Generate S3Proxy SSL certificate during tests (#1845)

Also provide CA bundle to AWS CLI to work around CI failures instead
of ignoring errors.  Fixes #1812.
This commit is contained in:
Andrew Gaul 2022-01-09 15:13:36 +09:00 committed by GitHub
parent adb58af17b
commit 577e2bc987
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 7 additions and 21 deletions

View File

@ -32,12 +32,6 @@ on:
# #
# Jobs # Jobs
# #
# [NOTE]
# Some tests using awscli may output a python warning.
# The warning is about HTTPS connections using self-signed certificates.
# That's why the PYTHONWARNINGS environment variable disables the
# "Unverified HTTPS request" warning.
#
jobs: jobs:
Linux: Linux:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -78,12 +72,6 @@ jobs:
# #
DEBIAN_FRONTEND: noninteractive DEBIAN_FRONTEND: noninteractive
# [NOTE]
# Since using a self-signed certificate and have not registered a certificate authority,
# we get a warning in python, so we suppress it(by PYTHONWARNINGS).
#
PYTHONWARNINGS: "ignore:Unverified HTTPS request"
steps: steps:
# [NOTE] # [NOTE]
# On openSUSE, tar and gzip must be installed before action/checkout. # On openSUSE, tar and gzip must be installed before action/checkout.
@ -127,13 +115,6 @@ jobs:
macos10: macos10:
runs-on: macos-10.15 runs-on: macos-10.15
env:
# [NOTE]
# Since using a self-signed certificate and have not registered a certificate authority,
# we get a warning in python, so we suppress it(by PYTHONWARNINGS).
#
PYTHONWARNINGS: "ignore:Unverified HTTPS request"
steps: steps:
- name: Checkout source code - name: Checkout source code
uses: actions/checkout@v2 uses: actions/checkout@v2

View File

@ -140,6 +140,11 @@ function start_s3proxy {
chmod +x "${S3PROXY_BINARY}" chmod +x "${S3PROXY_BINARY}"
fi fi
# generate self-signed SSL certificate
rm -f /tmp/keystore.jks /tmp/keystore.pem
echo -e 'password\npassword\n\n\n\n\n\n\nyes' | keytool -genkey -keystore /tmp/keystore.jks -keyalg RSA -keysize 2048 -validity 365 -ext SAN=IP:127.0.0.1
echo password | keytool -exportcert -keystore /tmp/keystore.jks -rfc -file /tmp/keystore.pem
${STDBUF_BIN} -oL -eL java -jar "$S3PROXY_BINARY" --properties $S3PROXY_CONFIG & ${STDBUF_BIN} -oL -eL java -jar "$S3PROXY_BINARY" --properties $S3PROXY_CONFIG &
S3PROXY_PID=$! S3PROXY_PID=$!

Binary file not shown.

View File

@ -2,7 +2,7 @@ s3proxy.secure-endpoint=https://127.0.0.1:8080
s3proxy.authorization=aws-v2-or-v4 s3proxy.authorization=aws-v2-or-v4
s3proxy.identity=local-identity s3proxy.identity=local-identity
s3proxy.credential=local-credential s3proxy.credential=local-credential
s3proxy.keystore-path=keystore.jks s3proxy.keystore-path=/tmp/keystore.jks
s3proxy.keystore-password=password s3proxy.keystore-password=password
jclouds.provider=transient jclouds.provider=transient

View File

@ -319,7 +319,7 @@ function aws_cli() {
if [ -n "${S3FS_PROFILE}" ]; then if [ -n "${S3FS_PROFILE}" ]; then
FLAGS="--profile ${S3FS_PROFILE}" FLAGS="--profile ${S3FS_PROFILE}"
fi fi
aws $* --endpoint-url "${S3_URL}" --no-verify-ssl $FLAGS aws $* --endpoint-url "${S3_URL}" --ca-bundle /tmp/keystore.pem $FLAGS
} }
function wait_for_port() { function wait_for_port() {