From c78aea95e6d9cf8fb60bb8e1f7fb500648c18fc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Tue, 26 Sep 2023 11:38:29 +0200
Subject: [PATCH] testsuite: adapt container proxy config for k3s

---
 .../step_definitions/command_steps.rb         | 35 ++++++++++++-------
 testsuite/features/support/kubernetes.rb      |  6 ++++
 2 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/testsuite/features/step_definitions/command_steps.rb b/testsuite/features/step_definitions/command_steps.rb
index fcb5a1ad68c8..c7ffba59ef20 100644
--- a/testsuite/features/step_definitions/command_steps.rb
+++ b/testsuite/features/step_definitions/command_steps.rb
@@ -578,8 +578,7 @@
   # We need the controller hostname to generate its SSL certificate
   hostname = `hostname -f`.strip
 
-  _out, code = get_target('server').run_local("systemctl is-active k3s", check_errors: false)
-  if code.zero?
+  if running_k3s?
     # On kubernetes, the server has no clue about certificates
     crt_path, key_path, _ca_path = generate_certificate("controller", hostname)
     get_target('server').extract_file(crt_path, '/root/controller.crt')
@@ -1020,8 +1019,7 @@
 end
 
 When(/^I copy server\'s keys to the proxy$/) do
-  _out, code = get_target('server').run_local("systemctl is-active k3s", check_errors: false)
-  if code.zero?
+  if running_k3s?
     # Server running in Kubernetes doesn't know anything about SSL CA
     generate_certificate("proxy", get_target('proxy').full_hostname)
 
@@ -1043,8 +1041,6 @@
 end
 
 When(/^I configure the proxy$/) do
-  _out, code = get_target('server').run_local("systemctl is-active k3s", check_errors: false)
-
   # prepare the settings file
   settings = "RHN_PARENT=#{get_target('server').full_hostname}\n" \
              "HTTP_PROXY=''\n" \
@@ -1054,7 +1050,7 @@
              "POPULATE_CONFIG_CHANNEL=y\n" \
              "RHN_USER=admin\n" \
              "ACTIVATE_SLP=y\n"
-  settings += if code.zero?
+  settings += if running_k3s?
                 "USE_EXISTING_CERTS=y\n" \
                 "CA_CERT=/tmp/ca.crt\n" \
                 "SERVER_KEY=/tmp/proxy.key\n" \
@@ -1402,11 +1398,26 @@
 end
 
 When(/^I generate the configuration "([^"]*)" of Containerized Proxy on the server$/) do |file_path|
-  # Doc: https://www.uyuni-project.org/uyuni-docs/en/uyuni/reference/spacecmd/proxy_container.html
-  command = "echo spacewalk > cert_pass && spacecmd -u admin -p admin proxy_container_config_generate_cert" \
-            " -- -o #{file_path} -p 8022 #{get_target('proxy').full_hostname.sub('pxy', 'pod-pxy')} #{get_target('server').full_hostname}" \
-            " 2048 galaxy-noise@suse.de --ca-pass cert_pass" \
-            " && rm cert_pass"
+  if running_k3s?
+    # A server container on kubernetes has no clue about SSL certificates
+    # We need to generate them using `cert-manager` and use the files as 3rd party certificate
+    generate_certificate("proxy", get_target('proxy').full_hostname)
+
+    # Copy the cert files in the container to use them with spacecmd
+    %w[proxy.crt proxy.key ca.crt].each do |file|
+      get_target('server').inject("/tmp/#{file}", "/tmp/#{file}")
+    end
+
+    command = "spacecmd -u admin -p admin proxy_container_config -- -o #{file_path} -p 8022 " \
+              "#{get_target('proxy').full_hostname.sub('pxy', 'pod-pxy')} #{get_target('server').full_hostname} 2048 galaxy-noise@suse.de " \
+              "/tmp/ca.crt /tmp/proxy.crt /tmp/proxy.key"
+  else
+    # Doc: https://www.uyuni-project.org/uyuni-docs/en/uyuni/reference/spacecmd/proxy_container.html
+    command = "echo spacewalk > cert_pass && spacecmd -u admin -p admin proxy_container_config_generate_cert" \
+              " -- -o #{file_path} -p 8022 #{get_target('proxy').full_hostname.sub('pxy', 'pod-pxy')} #{get_target('server').full_hostname}" \
+              " 2048 galaxy-noise@suse.de --ca-pass cert_pass" \
+              " && rm cert_pass"
+  end
   get_target('server').run(command)
 end
 
diff --git a/testsuite/features/support/kubernetes.rb b/testsuite/features/support/kubernetes.rb
index 095f0475e875..7714ea0fd8a7 100644
--- a/testsuite/features/support/kubernetes.rb
+++ b/testsuite/features/support/kubernetes.rb
@@ -44,3 +44,9 @@ def generate_certificate(name, fqdn)
   get_target('server').run_local("kubectl get secret uyuni-#{name}-cert -o jsonpath='{.data.ca\\.crt}' | base64 -d >#{ca_path}")
   [crt_path, key_path, ca_path]
 end
+
+# Returns whether the server is running in a k3s container or not
+def running_k3s?
+  _out, code = get_target('server').run_local('systemctl is-active k3s', check_errors: false)
+  code.zero?
+end