From 5ab5781c50804a38ea38bd8415787b2de7ad7264 Mon Sep 17 00:00:00 2001 From: glukhman Date: Tue, 22 Aug 2023 14:48:15 +0300 Subject: [PATCH] Provide postgres client/SU certs in cluster tests --- .../config_files_templates/manager_config.yaml | 10 ++++++++-- .../cluster/cfy_cluster_manager_test.py | 18 ++++++++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/cosmo_tester/test_suites/cluster/cfy_cluster_manager_resources/config_files_templates/manager_config.yaml b/cosmo_tester/test_suites/cluster/cfy_cluster_manager_resources/config_files_templates/manager_config.yaml index dcf3f37a3..a4a6baac4 100644 --- a/cosmo_tester/test_suites/cluster/cfy_cluster_manager_resources/config_files_templates/manager_config.yaml +++ b/cosmo_tester/test_suites/cluster/cfy_cluster_manager_resources/config_files_templates/manager_config.yaml @@ -19,12 +19,14 @@ rabbitmq: cluster_members: {{ rabbitmq_cluster }} ca_path: {{ ca_path }} + ca_key_path: {{ ca_key_path }} postgresql_server: cluster: nodes: {{ postgresql_cluster }} ca_path: {{ ca_path }} + ca_key_path: {{ ca_key_path }} ssl_enabled: true postgres_password: strongpostgresqlpassword @@ -41,9 +43,12 @@ validations: ssl_inputs: internal_cert_path: {{ node.cert_path }} internal_key_path: {{ node.key_path }} - postgresql_client_cert_path: {{ node.cert_path }} - postgresql_client_key_path: {{ node.key_path }} + postgresql_client_cert_path: {{ db_client_cert_path }} + postgresql_client_key_path: {{ db_client_key_path }} + postgresql_superuser_client_cert_path: {{ db_client_su_cert_path }} + postgresql_superuser_client_key_path: {{ db_client_su_key_path }} ca_cert_path: {{ ca_path }} + ca_key_path: {{ ca_key_path }} prometheus: credentials: @@ -53,6 +58,7 @@ prometheus: cert_path: {{ node.cert_path }} key_path: {{ node.key_path }} ca_path: {{ ca_path }} + ca_key_path: {{ ca_key_path }} services_to_install: - manager_service diff --git a/cosmo_tester/test_suites/cluster/cfy_cluster_manager_test.py b/cosmo_tester/test_suites/cluster/cfy_cluster_manager_test.py index 90e40c171..fed6b2bb4 100644 --- a/cosmo_tester/test_suites/cluster/cfy_cluster_manager_test.py +++ b/cosmo_tester/test_suites/cluster/cfy_cluster_manager_test.py @@ -281,6 +281,11 @@ def _prepare_manager_config_files(template, nodes_list, rabbitmq_cluster, rendered_date = template.render( node=node, ca_path=join(REMOTE_CERTS_PATH, 'ca.pem'), + ca_key_path=join(REMOTE_CERTS_PATH, 'ca.key'), + db_client_cert_path=join(REMOTE_CERTS_PATH, 'cloudify.crt'), + db_client_key_path=join(REMOTE_CERTS_PATH, 'cloudify.key'), + db_client_su_cert_path=join(REMOTE_CERTS_PATH, 'postgres.crt'), + db_client_su_key_path=join(REMOTE_CERTS_PATH, 'postgres.key'), license_path=REMOTE_LICENSE_PATH, rabbitmq_cluster=rabbitmq_cluster, postgresql_cluster=postgresql_cluster @@ -341,6 +346,11 @@ def _create_certificates(local_certs_path, nodes_list, tmpdir, ca_cert = ca_base + 'pem' ca_key = ca_base + 'key' generate_ca_cert(ca_cert, ca_key) + generate_ca_cert(str(local_certs_path / 'cloudify.crt'), + str(local_certs_path / 'cloudify.key')) + generate_ca_cert(str(local_certs_path / 'postgres.crt'), + str(local_certs_path / 'postgres.key')) + for i, node in enumerate(nodes_list, start=1): node_cert = str(local_certs_path / 'node-{0}.crt'.format(i)) node_key = str(local_certs_path / 'node-{0}.key'.format(i)) @@ -362,3 +372,11 @@ def _create_certificates(local_certs_path, nodes_list, tmpdir, node.put_remote_file(remote_key, node_key) node.put_remote_file(join(REMOTE_CERTS_PATH, 'ca.pem'), ca_cert) node.put_remote_file(join(REMOTE_CERTS_PATH, 'ca.key'), ca_key) + node.put_remote_file(join(REMOTE_CERTS_PATH, 'cloudify.crt'), + str(local_certs_path / 'cloudify.crt')) + node.put_remote_file(join(REMOTE_CERTS_PATH, 'cloudify.key'), + str(local_certs_path / 'cloudify.key')) + node.put_remote_file(join(REMOTE_CERTS_PATH, 'postgres.crt'), + str(local_certs_path / 'postgres.crt')) + node.put_remote_file(join(REMOTE_CERTS_PATH, 'postgres.key'), + str(local_certs_path / 'postgres.key'))