Skip to content

Commit

Permalink
Adds SSL config switch test to ceph-dashboard
Browse files Browse the repository at this point in the history
Signed-off-by: Utkarsh Bhatt <[email protected]>
  • Loading branch information
UtkarshBhatthere committed Aug 3, 2023
1 parent 8991edd commit a5b40e5
Show file tree
Hide file tree
Showing 4 changed files with 59 additions and 1 deletion.
1 change: 1 addition & 0 deletions requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ async_generator
# https://github.com/pyca/pyopenssl/commit/a145fc3bc6d2e943434beb2f04bbf9b18930296f
pyopenssl<22.1.0

trustme
boto3<1.25
PyYAML<=4.2,>=3.0; python_version < '3.9'
PyYAML>=5.1; python_version >= '3.9'
Expand Down
1 change: 1 addition & 0 deletions setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
'futurist<2.0.0',
'async_generator',
'boto3',
'trustme'

# pyopenssl depends on a newer version of cryptography since 22.1.0
# TypeError: deprecated() got an unexpected keyword argument 'name'
Expand Down
2 changes: 1 addition & 1 deletion zaza/openstack/charm_tests/ceilometer/tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ def test_900_restart_on_config_change(self):
current_value = openstack_utils.get_application_config_option(
self.application_name, config_name
)
assert type(current_value) == bool
assert type(current_value) is bool
new_value = not current_value

# Convert bool to str
Expand Down
56 changes: 56 additions & 0 deletions zaza/openstack/charm_tests/ceph/dashboard/tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
import requests
import tenacity
import uuid
import trustme

import zaza
import zaza.openstack.charm_tests.test_utils as test_utils
Expand Down Expand Up @@ -309,3 +310,58 @@ def test_saml(self):
verify=self.local_ca_cert,
allow_redirects=False)
self.assertEqual(resp.status_code, requests.codes.ok)

def test_charm_config_ssl(self):
"""Config charm SSL certs to test the Ceph dashboard application."""
local_ca = trustme.CA()
server_cert = local_ca.issue_cert("ceph-dashboard")

# Configure local certs in charm config
zaza.model.model.set_application_config(
'ceph-dashboard',
{
'ssl_cert': str(server_cert.cert_chain_pems[0].bytes()
.decode('UTF-8')),
'ssl_key': str(server_cert.private_key_pem.bytes()
.decode('UTF-8')),
'ssl_ca': str(local_ca.cert_pem.bytes().decode('UTF-8'))
}
)

# Check application status message.
assert_state = {
'ceph-dashboard': {
"workload-status": "blocked",
"workload-status-message-prefix":
"Charm-config certificates ignored"
}
}
zaza.model.wait_for_application_states(
states=assert_state, timeout=300
)

# Remove certificates relation to trigger configured certs.
zaza.model.remove_relation(
'ceph-dashboard',
'ceph-dashboard:certificates',
'vault:certificates'
)

# Wait for status to clear
zaza.model.block_until_all_units_idle()

# Verify Certificates.
rcs = collections.defaultdict(list)
units = zaza.model.get_units('ceph-mon')
with local_ca.cert_pem.tempfile() as ca_temp_file:
for unit in units:
r = self._run_request_get(
'https://{}:8443'.format(
zaza.model.get_unit_public_address(unit)),
verify=ca_temp_file,
allow_redirects=False)
rcs[r.status_code].append(
zaza.model.get_unit_public_address(unit)
)
self.assertEqual(len(rcs[requests.codes.ok]), 1)
self.assertEqual(len(rcs[requests.codes.see_other]), len(units) - 1)

0 comments on commit a5b40e5

Please sign in to comment.