From 577e2bc987ab3d73768effdf5cdfae99dd285938 Mon Sep 17 00:00:00 2001 From: Andrew Gaul Date: Sun, 9 Jan 2022 15:13:36 +0900 Subject: [PATCH] Generate S3Proxy SSL certificate during tests (#1845) Also provide CA bundle to AWS CLI to work around CI failures instead of ignoring errors. Fixes #1812. --- .github/workflows/ci.yml | 19 ------------------- test/integration-test-common.sh | 5 +++++ test/keystore.jks | Bin 2243 -> 0 bytes test/s3proxy.conf | 2 +- test/test-utils.sh | 2 +- 5 files changed, 7 insertions(+), 21 deletions(-) delete mode 100644 test/keystore.jks diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e1b39e3..1f1469f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,12 +32,6 @@ on: # # Jobs # -# [NOTE] -# Some tests using awscli may output a python warning. -# The warning is about HTTPS connections using self-signed certificates. -# That's why the PYTHONWARNINGS environment variable disables the -# "Unverified HTTPS request" warning. -# jobs: Linux: runs-on: ubuntu-latest @@ -78,12 +72,6 @@ jobs: # DEBIAN_FRONTEND: noninteractive - # [NOTE] - # Since using a self-signed certificate and have not registered a certificate authority, - # we get a warning in python, so we suppress it(by PYTHONWARNINGS). - # - PYTHONWARNINGS: "ignore:Unverified HTTPS request" - steps: # [NOTE] # On openSUSE, tar and gzip must be installed before action/checkout. @@ -127,13 +115,6 @@ jobs: macos10: runs-on: macos-10.15 - env: - # [NOTE] - # Since using a self-signed certificate and have not registered a certificate authority, - # we get a warning in python, so we suppress it(by PYTHONWARNINGS). - # - PYTHONWARNINGS: "ignore:Unverified HTTPS request" - steps: - name: Checkout source code uses: actions/checkout@v2 diff --git a/test/integration-test-common.sh b/test/integration-test-common.sh index b0e100d..c1c75ee 100644 --- a/test/integration-test-common.sh +++ b/test/integration-test-common.sh @@ -140,6 +140,11 @@ function start_s3proxy { chmod +x "${S3PROXY_BINARY}" fi + # generate self-signed SSL certificate + rm -f /tmp/keystore.jks /tmp/keystore.pem + echo -e 'password\npassword\n\n\n\n\n\n\nyes' | keytool -genkey -keystore /tmp/keystore.jks -keyalg RSA -keysize 2048 -validity 365 -ext SAN=IP:127.0.0.1 + echo password | keytool -exportcert -keystore /tmp/keystore.jks -rfc -file /tmp/keystore.pem + ${STDBUF_BIN} -oL -eL java -jar "$S3PROXY_BINARY" --properties $S3PROXY_CONFIG & S3PROXY_PID=$! diff --git a/test/keystore.jks b/test/keystore.jks deleted file mode 100644 index 0a51c652d4837f416255a8409b3df58c4889beb9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2243 zcmchYYd8}OAI7(t8QC7^$SH=HVr$uu9I_N1BSVCijOOgga(swYo^r}aFDXq(8*<8= zLm@^ErKd22(TgO_X->V~~v+5IK<>wDM6)xrlWmP3@S-e9^bD5I$!>xDgM#BNRg%J^&)SbaFw#ZB`SG^Vi* zk&U}qOJ~i}<(DJUk>I?^9rZGP-T6vQ4Kj(j`g{9}L!`CzxUDj+yLeA^ysI1ymi0u_ z>>70{Pau|H|9!OWD?36KaRRd3FtGI8l{+RS0o&^6KV~|di-?fBYPamW_QL7I`Xih{ zuA2AbHQrHt1C6c{f=T2n&Gzf<&bSxJOc!-EaG{0>u+89#kxTF0PF|F!qLJv(R|NJD zxVI~QQt?XZpUlsFSRb3vG$gGmnOV|VYI8v?*>p+VUC?-IwCl{0WMEh_i|r_q2U#W< z1O{e+zuqiu?GwWc9uK$)YbS@X@5%?rpI^_@&RL&o(bSA}v0*tQQwklcOjxOWYRA#9|w>!+0B|Y38 zHSC0T-mAdZ$=!?^d1jE4tQB_Yn1^*UMr|cjL}NiaVUVq0jMI8UKBCNtb^R?z+>5y? z9bxHq$N;`yp1mdFvsRj{#_nP+>A&Wt@VNEw7ufiaP66xok%FAz3pyE8_5nxgJOMj?$6btGZ*sW*s=oUhQo^c#nhkk_ zqFFJ?CiWH1Y}aORStcd5-AmZuZCvVHvspvT3f_QzJnWnP^)4EzFf7ozbviZE0O2A=T1wf$q>o8tp zXdp8E3tlnqK%X2gOMyH{xx%z~+OB$Mk_qzW3!rMn&K@Y%S~=lPb9#vNsB-jJ*Manm zH~}EUG}6ZT5Ftp26$F36FKKq7#0g2XF~ZV_g+eun^LC8X;w3>1WqbcfF<;SwqaDCm z0Cw}&(k-A5KU;JZ+uB;Q=2WUYvkNvKgy3J!oYh4XdQe4^3agW^uf9_PwA?BU zw4JvXs#7h>hztO(*g`Ee?bQ=@;_if>NaS02fS{@3q228EF-uWZpGBzd`1^J{L2KlN zqAF5Kp^kJbt3`X$AIro1mf&oI`!TvN-97fnrte#AnXP{hqpO|)$_M}uib2tYB2Y9C zi6I06f?gACCnEGef>PNJLmxvK?g@*+VvNrJ)1uMnqyMr0=WA#{^}oik_br5Iz+V6;8c+;G z0|Ej0PJiox_$#o#gh9-XIJ!HeC5H4i2^3l#lfHu?N8{CJd+#sis`08Qv?=D*%GaDw z?qw09`CjANU<8x9fm$ks#}-GZm#(!lNslN^kfA6OVSVD_2y%RdgMTEmp4`i-+-|db zGfydNekU5&|4wB3V*P_b-98uU);S7XGF zoRp?|IMVNB)Q%?VXeIyg-qABr@08gT_1sLuWm1#N_N<^3I2&|VX?*~be*1E}VH!iF z@T3{?*>Fu$w*<6j{3R8imQ;@0(d{=K)h+ns_xG;6j3QmCy9-r&R5D6)Gd?rzd}{zm z2nYZcsG(F*%6kn_hJ)q6GH&NK2?_C6ZH#3t=8UBtO^?(gS$_?2uTy&=0s#qM$KqUd zy;7Fnu3@8dZg|z%CzW))dRq}))(nNrO|w!PILeC#6Dc3z9ZDav$o6sNPiZrL!STUE z49t%ap1!dy95E;#Q+#{}TH5=NS1sl2CI7-gCeLc6;DSju|5^3Gi-~U;BsaxurccBT zELJ}12LNU@fvCmv`@yR6c^>rKy!~Q$LaJY)ri91W*|!~Kr50t!L#KiOnvD#iU6uKM zw!Yj4OX>Y>Jj^=av2ANE_X_VpPn*D8>gBZ!0yNsVmV4g81WNQChSnIaJp6)wZdo32 z@MOQw8M4X{Sq5Q%hQSEr6%_t5UG2MS=nR Mld_105yQUdA5DVc7XSbN diff --git a/test/s3proxy.conf b/test/s3proxy.conf index f57bdfb..50ab754 100644 --- a/test/s3proxy.conf +++ b/test/s3proxy.conf @@ -2,7 +2,7 @@ s3proxy.secure-endpoint=https://127.0.0.1:8080 s3proxy.authorization=aws-v2-or-v4 s3proxy.identity=local-identity s3proxy.credential=local-credential -s3proxy.keystore-path=keystore.jks +s3proxy.keystore-path=/tmp/keystore.jks s3proxy.keystore-password=password jclouds.provider=transient diff --git a/test/test-utils.sh b/test/test-utils.sh index 6e8ccec..961ff90 100644 --- a/test/test-utils.sh +++ b/test/test-utils.sh @@ -319,7 +319,7 @@ function aws_cli() { if [ -n "${S3FS_PROFILE}" ]; then FLAGS="--profile ${S3FS_PROFILE}" fi - aws $* --endpoint-url "${S3_URL}" --no-verify-ssl $FLAGS + aws $* --endpoint-url "${S3_URL}" --ca-bundle /tmp/keystore.pem $FLAGS } function wait_for_port() {