Skip to content

Commit

Permalink
In CP Reaper tests, compare certificate fingerprints
Browse files Browse the repository at this point in the history
  • Loading branch information
@rzvoncek
rzvoncek committed Oct 25, 2024
1 parent 0670c26 commit 94b6bdd
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 6 deletions.
4 changes: 3 additions & 1 deletion test/e2e/reaper_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -308,7 +308,9 @@ func createReaperAndDatacenter(t *testing.T, ctx context.Context, namespace stri
func createControlPlaneReaperAndDatacenter(t *testing.T, ctx context.Context, namespace string, f *framework.E2eFramework) {
reaperName := "reaper1"
cluster1Name := "enc-mgmt"
cluster1DcName := "c1dc1"
cluster2Name := "enc-mgmt-2"
cluster2DcName := "c2dc1"

reaperKey := framework.ClusterKey{K8sContext: f.ControlPlaneContext, NamespacedName: types.NamespacedName{Namespace: namespace, Name: reaperName}}
c1dc1Key := framework.ClusterKey{K8sContext: f.DataPlaneContexts[0], NamespacedName: types.NamespacedName{Namespace: namespace, Name: fmt.Sprintf("%s-dc1", cluster1Name)}}
Expand All @@ -319,7 +321,7 @@ func createControlPlaneReaperAndDatacenter(t *testing.T, ctx context.Context, na
checkDatacenterReady(t, ctx, c2dc1Key, f)

t.Log("Verify Reaper received k8ssandra-cluster secrets")
verifyReaperSecrets(t, f, ctx, namespace, reaperName, cluster1Name, cluster2Name)
verifyReaperSecrets(t, f, ctx, namespace, reaperName, cluster1Name, cluster1DcName, cluster2Name, cluster2DcName)

c1dc1Prefix := DcPrefix(t, f, c1dc1Key)
c2dc1Prefix := DcPrefix(t, f, c2dc1Key)
Expand Down
33 changes: 28 additions & 5 deletions test/e2e/suite_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package e2e

import (
"context"
"crypto/sha256"
"encoding/json"
"flag"
"fmt"
Expand Down Expand Up @@ -1942,7 +1943,7 @@ func verifyReaperSecrets(
t *testing.T,
f *framework.E2eFramework,
ctx context.Context,
namespace, reaperName, cluster1Name, cluster2Name string,
namespace, reaperName, cluster1Name, cluster1DcName, cluster2Name, cluster2DcName string,
) {
// check that the secret now has 2 entries
updatedTruststoreSecret := &corev1.Secret{}
Expand All @@ -1951,15 +1952,20 @@ func verifyReaperSecrets(
require.Len(t, updatedTruststoreSecret.Data, 4, "truststore secret should have 2 entries")

// check that updatedTruststoreSecret keys are made of correctly named truststore files
_, ok := updatedTruststoreSecret.Data[fmt.Sprintf("%s-truststore.jks", cluster1Name)]
c1ts, ok := updatedTruststoreSecret.Data[fmt.Sprintf("%s-truststore.jks", cluster1Name)]
require.True(t, ok, "truststore secret should have key %s", cluster1Name)
_, ok = updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster1Name)]
c1ks, ok := updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster1Name)]
require.True(t, ok, "truststore secret should have key %s", cluster1Name)

_, ok = updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster2Name)]
// compare the secrets in reaper's truststore with the actual secrets the cluster uses
verifyTruststoreFingerprints(t, f, ctx, namespace, cluster1Name, cluster1DcName, c1ts, c1ks)

c2ts, ok := updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster2Name)]
require.True(t, ok, "truststore secret should have key %s", cluster2Name)
_, ok = updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster2Name)]
c2ks, ok := updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster2Name)]
require.True(t, ok, "truststore secret should have key %s", cluster2Name)

verifyTruststoreFingerprints(t, f, ctx, namespace, cluster2Name, cluster2DcName, c2ts, c2ks)
}

func checkKeyspaceNeverCreated(
Expand Down Expand Up @@ -2386,3 +2392,20 @@ func CheckLabelsAnnotationsCreated(dcKey framework.ClusterKey, t *testing.T, ctx
assert.True(t, cassDC.Spec.AdditionalAnnotations["anAnnotationKeyClusterLevel"] == "anAnnotationValueClusterLevel")
return nil
}

func verifyTruststoreFingerprints(
t *testing.T,
f *framework.E2eFramework,
ctx context.Context,
namespace, clusterName, dcName string,
reapersTruststore, reapersKeystore []byte,
) {
c1SecretName := fmt.Sprintf("%s-%s-%s-c-mgtm-ks", clusterName, clusterName, dcName)
c1SecretKey := types.NamespacedName{Namespace: namespace, Name: c1SecretName}
c1Secret := &corev1.Secret{}
err := f.Client.Get(ctx, c1SecretKey, c1Secret)
require.NoError(t, err, "failed to get secret %s", c1SecretKey)
actualTs, actualKs := c1Secret.Data["truststore.jks"], c1Secret.Data["keystore.jks"]
require.Equal(t, sha256.Sum256(reapersTruststore), sha256.Sum256(actualTs))
require.Equal(t, sha256.Sum256(reapersKeystore), sha256.Sum256(actualKs))
}

0 comments on commit 94b6bdd

Please sign in to comment.