WIP: Copy test_verify_engine_certs to test_001

I want to use it as a simple means to make sure the engine is up. Making it loop, in a previous patch, was enough then, but now that I need the engine to be up also for test_add_dwh_to_keycloak_redirect_uris_for_grafana, that's not enough. For now, just copy it. Later, perhaps reorganize, perhaps move test_add_dwh_to_keycloak_redirect_uris_for_grafana elsewhere, etc. Change-Id: Id141160a36d360517586a0180dcc145890521687 Signed-off-by: Yedidyah Bar David <[email protected]>
oVirt · Oct 20, 2022 · 3fd6a39 · 3fd6a39
1 parent 71a5714
commit 3fd6a39
Showing 1 changed file with 46 additions and 0 deletions.
diff --git a/separate-machine-basic-suite-master/test-scenarios/test_001_initialize_engine_and_dwh.py b/separate-machine-basic-suite-master/test-scenarios/test_001_initialize_engine_and_dwh.py
@@ -5,9 +5,18 @@
 #
 from __future__ import absolute_import
 
+import logging
+import pytest
+import tempfile
+
+from ost_utils import assert_utils
+from ost_utils import shell
 from ost_utils.ansible.collection import engine_setup
 
 
+LOGGER = logging.getLogger(__name__)
+
+
 def test_initialize_engine(
     ansible_engine,
     ansible_inventory,
@@ -62,6 +71,43 @@ def test_initialize_dwh(
     )
 
 
+@pytest.mark.parametrize(
+    "key_format, verification_fn",
+    [
+        pytest.param(
+            'X509-PEM-CA',
+            lambda path: shell.shell(["openssl", "x509", "-in", path, "-text", "-noout"]),
+            id="CA certificate",
+        ),
+        pytest.param(
+            'OPENSSH-PUBKEY',
+            lambda path: shell.shell(["ssh-keygen", "-l", "-f", path]),
+            id="ssh pubkey",
+        ),
+    ],
+)
+def test_verify_engine_certs(key_format, verification_fn, engine_fqdn, engine_download):
+    url_template = 'http://{}/ovirt-engine/services/pki-resource?resource=ca-certificate&format={}'
+    url = url_template.format(engine_fqdn, key_format)
+
+    def _verify_engine_certs_once():
+        with tempfile.NamedTemporaryFile() as tmp:
+            try:
+                engine_download(url, tmp.name)
+            except shell.ShellError as ex:
+                LOGGER.debug("Certificate download failed for %s", url, exc_info=True)
+                return False
+            try:
+                verification_fn(tmp.name)
+            except shell.ShellError:
+                LOGGER.debug("Certificate verification failed. Certificate contents:\n")
+                LOGGER.debug(tmp.read())
+                return False
+        return True
+
+    assert assert_utils.true_within_short(_verify_engine_certs_once)
+
+
 def test_add_dwh_to_keycloak_redirect_uris_for_grafana(
     ansible_engine,
     engine_fqdn,