Generate S3Proxy SSL certificate during tests (#1845)

Also provide CA bundle to AWS CLI to work around CI failures instead of ignoring errors. Fixes #1812.
2022-01-09 15:13:36 +09:00 · 2022-01-09 15:13:36 +09:00 · 577e2bc987
parent adb58af17b
commit 577e2bc987
5 changed files with 7 additions and 21 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -32,12 +32,6 @@ on:
 #
 # Jobs
 #
-# [NOTE]
-# Some tests using awscli may output a python warning.
-# The warning is about HTTPS connections using self-signed certificates.
-# That's why the PYTHONWARNINGS environment variable disables the
-# "Unverified HTTPS request" warning.
-#
 jobs:
  Linux:
    runs-on: ubuntu-latest
@ -78,12 +72,6 @@ jobs:
      #
      DEBIAN_FRONTEND:  noninteractive

-      # [NOTE]
-      # Since using a self-signed certificate and have not registered a certificate authority,
-      # we get a warning in python, so we suppress it(by PYTHONWARNINGS).
-      #
-      PYTHONWARNINGS:   "ignore:Unverified HTTPS request"
-
    steps:
      # [NOTE]
      # On openSUSE, tar and gzip must be installed before action/checkout.
@ -127,13 +115,6 @@ jobs:
  macos10:
    runs-on: macos-10.15

-    env:
-      # [NOTE]
-      # Since using a self-signed certificate and have not registered a certificate authority,
-      # we get a warning in python, so we suppress it(by PYTHONWARNINGS).
-      #
-      PYTHONWARNINGS:   "ignore:Unverified HTTPS request"
-
    steps:
      - name: Checkout source code
        uses: actions/checkout@v2
--- a/test/integration-test-common.sh
+++ b/test/integration-test-common.sh
@ -140,6 +140,11 @@ function start_s3proxy {
            chmod +x "${S3PROXY_BINARY}"
        fi

+        # generate self-signed SSL certificate
+        rm -f /tmp/keystore.jks /tmp/keystore.pem
+        echo -e 'password\npassword\n\n\n\n\n\n\nyes' | keytool -genkey -keystore /tmp/keystore.jks -keyalg RSA -keysize 2048 -validity 365 -ext SAN=IP:127.0.0.1
+        echo password | keytool -exportcert -keystore /tmp/keystore.jks -rfc -file /tmp/keystore.pem
+
        ${STDBUF_BIN} -oL -eL java -jar "$S3PROXY_BINARY" --properties $S3PROXY_CONFIG &
        S3PROXY_PID=$!

--- a/test/keystore.jks
+++ b/test/keystore.jks
--- a/test/s3proxy.conf
+++ b/test/s3proxy.conf
@ -2,7 +2,7 @@ s3proxy.secure-endpoint=https://127.0.0.1:8080
 s3proxy.authorization=aws-v2-or-v4
 s3proxy.identity=local-identity
 s3proxy.credential=local-credential
-s3proxy.keystore-path=keystore.jks
+s3proxy.keystore-path=/tmp/keystore.jks
 s3proxy.keystore-password=password

 jclouds.provider=transient
--- a/test/test-utils.sh
+++ b/test/test-utils.sh
@ -319,7 +319,7 @@ function aws_cli() {
    if [ -n "${S3FS_PROFILE}" ]; then
        FLAGS="--profile ${S3FS_PROFILE}"
    fi
-    aws $* --endpoint-url "${S3_URL}" --no-verify-ssl $FLAGS
+    aws $* --endpoint-url "${S3_URL}" --ca-bundle /tmp/keystore.pem $FLAGS
 }

 function wait_for_port() {