Add tests for AEM keystore

[Siebes]

the aem keystore is located at /opt/aem/{author/publish}/crx-quickstart/ssl/aem.ks

We need to verify that the key has been added to the keystore with the alias cqse

describe command("keytool -list -keystore #{aem_keystore_path} -alias cqse -storepass {aem_keystore_password} ", redact_regex: /-storepass .*/) do
  its('exit_status') { should eq 0 }
end

The above command should work but was returning an exit status of 1.

[mbloch1986]

The redact_regex option for describe command is not supported in the InSpec version we are currently using.

https://www.inspec.io/docs/reference/resources/command/

[mbloch1986]

Check is not included yet, as the check is failing while baking with packer-aem

aws:   Command /bin/keytool -list -keystore /opt/aem/author/crx-quickstart/ssl/aem.ks -alias cqse -storepass changeit
    aws:      ∅  exit_status should eq 0
    aws:
    aws:      expected: 0
    aws:           got: 1
    aws:
    aws:      (compared using ==)

[mbloch1986]

Once the issue is solved we need to add this check for the repo aem-aws-stack-provisioner for the reconfiguration scenario

[mbloch1986]

In order to check for the error message we probably should add the following check to the inspec test:

its('stderr') { should eq '' }

[mbloch1986]

Error message:

�[0;32m aws: �[38;5;208m ∅ stdout should eq ""�[0m
�[0;32m aws:�[0m
�[0;32m aws: expected: ""�[0m
�[0;32m aws: got: "keytool error: java.lang.Exception: Keystore file does not exist: /opt/aem/publish/crx-quickstart/ssl/aem.ks\n"�[0m

[mbloch1986]

Error persist even changing the order of the keytool option doesn't help:

describe command("keytool -alias cqse -storepass #{aem_keystore_password} -list -keystore /opt/aem/author/crx-quickstart/ssl/aem.ks") do
[..]

Or adding ' to the keystore path doesn't help:

describe command("keytool -alias cqse -storepass #{aem_keystore_password} -list -keystore '#{aem_base}/aem/author/crx-quickstart/ssl/aem.ks'") do
[..]

[cliffano]

Now that the keystore password is stored in parameter store, we need to first retrieve the password (ARN would be available from user config YAML) before using it for testing.

[mbloch1986]

The problem we encountered before where the keystore couldn't be found for testing must have been something to do that the content of /opt/aem/ dir is moved to the mounted filesystem.

Therefore we have use the new path to the aem keystore e.g. as done for this test here #174

Additional we can't test the keystore password with the current implementation of how we retrieve the hiera parameter in our inspec tests, as the SSM parameter store lookup only works with hiera 5 while the hiera lookup in our InSpec tests only supports hiera 3.