Add integration test for data integrator and tls operator; for external node connectivity

Author: shayancanonical

tests/integration/helpers.py

@@ -44,11 +44,12 @@ async def get_inserted_data_by_application(unit: Unit) -> str:
     return result.results.get("data")
 
 
-async def execute_queries_on_unit(
+async def execute_queries_against_unit(
     unit_address: str,
     username: str,
     password: str,
     queries: List[str],
+    port: int = 3306,
     commit: bool = False,
 ) -> List:
     """Execute given MySQL queries on a unit.
@@ -67,6 +68,7 @@ async def execute_queries_on_unit(
         "user": username,
         "password": password,
         "host": unit_address,
+        "port": port,
         "raise_on_warnings": False,
     }
 

tests/integration/juju_.py

@@ -0,0 +1,9 @@
+# Copyright 2023 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+import importlib.metadata
+
+# libjuju version != juju agent version, but the major version should be identical—which is good
+# enough to check for secrets
+_libjuju_version = importlib.metadata.version("juju")
+has_secrets = int(_libjuju_version.split(".")[0]) >= 3

tests/integration/test_data_integrator.py

@@ -0,0 +1,203 @@
+# Copyright 2024 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+import asyncio
+import logging
+import time
+import typing
+
+import pytest
+from pytest_operator.plugin import OpsTest
+
+from . import juju_
+from .helpers import execute_queries_against_unit, get_tls_certificate_issuer
+
+logger = logging.getLogger(__name__)
+
+MYSQL_APP_NAME = "mysql"
+MYSQL_ROUTER_APP_NAME = "mysqlrouter"
+DATA_INTEGRATOR_APP_NAME = "data-integrator"
+SLOW_TIMEOUT = 15 * 60
+TEST_DATABASE = "testdatabase"
+TEST_TABLE = "testtable"
+
+if juju_.has_secrets:
+    TLS_APP_NAME = "self-signed-certificates"
+    TLS_CONFIG = {"ca-common-name": "Test CA"}
+else:
+    TLS_APP_NAME = "tls-certificates-operator"
+    TLS_CONFIG = {"generate-self-signed-certificates": "true", "ca-common-name": "Test CA"}
+
+
+async def get_data_integrator_credentials(ops_test: OpsTest) -> typing.Dict:
+    """Helper to get the credentials from the deployed data integrator"""
+    data_integrator_unit = ops_test.model.applications[DATA_INTEGRATOR_APP_NAME].units[0]
+    action = await data_integrator_unit.run_action(action_name="get-credentials")
+    result = await action.wait()
+    assert result.results["return-code"] == 0
+    assert result.results["ok"] == "True"
+    return result.results["mysql"]
+
+
+@pytest.mark.group(1)
+@pytest.mark.abort_on_fail
+async def test_external_connectivity_with_data_integrator(
+    ops_test: OpsTest, mysql_router_charm_series: str
+) -> None:
+    """Test encryption when backend database is using TLS."""
+    logger.info("Deploy and relate all applications")
+    async with ops_test.fast_forward():
+        # deploy mysql first
+        await ops_test.model.deploy(
+            MYSQL_APP_NAME, channel="8.0/edge", config={"profile": "testing"}, num_units=1
+        )
+        data_integrator_config = {"database-name": TEST_DATABASE}
+
+        # ROUTER
+        mysqlrouter_charm = await ops_test.build_charm(".")
+
+        # tls, data-integrator and router
+        await asyncio.gather(
+            ops_test.model.deploy(
+                mysqlrouter_charm,
+                application_name=MYSQL_ROUTER_APP_NAME,
+                num_units=None,
+                series=mysql_router_charm_series,
+            ),
+            ops_test.model.deploy(
+                TLS_APP_NAME, application_name=TLS_APP_NAME, channel="stable", config=TLS_CONFIG
+            ),
+            ops_test.model.deploy(
+                DATA_INTEGRATOR_APP_NAME,
+                application_name=DATA_INTEGRATOR_APP_NAME,
+                channel="latest/edge",
+                series=mysql_router_charm_series,
+                config=data_integrator_config,
+            ),
+        )
+
+        await ops_test.model.relate(
+            f"{MYSQL_ROUTER_APP_NAME}:backend-database", f"{MYSQL_APP_NAME}:database"
+        )
+        await ops_test.model.relate(
+            f"{DATA_INTEGRATOR_APP_NAME}:mysql", f"{MYSQL_ROUTER_APP_NAME}:database"
+        )
+
+        logger.info("Waiting for applications to become active")
+        # We can safely wait only for test application to be ready, given that it will
+        # only become active once all the other applications are ready.
+        await ops_test.model.wait_for_idle(
+            [DATA_INTEGRATOR_APP_NAME], status="active", timeout=SLOW_TIMEOUT
+        )
+
+        credentials = await get_data_integrator_credentials(ops_test)
+        databases = await execute_queries_against_unit(
+            credentials["endpoints"].split(",")[0].split(":")[0],
+            credentials["username"],
+            credentials["password"],
+            ["SHOW DATABASES;"],
+            port=credentials["endpoints"].split(",")[0].split(":")[1],
+        )
+        assert TEST_DATABASE in databases
+
+
+@pytest.mark.group(1)
+@pytest.mark.abort_on_fail
+async def test_external_connectivity_with_data_integrator_and_tls(ops_test: OpsTest) -> None:
+    """Test data integrator along with TLS operator"""
+    logger.info("Ensuring no data exists in the test database")
+
+    credentials = await get_data_integrator_credentials(ops_test)
+    [database_host, database_port] = credentials["endpoints"].split(",")[0].split(":")
+    mysqlrouter_unit = ops_test.model.applications[MYSQL_ROUTER_APP_NAME].units[0]
+
+    show_tables_sql = [
+        f"SHOW TABLES IN {TEST_DATABASE};",
+    ]
+    tables = await execute_queries_against_unit(
+        database_host,
+        credentials["username"],
+        credentials["password"],
+        show_tables_sql,
+        port=database_port,
+    )
+    assert len(tables) == 0, f"Unexpected tables in the {TEST_DATABASE} database"
+
+    issuer = await get_tls_certificate_issuer(
+        ops_test,
+        mysqlrouter_unit.name,
+        host=database_host,
+        port=database_port,
+    )
+    assert (
+        "Issuer: CN = MySQL_Router_Auto_Generated_CA_Certificate" in issuer
+    ), "Expected mysqlrouter autogenerated certificate"
+
+    logger.info(f"Relating mysqlrouter with {TLS_APP_NAME}")
+    await ops_test.model.relate(
+        f"{MYSQL_ROUTER_APP_NAME}:certificates", f"{TLS_APP_NAME}:certificates"
+    )
+
+    time.sleep(30)
+
+    issuer = await get_tls_certificate_issuer(
+        ops_test,
+        mysqlrouter_unit.name,
+        host=database_host,
+        port=database_port,
+    )
+    assert "CN = Test CA" in issuer, f"Expected mysqlrouter certificate from {TLS_APP_NAME}"
+
+    create_table_and_insert_data_sql = [
+        f"CREATE TABLE {TEST_DATABASE}.{TEST_TABLE} (id int, primary key(id));",
+        f"INSERT INTO {TEST_DATABASE}.{TEST_TABLE} VALUES (1), (2);",
+    ]
+    await execute_queries_against_unit(
+        database_host,
+        credentials["username"],
+        credentials["password"],
+        create_table_and_insert_data_sql,
+        port=database_port,
+        commit=True,
+    )
+
+    select_data_sql = [
+        f"SELECT * FROM {TEST_DATABASE}.{TEST_TABLE};",
+    ]
+    data = await execute_queries_against_unit(
+        database_host,
+        credentials["username"],
+        credentials["password"],
+        select_data_sql,
+        port=database_port,
+    )
+    assert data == [1, 2], f"Unexpected data in table {TEST_DATABASE}.{TEST_TABLE}"
+
+    logger.info(f"Removing relation between mysqlrouter and {TLS_APP_NAME}")
+    await ops_test.model.applications[MYSQL_ROUTER_APP_NAME].remove_relation(
+        f"{MYSQL_ROUTER_APP_NAME}:certificates", f"{TLS_APP_NAME}:certificates"
+    )
+
+    time.sleep(30)
+
+    issuer = await get_tls_certificate_issuer(
+        ops_test,
+        mysqlrouter_unit.name,
+        host=database_host,
+        port=database_port,
+    )
+    assert (
+        "Issuer: CN = MySQL_Router_Auto_Generated_CA_Certificate" in issuer
+    ), "Expected mysqlrouter autogenerated certificate"
+
+    select_data_sql = [
+        f"SELECT * FROM {TEST_DATABASE}.{TEST_TABLE};",
+    ]
+    data = await execute_queries_against_unit(
+        database_host,
+        credentials["username"],
+        credentials["password"],
+        select_data_sql,
+        port=database_port,
+    )
+    assert data == [1, 2], f"Unexpected data in table {TEST_DATABASE}.{TEST_TABLE}"

tests/integration/test_database.py

@@ -9,7 +9,7 @@
 from pytest_operator.plugin import OpsTest
 
 from .helpers import (
-    execute_queries_on_unit,
+    execute_queries_against_unit,
     get_inserted_data_by_application,
     get_server_config_credentials,
 )
@@ -118,7 +118,7 @@ async def test_database_relation(ops_test: OpsTest, mysql_router_charm_series: s
     select_inserted_data_sql = (
         f"SELECT data FROM `{TEST_DATABASE}`.{TEST_TABLE} WHERE data = '{inserted_data}'",
     )
-    selected_data = await execute_queries_on_unit(
+    selected_data = await execute_queries_against_unit(
         mysql_unit_address,
         server_config_credentials["username"],
         server_config_credentials["password"],

tests/integration/test_exporter.py

@@ -10,15 +10,23 @@
 import urllib3
 from pytest_operator.plugin import OpsTest
 
+from . import juju_
+
 logger = logging.getLogger(__name__)
 
 MYSQL_APP_NAME = "mysql"
 MYSQL_ROUTER_APP_NAME = "mysql-router"
 APPLICATION_APP_NAME = "mysql-test-app"
 GRAFANA_AGENT_APP_NAME = "grafana-agent"
-TLS_APP_NAME = "tls-certificates-operator"
 SLOW_TIMEOUT = 25 * 60
 
+if juju_.has_secrets:
+    TLS_APP_NAME = "self-signed-certificates"
+    TLS_CONFIG = {"ca-common-name": "Test CA"}
+else:
+    TLS_APP_NAME = "tls-certificates-operator"
+    TLS_CONFIG = {"generate-self-signed-certificates": "true", "ca-common-name": "Test CA"}
+
 
 @pytest.mark.group(1)
 @pytest.mark.abort_on_fail
@@ -165,7 +173,7 @@ async def test_exporter_endpoint_with_tls(ops_test: OpsTest) -> None:
         TLS_APP_NAME,
         application_name=TLS_APP_NAME,
         channel="stable",
-        config={"generate-self-signed-certificates": "true", "ca-common-name": "Test CA"},
+        config=TLS_CONFIG,
     )
 
     await ops_test.model.wait_for_idle([TLS_APP_NAME], status="active", timeout=SLOW_TIMEOUT)

tests/integration/test_tls.py

@@ -8,30 +8,34 @@
 import pytest
 from pytest_operator.plugin import OpsTest
 
+from . import juju_
 from .helpers import get_tls_certificate_issuer
 
 logger = logging.getLogger(__name__)
 
 MYSQL_APP_NAME = "mysql"
 MYSQL_ROUTER_APP_NAME = "mysqlrouter"
 TEST_APP_NAME = "mysql-test-app"
-TLS_APP_NAME = "tls-certificates-operator"
 SLOW_TIMEOUT = 15 * 60
-MODEL_CONFIG = {"logging-config": "<root>=INFO;unit=DEBUG"}
+
+if juju_.has_secrets:
+    TLS_APP_NAME = "self-signed-certificates"
+    TLS_CONFIG = {"ca-common-name": "Test CA"}
+else:
+    TLS_APP_NAME = "tls-certificates-operator"
+    TLS_CONFIG = {"generate-self-signed-certificates": "true", "ca-common-name": "Test CA"}
 
 
 @pytest.mark.group(1)
 @pytest.mark.abort_on_fail
 async def test_build_deploy_and_relate(ops_test: OpsTest, mysql_router_charm_series: str) -> None:
     """Test encryption when backend database is using TLS."""
-    await ops_test.model.set_config(MODEL_CONFIG)
     logger.info("Deploy and relate all applications")
     async with ops_test.fast_forward():
         # deploy mysql first
         await ops_test.model.deploy(
             MYSQL_APP_NAME, channel="8.0/edge", config={"profile": "testing"}, num_units=1
         )
-        tls_config = {"generate-self-signed-certificates": "true", "ca-common-name": "Test CA"}
 
         # ROUTER
         mysqlrouter_charm = await ops_test.build_charm(".")
@@ -45,7 +49,7 @@ async def test_build_deploy_and_relate(ops_test: OpsTest, mysql_router_charm_ser
                 series=mysql_router_charm_series,
             ),
             ops_test.model.deploy(
-                TLS_APP_NAME, application_name=TLS_APP_NAME, channel="stable", config=tls_config
+                TLS_APP_NAME, application_name=TLS_APP_NAME, channel="stable", config=TLS_CONFIG
             ),
             ops_test.model.deploy(
                 TEST_APP_NAME,
@@ -81,7 +85,7 @@ async def test_connected_encryption(ops_test: OpsTest) -> None:
     )
     assert (
         "Issuer: CN = MySQL_Router_Auto_Generated_CA_Certificate" in issuer
-    ), "Expected mysqlrouter autogenerated CA certificate"
+    ), "Expected mysqlrouter autogenerated certificate"
 
     logger.info("Relating TLS with mysqlrouter")
     await ops_test.model.relate(TLS_APP_NAME, MYSQL_ROUTER_APP_NAME)