Skip to content

Commit 4a264f7

Browse files
marceloneppelmarceloneppel
authored
[DPE-3422] Switch to self signed certificates (#336)
* Update backup tests to use Self Signed Certificates operator Signed-off-by: Marcelo Henrique Neppel <[email protected]> * Update TLS tests to use Self Signed Certificates operator Signed-off-by: Marcelo Henrique Neppel <[email protected]> --------- Signed-off-by: Marcelo Henrique Neppel <[email protected]>
1 parent 5f9a4a2 commit 4a264f7

File tree

3 files changed

+20
-26
lines changed

3 files changed

+20
-26
lines changed

poetry.lock

Lines changed: 0 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

tests/integration/test_backups.py

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,14 +20,22 @@
2020
get_unit_address,
2121
wait_for_idle_on_blocked,
2222
)
23+
from .juju_ import juju_major_version
2324

2425
ANOTHER_CLUSTER_REPOSITORY_ERROR_MESSAGE = "the S3 repository has backups from another cluster"
2526
FAILED_TO_ACCESS_CREATE_BUCKET_ERROR_MESSAGE = (
2627
"failed to access/create the bucket, check your S3 settings"
2728
)
2829
FAILED_TO_INITIALIZE_STANZA_ERROR_MESSAGE = "failed to initialize stanza, check your S3 settings"
2930
S3_INTEGRATOR_APP_NAME = "s3-integrator"
30-
TLS_CERTIFICATES_APP_NAME = "tls-certificates-operator"
31+
if juju_major_version < 3:
32+
TLS_CERTIFICATES_APP_NAME = "tls-certificates-operator"
33+
TLS_CHANNEL = "legacy/stable"
34+
TLS_CONFIG = {"generate-self-signed-certificates": "true", "ca-common-name": "Test CA"}
35+
else:
36+
TLS_CERTIFICATES_APP_NAME = "self-signed-certificates"
37+
TLS_CHANNEL = "latest/stable"
38+
TLS_CONFIG = {"ca-common-name": "Test CA"}
3139

3240
logger = logging.getLogger(__name__)
3341

@@ -95,8 +103,7 @@ async def test_backup(ops_test: OpsTest, cloud_configs: Tuple[Dict, Dict]) -> No
95103

96104
# Deploy S3 Integrator and TLS Certificates Operator.
97105
await ops_test.model.deploy(S3_INTEGRATOR_APP_NAME)
98-
config = {"generate-self-signed-certificates": "true", "ca-common-name": "Test CA"}
99-
await ops_test.model.deploy(TLS_CERTIFICATES_APP_NAME, config=config, channel="legacy/stable")
106+
await ops_test.model.deploy(TLS_CERTIFICATES_APP_NAME, config=TLS_CONFIG, channel=TLS_CHANNEL)
100107

101108
for cloud, config in cloud_configs[0].items():
102109
# Deploy and relate PostgreSQL to S3 integrator (one database app for each cloud for now

tests/integration/test_tls.py

Lines changed: 10 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@
88
from pytest_operator.plugin import OpsTest
99
from tenacity import Retrying, stop_after_attempt, stop_after_delay, wait_exponential
1010

11-
from . import markers
1211
from .helpers import (
1312
CHARM_SERIES,
1413
DATABASE_APP_NAME,
@@ -24,12 +23,19 @@
2423
restart_machine,
2524
run_command_on_unit,
2625
)
26+
from .juju_ import juju_major_version
2727

2828
logger = logging.getLogger(__name__)
2929

3030
APP_NAME = METADATA["name"]
31-
SELF_SIGNED_CERTIFICATES_APP_NAME = "self-signed-certificates"
32-
TLS_CERTIFICATES_APP_NAME = "tls-certificates-operator"
31+
if juju_major_version < 3:
32+
TLS_CERTIFICATES_APP_NAME = "tls-certificates-operator"
33+
TLS_CHANNEL = "legacy/stable"
34+
TLS_CONFIG = {"generate-self-signed-certificates": "true", "ca-common-name": "Test CA"}
35+
else:
36+
TLS_CERTIFICATES_APP_NAME = "self-signed-certificates"
37+
TLS_CHANNEL = "latest/stable"
38+
TLS_CONFIG = {"ca-common-name": "Test CA"}
3339

3440

3541
@pytest.mark.runner(["self-hosted", "linux", "X64", "jammy", "large"])
@@ -56,9 +62,8 @@ async def test_tls_enabled(ops_test: OpsTest) -> None:
5662
"""Test that TLS is enabled when relating to the TLS Certificates Operator."""
5763
async with ops_test.fast_forward():
5864
# Deploy TLS Certificates operator.
59-
config = {"generate-self-signed-certificates": "true", "ca-common-name": "Test CA"}
6065
await ops_test.model.deploy(
61-
TLS_CERTIFICATES_APP_NAME, config=config, channel="legacy/stable"
66+
TLS_CERTIFICATES_APP_NAME, config=TLS_CONFIG, channel=TLS_CHANNEL
6267
)
6368

6469
# Relate it to the PostgreSQL to enable TLS.
@@ -206,20 +211,3 @@ async def test_restart_machine(ops_test: OpsTest) -> None:
206211
assert await check_tls(ops_test, "postgresql/0", enabled=True)
207212
logger.info(f"checking TLS on Patroni API from {unit_name}")
208213
assert await check_tls_patroni_api(ops_test, "postgresql/0", enabled=True)
209-
210-
211-
@markers.juju3
212-
@pytest.mark.group(1)
213-
async def test_relation_with_self_signed_certificates_operator(ops_test: OpsTest) -> None:
214-
"""Test the relation with the Self Signed Certificates operator."""
215-
async with ops_test.fast_forward(fast_interval="60s"):
216-
# Deploy Self Signed Certificates operator.
217-
await ops_test.model.deploy(SELF_SIGNED_CERTIFICATES_APP_NAME)
218-
# Relate it to the PostgreSQL to enable TLS.
219-
await ops_test.model.relate(DATABASE_APP_NAME, SELF_SIGNED_CERTIFICATES_APP_NAME)
220-
await ops_test.model.wait_for_idle(status="active", timeout=1500)
221-
222-
# Wait for all units enabling TLS.
223-
for unit in ops_test.model.applications[DATABASE_APP_NAME].units:
224-
assert await check_tls(ops_test, unit.name, enabled=True)
225-
assert await check_tls_patroni_api(ops_test, unit.name, enabled=True)

0 commit comments

Comments
 (0)