Add functional test

Signed-off-by: Marcelo Henrique Neppel <[email protected]>
marceloneppel · Aug 16, 2024 · 5f60871 · 5f60871
1 parent 3e794a4
commit 5f60871
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 0 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -167,6 +167,15 @@ jobs:
     - name: Exercise RGW
       run: ~/actionutils.sh testrgw
 
+    - name: Disable RGW
+      run: ~/actionutils.sh disable_rgw
+
+    - name: Enable RGW with SSL enabled
+      run: ~/actionutils.sh enable_rgw_ssl
+
+    - name: Exercise RGW with SSL enabled
+      run: ~/actionutils.sh testrgw_ssl
+
     - name: Test Cluster Config
       run: |
         set -eux

diff --git a/tests/scripts/actionutils.sh b/tests/scripts/actionutils.sh
@@ -63,13 +63,33 @@ function add_encrypted_osds() {
     fi
 }
 
+function disable_rgw() {
+    set -x
+    # Disable rgw
+    sudo microceph disable rgw
+}
+
 function enable_rgw() {
     set -x
     # Enable rgw and wait for it to settle
     sudo microceph enable rgw
     wait_for_rgw 1
 }
 
+function enable_rgw_ssl() {
+    set -x
+    # Generate the SSL material
+    sudo openssl genrsa -out /tmp/ca.key 2048
+    sudo openssl req -x509 -new -nodes -key /tmp/ca.key -days 1024 -out /tmp/ca.crt -outform PEM -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"
+    sudo openssl genrsa -out /tmp/server.key 2048
+    sudo openssl req -new -key /tmp/server.key -out /tmp/server.csr -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"
+    echo "subjectAltName = DNS:localhost" > /tmp/extfile.cnf
+    sudo openssl x509 -req -in /tmp/server.csr -CA /tmp/ca.crt -CAkey /tmp/ca.key -CAcreateserial -out /tmp/server.crt -days 365 -extfile /tmp/extfile.cnf
+    # Enable rgw and wait for it to settle
+    sudo microceph enable rgw --ssl-certificate="$(sudo base64 -w0 /tmp/server.crt)" --ssl-private-key="$(sudo base64 -w0 /tmp/server.key)"
+    wait_for_rgw 1
+}
+
 function get_lxd_network() {
     local nw_name="${1?missing}"
     nw=$(lxc network list --format=csv | grep "${nw_name}" | cut -d, -f4)
@@ -385,6 +405,25 @@ function testrgw() {
     ( curl -s http://localhost/testbucket/$filename.txt | grep -F hello-radosgw ) || return -1
 }
 
+
+function testrgw_ssl() {
+    set -eu
+    local default="test"
+    local filename=${1:-default}
+    sudo microceph.ceph status
+    sudo systemctl status snap.microceph.rgw --no-pager
+    if ! $(sudo microceph.radosgw-admin user list | grep -q test) ; then
+        echo "Create S3 user: test"
+        sudo microceph.radosgw-admin user create --uid=test --display-name=test
+        sudo microceph.radosgw-admin key create --uid=test --key-type=s3 --access-key fooAccessKey --secret-key fooSecretKey
+    fi
+    sudo apt-get update -qq
+    echo hello-radosgw-ssl > ~/$filename.txt
+    s3cmd --ca-certs=/tmp/ca.crt --host localhost --host-bucket="localhost/%(bucket)" --access_key=fooAccessKey --secret_key=fooSecretKey mb s3://testbucketssl
+    s3cmd --ca-certs=/tmp/ca.crt --host localhost --host-bucket="localhost/%(bucket)" --access_key=fooAccessKey --secret_key=fooSecretKey put -P ~/$filename.txt s3://testbucketssl
+    ( CURL_CA_BUNDLE=/tmp/ca.crt curl -s https://localhost/testbucketssl/$filename.txt | grep -F hello-radosgw-ssl ) || return -1
+}
+
 function enable_services() {
     local node="${1?missing}"
     for s in mon mds mgr ; do