Merge pull request #633 from agrare/fix_ca_certs_ddf_params

Fix passing custom CA cert via DDF params
ManageIQ · Mar 2, 2023 · e243534 · e243534
2 parents 1ed50e8 + ffef9e4
commit e243534
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 4 deletions.
diff --git a/app/models/manageiq/providers/ovirt/infra_manager/api_integration.rb b/app/models/manageiq/providers/ovirt/infra_manager/api_integration.rb
@@ -215,8 +215,8 @@ def verify_credentials(args)
       metrics_authentication = args.dig("authentications", "metrics")
 
       username, password = default_authentication&.values_at("userid", "password")
-      server, port, verify_ssl, ca_certs = default_endpoint&.values_at(
-        "hostname", "port", "verify_ssl", "ca_certs"
+      server, port, verify_ssl, certificate_authority = default_endpoint&.values_at(
+        "hostname", "port", "verify_ssl", "certificate_authority"
       )
 
       metrics_username, metrics_password = metrics_authentication&.values_at("userid", "password")
@@ -230,7 +230,7 @@ def verify_credentials(args)
         :server           => server,
         :port             => port,
         :verify_ssl       => verify_ssl,
-        :ca_certs         => ca_certs,
+        :ca_certs         => certificate_authority,
         :metrics_username => metrics_username,
         :metrics_password => ManageIQ::Password.try_decrypt(metrics_password),
         :metrics_server   => metrics_server,

diff --git a/spec/models/manageiq/providers/ovirt/infra_manager_spec.rb b/spec/models/manageiq/providers/ovirt/infra_manager_spec.rb
@@ -42,7 +42,7 @@
     end
   end
 
-  describe "verify_credentials" do
+  describe "#verify_credentials" do
     let(:ems) { FactoryBot.create(:ems_ovirt) }
 
     context "metrics" do
@@ -164,6 +164,61 @@
     end
   end
 
+  context ".verify_credentials" do
+    let(:default_authentication) { {"userid" => "user", "password" => "pword"} }
+    let(:default_endpoint)       { {"hostname" => "ovirt.localdomain", "port" => 443} }
+    let(:metrics_authentication) { nil }
+    let(:metrics_endpoint)       { nil }
+
+    let(:params) do
+      {
+        "endpoints"       => {
+          "default" => default_endpoint,
+          "metrics" => metrics_endpoint
+        },
+        "authentications" => {
+          "default" => default_authentication,
+          "metrics" => metrics_authentication
+        }
+      }
+    end
+
+    it "calls check_connect_api" do
+      expect(described_class).to receive(:check_connect_api).with(hash_including(:username => "user", :password => "pword", :server => "ovirt.localdomain", :port => 443)).and_return(true)
+      described_class.verify_credentials(params)
+    end
+
+    context "with verify_ssl VERIFY_PEER" do
+      let(:default_endpoint) { {"hostname" => "ovirt.localdomain", "port" => 443, "verify_ssl" => OpenSSL::SSL::VERIFY_PEER} }
+
+      it "calls check_connect_api with verify_ssl" do
+        expect(described_class).to receive(:check_connect_api).with(hash_including(:verify_ssl => OpenSSL::SSL::VERIFY_PEER)).and_return(true)
+        described_class.verify_credentials(params)
+      end
+    end
+
+    context "with trusted CA certificates" do
+      let(:default_endpoint) { {"hostname" => "ovirt.localdomain", "port" => 443, "verify_ssl" => OpenSSL::SSL::VERIFY_PEER, "certificate_authority" => ca} }
+      let(:ca) { "----- BEGIN CERTIFICATE -----\n----- END CERTIFICATE -----\n" }
+
+      it "calls check_connect_api with verify_ssl" do
+        expect(described_class).to receive(:check_connect_api).with(hash_including(:verify_ssl => OpenSSL::SSL::VERIFY_PEER, :ca_certs => ca)).and_return(true)
+        described_class.verify_credentials(params)
+      end
+    end
+
+    context "with a metrics endpoint" do
+      let(:metrics_authentication) { {"userid" => "psql", "password" => "postgres"} }
+      let(:metrics_endpoint)       { {"hostname" => "ovirt.localdomain", "port" => 5432, "path" => "ovirt_engine_history"} }
+
+      it "calls check_connect_api and check_connect_metrics" do
+        expect(described_class).to receive(:check_connect_api).with(hash_including(:username => "user", :password => "pword", :server => "ovirt.localdomain", :port => 443)).and_return(true)
+        expect(described_class).to receive(:check_connect_metrics).with(hash_including(:metrics_username => "psql", :metrics_password => "postgres", :metrics_server => "ovirt.localdomain", :metrics_port => 5432)).and_return(true)
+        described_class.verify_credentials(params)
+      end
+    end
+  end
+
   context ".raw_connect" do
     let(:options) do
       {