NAczWm83oIcMt/Sp/Cg1ZfOXszgHFF1cbQrXWFzRZAgWAxTb +swpcqbyIHRtO+mle5IOnKjLj9ikuBrkhN6wybLD01VybrlLcESuGife0hwIDAQAB +o1MwUTAdBgNVHQ4EFgQUA247p0jVYog+OcD12/FGGzVQ0VswHwYDVR0jBBgwFoAU +A247p0jVYog+OcD12/FGGzVQ0VswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B +AQsFAAOCAQEAXik+/xFp/jGRDpFGgQwGJd7hbQ5WFuNt+5mGns9/Ws9fsGbbdlxc +jsM5YJoWb0sth2ovv+/4UDshGEYEunLe/AQ/xkG+7/sA0R86joUfNbdIm4AzgOC3 +J3eaEmy777tsC71aMS/W7jEdwftdcRn/UHS+6oG69hpNUM3mU9EUYpeff8RbspY7 +2nLwA5XqGknKE2MZrD3fSWWqIYiAqXze1lfLGIud+apQX9vryjefE9xXWXMd8mrZ +VJ/qsrFU7O5ktfvJ50DkIHLYCeTghzI0y1mTwfHF/g1N7dsIGmaL74Xp1akYPLmT +EBaAqEqwwGkygraipfs5BJSxtozhelqjpQ== +-----END CERTIFICATE-----` )