Enable https tests

closes pulp#403

.github/workflows/bootstrap.yaml

@@ -127,7 +127,7 @@ jobs:
         if: failure()
         run: |
           echo "Need to debug? Please check: https://github.com/marketplace/actions/debugging-with-tmate"
-          http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true
+          http --timeout 30 --check-status --pretty format --print hb https://pulp/pulp/api/v3/status/ || true
           docker images || true
           docker ps -a || true
           docker logs pulp || true

CHANGES/403.feature

@@ -0,0 +1 @@
+Enable https functional tests

meta_docs/reference/documentation.md

@@ -3,7 +3,7 @@ Documenting your API
 --------------------
 
 Each instance of Pulp optionally hosts dynamically generated API documentation located at
-`http://pulpserver/pulp/api/v3/docs/`.
+`https://pulpserver/pulp/api/v3/docs/`.
 
 The API endpoint description is generated from the docstring on the CRUD methods on a ViewSet.
 

plugin-template

@@ -33,6 +33,7 @@ DEFAULT_SETTINGS = {
     'docker_fixtures': False,
     'docs_test': True,
     'issue_tracker': 'redmine',
+    'pulp_scheme': 'http',
     'plugin_app_label': None,
     'plugin_camel': None,
     'plugin_camel_short': None,

templates/bootstrap/plugin_name/app/viewsets.py.j2

@@ -42,7 +42,7 @@ class {{ plugin_camel_short }}ContentViewSet(core.ContentViewSet):
 
     Define endpoint name which will appear in the API endpoint for this content type.
     For example::
-        http://pulp.example.com/pulp/api/v3/content/{{ plugin_dash_short }}/units/
+        https://pulp.example.com/pulp/api/v3/content/{{ plugin_dash_short }}/units/
 
     Also specify queryset and serializer for {{ plugin_camel_short }}Content.
     """

templates/github/.ci/ansible/Containerfile.j2.copy

@@ -1,4 +1,4 @@
-FROM {{ ci_base | default("pulp/pulp-ci-centos:latest") }}
+FROM {{ ci_base | default("pulp/pulp-ci-centos:" + pulp_container_tag) }}
 
 # Add source directories to container
 {% for item in plugins %}

templates/github/.ci/ansible/settings.py.j2.copy

@@ -1,9 +1,9 @@
-CONTENT_ORIGIN = "http://pulp:80"
-ANSIBLE_API_HOSTNAME = "http://pulp:80"
-ANSIBLE_CONTENT_HOSTNAME = "http://pulp:80/pulp/content"
+CONTENT_ORIGIN = "{{ pulp_scheme }}://pulp:{{ 443 if pulp_scheme == 'https' else 80 }}"
+ANSIBLE_API_HOSTNAME = "{{ pulp_scheme }}://pulp:{{ 443 if pulp_scheme == 'https' else 80 }}"
+ANSIBLE_CONTENT_HOSTNAME = "{{ pulp_scheme }}://pulp:{{ 443 if pulp_scheme == 'https' else 80 }}/pulp/content"
 PRIVATE_KEY_PATH = "/etc/pulp/certs/token_private_key.pem"
 PUBLIC_KEY_PATH = "/etc/pulp/certs/token_public_key.pem"
-TOKEN_SERVER = "http://pulp:80/token/"
+TOKEN_SERVER = "{{ pulp_scheme }}://pulp:{{ 443 if pulp_scheme == 'https' else 80 }}/token/"
 TOKEN_SIGNATURE_ALGORITHM = "ES256"
 
 {% if pulp_settings %}

templates/github/.ci/ansible/smash-config.json.j2

@@ -12,13 +12,13 @@
       "hostname": "pulp",
       "roles": {
         "api": {
-          "port": 80,
-          "scheme": "http",
+          "port": {{ 443 if pulp_scheme == 'https' else 80 }},
+          "scheme": "{{ pulp_scheme }}",
           "service": "nginx"
         },
         "content": {
-          "port": 80,
-          "scheme": "http",
+          "port": {{ 443 if pulp_scheme == 'https' else 80 }},
+          "scheme": "{{ pulp_scheme }}",
           "service": "pulp_content_app"
         },
         "pulp resource manager": {},

templates/github/.ci/ansible/start_container.yaml

@@ -71,7 +71,8 @@
         - name: "Wait for Pulp"
           uri:
             url: "http://pulp/pulp/api/v3/status/"
-            follow_redirects: none
+            follow_redirects: all
+            validate_certs: no
           register: result
           until: result.status == 200
           retries: 12

templates/github/.github/workflows/ci.yml.j2

@@ -139,7 +139,7 @@ jobs:
         if: {{ "${{ failure() }}" }} 
         run: |
           echo "Need to debug? Please check: https://github.com/marketplace/actions/debugging-with-tmate"
-          http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true
+          http --timeout 30 --check-status --pretty format --print hb {{ pulp_scheme }}://pulp/pulp/api/v3/status/ || true
           docker images || true
           docker ps -a || true
           docker logs pulp || true
@@ -227,7 +227,7 @@ jobs:
       - name: After failure
         if: {{ "${{ failure() }}" }}
         run: |
-          http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true
+          http --timeout 30 --check-status --pretty format --print hb {{ pulp_scheme }}://pulp/pulp/api/v3/status/ || true
           docker images || true
           docker ps -a || true
           docker logs pulp || true

templates/github/.github/workflows/nightly.yml.j2

@@ -277,7 +277,7 @@ jobs:
       - name: After failure
         if: failure()
         run: |
-          http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true
+          http --timeout 30 --check-status --pretty format --print hb {{ pulp_scheme }}://pulp/pulp/api/v3/status/ || true
           docker images || true
           docker ps -a || true
           docker logs pulp || true

templates/github/.github/workflows/release.yml.j2

@@ -179,7 +179,7 @@ jobs:
       - name: After failure
         if: failure()
         run: |
-          http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true
+          http --timeout 30 --check-status --pretty format --print hb {{ pulp_scheme }}://pulp/pulp/api/v3/status/ || true
           docker images || true
           docker ps -a || true
           docker logs pulp || true

templates/github/.github/workflows/scripts/before_install.sh.j2

@@ -111,7 +111,7 @@ fi
 
 cd pulp-cli
 pip install -e .
-pulp config create --base-url http://pulp --location tests/settings.toml --no-verify-ssl
+pulp config create --base-url {{ pulp_scheme }}://pulp --location tests/settings.toml {% if pulp_scheme != 'https' %}--no-verify-ssl{% endif %}
 mkdir ~/.config/pulp
 cp tests/settings.toml ~/.config/pulp/settings.toml
 cd ..

templates/github/.github/workflows/scripts/install.sh.j2

@@ -113,6 +113,8 @@ VARSYAML
 
 cat >> vars/main.yaml << VARSYAML
 pulp_settings: {{ pulp_settings | tojson }}
+pulp_scheme: {{ pulp_scheme }}
+pulp_container_tag: {{ 'https' if pulp_scheme == 'https' else 'latest' }}
 VARSYAML
 
 {%- if docker_fixtures %}
@@ -146,6 +148,24 @@ fi
 ansible-playbook build_container.yaml
 ansible-playbook start_container.yaml
 
+{%- if pulp_scheme == "https" %}
+echo ::group::SSL
+# Copy pulp CA
+sudo docker cp pulp:/etc/pulp/certs/pulp_webserver.crt /usr/local/share/ca-certificates/pulp_webserver.crt
+
+# Hack: adding pulp CA to certifi.where()
+CERTIFI=$(python -c 'import certifi; print(certifi.where())')
+cat /usr/local/share/ca-certificates/pulp_webserver.crt | sudo tee -a $CERTIFI
+
+# Hack: adding pulp CA to default CA file
+CERT=$(python -c 'import ssl; print(ssl.get_default_verify_paths().openssl_cafile)')
+cat $CERTIFI | sudo tee -a $CERT
+
+# Updating certs
+sudo update-ca-certificates
+echo ::endgroup::
+{%- endif %}
+
 echo ::group::PIP_LIST
 cmd_prefix bash -c "pip3 list && pip3 install pipdeptree && pipdeptree"
 echo ::endgroup::

templates/github/.github/workflows/scripts/install_python_client.sh.j2

@@ -4,14 +4,14 @@
 
 set -euv
 
-export PULP_URL="${PULP_URL:-http://pulp}"
+export PULP_URL="${PULP_URL:-{{ pulp_scheme }}://pulp}"
 
 # make sure this script runs at the repo root
 cd "$(dirname "$(realpath -e "$0")")"/../../..
 
 pip install twine wheel
 
-export REPORTED_VERSION=$(http pulp/pulp/api/v3/status/ | jq --arg plugin {{ plugin_app_label }} --arg legacy_plugin {{ plugin_snake }} -r '.versions[] | select(.component == $plugin or .component == $legacy_plugin) | .version')
+export REPORTED_VERSION=$(http $PULP_URL/pulp/api/v3/status/ | jq --arg plugin {{ plugin_app_label }} --arg legacy_plugin {{ plugin_snake }} -r '.versions[] | select(.component == $plugin or .component == $legacy_plugin) | .version')
 export DESCRIPTION="$(git describe --all --exact-match `git rev-parse HEAD`)"
 if [[ $DESCRIPTION == 'tags/'$REPORTED_VERSION ]]; then
   export VERSION=${REPORTED_VERSION}

templates/github/.github/workflows/scripts/install_ruby_client.sh.j2

@@ -7,9 +7,9 @@ set -euv
 # make sure this script runs at the repo root
 cd "$(dirname "$(realpath -e "$0")")"/../../..
 
-export PULP_URL="${PULP_URL:-http://pulp}"
+export PULP_URL="${PULP_URL:-{{ pulp_scheme }}://pulp}"
 
-export REPORTED_VERSION=$(http pulp/pulp/api/v3/status/ | jq --arg plugin {{ plugin_app_label }} --arg legacy_plugin {{ plugin_snake }} -r '.versions[] | select(.component == $plugin or .component == $legacy_plugin) | .version')
+export REPORTED_VERSION=$(http $PULP_URL/pulp/api/v3/status/ | jq --arg plugin {{ plugin_app_label }} --arg legacy_plugin {{ plugin_snake }} -r '.versions[] | select(.component == $plugin or .component == $legacy_plugin) | .version')
 export DESCRIPTION="$(git describe --all --exact-match `git rev-parse HEAD`)"
 if [[ $DESCRIPTION == 'tags/'$REPORTED_VERSION ]]; then
   export VERSION=${REPORTED_VERSION}

templates/github/.github/workflows/scripts/publish_plugin_pypi.sh.j2

@@ -7,8 +7,6 @@ cd "$(dirname "$(realpath -e "$0")")"/../../..
 
 set -euv
 
-export PULP_URL="${PULP_URL:-http://pulp}"
-
 export response=$(curl --write-out %{http_code} --silent --output /dev/null https://pypi.org/project/{{ plugin_dash }}/$1/)
 if [ "$response" == "200" ];
 then

templates/github/.github/workflows/scripts/script.sh.j2

@@ -21,7 +21,7 @@ export FUNC_TEST_SCRIPT=$PWD/.github/workflows/scripts/func_test_script.sh
 export DJANGO_SETTINGS_MODULE=pulpcore.app.settings
 export PULP_SETTINGS=$PWD/.ci/ansible/settings/settings.py
 
-export PULP_URL="http://pulp"
+export PULP_URL="{{ pulp_scheme }}://pulp"
 
 if [[ "$TEST" = "docs" ]]; then
   cd docs
@@ -43,7 +43,7 @@ if [[ "$TEST" = "docs" ]]; then
 fi
 
 if [[ "${RELEASE_WORKFLOW:-false}" == "true" ]]; then
-  REPORTED_VERSION=$(http pulp/pulp/api/v3/status/ | jq --arg plugin {{ plugin_app_label }} --arg legacy_plugin {{ plugin_snake }} -r '.versions[] | select(.component == $plugin or .component == $legacy_plugin) | .version')
+  REPORTED_VERSION=$(http $PULP_URL/pulp/api/v3/status/ | jq --arg plugin {{ plugin_app_label }} --arg legacy_plugin {{ plugin_snake }} -r '.versions[] | select(.component == $plugin or .component == $legacy_plugin) | .version')
   response=$(curl --write-out %{http_code} --silent --output /dev/null https://pypi.org/project/{{ plugin_dash }}/$REPORTED_VERSION/)
   if [ "$response" == "200" ];
   then