combining the default system ca store with the custom one to fix the …

…integration tests. Signed-off-by: lrangine <[email protected]>
feast-dev · Dec 18, 2024 · 4970151 · 4970151
1 parent 706e9b4
commit 4970151
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 6 deletions.
diff --git a/sdk/python/tests/conftest.py b/sdk/python/tests/conftest.py
@@ -59,7 +59,7 @@
 from tests.utils.auth_permissions_util import default_store
 from tests.utils.http_server import check_port_open, free_port  # noqa: E402
 from tests.utils.ssl_certifcates_util import (
-    clear_previous_cert_env_vars,
+    combine_trust_stores,
     create_ca_trust_store,
     generate_self_signed_cert,
 )
@@ -522,8 +522,8 @@ def auth_config(request, is_integration_test):
 def tls_mode(request):
     is_tls_mode = request.param[0]
     # remove any existing environment variables if there are any
-    clear_previous_cert_env_vars()
-    ca_trust_store_path = ""
+    # clear_previous_cert_env_vars()
+    output_combined_truststore_path = ""
 
     if is_tls_mode:
         certificates_path = tempfile.mkdtemp()
@@ -533,14 +533,23 @@ def tls_mode(request):
         generate_self_signed_cert(cert_path=tls_cert_path, key_path=tls_key_path)
         is_ca_trust_store_set = request.param[1]
         if is_ca_trust_store_set:
-            ca_trust_store_path = os.path.join(certificates_path, "ca_trust_store.pem")
+            # Paths
+            feast_ca_trust_store_path = os.path.join(
+                certificates_path, "feast_trust_store.pem"
+            )
             create_ca_trust_store(
                 public_key_path=tls_cert_path,
                 private_key_path=tls_key_path,
-                output_trust_store_path=ca_trust_store_path,
+                output_trust_store_path=feast_ca_trust_store_path,
+            )
+
+            # Combine trust stores
+            output_combined_path = os.path.join(
+                certificates_path, "combined_trust_store.pem"
             )
+            combine_trust_stores(feast_ca_trust_store_path, output_combined_path)
     else:
         tls_key_path = ""
         tls_cert_path = ""
 
-    return is_tls_mode, tls_key_path, tls_cert_path, ca_trust_store_path
+    return is_tls_mode, tls_key_path, tls_cert_path, output_combined_truststore_path
diff --git a/sdk/python/tests/utils/ssl_certifcates_util.py b/sdk/python/tests/utils/ssl_certifcates_util.py
@@ -4,6 +4,7 @@
 import shutil
 from datetime import datetime, timedelta
 
+import certifi
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes, serialization
@@ -169,3 +170,29 @@ def create_ca_trust_store(
 
     except Exception as e:
         logger.error(f"Error creating CA trust store: {e}")
+
+
+def combine_trust_stores(custom_cert_path: str, output_combined_path: str):
+    """
+    Combine the default certifi CA bundle with a custom certificate file.
+
+    :param custom_cert_path: Path to the custom certificate PEM file.
+    :param output_combined_path: Path where the combined CA bundle will be saved.
+    """
+    try:
+        # Get the default certifi CA bundle
+        certifi_ca_bundle = certifi.where()
+
+        with open(output_combined_path, "wb") as combined_file:
+            # Write the default CA bundle
+            with open(certifi_ca_bundle, "rb") as default_file:
+                combined_file.write(default_file.read())
+
+            # Append the custom certificates
+            with open(custom_cert_path, "rb") as custom_file:
+                combined_file.write(custom_file.read())
+
+        print(f"Combined trust store created at: {output_combined_path}")
+
+    except Exception as e:
+        print(f"Error combining trust stores: {e}")