From 2c4f5019e02f0400f0ffc0ab206bde7aa401ba49 Mon Sep 17 00:00:00 2001
From: Grzegorz Grasza <xek@redhat.com>
Date: Wed, 20 Mar 2024 10:30:05 +0000
Subject: [PATCH] Apply new openstack-operator config

---
 .../config/base/openstack_control_plane.yaml  | 15 +++++--
 tests/roles/ovn_adoption/handlers/main.yaml   |  2 +
 tests/roles/pcp_cleanup/tasks/main.yaml       |  2 +
 tests/roles/tls_adoption/tasks/main.yaml      | 43 +++----------------
 4 files changed, 21 insertions(+), 41 deletions(-)

diff --git a/tests/config/base/openstack_control_plane.yaml b/tests/config/base/openstack_control_plane.yaml
index 9ccd651ec..226e2a59c 100644
--- a/tests/config/base/openstack_control_plane.yaml
+++ b/tests/config/base/openstack_control_plane.yaml
@@ -7,11 +7,18 @@ spec:
   storageClass: local-storage
 
   tls:
-    endpoint:
+    podLevel:
+      enabled: true
       internal:
-        enabled: true
-      public:
-        enabled: true
+        ca:
+          customIssuer: rootca-internal
+      ovn:
+        ca:
+          customIssuer: rootca-internal
+    ingress:
+      ca:
+        customIssuer: rootca-internal
+      enabled: true
 
   barbican:
     enabled: false
diff --git a/tests/roles/ovn_adoption/handlers/main.yaml b/tests/roles/ovn_adoption/handlers/main.yaml
index f8bbdff44..e5866ceb6 100644
--- a/tests/roles/ovn_adoption/handlers/main.yaml
+++ b/tests/roles/ovn_adoption/handlers/main.yaml
@@ -4,3 +4,5 @@
     {{ oc_header }}
     oc delete pod ovn-copy-data
     {% if storage_reclaim_policy.lower() == "delete" %}oc delete pvc ovn-data{% endif %}
+    oc delete certificate ovn-data-cert
+    oc delete secret ovn-data-cert
diff --git a/tests/roles/pcp_cleanup/tasks/main.yaml b/tests/roles/pcp_cleanup/tasks/main.yaml
index e3a73241a..ed2405939 100644
--- a/tests/roles/pcp_cleanup/tasks/main.yaml
+++ b/tests/roles/pcp_cleanup/tasks/main.yaml
@@ -20,6 +20,8 @@
 
     oc delete --wait=false pod ovn-copy-data || true
     oc delete secret osp-secret || true
+    oc delete issuer rootca-internal --ignore-not-found
+    oc delete secret rootca-internal --ignore-not-found
   when: pcp_cleanup_enabled|bool
 
 - name: revert standalone VM to snapshotted state
diff --git a/tests/roles/tls_adoption/tasks/main.yaml b/tests/roles/tls_adoption/tasks/main.yaml
index a2fa5c332..675dd2e6e 100644
--- a/tests/roles/tls_adoption/tasks/main.yaml
+++ b/tests/roles/tls_adoption/tasks/main.yaml
@@ -1,4 +1,4 @@
-- name: patch rootca-internal with cert and key from IPA
+- name: Create Certificate Issuer with cert and key from IPA
   ansible.builtin.shell: |
     {{ shell_header }}
     {{ oc_header }}
@@ -6,38 +6,8 @@
     $IPA_SSH pk12util -o /tmp/freeipa.p12 -n 'caSigningCert\ cert-pki-ca' -d /etc/pki/pki-tomcat/alias -k /etc/pki/pki-tomcat/alias/pwdfile.txt -w /etc/pki/pki-tomcat/alias/pwdfile.txt
     KEY_LENGTH=`$IPA_SSH openssl pkcs12 -in /tmp/freeipa.p12 -passin file:/etc/pki/pki-tomcat/alias/pwdfile.txt -nocerts -noenc | openssl rsa -text -noout | awk -F'[^0-9]+' '{ print $2; exit }'`
 
-    oc apply -f - <<EOF
-    apiVersion: v1
-    kind: Namespace
-    metadata:
-      name: openstack
-    ---
-    apiVersion: cert-manager.io/v1
-    kind: Issuer
-    metadata:
-      name: selfsigned-issuer
-      namespace: openstack
-    spec:
-      selfSigned: {}
-    ---
-    apiVersion: cert-manager.io/v1
-    kind: Certificate
-    metadata:
-      name: rootca-internal
-      namespace: openstack
-    spec:
-      isCA: true
-      commonName: rootca-internal
-      secretName: rootca-internal
-      privateKey:
-        algorithm: RSA
-        size: $KEY_LENGTH
-      issuerRef:
-        name: selfsigned-issuer
-    EOF
+    oc create secret generic rootca-internal
 
-    oc wait --for=condition=ready --timeout=60s -n openstack certificate rootca-internal
-    
     oc patch secret rootca-internal -n openstack -p="{\"data\":{\"ca.crt\": \"`$IPA_SSH openssl pkcs12 -in /tmp/freeipa.p12 -passin file:/etc/pki/pki-tomcat/alias/pwdfile.txt -nokeys | openssl x509 | base64 -w 0`\"}}"
 
     oc patch secret rootca-internal -n openstack -p="{\"data\":{\"tls.crt\": \"`$IPA_SSH openssl pkcs12 -in /tmp/freeipa.p12 -passin file:/etc/pki/pki-tomcat/alias/pwdfile.txt -nokeys | openssl x509 | base64 -w 0`\"}}"
@@ -45,16 +15,15 @@
     oc patch secret rootca-internal -n openstack -p="{\"data\":{\"tls.key\": \"`$IPA_SSH openssl pkcs12 -in /tmp/freeipa.p12 -passin file:/etc/pki/pki-tomcat/alias/pwdfile.txt -nocerts -noenc | openssl rsa | base64 -w 0`\"}}"
 
     oc apply -f - <<EOF
-    apiVersion: v1
-    kind: Namespace
-    metadata:
-      name: openstack
-    ---
     apiVersion: cert-manager.io/v1
     kind: Issuer
     metadata:
       name: rootca-internal
       namespace: openstack
+      labels:
+        osp-rootca-issuer-public: ""
+        osp-rootca-issuer-internal: ""
+        osp-rootca-issuer-ovn: ""
     spec:
       ca:
         secretName: rootca-internal