database/pgbackrest
1
0
Fork 0
mirror of https://github.com/pgbackrest/pgbackrest.git synced 2025-11-06 16:09:25 +03:00
Code Activity

New test containers with static test certificates.

Browse Source 
Test certificates were generated dynamically but there are advantages to using static certificates.  For example, it possible to use the same certificate between container versions.  Mostly, it is easier to document the certificates if they are not buried deep in the container code.

The new test certificates are initially intended to be used with the C unit tests but they will eventually be used for integration tests as well.

Two new certificates have been defined. See test/certificate/README.md for details.

The old dynamic certificates will be retained until they are replaced.
This commit is contained in:
David Steele
2018-11-21 18:13:37 -05:00
parent 53e3651cca
commit ac426bc456
12 changed files with 348 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
test/lib/pgBackRestTest/Common/ContainerTest.pm
View File

@@ -130,7 +130,7 @@ sub containerWrite
$strScript =
"# ${strTitle} Container\n" .
"FROM ${strImageParent}" .
(defined($strCopy) ? "\n\n${strCopy}\n\n" : '') .
(defined($strCopy) ? "\n\n${strCopy}" : '') .
(defined($strScript) && $strScript ne ''?
"\n\nRUN echo '" . (CONTAINER_DEBUG ? 'DEBUG' : 'OPTIMIZED') . " BUILD'" . $strScript : '');
@@ -259,7 +259,9 @@ sub sshSetup
####################################################################################################################################
sub certSetup
{
return
my $strOS = shift;
my $strScript =
sectionHeader() .
"# Generate fake certs\n" .
" mkdir -p -m 755 /etc/fake-cert && \\\n" .
@@ -272,7 +274,34 @@ sub certSetup
" -subj \"/C=US/ST=Country/L=City/O=Organization/CN=*.pgbackrest.org\" && \\\n" .
" openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 99999 \\\n" .
" -sha256 && \\\n" .
" chmod 644 /etc/fake-cert/*";
" chmod 644 /etc/fake-cert/* && \\\n";
my $rhVm = vmGet();
if ($rhVm->{$strOS}{&VM_OS_BASE} eq VM_OS_BASE_RHEL)
{
if ($strOS eq VM_CO6)
{
$strScript .=
" update-ca-trust enable && \\\n";
}
$strScript .=
" cp /etc/fake-cert/pgbackrest-test-ca.crt /etc/pki/ca-trust/source/anchors && \\\n" .
" update-ca-trust extract";
}
elsif ($rhVm->{$strOS}{&VM_OS_BASE} eq VM_OS_BASE_DEBIAN)
{
$strScript .=
" cp /etc/fake-cert/pgbackrest-test-ca.crt /usr/local/share/ca-certificates && \\\n" .
" update-ca-certificates";
}
else
{
confess &log(ERROR, "unable to install certificate for $rhVm->{$strOS}{&VM_OS_BASE}");
}
return $strScript;
}
####################################################################################################################################
@@ -478,7 +507,18 @@ sub containerBuild
}
#---------------------------------------------------------------------------------------------------------------------------
$strScript .= certSetup();
my $strCertPath = 'test/certificate';
my $strCertName = 'pgbackrest-test';
$strCopy = '# Copy Test Certificates';
foreach my $strFile ('-ca.crt', '.crt', '.key')
{
$oStorageDocker->copy("${strCertPath}/${strCertName}${strFile}", "${strTempPath}/${strCertName}${strFile}");
$strCopy .= "\nCOPY ${strCertName}${strFile} " . CERT_FAKE_PATH . "/${strCertName}${strFile}";
}
$strScript .= certSetup($strOS);
#---------------------------------------------------------------------------------------------------------------------------
if (!$bDeprecated)
@@ -629,7 +669,7 @@ sub containerBuild
$strScript .= entryPointSetup($strOS);
containerWrite($oStorageDocker, $strTempPath, $strOS, 'Build', $strImageParent, $strImage, $strCopy,$strScript, $bVmForce);
containerWrite($oStorageDocker, $strTempPath, $strOS, 'Build', $strImageParent, $strImage, $strCopy, $strScript, $bVmForce);
# Copy Devel::Cover to host so it can be installed in other containers (if it doesn't already exist)
if ($bPkgDevelCoverBuild)