From d7e8c4a475f29d739005381d1abd80d91f67d6ae Mon Sep 17 00:00:00 2001 From: Fabricio Aguiar Date: Mon, 5 Jul 2021 14:52:51 -0300 Subject: [PATCH] Enable https tests closes #403 --- .github/workflows/bootstrap.yaml | 2 +- CHANGES/403.feature | 1 + meta_docs/reference/documentation.md | 2 +- plugin-template | 1 + .../bootstrap/plugin_name/app/viewsets.py.j2 | 2 +- .../github/.ci/ansible/Containerfile.j2.copy | 2 +- .../github/.ci/ansible/settings.py.j2.copy | 8 ++++---- .../github/.ci/ansible/smash-config.json.j2 | 8 ++++---- .../github/.ci/ansible/start_container.yaml | 3 ++- templates/github/.github/workflows/ci.yml.j2 | 4 ++-- .../github/.github/workflows/nightly.yml.j2 | 2 +- .../github/.github/workflows/release.yml.j2 | 2 +- .../workflows/scripts/before_install.sh.j2 | 2 +- .../.github/workflows/scripts/install.sh.j2 | 20 +++++++++++++++++++ .../scripts/install_python_client.sh.j2 | 4 ++-- .../scripts/install_ruby_client.sh.j2 | 4 ++-- .../scripts/publish_plugin_pypi.sh.j2 | 2 -- .../.github/workflows/scripts/script.sh.j2 | 4 ++-- 18 files changed, 47 insertions(+), 26 deletions(-) create mode 100644 CHANGES/403.feature diff --git a/.github/workflows/bootstrap.yaml b/.github/workflows/bootstrap.yaml index 3d10ad2a..f73d2ddb 100644 --- a/.github/workflows/bootstrap.yaml +++ b/.github/workflows/bootstrap.yaml @@ -127,7 +127,7 @@ jobs: if: failure() run: | echo "Need to debug? Please check: https://github.com/marketplace/actions/debugging-with-tmate" - http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true + http --timeout 30 --check-status --pretty format --print hb https://pulp/pulp/api/v3/status/ || true docker images || true docker ps -a || true docker logs pulp || true diff --git a/CHANGES/403.feature b/CHANGES/403.feature new file mode 100644 index 00000000..402d1ae2 --- /dev/null +++ b/CHANGES/403.feature @@ -0,0 +1 @@ +Enable https functional tests diff --git a/meta_docs/reference/documentation.md b/meta_docs/reference/documentation.md index 57a465d2..82d35b4a 100644 --- a/meta_docs/reference/documentation.md +++ b/meta_docs/reference/documentation.md @@ -3,7 +3,7 @@ Documenting your API -------------------- Each instance of Pulp optionally hosts dynamically generated API documentation located at -`http://pulpserver/pulp/api/v3/docs/`. +`https://pulpserver/pulp/api/v3/docs/`. The API endpoint description is generated from the docstring on the CRUD methods on a ViewSet. diff --git a/plugin-template b/plugin-template index ba353706..5670bb32 100755 --- a/plugin-template +++ b/plugin-template @@ -33,6 +33,7 @@ DEFAULT_SETTINGS = { 'docker_fixtures': False, 'docs_test': True, 'issue_tracker': 'redmine', + 'pulp_scheme': 'http', 'plugin_app_label': None, 'plugin_camel': None, 'plugin_camel_short': None, diff --git a/templates/bootstrap/plugin_name/app/viewsets.py.j2 b/templates/bootstrap/plugin_name/app/viewsets.py.j2 index adb713af..f0dfeba1 100644 --- a/templates/bootstrap/plugin_name/app/viewsets.py.j2 +++ b/templates/bootstrap/plugin_name/app/viewsets.py.j2 @@ -42,7 +42,7 @@ class {{ plugin_camel_short }}ContentViewSet(core.ContentViewSet): Define endpoint name which will appear in the API endpoint for this content type. For example:: - http://pulp.example.com/pulp/api/v3/content/{{ plugin_dash_short }}/units/ + https://pulp.example.com/pulp/api/v3/content/{{ plugin_dash_short }}/units/ Also specify queryset and serializer for {{ plugin_camel_short }}Content. """ diff --git a/templates/github/.ci/ansible/Containerfile.j2.copy b/templates/github/.ci/ansible/Containerfile.j2.copy index d6b3a8c0..66c46cc4 100644 --- a/templates/github/.ci/ansible/Containerfile.j2.copy +++ b/templates/github/.ci/ansible/Containerfile.j2.copy @@ -1,4 +1,4 @@ -FROM {{ ci_base | default("pulp/pulp-ci-centos:latest") }} +FROM {{ ci_base | default("pulp/pulp-ci-centos:" + pulp_container_tag) }} # Add source directories to container {% for item in plugins %} diff --git a/templates/github/.ci/ansible/settings.py.j2.copy b/templates/github/.ci/ansible/settings.py.j2.copy index 3de13192..e0e040a7 100644 --- a/templates/github/.ci/ansible/settings.py.j2.copy +++ b/templates/github/.ci/ansible/settings.py.j2.copy @@ -1,9 +1,9 @@ -CONTENT_ORIGIN = "http://pulp:80" -ANSIBLE_API_HOSTNAME = "http://pulp:80" -ANSIBLE_CONTENT_HOSTNAME = "http://pulp:80/pulp/content" +CONTENT_ORIGIN = "{{ pulp_scheme }}://pulp:{{ 443 if pulp_scheme == 'https' else 80 }}" +ANSIBLE_API_HOSTNAME = "{{ pulp_scheme }}://pulp:{{ 443 if pulp_scheme == 'https' else 80 }}" +ANSIBLE_CONTENT_HOSTNAME = "{{ pulp_scheme }}://pulp:{{ 443 if pulp_scheme == 'https' else 80 }}/pulp/content" PRIVATE_KEY_PATH = "/etc/pulp/certs/token_private_key.pem" PUBLIC_KEY_PATH = "/etc/pulp/certs/token_public_key.pem" -TOKEN_SERVER = "http://pulp:80/token/" +TOKEN_SERVER = "{{ pulp_scheme }}://pulp:{{ 443 if pulp_scheme == 'https' else 80 }}/token/" TOKEN_SIGNATURE_ALGORITHM = "ES256" {% if pulp_settings %} diff --git a/templates/github/.ci/ansible/smash-config.json.j2 b/templates/github/.ci/ansible/smash-config.json.j2 index 3da3fc24..146fdb02 100644 --- a/templates/github/.ci/ansible/smash-config.json.j2 +++ b/templates/github/.ci/ansible/smash-config.json.j2 @@ -12,13 +12,13 @@ "hostname": "pulp", "roles": { "api": { - "port": 80, - "scheme": "http", + "port": {{ 443 if pulp_scheme == 'https' else 80 }}, + "scheme": "{{ pulp_scheme }}", "service": "nginx" }, "content": { - "port": 80, - "scheme": "http", + "port": {{ 443 if pulp_scheme == 'https' else 80 }}, + "scheme": "{{ pulp_scheme }}", "service": "pulp_content_app" }, "pulp resource manager": {}, diff --git a/templates/github/.ci/ansible/start_container.yaml b/templates/github/.ci/ansible/start_container.yaml index d75a7083..8661bb88 100644 --- a/templates/github/.ci/ansible/start_container.yaml +++ b/templates/github/.ci/ansible/start_container.yaml @@ -71,7 +71,8 @@ - name: "Wait for Pulp" uri: url: "http://pulp/pulp/api/v3/status/" - follow_redirects: none + follow_redirects: all + validate_certs: no register: result until: result.status == 200 retries: 12 diff --git a/templates/github/.github/workflows/ci.yml.j2 b/templates/github/.github/workflows/ci.yml.j2 index fb640076..b048d492 100644 --- a/templates/github/.github/workflows/ci.yml.j2 +++ b/templates/github/.github/workflows/ci.yml.j2 @@ -139,7 +139,7 @@ jobs: if: {{ "${{ failure() }}" }} run: | echo "Need to debug? Please check: https://github.com/marketplace/actions/debugging-with-tmate" - http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true + http --timeout 30 --check-status --pretty format --print hb {{ pulp_scheme }}://pulp/pulp/api/v3/status/ || true docker images || true docker ps -a || true docker logs pulp || true @@ -227,7 +227,7 @@ jobs: - name: After failure if: {{ "${{ failure() }}" }} run: | - http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true + http --timeout 30 --check-status --pretty format --print hb {{ pulp_scheme }}://pulp/pulp/api/v3/status/ || true docker images || true docker ps -a || true docker logs pulp || true diff --git a/templates/github/.github/workflows/nightly.yml.j2 b/templates/github/.github/workflows/nightly.yml.j2 index 60bf5631..a36cff07 100644 --- a/templates/github/.github/workflows/nightly.yml.j2 +++ b/templates/github/.github/workflows/nightly.yml.j2 @@ -277,7 +277,7 @@ jobs: - name: After failure if: failure() run: | - http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true + http --timeout 30 --check-status --pretty format --print hb {{ pulp_scheme }}://pulp/pulp/api/v3/status/ || true docker images || true docker ps -a || true docker logs pulp || true diff --git a/templates/github/.github/workflows/release.yml.j2 b/templates/github/.github/workflows/release.yml.j2 index 2f2e5eca..46a4fd57 100644 --- a/templates/github/.github/workflows/release.yml.j2 +++ b/templates/github/.github/workflows/release.yml.j2 @@ -179,7 +179,7 @@ jobs: - name: After failure if: failure() run: | - http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true + http --timeout 30 --check-status --pretty format --print hb {{ pulp_scheme }}://pulp/pulp/api/v3/status/ || true docker images || true docker ps -a || true docker logs pulp || true diff --git a/templates/github/.github/workflows/scripts/before_install.sh.j2 b/templates/github/.github/workflows/scripts/before_install.sh.j2 index 32069768..d8f35b92 100755 --- a/templates/github/.github/workflows/scripts/before_install.sh.j2 +++ b/templates/github/.github/workflows/scripts/before_install.sh.j2 @@ -111,7 +111,7 @@ fi cd pulp-cli pip install -e . -pulp config create --base-url http://pulp --location tests/settings.toml --no-verify-ssl +pulp config create --base-url {{ pulp_scheme }}://pulp --location tests/settings.toml {% if pulp_scheme != 'https' %}--no-verify-ssl{% endif %} mkdir ~/.config/pulp cp tests/settings.toml ~/.config/pulp/settings.toml cd .. diff --git a/templates/github/.github/workflows/scripts/install.sh.j2 b/templates/github/.github/workflows/scripts/install.sh.j2 index ad8ebb0f..54263069 100755 --- a/templates/github/.github/workflows/scripts/install.sh.j2 +++ b/templates/github/.github/workflows/scripts/install.sh.j2 @@ -113,6 +113,8 @@ VARSYAML cat >> vars/main.yaml << VARSYAML pulp_settings: {{ pulp_settings | tojson }} +pulp_scheme: {{ pulp_scheme }} +pulp_container_tag: {{ 'https' if pulp_scheme == 'https' else 'latest' }} VARSYAML {%- if docker_fixtures %} @@ -146,6 +148,24 @@ fi ansible-playbook build_container.yaml ansible-playbook start_container.yaml +{%- if pulp_scheme == "https" %} +echo ::group::SSL +# Copy pulp CA +sudo docker cp pulp:/etc/pulp/certs/pulp_webserver.crt /usr/local/share/ca-certificates/pulp_webserver.crt + +# Hack: adding pulp CA to certifi.where() +CERTIFI=$(python -c 'import certifi; print(certifi.where())') +cat /usr/local/share/ca-certificates/pulp_webserver.crt | sudo tee -a $CERTIFI + +# Hack: adding pulp CA to default CA file +CERT=$(python -c 'import ssl; print(ssl.get_default_verify_paths().openssl_cafile)') +cat $CERTIFI | sudo tee -a $CERT + +# Updating certs +sudo update-ca-certificates +echo ::endgroup:: +{%- endif %} + echo ::group::PIP_LIST cmd_prefix bash -c "pip3 list && pip3 install pipdeptree && pipdeptree" echo ::endgroup:: diff --git a/templates/github/.github/workflows/scripts/install_python_client.sh.j2 b/templates/github/.github/workflows/scripts/install_python_client.sh.j2 index a3a8e9f8..36bd6fd1 100644 --- a/templates/github/.github/workflows/scripts/install_python_client.sh.j2 +++ b/templates/github/.github/workflows/scripts/install_python_client.sh.j2 @@ -4,14 +4,14 @@ set -euv -export PULP_URL="${PULP_URL:-http://pulp}" +export PULP_URL="${PULP_URL:-{{ pulp_scheme }}://pulp}" # make sure this script runs at the repo root cd "$(dirname "$(realpath -e "$0")")"/../../.. pip install twine wheel -export REPORTED_VERSION=$(http pulp/pulp/api/v3/status/ | jq --arg plugin {{ plugin_app_label }} --arg legacy_plugin {{ plugin_snake }} -r '.versions[] | select(.component == $plugin or .component == $legacy_plugin) | .version') +export REPORTED_VERSION=$(http $PULP_URL/pulp/api/v3/status/ | jq --arg plugin {{ plugin_app_label }} --arg legacy_plugin {{ plugin_snake }} -r '.versions[] | select(.component == $plugin or .component == $legacy_plugin) | .version') export DESCRIPTION="$(git describe --all --exact-match `git rev-parse HEAD`)" if [[ $DESCRIPTION == 'tags/'$REPORTED_VERSION ]]; then export VERSION=${REPORTED_VERSION} diff --git a/templates/github/.github/workflows/scripts/install_ruby_client.sh.j2 b/templates/github/.github/workflows/scripts/install_ruby_client.sh.j2 index c5108216..437becb7 100644 --- a/templates/github/.github/workflows/scripts/install_ruby_client.sh.j2 +++ b/templates/github/.github/workflows/scripts/install_ruby_client.sh.j2 @@ -7,9 +7,9 @@ set -euv # make sure this script runs at the repo root cd "$(dirname "$(realpath -e "$0")")"/../../.. -export PULP_URL="${PULP_URL:-http://pulp}" +export PULP_URL="${PULP_URL:-{{ pulp_scheme }}://pulp}" -export REPORTED_VERSION=$(http pulp/pulp/api/v3/status/ | jq --arg plugin {{ plugin_app_label }} --arg legacy_plugin {{ plugin_snake }} -r '.versions[] | select(.component == $plugin or .component == $legacy_plugin) | .version') +export REPORTED_VERSION=$(http $PULP_URL/pulp/api/v3/status/ | jq --arg plugin {{ plugin_app_label }} --arg legacy_plugin {{ plugin_snake }} -r '.versions[] | select(.component == $plugin or .component == $legacy_plugin) | .version') export DESCRIPTION="$(git describe --all --exact-match `git rev-parse HEAD`)" if [[ $DESCRIPTION == 'tags/'$REPORTED_VERSION ]]; then export VERSION=${REPORTED_VERSION} diff --git a/templates/github/.github/workflows/scripts/publish_plugin_pypi.sh.j2 b/templates/github/.github/workflows/scripts/publish_plugin_pypi.sh.j2 index 118a94f8..083ea664 100644 --- a/templates/github/.github/workflows/scripts/publish_plugin_pypi.sh.j2 +++ b/templates/github/.github/workflows/scripts/publish_plugin_pypi.sh.j2 @@ -7,8 +7,6 @@ cd "$(dirname "$(realpath -e "$0")")"/../../.. set -euv -export PULP_URL="${PULP_URL:-http://pulp}" - export response=$(curl --write-out %{http_code} --silent --output /dev/null https://pypi.org/project/{{ plugin_dash }}/$1/) if [ "$response" == "200" ]; then diff --git a/templates/github/.github/workflows/scripts/script.sh.j2 b/templates/github/.github/workflows/scripts/script.sh.j2 index 685ed2da..e5fdf818 100755 --- a/templates/github/.github/workflows/scripts/script.sh.j2 +++ b/templates/github/.github/workflows/scripts/script.sh.j2 @@ -21,7 +21,7 @@ export FUNC_TEST_SCRIPT=$PWD/.github/workflows/scripts/func_test_script.sh export DJANGO_SETTINGS_MODULE=pulpcore.app.settings export PULP_SETTINGS=$PWD/.ci/ansible/settings/settings.py -export PULP_URL="http://pulp" +export PULP_URL="{{ pulp_scheme }}://pulp" if [[ "$TEST" = "docs" ]]; then cd docs @@ -43,7 +43,7 @@ if [[ "$TEST" = "docs" ]]; then fi if [[ "${RELEASE_WORKFLOW:-false}" == "true" ]]; then - REPORTED_VERSION=$(http pulp/pulp/api/v3/status/ | jq --arg plugin {{ plugin_app_label }} --arg legacy_plugin {{ plugin_snake }} -r '.versions[] | select(.component == $plugin or .component == $legacy_plugin) | .version') + REPORTED_VERSION=$(http $PULP_URL/pulp/api/v3/status/ | jq --arg plugin {{ plugin_app_label }} --arg legacy_plugin {{ plugin_snake }} -r '.versions[] | select(.component == $plugin or .component == $legacy_plugin) | .version') response=$(curl --write-out %{http_code} --silent --output /dev/null https://pypi.org/project/{{ plugin_dash }}/$REPORTED_VERSION/) if [ "$response" == "200" ]; then