Skip to content

Commit c7c0baa

Browse files
rzvoncekrzvoncek
committed
In CP Reaper tests, compare certificate fingerprints
1 parent cd78ce8 commit c7c0baa

File tree

2 files changed

+31
-6
lines changed

2 files changed

+31
-6
lines changed

test/e2e/reaper_test.go

+3-1
Original file line numberDiff line numberDiff line change
@@ -308,7 +308,9 @@ func createReaperAndDatacenter(t *testing.T, ctx context.Context, namespace stri
308308
func createControlPlaneReaperAndDatacenter(t *testing.T, ctx context.Context, namespace string, f *framework.E2eFramework) {
309309
reaperName := "reaper1"
310310
cluster1Name := "enc-mgmt"
311+
cluster1DcName := "c1dc1"
311312
cluster2Name := "enc-mgmt-2"
313+
cluster2DcName := "c2dc1"
312314

313315
reaperKey := framework.ClusterKey{K8sContext: f.ControlPlaneContext, NamespacedName: types.NamespacedName{Namespace: namespace, Name: reaperName}}
314316
c1dc1Key := framework.ClusterKey{K8sContext: f.DataPlaneContexts[0], NamespacedName: types.NamespacedName{Namespace: namespace, Name: fmt.Sprintf("%s-dc1", cluster1Name)}}
@@ -319,7 +321,7 @@ func createControlPlaneReaperAndDatacenter(t *testing.T, ctx context.Context, na
319321
checkDatacenterReady(t, ctx, c2dc1Key, f)
320322

321323
t.Log("Verify Reaper received k8ssandra-cluster secrets")
322-
verifyReaperSecrets(t, f, ctx, namespace, reaperName, cluster1Name, cluster2Name)
324+
verifyReaperSecrets(t, f, ctx, namespace, reaperName, cluster1Name, cluster1DcName, cluster2Name, cluster2DcName)
323325

324326
c1dc1Prefix := DcPrefix(t, f, c1dc1Key)
325327
c2dc1Prefix := DcPrefix(t, f, c2dc1Key)

test/e2e/suite_test.go

+28-5
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ package e2e
22

33
import (
44
"context"
5+
"crypto/sha256"
56
"encoding/json"
67
"flag"
78
"fmt"
@@ -1942,7 +1943,7 @@ func verifyReaperSecrets(
19421943
t *testing.T,
19431944
f *framework.E2eFramework,
19441945
ctx context.Context,
1945-
namespace, reaperName, cluster1Name, cluster2Name string,
1946+
namespace, reaperName, cluster1Name, cluster1DcName, cluster2Name, cluster2DcName string,
19461947
) {
19471948
// check that the secret now has 2 entries
19481949
updatedTruststoreSecret := &corev1.Secret{}
@@ -1951,15 +1952,20 @@ func verifyReaperSecrets(
19511952
require.Len(t, updatedTruststoreSecret.Data, 4, "truststore secret should have 2 entries")
19521953

19531954
// check that updatedTruststoreSecret keys are made of correctly named truststore files
1954-
_, ok := updatedTruststoreSecret.Data[fmt.Sprintf("%s-truststore.jks", cluster1Name)]
1955+
c1ts, ok := updatedTruststoreSecret.Data[fmt.Sprintf("%s-truststore.jks", cluster1Name)]
19551956
require.True(t, ok, "truststore secret should have key %s", cluster1Name)
1956-
_, ok = updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster1Name)]
1957+
c1ks, ok := updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster1Name)]
19571958
require.True(t, ok, "truststore secret should have key %s", cluster1Name)
19581959

1959-
_, ok = updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster2Name)]
1960+
// compare the secrets in reaper's truststore with the actual secrets the cluster uses
1961+
verifyTruststoreFingerprints(t, f, ctx, namespace, cluster1Name, cluster1DcName, c1ts, c1ks)
1962+
1963+
c2ts, ok := updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster2Name)]
19601964
require.True(t, ok, "truststore secret should have key %s", cluster2Name)
1961-
_, ok = updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster2Name)]
1965+
c2ks, ok := updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster2Name)]
19621966
require.True(t, ok, "truststore secret should have key %s", cluster2Name)
1967+
1968+
verifyTruststoreFingerprints(t, f, ctx, namespace, cluster2Name, cluster2DcName, c2ts, c2ks)
19631969
}
19641970

19651971
func checkKeyspaceNeverCreated(
@@ -2386,3 +2392,20 @@ func CheckLabelsAnnotationsCreated(dcKey framework.ClusterKey, t *testing.T, ctx
23862392
assert.True(t, cassDC.Spec.AdditionalAnnotations["anAnnotationKeyClusterLevel"] == "anAnnotationValueClusterLevel")
23872393
return nil
23882394
}
2395+
2396+
func verifyTruststoreFingerprints(
2397+
t *testing.T,
2398+
f *framework.E2eFramework,
2399+
ctx context.Context,
2400+
namespace, clusterName, dcName string,
2401+
reapersTruststore, reapersKeystore []byte,
2402+
) {
2403+
c1SecretName := fmt.Sprintf("%s-%s-%s-c-mgtm-ks", clusterName, clusterName, dcName)
2404+
c1SecretKey := types.NamespacedName{Namespace: namespace, Name: c1SecretName}
2405+
c1Secret := &corev1.Secret{}
2406+
err := f.Client.Get(ctx, c1SecretKey, c1Secret)
2407+
require.NoError(t, err, "failed to get secret %s", c1SecretKey)
2408+
actualTs, actualKs := c1Secret.Data["truststore.jks"], c1Secret.Data["keystore.jks"]
2409+
require.Equal(t, sha256.Sum256(reapersTruststore), sha256.Sum256(actualTs))
2410+
require.Equal(t, sha256.Sum256(reapersKeystore), sha256.Sum256(actualKs))
2411+
}

0 commit comments

Comments
 (0)