Inject TLS certificate when using virtual media

A new option allows embedding a CA certificate in the virtual media ISO to allow fully secure TLS between ironic and IPA. Depends-On: https://review.opendev.org/763207 Change-Id: Idaacf44fd829c441d708b11704a97f9cd2b7a74c
author: Dmitry Tantsur <dtantsur@protonmail.com> 2020-10-15 14:32:38 +0200
committer: Dmitry Tantsur <dtantsur@protonmail.com> 2020-12-15 13:41:50 +0100
commit: 628109f9601cd8e6e8f3e0185d3f0bedf2cf9200 (patch)
tree: 7afd45f0d99120771afa83602cbdbc6103ff7c7f /ironic/tests/unit/drivers/modules/test_image_utils.py
parent: 2d70e6e26e97cf09291cfabbc74e49d3acde119e (diff)
download: ironic-628109f9601cd8e6e8f3e0185d3f0bedf2cf9200.tar.gz
1 files changed, 47 insertions, 0 deletions
diff --git a/ironic/tests/unit/drivers/modules/test_image_utils.py b/ironic/tests/unit/drivers/modules/test_image_utils.py
index 7c177a552..d555ab3f3 100644
--- a/ironic/tests/unit/drivers/modules/test_image_utils.py
+++ b/ironic/tests/unit/drivers/modules/test_image_utils.py
@@ -14,6 +14,7 @@
 #    under the License.
 
 import os
+import tempfile
 from unittest import mock
 
 from oslo_utils import importutils
@@ -432,6 +433,52 @@ class RedfishImageUtilsTestCase(db_base.DbTestCase):
 
     @mock.patch.object(image_utils, '_find_param', autospec=True)
     @mock.patch.object(image_utils, '_prepare_iso_image', autospec=True)
+    def test_prepare_deploy_iso_tls(self, mock__prepare_iso_image,
+                                    find_mock):
+        with tempfile.NamedTemporaryFile(delete=False) as tf:
+            temp_name = tf.name
+            self.addCleanup(lambda: os.unlink(temp_name))
+            self.config(api_ca_file=temp_name, group='agent')
+            tf.write(b'I can haz SSLz')
+
+        with task_manager.acquire(self.context, self.node.uuid,
+                                  shared=True) as task:
+
+            d_info = {
+                'ilo_deploy_kernel': 'kernel',
+                'ilo_deploy_ramdisk': 'ramdisk',
+                'ilo_bootloader': 'bootloader'
+            }
+            task.node.driver_info.update(d_info)
+
+            find_call_list = [
+                mock.call('deploy_kernel', d_info),
+                mock.call('deploy_ramdisk', d_info),
+                mock.call('bootloader', d_info)
+            ]
+            find_mock.side_effect = [
+                'kernel', 'ramdisk', 'bootloader'
+            ]
+
+            task.node.instance_info.update(deploy_boot_mode='uefi')
+
+            image_utils.prepare_deploy_iso(task, {}, 'deploy', d_info)
+
+            expected_files = {
+                b"""[DEFAULT]
+cafile = /etc/ironic-python-agent/ironic.crt
+""": 'etc/ironic-python-agent.d/ironic-tls.conf',
+                temp_name: 'etc/ironic-python-agent/ironic.crt'
+            }
+
+            mock__prepare_iso_image.assert_called_once_with(
+                task, 'kernel', 'ramdisk', 'bootloader', params={},
+                inject_files=expected_files)
+
+            find_mock.assert_has_calls(find_call_list)
+
+    @mock.patch.object(image_utils, '_find_param', autospec=True)
+    @mock.patch.object(image_utils, '_prepare_iso_image', autospec=True)
     @mock.patch.object(images, 'create_boot_iso', autospec=True)
     def test_prepare_boot_iso(self, mock_create_boot_iso,
                               mock__prepare_iso_image, find_mock):
author	Dmitry Tantsur <dtantsur@protonmail.com>	2020-10-15 14:32:38 +0200
committer	Dmitry Tantsur <dtantsur@protonmail.com>	2020-12-15 13:41:50 +0100
commit	628109f9601cd8e6e8f3e0185d3f0bedf2cf9200 (patch)
tree	7afd45f0d99120771afa83602cbdbc6103ff7c7f /ironic/tests/unit/drivers/modules/test_image_utils.py
parent	2d70e6e26e97cf09291cfabbc74e49d3acde119e (diff)
download	ironic-628109f9601cd8e6e8f3e0185d3f0bedf2cf9200.tar.gz