Merge pull request #7920 from thotz/tlscitest

test: ci test for TLS objectstore
rook · Jul 5, 2021 · 830b36c · 830b36c
2 parents c4d15f4 + 9e3cf68
commit 830b36c
Show file tree

Hide file tree

Showing 7 changed files with 276 additions and 107 deletions.
diff --git a/pkg/operator/ceph/object/s3-handlers.go b/pkg/operator/ceph/object/s3-handlers.go
@@ -37,6 +37,14 @@ type S3Agent struct {
 }
 
 func NewS3Agent(accessKey, secretKey, endpoint string, debug bool, tlsCert []byte) (*S3Agent, error) {
+	return newS3Agent(accessKey, secretKey, endpoint, debug, tlsCert, false)
+}
+
+func NewTestOnlyS3Agent(accessKey, secretKey, endpoint string, debug bool) (*S3Agent, error) {
+	return newS3Agent(accessKey, secretKey, endpoint, debug, nil, true)
+}
+
+func newS3Agent(accessKey, secretKey, endpoint string, debug bool, tlsCert []byte, insecure bool) (*S3Agent, error) {
 	const cephRegion = "us-east-1"
 
 	logLevel := aws.LogOff
@@ -47,9 +55,16 @@ func NewS3Agent(accessKey, secretKey, endpoint string, debug bool, tlsCert []byt
 		Timeout: HttpTimeOut,
 	}
 	tlsEnabled := false
-	if len(tlsCert) > 0 {
-		client.Transport = BuildTransportTLS(tlsCert)
+	if len(tlsCert) > 0 || insecure {
 		tlsEnabled = true
+		if len(tlsCert) > 0 {
+			client.Transport = BuildTransportTLS(tlsCert)
+		} else if insecure {
+			client.Transport = &http.Transport{
+				// #nosec G402 is enabled only for testing
+				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+			}
+		}
 	}
 	sess, err := session.NewSession(
 		aws.NewConfig().

diff --git a/tests/framework/clients/object.go b/tests/framework/clients/object.go
@@ -40,10 +40,10 @@ func CreateObjectOperation(k8sh *utils.K8sHelper, manifests installer.CephManife
 }
 
 // ObjectCreate Function to create a object store in rook
-func (o *ObjectOperation) Create(namespace, storeName string, replicaCount int32) error {
+func (o *ObjectOperation) Create(namespace, storeName string, replicaCount int32, tlsEnable bool) error {
 
-	logger.Infof("creating the object store via CRD")
-	if err := o.k8sh.ResourceOperation("apply", o.manifests.GetObjectStore(storeName, int(replicaCount), rgwPort)); err != nil {
+	logger.Info("creating the object store via CRD")
+	if err := o.k8sh.ResourceOperation("apply", o.manifests.GetObjectStore(storeName, int(replicaCount), rgwPort, tlsEnable)); err != nil {
 		return err
 	}
 

diff --git a/tests/framework/clients/object_user.go b/tests/framework/clients/object_user.go
@@ -17,13 +17,15 @@ limitations under the License.
 package clients
 
 import (
+	"context"
 	"fmt"
 	"strings"
 
 	"github.com/rook/rook/pkg/daemon/ceph/client"
 	rgw "github.com/rook/rook/pkg/operator/ceph/object"
 	"github.com/rook/rook/tests/framework/installer"
 	"github.com/rook/rook/tests/framework/utils"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 // ObjectUserOperation is wrapper for k8s rook object user operations
@@ -39,9 +41,16 @@ func CreateObjectUserOperation(k8sh *utils.K8sHelper, manifests installer.CephMa
 
 // ObjectUserGet Function to get the details of an object user from radosgw
 func (o *ObjectUserOperation) GetUser(namespace string, store string, userid string) (*rgw.ObjectUser, error) {
-	context := o.k8sh.MakeContext()
+	ctx := o.k8sh.MakeContext()
 	clusterInfo := client.AdminClusterInfo(namespace)
-	rgwcontext := rgw.NewContext(context, clusterInfo, store)
+	objectStore, err := o.k8sh.RookClientset.CephV1().CephObjectStores(namespace).Get(context.TODO(), store, metav1.GetOptions{})
+	if err != nil {
+		return nil, fmt.Errorf("failed to get objectstore info: %+v", err)
+	}
+	rgwcontext, err := rgw.NewMultisiteContext(ctx, clusterInfo, objectStore)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get RGW context: %+v", err)
+	}
 	userinfo, _, err := rgw.GetUser(rgwcontext, userid)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get user info: %+v", err)

diff --git a/tests/framework/installer/ceph_manifests.go b/tests/framework/installer/ceph_manifests.go
@@ -42,7 +42,7 @@ type CephManifests interface {
 	GetFilesystem(name string, activeCount int) string
 	GetNFS(name, pool string, daemonCount int) string
 	GetRBDMirror(name string, daemonCount int) string
-	GetObjectStore(name string, replicaCount, port int) string
+	GetObjectStore(name string, replicaCount, port int, tlsEnable bool) string
 	GetObjectStoreUser(name, displayName, store string) string
 	GetBucketStorageClass(storeName, storageClassName, reclaimPolicy, region string) string
 	GetOBC(obcName, storageClassName, bucketName string, maxObject string, createBucket bool) string
@@ -385,7 +385,34 @@ spec:
     active: ` + strconv.Itoa(count)
 }
 
-func (m *CephManifestsMaster) GetObjectStore(name string, replicaCount, port int) string {
+func (m *CephManifestsMaster) GetObjectStore(name string, replicaCount, port int, tlsEnable bool) string {
+	if tlsEnable {
+		return `apiVersion: ceph.rook.io/v1
+kind: CephObjectStore
+metadata:
+  name: ` + name + `
+  namespace: ` + m.settings.Namespace + `
+spec:
+  metadataPool:
+    replicated:
+      size: 1
+      requireSafeReplicaSize: false
+    compressionMode: passive
+  dataPool:
+    replicated:
+      size: 1
+      requireSafeReplicaSize: false
+  gateway:
+    type: s3
+    securePort: ` + strconv.Itoa(port) + `
+    instances: ` + strconv.Itoa(replicaCount) + `
+    sslCertificateRef: ` + name + `
+  healthCheck:
+    bucket:
+      disabled: false
+      interval: 10s
+`
+	}
 	return `apiVersion: ceph.rook.io/v1
 kind: CephObjectStore
 metadata:

diff --git a/tests/framework/installer/ceph_manifests_v1.5.go b/tests/framework/installer/ceph_manifests_v1.5.go
@@ -336,7 +336,7 @@ spec:
     active: ` + strconv.Itoa(count)
 }
 
-func (m *CephManifestsV1_5) GetObjectStore(name string, replicaCount, port int) string {
+func (m *CephManifestsV1_5) GetObjectStore(name string, replicaCount, port int, tlsEnable bool) string {
 	return `apiVersion: ceph.rook.io/v1
 kind: CephObjectStore
 metadata: