@@ -2129,4 +2129,76 @@ OIDCRedirectURI "{{ .KeystoneEndpointPublic }}/v3/auth/OS-FEDERATION/websso/open
21292129 return GetEnvVarValue (deployment .Spec .Template .Spec .Containers [0 ].Env , "CONFIG_HASH" , "" )
21302130 })
21312131
2132+ When ("Keystone is configured for MTLS memcached auth" , func () {
2133+ BeforeEach (func () {
2134+ DeferCleanup (
2135+ k8sClient .Delete , ctx , CreateKeystoneMessageBusSecret (namespace , "rabbitmq-secret" ))
2136+ DeferCleanup (th .DeleteInstance , CreateKeystoneAPI (keystoneAPIName , GetDefaultKeystoneAPISpec ()))
2137+ DeferCleanup (
2138+ k8sClient .Delete , ctx , CreateKeystoneAPISecret (namespace , SecretName ))
2139+ DeferCleanup (
2140+ mariadb .DeleteDBService ,
2141+ mariadb .CreateDBService (
2142+ namespace ,
2143+ GetKeystoneAPI (keystoneAPIName ).Spec .DatabaseInstance ,
2144+ corev1.ServiceSpec {
2145+ Ports : []corev1.ServicePort {{Port : 3306 }},
2146+ },
2147+ ),
2148+ )
2149+ mariadb .SimulateMariaDBAccountCompleted (keystoneAccountName )
2150+ mariadb .SimulateMariaDBDatabaseCompleted (keystoneDatabaseName )
2151+ infra .SimulateTransportURLReady (types.NamespacedName {
2152+ Name : fmt .Sprintf ("%s-keystone-transport" , keystoneAPIName .Name ),
2153+ Namespace : namespace ,
2154+ })
2155+
2156+ // Create Memcached with MTLS auth
2157+ memcachedSpec := infra .GetDefaultMemcachedSpec ()
2158+ DeferCleanup (infra .DeleteMemcached , infra .CreateMTLSMemcached (namespace , "memcached" , memcachedSpec ))
2159+ infra .SimulateMTLSMemcachedReady (types.NamespacedName {
2160+ Name : "memcached" ,
2161+ Namespace : namespace ,
2162+ })
2163+
2164+ th .SimulateJobSuccess (dbSyncJobName )
2165+ th .SimulateJobSuccess (bootstrapJobName )
2166+ th .SimulateDeploymentReplicaReady (deploymentName )
2167+ })
2168+
2169+ It ("should complete dbsync, bootstrap and deployment with MTLS configuration" , func () {
2170+ th .ExpectCondition (
2171+ keystoneAPIName ,
2172+ ConditionGetterFunc (KeystoneConditionGetter ),
2173+ condition .ReadyCondition ,
2174+ corev1 .ConditionTrue ,
2175+ )
2176+ th .ExpectCondition (
2177+ keystoneAPIName ,
2178+ ConditionGetterFunc (KeystoneConditionGetter ),
2179+ condition .DBSyncReadyCondition ,
2180+ corev1 .ConditionTrue ,
2181+ )
2182+ th .ExpectCondition (
2183+ keystoneAPIName ,
2184+ ConditionGetterFunc (KeystoneConditionGetter ),
2185+ condition .BootstrapReadyCondition ,
2186+ corev1 .ConditionTrue ,
2187+ )
2188+ th .ExpectCondition (
2189+ keystoneAPIName ,
2190+ ConditionGetterFunc (KeystoneConditionGetter ),
2191+ condition .DeploymentReadyCondition ,
2192+ corev1 .ConditionTrue ,
2193+ )
2194+
2195+ // Verify keystone configuration contains MTLS certificate paths
2196+ scrt := th .GetSecret (keystoneAPIConfigDataName )
2197+ configData := string (scrt .Data ["keystone.conf" ])
2198+ Expect (configData ).To (ContainSubstring ("tls_certfile=/etc/pki/tls/certs/mtls.crt" ))
2199+ Expect (configData ).To (ContainSubstring ("tls_keyfile=/etc/pki/tls/private/mtls.key" ))
2200+ Expect (configData ).To (ContainSubstring ("tls_cafile=/etc/pki/tls/certs/mtls-ca.crt" ))
2201+ })
2202+ })
2203+
21322204})
0 commit comments