Make certservice-client use volume mount

Client container runs as root to avoid permission issues with volume mount access Change client output path from '/var/log' to '/var/certs' Issue-ID: AAF-1107 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I28ec95cd5e38f43d282087264b04c5b378bbabfd
author: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> 2020-03-19 14:20:22 +0100
committer: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> 2020-03-23 10:04:46 +0100
commit: ed0f3be44b4a98f19b0998982ed858cbfb0d1aa1 (patch)
tree: 867099fbf75ca20e3ff1c2eae40de826ed3f2a43 /tests
parent: a00e89e8b7f7ccc703d4b2c1211477cb9040717b (diff)
4 files changed, 28 insertions, 37 deletions
diff --git a/tests/aaf/certservice/assets/invalid_client_docker.env b/tests/aaf/certservice/assets/invalid_client_docker.env
index 7fbc666e..3e7d879b 100644
--- a/tests/aaf/certservice/assets/invalid_client_docker.env
+++ b/tests/aaf/certservice/assets/invalid_client_docker.env
@@ -1,6 +1,6 @@
 #Client envs
 REQUEST_TIMEOUT=5000
-OUTPUT_PATH=/var/log
+OUTPUT_PATH=/var/certs
 CA_NAME=Invalid
 #Csr config envs
 COMMON_NAME=onap.org
@@ -9,4 +9,4 @@ ORGANIZATION_UNIT=ONAP
 LOCATION=San-Francisco
 STATE=California
 COUNTRY=US
-SANS=example.com:example1.com:example3.com
-\ No newline at end of file
+SANS=example.com:sample.com
+\ No newline at end of file
diff --git a/tests/aaf/certservice/assets/valid_client_docker.env b/tests/aaf/certservice/assets/valid_client_docker.env
index 7a219761..01818960 100644
--- a/tests/aaf/certservice/assets/valid_client_docker.env
+++ b/tests/aaf/certservice/assets/valid_client_docker.env
@@ -1,6 +1,6 @@
 #Client envs
 REQUEST_TIMEOUT=30000
-OUTPUT_PATH=/var/log
+OUTPUT_PATH=/var/certs
 CA_NAME=RA
 #Csr config envs
 COMMON_NAME=onap.org
diff --git a/tests/aaf/certservice/libraries/CertClientManager.py b/tests/aaf/certservice/libraries/CertClientManager.py
index ebacf221..792b6939 100644
--- a/tests/aaf/certservice/libraries/CertClientManager.py
+++ b/tests/aaf/certservice/libraries/CertClientManager.py
@@ -1,12 +1,12 @@
 import docker
 import os
 import shutil
-import tarfile
 import re
 from OpenSSL import crypto
+from docker.types import Mount
 
 ARCHIVES_PATH = os.getenv("WORKSPACE") + "/archives/"
-TMP_PATH = os.getenv("WORKSPACE") + "/tests/aaf/certservice/tmp"
+MOUNT_PATH = os.getenv("WORKSPACE") + "/tests/aaf/certservice/tmp"
 
 ERROR_API_REGEX = 'Error on API response.*[0-9]{3}'
 RESPONSE_CODE_REGEX = '[0-9]{3}'
@@ -15,11 +15,19 @@ RESPONSE_CODE_REGEX = '[0-9]{3}'
 class CertClientManager:
 
     def run_client_container(self, client_image, container_name, path_to_env, request_url, network):
+        self.create_mount_dir()
         client = docker.from_env()
         environment = self.read_list_env_from_file(path_to_env)
         environment.append("REQUEST_URL=" + request_url)
-        container = client.containers.run(image=client_image, name=container_name, detach=True, environment=environment,
-                                          network=network)
+        container = client.containers.run(
+            image=client_image,
+            name=container_name,
+            environment=environment,
+            network=network,
+            user='root', #Run container as root to avoid permission issues with volume mount access
+            mounts=[Mount(target='/var/certs', source=MOUNT_PATH, type='bind')],
+            detach=True
+        )
         exitcode = container.wait()
         return exitcode
 
@@ -39,40 +47,19 @@ class CertClientManager:
         text_file.write(container.logs())
         text_file.close()
         container.remove()
+        self.remove_mount_dir()
 
-    def can_open_keystore_and_truststore_with_pass(self, container_name):
-        self.copy_jks_file_to_tmp_dir(container_name)
-
-        keystore_pass_path = TMP_PATH + '/logs/log/keystore.pass'
-        keystore_jks_path = TMP_PATH + '/logs/log/keystore.jks'
+    def can_open_keystore_and_truststore_with_pass(self):
+        keystore_pass_path = MOUNT_PATH + '/keystore.pass'
+        keystore_jks_path = MOUNT_PATH + '/keystore.jks'
         can_open_keystore = self.can_open_jks_file_by_pass_file(keystore_pass_path, keystore_jks_path)
 
-        truststore_pass_path = TMP_PATH + '/logs/log/truststore.pass'
-        truststore_jks_path = TMP_PATH + '/logs/log/truststore.jks'
+        truststore_pass_path = MOUNT_PATH + '/truststore.pass'
+        truststore_jks_path = MOUNT_PATH + '/truststore.jks'
         can_open_truststore = self.can_open_jks_file_by_pass_file(truststore_pass_path, truststore_jks_path)
 
-        self.remove_tmp_dir(TMP_PATH)
         return can_open_keystore & can_open_truststore
 
-    def copy_jks_file_to_tmp_dir(self, container_name):
-        os.mkdir(TMP_PATH)
-        self.copy_jks_file_from_container_to_tmp_dir(container_name)
-        self.extract_tar_file()
-
-    def copy_jks_file_from_container_to_tmp_dir(self, container_name):
-        client = docker.from_env()
-        container = client.containers.get(container_name)
-        f = open(TMP_PATH + '/var_log.tar', 'wb')
-        bits, stat = container.get_archive('/var/log/')
-        for chunk in bits:
-            f.write(chunk)
-        f.close()
-
-    def extract_tar_file(self):
-        my_tar = tarfile.open(TMP_PATH + '/var_log.tar')
-        my_tar.extractall(TMP_PATH + '/logs')
-        my_tar.close()
-
     def can_open_jks_file_by_pass_file(self, pass_file_path, jks_file_path):
         try:
             password = open(pass_file_path, 'rb').read()
@@ -81,8 +68,12 @@ class CertClientManager:
         except:
             return False
 
-    def remove_tmp_dir(self, tmp_path):
-        shutil.rmtree(tmp_path)
+    def create_mount_dir(self):
+        if not os.path.exists(MOUNT_PATH):
+            os.makedirs(MOUNT_PATH)
+
+    def remove_mount_dir(self):
+        shutil.rmtree(MOUNT_PATH)
 
     def can_find_api_response_in_logs(self, container_name):
         logs = self.get_container_logs(container_name)
diff --git a/tests/aaf/certservice/resources/cert-service-keywords.robot b/tests/aaf/certservice/resources/cert-service-keywords.robot
index c70cfcf4..75cebadc 100644
--- a/tests/aaf/certservice/resources/cert-service-keywords.robot
+++ b/tests/aaf/certservice/resources/cert-service-keywords.robot
@@ -87,7 +87,7 @@ Run Cert Service Client And Validate JKS File Creation And Client Exit Code
     [Documentation]  Run Cert Service Client Container And Validate Exit Code
     [Arguments]   ${env_file}  ${expected_exit_code}
     ${exit_code}=  Run Client Container  ${DOCKER_CLIENT_IMAGE}  ${CLIENT_CONTAINER_NAME}  ${env_file}  ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT}  ${CERT_SERVICE_NETWORK}
-    ${can_open}=  Can Open Keystore And Truststore With Pass  ${CLIENT_CONTAINER_NAME}
+    ${can_open}=  Can Open Keystore And Truststore With Pass
     Remove Client Container And Save Logs  ${CLIENT_CONTAINER_NAME}  positive_path
     Should Be Equal As Strings  ${exit_code}  ${expected_exit_code}  Client return: ${exitcode} exit code, but expected: ${expected_exit_code}
     Should Be True  ${can_open}  Cannot Open Keystore/TrustStore by passpshase
author	Remigiusz Janeczek <remigiusz.janeczek@nokia.com>	2020-03-19 14:20:22 +0100
committer	Remigiusz Janeczek <remigiusz.janeczek@nokia.com>	2020-03-23 10:04:46 +0100
commit	ed0f3be44b4a98f19b0998982ed858cbfb0d1aa1 (patch)
tree	867099fbf75ca20e3ff1c2eae40de826ed3f2a43 /tests
parent	a00e89e8b7f7ccc703d4b2c1211477cb9040717b (diff)