From 4970151eed6ae6a9d401c501ce1ea17e3279f2cf Mon Sep 17 00:00:00 2001 From: lrangine <19699092+lokeshrangineni@users.noreply.github.com> Date: Tue, 17 Dec 2024 19:13:02 -0500 Subject: [PATCH] combining the default system ca store with the custom one to fix the integration tests. Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com> --- sdk/python/tests/conftest.py | 21 ++++++++++----- .../tests/utils/ssl_certifcates_util.py | 27 +++++++++++++++++++ 2 files changed, 42 insertions(+), 6 deletions(-) diff --git a/sdk/python/tests/conftest.py b/sdk/python/tests/conftest.py index 422d10fd8b..443926404f 100644 --- a/sdk/python/tests/conftest.py +++ b/sdk/python/tests/conftest.py @@ -59,7 +59,7 @@ from tests.utils.auth_permissions_util import default_store from tests.utils.http_server import check_port_open, free_port # noqa: E402 from tests.utils.ssl_certifcates_util import ( - clear_previous_cert_env_vars, + combine_trust_stores, create_ca_trust_store, generate_self_signed_cert, ) @@ -522,8 +522,8 @@ def auth_config(request, is_integration_test): def tls_mode(request): is_tls_mode = request.param[0] # remove any existing environment variables if there are any - clear_previous_cert_env_vars() - ca_trust_store_path = "" + # clear_previous_cert_env_vars() + output_combined_truststore_path = "" if is_tls_mode: certificates_path = tempfile.mkdtemp() @@ -533,14 +533,23 @@ def tls_mode(request): generate_self_signed_cert(cert_path=tls_cert_path, key_path=tls_key_path) is_ca_trust_store_set = request.param[1] if is_ca_trust_store_set: - ca_trust_store_path = os.path.join(certificates_path, "ca_trust_store.pem") + # Paths + feast_ca_trust_store_path = os.path.join( + certificates_path, "feast_trust_store.pem" + ) create_ca_trust_store( public_key_path=tls_cert_path, private_key_path=tls_key_path, - output_trust_store_path=ca_trust_store_path, + output_trust_store_path=feast_ca_trust_store_path, + ) + + # Combine trust stores + output_combined_path = os.path.join( + certificates_path, "combined_trust_store.pem" ) + combine_trust_stores(feast_ca_trust_store_path, output_combined_path) else: tls_key_path = "" tls_cert_path = "" - return is_tls_mode, tls_key_path, tls_cert_path, ca_trust_store_path + return is_tls_mode, tls_key_path, tls_cert_path, output_combined_truststore_path diff --git a/sdk/python/tests/utils/ssl_certifcates_util.py b/sdk/python/tests/utils/ssl_certifcates_util.py index 1ff5ae634d..e8dc0a483e 100644 --- a/sdk/python/tests/utils/ssl_certifcates_util.py +++ b/sdk/python/tests/utils/ssl_certifcates_util.py @@ -4,6 +4,7 @@ import shutil from datetime import datetime, timedelta +import certifi from cryptography import x509 from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes, serialization @@ -169,3 +170,29 @@ def create_ca_trust_store( except Exception as e: logger.error(f"Error creating CA trust store: {e}") + + +def combine_trust_stores(custom_cert_path: str, output_combined_path: str): + """ + Combine the default certifi CA bundle with a custom certificate file. + + :param custom_cert_path: Path to the custom certificate PEM file. + :param output_combined_path: Path where the combined CA bundle will be saved. + """ + try: + # Get the default certifi CA bundle + certifi_ca_bundle = certifi.where() + + with open(output_combined_path, "wb") as combined_file: + # Write the default CA bundle + with open(certifi_ca_bundle, "rb") as default_file: + combined_file.write(default_file.read()) + + # Append the custom certificates + with open(custom_cert_path, "rb") as custom_file: + combined_file.write(custom_file.read()) + + print(f"Combined trust store created at: {output_combined_path}") + + except Exception as e: + print(f"Error combining trust stores: {e}")