forked from openstack-k8s-operators/openstack-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[kuttl] Add tls scenarios for non API services
Signed-off-by: Veronika Fisarova <[email protected]>
- Loading branch information
Showing
106 changed files
with
67 additions
and
11,342 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| #!/bin/bash | ||
|
|
||
| declare -a services=( | ||
| # Format: ("<secret-name>" "<label-selector>" "<container-name>" "<volume-mount-path>") | ||
| "cert-ceilometer-internal-svc service=ceilometer proxy-httpd /etc/pki/tls/certs/tls.crt" | ||
| "cert-galera-openstack-cell1-svc service=openstack-cell1-galera galera /etc/pki/tls/certs/galera.crt" | ||
| "cert-galera-openstack-svc service=openstack-galera galera /etc/pki/tls/certs/galera.crt" | ||
| "cert-memcached-svc service=memcached memcached /etc/pki/tls/certs/memcached.crt" | ||
| "cert-neutron-ovndbs service=neutron neutron-api /etc/pki/tls/certs/ovndb.crt" | ||
| "cert-nova-novncproxy-cell1-vencrypt service=nova-novncproxy nova-cell1-novncproxy-novncproxy /etc/pki/tls/certs/vencrypt.crt" | ||
| "cert-ovndbcluster-nb-ovndbs service=ovsdbserver-nb ovsdbserver-nb /etc/pki/tls/certs/ovndb.crt" | ||
| "cert-ovndbcluster-sb-ovndbs service=ovsdbserver-sb ovsdbserver-sb /etc/pki/tls/certs/ovndb.crt" | ||
| "cert-ovnnorthd-ovndbs service=ovn-northd ovn-northd /etc/pki/tls/certs/ovndb.crt" | ||
| "cert-rabbitmq-cell1-svc app.kubernetes.io/name=rabbitmq-cell1 rabbitmq /etc/rabbitmq-tls/tls.crt" | ||
| "cert-rabbitmq-svc app.kubernetes.io/name=rabbitmq rabbitmq /etc/rabbitmq-tls/tls.crt" | ||
| ) | ||
|
|
||
| for service in "${services[@]}"; do | ||
| IFS=" " read -r secret label_selector container volume_mount <<< "$service" | ||
|
|
||
| # Retrieve the pod name dynamically using the label selector | ||
| pod=$(oc get pods -l "$label_selector" -o jsonpath="{.items[0].metadata.name}" 2>&1) | ||
|
|
||
| if [[ "$?" -ne 0 || -z "$pod" ]]; then | ||
| echo "Error retrieving pod name for secret $secret with label selector $label_selector." | ||
| echo "Error message: $pod" | ||
| continue | ||
| fi | ||
|
|
||
| # Fetch the certificate from the pod and compare with the secret | ||
| pod_cert=$(oc exec "$pod" --container="$container" -- cat "$volume_mount" 2>&1) | ||
| if [[ "$?" -ne 0 ]]; then | ||
| echo "Error reading certificate from pod $pod, container $container, path $volume_mount." | ||
| echo "Error message: $pod_cert" | ||
| continue | ||
| fi | ||
|
|
||
| secret_cert=$(oc get secret "$secret" -o jsonpath="{.data['tls\.crt']}" | base64 --decode 2>&1) | ||
| if [[ "$?" -ne 0 ]]; then | ||
| echo "Error retrieving secret $secret." | ||
| echo "Error message: $secret_cert" | ||
| continue | ||
| fi | ||
|
|
||
| # Compare the certificates | ||
| if [[ "$pod_cert" == "$secret_cert" ]]; then | ||
| echo "Certificates for $pod and $secret match." | ||
| else | ||
| echo "Certificates for $pod and $secret DO NOT match." | ||
| fi | ||
| done |
5 changes: 0 additions & 5 deletions
5
tests/kuttl/tests/ctlplane-basic-deployment-with-nicMappings/01-create-nic-mappings.yaml
This file was deleted.
Oops, something went wrong.
1 change: 0 additions & 1 deletion
1
tests/kuttl/tests/ctlplane-basic-deployment-with-nicMappings/02-assert-deploy-openstack.yaml
This file was deleted.
Oops, something went wrong.
5 changes: 0 additions & 5 deletions
5
tests/kuttl/tests/ctlplane-basic-deployment-with-nicMappings/02-deploy-openstack.yaml
This file was deleted.
Oops, something went wrong.
10 changes: 0 additions & 10 deletions
10
tests/kuttl/tests/ctlplane-basic-deployment-with-nicMappings/03-add-ovn-nic-mappings.yaml
This file was deleted.
Oops, something went wrong.
15 changes: 0 additions & 15 deletions
15
tests/kuttl/tests/ctlplane-basic-deployment-with-nicMappings/03-assert.yaml
This file was deleted.
Oops, something went wrong.
11 changes: 0 additions & 11 deletions
11
tests/kuttl/tests/ctlplane-basic-deployment-with-nicMappings/04-assert.yaml
This file was deleted.
Oops, something went wrong.
9 changes: 0 additions & 9 deletions
9
tests/kuttl/tests/ctlplane-basic-deployment-with-nicMappings/04-remove-ovn-nic-mappings.yaml
This file was deleted.
Oops, something went wrong.
13 changes: 0 additions & 13 deletions
13
tests/kuttl/tests/ctlplane-basic-deployment-with-nicMappings/05-cleanup.yaml
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.