From e12d3f49e0945e94a0fe6ee715997caed63d3cf6 Mon Sep 17 00:00:00 2001 From: "Ritchie, Frank (fr801x)" Date: Thu, 29 Apr 2021 09:55:46 -0400 Subject: [PATCH] [CPCEPH-74] Use ca cert for helm tests This PS will have s3cmd use a ca cert rather than skipping certificate verification. Change-Id: I87e1d79c64a05229a99939ca92506e06e32e4cb8 --- ceph-rgw/Chart.yaml | 2 +- ceph-rgw/templates/bin/_helm-tests.sh.tpl | 2 +- ceph-rgw/templates/pod-helm-tests.yaml | 4 ++++ releasenotes/notes/ceph-rgw.yaml | 1 + 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ceph-rgw/Chart.yaml b/ceph-rgw/Chart.yaml index 7eeb44459..b4dbaea4d 100644 --- a/ceph-rgw/Chart.yaml +++ b/ceph-rgw/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph RadosGW name: ceph-rgw -version: 0.1.6 +version: 0.1.7 home: https://github.com/ceph/ceph ... diff --git a/ceph-rgw/templates/bin/_helm-tests.sh.tpl b/ceph-rgw/templates/bin/_helm-tests.sh.tpl index e1fff2971..cdda9bd15 100644 --- a/ceph-rgw/templates/bin/_helm-tests.sh.tpl +++ b/ceph-rgw/templates/bin/_helm-tests.sh.tpl @@ -84,7 +84,7 @@ function rgw_s3_bucket_validation () bucket=s3://rgw-test-bucket {{- if .Values.manifests.certificates }} - params="--host=$RGW_HOST --host-bucket=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-check-certificate" + params="--host=$RGW_HOST --host-bucket=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --ca-certs=/etc/tls/ca.crt" {{- else }} params="--host=$RGW_HOST --host-bucket=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-ssl" {{- end }} diff --git a/ceph-rgw/templates/pod-helm-tests.yaml b/ceph-rgw/templates/pod-helm-tests.yaml index 6c1fef91b..54a0f8706 100644 --- a/ceph-rgw/templates/pod-helm-tests.yaml +++ b/ceph-rgw/templates/pod-helm-tests.yaml @@ -99,6 +99,7 @@ spec: mountPath: /tmp/helm-tests.sh subPath: helm-tests.sh readOnly: true +{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.ceph_object_store.api.internal "path" "/etc/tls" | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }} {{- end }} volumes: - name: pod-tmp @@ -119,4 +120,7 @@ spec: {{- if .Values.conf.rgw_ks.enabled }} {{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.object_store.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 4 }} {{- end }} +{{- if .Values.conf.rgw_s3.enabled }} +{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.ceph_object_store.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 4 }} +{{- end }} {{- end }} diff --git a/releasenotes/notes/ceph-rgw.yaml b/releasenotes/notes/ceph-rgw.yaml index 8ef72df3e..9e4bac319 100644 --- a/releasenotes/notes/ceph-rgw.yaml +++ b/releasenotes/notes/ceph-rgw.yaml @@ -7,4 +7,5 @@ ceph-rgw: - 0.1.4 Rgw placement target support - 0.1.5 Add tls support - 0.1.6 Update tls override options + - 0.1.7 Use ca cert for helm tests ...