Tests: Add metrics certificate checks to the cluster suite #116
Conversation
Signed-off-by: Julian Pelizäus <[email protected]>
Signed-off-by: Julian Pelizäus <[email protected]>
| @@ -165,6 +165,14 @@ createPowerFlexPool() ( | |||
| powerflex.user.password="${POWERFLEX_PASSWORD}" | |||
| ) | |||
|
|
|||
| # createCertificateAndKey: creates a new key pair. | |||
There was a problem hiding this comment.
That looks like the gen_cert_and_key() from https://github.com/canonical/lxd/blob/main/test/includes/certificates.sh which is good but I'd also copy the other function to extract the fingerprint (cert_fingerprint()) as it seems like a useful helper. Maybe with the additional option of returning a partial fingerprint?
There was a problem hiding this comment.
Thanks I'll move it over too. Wasn't aware of it.
There was a problem hiding this comment.
Fixed in #128 (comment)
| createCertificateAndKey "${tmp_cert_dir}/cert-restricted.key" "${tmp_cert_dir}/cert-restricted.crt" "cert-restricted.local" | ||
| lxc config trust add "${tmp_cert_dir}/cert.crt" | ||
| lxc config trust add "${tmp_cert_dir}/cert-restricted.crt" --restricted --projects default | ||
| unrestricted_fingerprint="$(openssl x509 -in "${tmp_cert_dir}/cert.crt" -outform der | sha256sum | head -c12)" |
There was a problem hiding this comment.
I'd move that to bin/helpers as suggested previously. TIL that head accepted -c, how handy, thanks!
There was a problem hiding this comment.
Fixed in #128 (comment)
|
@roosterfish is this ready for review? |
|
I've opened #125 to get this merged before LXD 5.21.1 is released, but @roosterfish can open a follow up PR to fix @simondeziel suggestions later. |
Related to canonical/lxd#13214.
This PR adds checks to validate if client and metrics certificates won't loose it's permission as defined before the cluster upgrade.