diff --git a/separate-machine-basic-suite-master/test-scenarios/test_001_initialize_engine_and_dwh.py b/separate-machine-basic-suite-master/test-scenarios/test_001_initialize_engine_and_dwh.py index 457ebd1c..e09ad771 100644 --- a/separate-machine-basic-suite-master/test-scenarios/test_001_initialize_engine_and_dwh.py +++ b/separate-machine-basic-suite-master/test-scenarios/test_001_initialize_engine_and_dwh.py @@ -5,9 +5,18 @@ # from __future__ import absolute_import +import logging +import pytest +import tempfile + +from ost_utils import assert_utils +from ost_utils import shell from ost_utils.ansible.collection import engine_setup +LOGGER = logging.getLogger(__name__) + + def test_initialize_engine( ansible_engine, ansible_inventory, @@ -62,6 +71,43 @@ def test_initialize_dwh( ) +@pytest.mark.parametrize( + "key_format, verification_fn", + [ + pytest.param( + 'X509-PEM-CA', + lambda path: shell.shell(["openssl", "x509", "-in", path, "-text", "-noout"]), + id="CA certificate", + ), + pytest.param( + 'OPENSSH-PUBKEY', + lambda path: shell.shell(["ssh-keygen", "-l", "-f", path]), + id="ssh pubkey", + ), + ], +) +def test_verify_engine_certs(key_format, verification_fn, engine_fqdn, engine_download): + url_template = 'http://{}/ovirt-engine/services/pki-resource?resource=ca-certificate&format={}' + url = url_template.format(engine_fqdn, key_format) + + def _verify_engine_certs_once(): + with tempfile.NamedTemporaryFile() as tmp: + try: + engine_download(url, tmp.name) + except shell.ShellError as ex: + LOGGER.debug("Certificate download failed for %s", url, exc_info=True) + return False + try: + verification_fn(tmp.name) + except shell.ShellError: + LOGGER.debug("Certificate verification failed. Certificate contents:\n") + LOGGER.debug(tmp.read()) + return False + return True + + assert assert_utils.true_within_short(_verify_engine_certs_once) + + def test_add_dwh_to_keycloak_redirect_uris_for_grafana( ansible_engine, engine_fqdn,