Skip to content
This repository has been archived by the owner on Jun 25, 2024. It is now read-only.

Commit

Permalink
Modify kuttl tests for tlsCert changes
Browse files Browse the repository at this point in the history
  • Loading branch information
vakwetu committed May 23, 2024
1 parent 895e85b commit a301361
Show file tree
Hide file tree
Showing 11 changed files with 99 additions and 82 deletions.
4 changes: 2 additions & 2 deletions docs/assemblies/custom_resources.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -311,7 +311,7 @@ OpenStackDataPlaneServiceSpec defines the desired state of OpenStackDataPlaneSer
| tlsCerts
| TLSCerts tls certs to be generated
| *<<openstackdataplaneservicecert,OpenstackDataPlaneServiceCert>>
| map[string]<<openstackdataplaneservicecert,OpenstackDataPlaneServiceCert>>
| false
| play
Expand All @@ -335,7 +335,7 @@ OpenStackDataPlaneServiceSpec defines the desired state of OpenStackDataPlaneSer
| false
| certsFrom
| CertsFrom - Service name used to obtain TLSCerts and CACerts data. If both CertsFrom and either TLSCerts or CACerts is set, then those fields take precedence.
| CertsFrom - Service name used to obtain TLSCert and CACerts data. If both CertsFrom and either TLSCert or CACerts is set, then those fields take precedence.
| string
| false
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,10 @@ metadata:
name: generic-service1
spec:
caCerts: combined-ca-bundle
tlsCert:
contents:
- dnsnames
tlsCerts:
default:
contents:
- dnsnames
play: |
- hosts: localhost
gather_facts: no
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,10 @@ metadata:
name: generic-service1
spec:
caCerts: combined-ca-bundle
tlsCert:
contents:
- dnsnames
tlsCerts:
default:
contents:
- dnsnames
play: |
- hosts: localhost
gather_facts: no
Expand Down
35 changes: 19 additions & 16 deletions tests/kuttl/tests/dataplane-deploy-multiple-secrets/02-assert.yaml
Original file line number Diff line number Diff line change
@@ -1,45 +1,48 @@
apiVersion: v1
kind: Secret
metadata:
name: cert-generic-service1-edpm-compute-0
name: cert-generic-service1-default-edpm-compute-0
annotations:
cert-manager.io/certificate-name: generic-service1-edpm-compute-0
cert-manager.io/certificate-name: generic-service1-default-edpm-compute-0
cert-manager.io/issuer-group: cert-manager.io
cert-manager.io/issuer-kind: Issuer
cert-manager.io/issuer-name: rootca-internal
labels:
hostname: edpm-compute-0
osdp-service: generic-service1
osdp-service-cert-key: default
osdpns: openstack-edpm-tls
type: kubernetes.io/tls
---
apiVersion: v1
kind: Secret
metadata:
name: cert-generic-service1-edpm-compute-1
name: cert-generic-service1-default-edpm-compute-1
annotations:
cert-manager.io/certificate-name: generic-service1-edpm-compute-1
cert-manager.io/certificate-name: generic-service1-default-edpm-compute-1
cert-manager.io/issuer-group: cert-manager.io
cert-manager.io/issuer-kind: Issuer
cert-manager.io/issuer-name: rootca-internal
labels:
hostname: edpm-compute-1
osdp-service: generic-service1
osdp-service-cert-key: default
osdpns: openstack-edpm-tls
type: kubernetes.io/tls
---
apiVersion: v1
kind: Secret
metadata:
name: cert-generic-service1-edpm-compute-2
name: cert-generic-service1-default-edpm-compute-2
annotations:
cert-manager.io/certificate-name: generic-service1-edpm-compute-2
cert-manager.io/certificate-name: generic-service1-default-edpm-compute-2
cert-manager.io/issuer-group: cert-manager.io
cert-manager.io/issuer-kind: Issuer
cert-manager.io/issuer-name: rootca-internal
labels:
hostname: edpm-compute-2
osdp-service: generic-service1
osdp-service-cert-key: default
osdpns: openstack-edpm-tls
type: kubernetes.io/tls
---
Expand All @@ -49,7 +52,7 @@ kind: TestAssert
commands:
- script: |
template='{{index .metadata.annotations "cert-manager.io/alt-names" }}'
names=$(oc get secret cert-generic-service1-edpm-compute-0 -n openstack -o go-template="$template")
names=$(oc get secret cert-generic-service1-default-edpm-compute-0 -n openstack -o go-template="$template")
echo $names > test123.data
regex="(?=.*(edpm-compute-0\.internalapi\.example\.com))(?=.*(edpm-compute-0\.storage\.example\.com))(?=.*(edpm-compute-0\.tenant\.example\.com))(?=.*(edpm-compute-0\.ctlplane\.example\.com))"
matches=$(grep -P "$regex" test123.data)
Expand All @@ -64,7 +67,7 @@ commands:
apiVersion: v1
kind: Secret
metadata:
name: openstack-edpm-tls-generic-service1-certs-0
name: openstack-edpm-tls-generic-service1-default-certs-0
labels:
numberOfSecrets: "3"
secretNumber: "0"
Expand All @@ -77,7 +80,7 @@ type: Opaque
apiVersion: v1
kind: Secret
metadata:
name: openstack-edpm-tls-generic-service1-certs-1
name: openstack-edpm-tls-generic-service1-default-certs-1
labels:
numberOfSecrets: "3"
secretNumber: "1"
Expand All @@ -90,7 +93,7 @@ type: Opaque
apiVersion: v1
kind: Secret
metadata:
name: openstack-edpm-tls-generic-service1-certs-2
name: openstack-edpm-tls-generic-service1-default-certs-2
labels:
numberOfSecrets: "3"
secretNumber: "2"
Expand All @@ -115,18 +118,18 @@ spec:
backoffLimit: 6
extraMounts:
- mounts:
- mountPath: /var/lib/openstack/certs/generic-service1
name: openstack-edpm-tls-generic-service1-certs-0
- mountPath: /var/lib/openstack/certs/generic-service1/default
name: openstack-edpm-tls-generic-service1-default-certs-0
volumes:
- name: openstack-edpm-tls-generic-service1-certs-0
- name: openstack-edpm-tls-generic-service1-default-certs-0
projected:
sources:
- secret:
name: openstack-edpm-tls-generic-service1-certs-0
name: openstack-edpm-tls-generic-service1-default-certs-0
- secret:
name: openstack-edpm-tls-generic-service1-certs-1
name: openstack-edpm-tls-generic-service1-default-certs-1
- secret:
name: openstack-edpm-tls-generic-service1-certs-2
name: openstack-edpm-tls-generic-service1-default-certs-2
- mounts:
- mountPath: /var/lib/openstack/cacerts/generic-service1
name: generic-service1-combined-ca-bundle
Expand Down
7 changes: 4 additions & 3 deletions tests/kuttl/tests/dataplane-deploy-tls-test/00-assert.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,10 @@ metadata:
name: tls-dnsnames
spec:
caCerts: combined-ca-bundle
tlsCert:
contents:
- dnsnames
tlsCerts:
default:
contents:
- dnsnames
play: |
- hosts: localhost
gather_facts: no
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,10 @@ metadata:
name: tls-dnsnames
spec:
caCerts: combined-ca-bundle
tlsCert:
contents:
- dnsnames
tlsCerts:
default:
contents:
- dnsnames
play: |
- hosts: localhost
gather_facts: no
Expand Down
22 changes: 12 additions & 10 deletions tests/kuttl/tests/dataplane-deploy-tls-test/02-assert.yaml
Original file line number Diff line number Diff line change
@@ -1,15 +1,16 @@
apiVersion: v1
kind: Secret
metadata:
name: cert-tls-dnsnames-edpm-compute-0
name: cert-tls-dnsnames-default-edpm-compute-0
annotations:
cert-manager.io/certificate-name: tls-dnsnames-edpm-compute-0
cert-manager.io/certificate-name: tls-dnsnames-default-edpm-compute-0
cert-manager.io/issuer-group: cert-manager.io
cert-manager.io/issuer-kind: Issuer
cert-manager.io/issuer-name: rootca-internal
labels:
hostname: edpm-compute-0
osdp-service: tls-dnsnames
osdp-service-cert-key: default
osdpns: openstack-edpm-tls
type: kubernetes.io/tls
---
Expand All @@ -19,8 +20,9 @@ metadata:
labels:
hostname: edpm-compute-0
osdp-service: tls-dnsnames
osdp-service-cert-key: default
osdpns: openstack-edpm-tls
name: tls-dnsnames-edpm-compute-0
name: tls-dnsnames-default-edpm-compute-0
namespace: openstack
ownerReferences:
- apiVersion: dataplane.openstack.org/v1beta1
Expand All @@ -31,7 +33,7 @@ spec:
group: cert-manager.io
kind: Issuer
name: rootca-internal
secretName: cert-tls-dnsnames-edpm-compute-0
secretName: cert-tls-dnsnames-default-edpm-compute-0
secretTemplate:
labels:
hostname: edpm-compute-0
Expand All @@ -44,7 +46,7 @@ kind: TestAssert
commands:
- script: |
template='{{index .spec.dnsNames }}'
names=$(oc get certificate tls-dnsnames-edpm-compute-0 -n openstack -o go-template="$template")
names=$(oc get certificate tls-dnsnames-default-edpm-compute-0 -n openstack -o go-template="$template")
echo $names > test123.data
regex="(?=.*(edpm-compute-0\.internalapi\.example\.com))(?=.*(edpm-compute-0\.storage\.example\.com))(?=.*(edpm-compute-0\.tenant\.example\.com))(?=.*(edpm-compute-0\.ctlplane\.example\.com))"
matches=$(grep -P "$regex" test123.data)
Expand All @@ -57,7 +59,7 @@ commands:
fi
- script: |
template='{{index .spec.usages }}'
usages=$(oc get certificate tls-dnsnames-edpm-compute-0 -n openstack -o go-template="$template")
usages=$(oc get certificate tls-dnsnames-default-edpm-compute-0 -n openstack -o go-template="$template")
echo $usages > test123.data
regex="(?=.*(key encipherment))(?=.*(digital signature))(?=.*(server auth))"
matches=$(grep -P "$regex" test123.data)
Expand All @@ -84,14 +86,14 @@ spec:
backoffLimit: 6
extraMounts:
- mounts:
- mountPath: /var/lib/openstack/certs/tls-dnsnames
name: openstack-edpm-tls-tls-dnsnames-certs-0
- mountPath: /var/lib/openstack/certs/tls-dnsnames/default
name: openstack-edpm-tls-tls-dnsnames-default-certs-0
volumes:
- name: openstack-edpm-tls-tls-dnsnames-certs-0
- name: openstack-edpm-tls-tls-dnsnames-default-certs-0
projected:
sources:
- secret:
name: openstack-edpm-tls-tls-dnsnames-certs-0
name: openstack-edpm-tls-tls-dnsnames-default-certs-0
- mounts:
- mountPath: /var/lib/openstack/cacerts/tls-dnsnames
name: tls-dnsnames-combined-ca-bundle
Expand Down
Loading

0 comments on commit a301361

Please sign in to comment.