Commit 48bad486 authored by Thomas Gambier's avatar Thomas Gambier 🚴🏼

software/re6stnet: add promise to check the end date of CA certificate of registry

parent 46c50dae
......@@ -18,7 +18,7 @@ md5sum = 57ddaa585f4755f8e8d1613e5321eefc
[template-re6stnet]
filename = instance-re6stnet.cfg.in
md5sum = 01da4462b5e20cab73b87e7415f7483d
md5sum = afa3bc5d61b46b244cac6f5e5f8c9441
[template-apache-conf]
filename = apache.conf.in
......
......@@ -170,10 +170,19 @@ context =
[re6st-registry-promise]
<= monitor-promise-base
promise = check_socket_listening
name = re6st-registry.py
name = check-re6st-registry.py
config-host = ${re6st-registry:ipv4}
config-port = ${re6st-registry:port}
[re6st-certificate-promise]
<= monitor-promise-base
promise = check_certificate
name = check-re6st-certificate.py
config-certificate = ${re6st-registry-conf-dict:ca}
config-key = ${re6st-registry-conf-dict:key}
# RENEW_PERIOD is 30 days in re6st, so warn 15 days before all nodes will try to renew
config-certificate-expiration-days = 45
[apache-registry-promise]
<= monitor-promise-base
promise = check_socket_listening
......@@ -206,5 +215,6 @@ parts =
port-redirection
re6st-registry-promise
re6st-certificate-promise
apache-registry-promise
monitor-base
......@@ -39,9 +39,23 @@ setUpModule, Re6stnetTestCase = makeModuleSetUpAndTestCaseClass(
class TestRe6stnetRegistry(Re6stnetTestCase):
def test_listen(self):
def test_default(self):
connection_parameters = self.computer_partition.getConnectionParameterDict()
registry_url = connection_parameters['re6stry-local-url']
promise = os.path.join(
self.computer_partition_root_path, 'etc', 'plugin',
'check-re6st-certificate.py')
self.assertTrue(os.path.exists(promise))
with open(promise) as fh:
promise_content = fh.read()
self.assertIn(
"""extra_config_dict = { 'certificate': '%(partition_root_dir)s/etc/re6stnet/ssl/re6stnet.crt',
'certificate-expiration-days': '45',
'key': '%(partition_root_dir)s/etc/re6stnet/ssl/re6stnet.key'}""" % {
'partition_root_dir': self.computer_partition_root_path}, promise_content)
self.assertIn(
"from slapos.promise.plugin.check_certificate import RunPromise",
promise_content)
_ = requests.get(registry_url)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment