From 968cd1f0e8a4b5487933d1e7c2d0049720464d8c Mon Sep 17 00:00:00 2001 From: Petr OspalĂ˝ Date: Fri, 20 Sep 2019 05:51:37 +0200 Subject: Add support for HTTPS in sanity tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If 'disableHttp' is enabled then HTTP ports are replaced with HTTPS ports. Also added the latest trustore with AAF issuer. And because certs for SDC components have CN set to "sdc" - environment json must have the domain names correctly too...it will not work with plain IPs. The changes have been tested from CSIT perspective so if something is missing here or wrong then it is due to the fact that I was focusing on bringing https support to the same level as are http tests and there is also the fact that I do not know SDC component at all. The changes are also done in a manner of previous ones - hacked on top of the current codebase, which is in dire need of a rewrite: - duplicated trustores and other artifacts - duplicated scripts and/or similar script with small differences - ui tests use old ubuntu image vs api tests on alpine - chef codebase is very messy and I see no benefit in the current usage Issue-ID: SDC-2564 Signed-off-by: Petr OspalĂ˝ Change-Id: I32e0fb7723ab8489eb09372d410c6f34aaf7cfc8 --- sdc-os-chef/environments/Template.json | 7 +++++-- test-apis-ci/sdc-api-tests/Dockerfile | 10 ++++++++++ .../files/default/org.onap.sdc.trust.jks | Bin 0 -> 1413 bytes .../sdc-api-tests/files/default/startTest.sh | 4 ++++ .../recipes/sanityApiTests_1_setup_env.rb | 17 +++++++++++++++- .../sanityApiTests_2_setup_configuration.rb | 4 ++-- .../templates/default/sdc-sanity.yaml.erb | 15 +++++++++----- test-apis-ci/sdc-api-tests/startup.sh | 19 ++++++++++++++++++ ui-ci/sdc-ui-tests/Dockerfile | 10 ++++++++++ .../files/default/org.onap.sdc.trust.jks | Bin 0 -> 1413 bytes .../sdc-ui-tests/files/default/startTest.sh | 4 ++++ .../recipes/sanityUiTests_1_setup_env.rb | 17 +++++++++++++++- .../recipes/sanityUiTests_2_setup_configuration.rb | 4 ++-- .../templates/default/sdc-sanity.yaml.erb | 22 ++++++++++++--------- ui-ci/sdc-ui-tests/startup.sh | 19 ++++++++++++++++++ 15 files changed, 130 insertions(+), 22 deletions(-) create mode 100644 test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/files/default/org.onap.sdc.trust.jks create mode 100644 ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/files/default/org.onap.sdc.trust.jks diff --git a/sdc-os-chef/environments/Template.json b/sdc-os-chef/environments/Template.json index e049258cad..f9e5b6dfd4 100644 --- a/sdc-os-chef/environments/Template.json +++ b/sdc-os-chef/environments/Template.json @@ -52,15 +52,18 @@ "override_attributes": { "FE": { "http_port": "8181", - "https_port": "9443" + "https_port": "9443", + "domain_name": "sdc" }, "BE": { "http_port": "8080", - "https_port": "8443" + "https_port": "8443", + "domain_name": "sdc" }, "ONBOARDING_BE": { "http_port": "8081", "https_port": "8445", + "domain_name": "sdc", "catalog_notification_url": "%s://%s:%s/sdc2/rest/v1/catalog/notif/vsp/" }, "elasticsearch": { diff --git a/test-apis-ci/sdc-api-tests/Dockerfile b/test-apis-ci/sdc-api-tests/Dockerfile index 396e6ebcd4..edf939f43e 100644 --- a/test-apis-ci/sdc-api-tests/Dockerfile +++ b/test-apis-ci/sdc-api-tests/Dockerfile @@ -1,5 +1,15 @@ FROM onap/base_sdc-sanity:1.4.1 +# install packages +RUN \ + apk update \ + && \ + apk add --no-cache \ + jq \ + openssl \ + && \ + rm -rf /var/cache/apk/* + COPY chef-solo /root/chef-solo/ COPY chef-repo/cookbooks/. /root/chef-solo/cookbooks/ diff --git a/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/files/default/org.onap.sdc.trust.jks b/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/files/default/org.onap.sdc.trust.jks new file mode 100644 index 0000000000..d07ce1a66b Binary files /dev/null and b/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/files/default/org.onap.sdc.trust.jks differ diff --git a/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/files/default/startTest.sh b/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/files/default/startTest.sh index 23a1d3fa95..562bfe4ffc 100644 --- a/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/files/default/startTest.sh +++ b/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/files/default/startTest.sh @@ -4,6 +4,10 @@ RERUN=false debug_port=8000 TEST_SUITES=testSuites fileName=testng-failed.xml +JAVA_OPTIONS="${JAVA_OPTIONS} \ + -Djavax.net.ssl.trustStore=/var/lib/tests/etc/org.onap.sdc.trust.jks \ + -Dtestng.show.stack.frames=true \ + " function help_usage () { diff --git a/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/recipes/sanityApiTests_1_setup_env.rb b/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/recipes/sanityApiTests_1_setup_env.rb index 112cc4c2e7..61d0133888 100644 --- a/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/recipes/sanityApiTests_1_setup_env.rb +++ b/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/recipes/sanityApiTests_1_setup_env.rb @@ -46,4 +46,19 @@ tests_base="/var/lib/tests" group 'root' mode '0755' action :create - end \ No newline at end of file + end + + directory "create_etc_dir" do + path "/var/lib/tests/etc" + owner 'root' + group 'root' + mode '0755' + action :create + end + +cookbook_file "/var/lib/tests/etc/org.onap.sdc.trust.jks" do + source "org.onap.sdc.trust.jks" + owner "root" + group "root" + mode 0644 +end \ No newline at end of file diff --git a/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/recipes/sanityApiTests_2_setup_configuration.rb b/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/recipes/sanityApiTests_2_setup_configuration.rb index 782bba249d..e90fa87e02 100644 --- a/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/recipes/sanityApiTests_2_setup_configuration.rb +++ b/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/recipes/sanityApiTests_2_setup_configuration.rb @@ -8,9 +8,9 @@ template "sdc-yaml-config" do mode "0755" variables ({ :target_path => "#{tests_base}/target", - :catalogBE_ip => node['Nodes']['BE'], + :catalogBE_host => node['Nodes']['BE'], :catalogBE_port => node['BE'][:http_port], - :webportal_ip => node['Nodes']['FE'], + :webportal_host => node['Nodes']['FE'], :webportal_port => node['FE'][:http_port], :janusgraph_file => "#{tests_base}/conf/janusgraph.properties", :tests_base_ci => "#{tests_base}/CI/tests", diff --git a/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/templates/default/sdc-sanity.yaml.erb b/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/templates/default/sdc-sanity.yaml.erb index ce20180d63..4185e3fee9 100644 --- a/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/templates/default/sdc-sanity.yaml.erb +++ b/test-apis-ci/sdc-api-tests/chef-repo/cookbooks/sdc-api-tests/templates/default/sdc-sanity.yaml.erb @@ -2,17 +2,22 @@ outputFolder: <%= @target_path %> reportName: index.html esHost: eshost disributionClientHost: disClient -catalogFeHost: <%= @webportal_ip %> -catalogFePort: <%= @webportal_port %> -catalogBeHost: <%= @catalogBE_ip %> -catalogBePort: <%= @catalogBE_port %> -onboardingBeHost: <%= node['ONBOARDING_BE_VIP'] %> <% if node[:disableHttp] -%> sdcHttpMethod: https onboardingBePort: <%= node['ONBOARDING_BE'][:https_port] %> +onboardingBeHost: <%= node['ONBOARDING_BE'][:domain_name] %> +catalogBeHost: <%= node['BE'][:domain_name] %> +catalogBePort: <%= node['BE'][:https_port] %> +catalogFeHost: <%= node['FE'][:domain_name] %> +catalogFePort: <%= node['FE'][:https_port] %> <% else %> sdcHttpMethod: http onboardingBePort: <%= node['ONBOARDING_BE'][:http_port] %> +onboardingBeHost: <%= node['ONBOARDING_BE_VIP'] %> +catalogFeHost: <%= @webportal_host %> +catalogFePort: <%= @webportal_port %> +catalogBeHost: <%= @catalogBE_host %> +catalogBePort: <%= @catalogBE_port %> <% end -%> disributionClientPort: 8181 esPort: 9200 diff --git a/test-apis-ci/sdc-api-tests/startup.sh b/test-apis-ci/sdc-api-tests/startup.sh index 80faeeac2e..7b102cadfd 100644 --- a/test-apis-ci/sdc-api-tests/startup.sh +++ b/test-apis-ci/sdc-api-tests/startup.sh @@ -1,5 +1,24 @@ #!/bin/bash +# prepare env for HTTPS if used + +is_https=$(cat /root/chef-solo/environments/${ENVNAME}.json | \ + jq -cr '.default_attributes.disableHttp' | \ + tr '[:upper:]' '[:lower:]') + +if [ "$is_https" = true ] ; then + # setup /etc/hosts + SDC_FE_IP=$(cat /root/chef-solo/environments/${ENVNAME}.json | \ + jq -cr '.default_attributes.Nodes.FE') + SDC_FE_HOSTNAME=$(cat /root/chef-solo/environments/${ENVNAME}.json | \ + jq -cr '.override_attributes.FE.domain_name') + if ! grep -q "^[[:space:]]*${SDC_FE_IP}[[:space:]]" ; then + echo "${SDC_FE_IP}" "${SDC_FE_HOSTNAME}" >> /etc/hosts + fi +fi + +# run tests + cd /root/chef-solo chef-solo -c solo.rb -E ${ENVNAME} diff --git a/ui-ci/sdc-ui-tests/Dockerfile b/ui-ci/sdc-ui-tests/Dockerfile index 3b1129322f..1bd1a779ba 100644 --- a/ui-ci/sdc-ui-tests/Dockerfile +++ b/ui-ci/sdc-ui-tests/Dockerfile @@ -1,5 +1,15 @@ FROM onap/base_sdc-vnc:1.4.1 +# install packages +RUN DEBIAN_FRONTEND=noninteractive \ + apt-get -y update \ + && \ + apt-get -y install \ + jq \ + openssl \ + && \ + apt-get -y clean + COPY chef-solo /root/chef-solo/ COPY chef-repo/cookbooks/. /root/chef-solo/cookbooks/ diff --git a/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/files/default/org.onap.sdc.trust.jks b/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/files/default/org.onap.sdc.trust.jks new file mode 100644 index 0000000000..d07ce1a66b Binary files /dev/null and b/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/files/default/org.onap.sdc.trust.jks differ diff --git a/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/files/default/startTest.sh b/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/files/default/startTest.sh index f013bcf2cf..c4415578ee 100644 --- a/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/files/default/startTest.sh +++ b/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/files/default/startTest.sh @@ -4,6 +4,10 @@ RERUN=false debug_port=8000 TEST_SUITES=testSuites fileName=testng-failed.xml +JAVA_OPTIONS="${JAVA_OPTIONS} \ + -Djavax.net.ssl.trustStore=/var/lib/tests/etc/org.onap.sdc.trust.jks \ + -Dtestng.show.stack.frames=true \ + " function help_usage () { diff --git a/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/recipes/sanityUiTests_1_setup_env.rb b/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/recipes/sanityUiTests_1_setup_env.rb index 112cc4c2e7..61d0133888 100644 --- a/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/recipes/sanityUiTests_1_setup_env.rb +++ b/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/recipes/sanityUiTests_1_setup_env.rb @@ -46,4 +46,19 @@ tests_base="/var/lib/tests" group 'root' mode '0755' action :create - end \ No newline at end of file + end + + directory "create_etc_dir" do + path "/var/lib/tests/etc" + owner 'root' + group 'root' + mode '0755' + action :create + end + +cookbook_file "/var/lib/tests/etc/org.onap.sdc.trust.jks" do + source "org.onap.sdc.trust.jks" + owner "root" + group "root" + mode 0644 +end \ No newline at end of file diff --git a/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/recipes/sanityUiTests_2_setup_configuration.rb b/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/recipes/sanityUiTests_2_setup_configuration.rb index 04a65413f5..50a953081a 100644 --- a/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/recipes/sanityUiTests_2_setup_configuration.rb +++ b/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/recipes/sanityUiTests_2_setup_configuration.rb @@ -7,9 +7,9 @@ template "sdc-yaml-config" do group "root" mode "0755" variables ({ - :catalogBE_ip => node['Nodes']['BE'], + :catalogBE_host => node['Nodes']['BE'], :catalogBE_port => node['BE'][:http_port], - :webportal_ip => node['Nodes']['FE'], + :webportal_host => node['Nodes']['FE'], :webportal_port => node['FE'][:http_port], :janusgraph_file => "#{tests_base}/conf/janusgraph.properties", :tests_base_ci => "#{tests_base}/CI/tests", diff --git a/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/templates/default/sdc-sanity.yaml.erb b/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/templates/default/sdc-sanity.yaml.erb index c8a3258625..23d0abcdda 100644 --- a/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/templates/default/sdc-sanity.yaml.erb +++ b/ui-ci/sdc-ui-tests/chef-repo/cookbooks/sdc-ui-tests/templates/default/sdc-sanity.yaml.erb @@ -1,24 +1,28 @@ -url: http://<%= @webportal_ip %>:8285/sdc1 browser: firefox uiSimulator: true -catalogBeHost: <%= @catalogBE_ip %> -catalogBePort: <%= @catalogBE_port %> -catalogFeHost: <%= @webportal_ip %> -catalogFePort: <%= @webportal_port %> -onboardingBeHost: <%= node['ONBOARDING_BE_VIP'] %> <% if node[:disableHttp] -%> sdcHttpMethod: https onboardingBePort: <%= node['ONBOARDING_BE'][:https_port] %> +onboardingBeHost: <%= node['ONBOARDING_BE'][:domain_name] %> +url: https://<%= node['FE'][:domain_name] %>:8286/sdc1 +catalogBeHost: <%= node['BE'][:domain_name] %> +catalogBePort: <%= node['BE'][:https_port] %> +catalogFeHost: <%= node['FE'][:domain_name] %> +catalogFePort: <%= node['FE'][:https_port] %> <% else %> sdcHttpMethod: http onboardingBePort: <%= node['ONBOARDING_BE'][:http_port] %> +onboardingBeHost: <%= node['ONBOARDING_BE_VIP'] %> +url: http://<%= @webportal_host %>:8285/sdc1 +catalogBeHost: <%= @catalogBE_host %> +catalogBePort: <%= @catalogBE_port %> +catalogFeHost: <%= @webportal_host %> +catalogFePort: <%= @webportal_port %> <% end -%> - - esHost: <%= @ES_IP %> esPort: 9200 disributionClientHost: disClient @@ -40,4 +44,4 @@ importResourceTestsConfigDir: <%= @importResourceTestsConfigDir %> errorConfigurationFile: <%= @errorConfigurationFile %> configurationFile: <%= @ConfigurationFile %> importTypesConfigDir: <%= @importTypesDir %> -janusGraphPropertiesFile: <%= @janusgraph_file %> \ No newline at end of file +janusGraphPropertiesFile: <%= @janusgraph_file %> diff --git a/ui-ci/sdc-ui-tests/startup.sh b/ui-ci/sdc-ui-tests/startup.sh index 9078980666..6455c17e58 100644 --- a/ui-ci/sdc-ui-tests/startup.sh +++ b/ui-ci/sdc-ui-tests/startup.sh @@ -2,6 +2,25 @@ /dockerstartup/vnc_startup.sh & +# prepare env for HTTPS if used + +is_https=$(cat /root/chef-solo/environments/${ENVNAME}.json | \ + jq -cr '.default_attributes.disableHttp' | \ + tr '[:upper:]' '[:lower:]') + +if [ "$is_https" = true ] ; then + # setup /etc/hosts + SDC_FE_IP=$(cat /root/chef-solo/environments/${ENVNAME}.json | \ + jq -cr '.default_attributes.Nodes.FE') + SDC_FE_HOSTNAME=$(cat /root/chef-solo/environments/${ENVNAME}.json | \ + jq -cr '.override_attributes.FE.domain_name') + if ! grep -q "^[[:space:]]*${SDC_FE_IP}[[:space:]]" ; then + echo "${SDC_FE_IP}" "${SDC_FE_HOSTNAME}" >> /etc/hosts + fi +fi + +# run tests + cd /root/chef-solo chef-solo -c solo.rb -E ${ENVNAME} -- cgit 1.2.3-korg