Make certservice-client use volume mount
Client container runs as root to avoid permission issues with volume mount access
Change client output path from '/var/log' to '/var/certs'
Issue-ID: AAF-1107
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I28ec95cd5e38f43d282087264b04c5b378bbabfd
diff --git a/tests/aaf/certservice/libraries/CertClientManager.py b/tests/aaf/certservice/libraries/CertClientManager.py
index ebacf22..792b693 100644
--- a/tests/aaf/certservice/libraries/CertClientManager.py
+++ b/tests/aaf/certservice/libraries/CertClientManager.py
@@ -1,12 +1,12 @@
import docker
import os
import shutil
-import tarfile
import re
from OpenSSL import crypto
+from docker.types import Mount
ARCHIVES_PATH = os.getenv("WORKSPACE") + "/archives/"
-TMP_PATH = os.getenv("WORKSPACE") + "/tests/aaf/certservice/tmp"
+MOUNT_PATH = os.getenv("WORKSPACE") + "/tests/aaf/certservice/tmp"
ERROR_API_REGEX = 'Error on API response.*[0-9]{3}'
RESPONSE_CODE_REGEX = '[0-9]{3}'
@@ -15,11 +15,19 @@
class CertClientManager:
def run_client_container(self, client_image, container_name, path_to_env, request_url, network):
+ self.create_mount_dir()
client = docker.from_env()
environment = self.read_list_env_from_file(path_to_env)
environment.append("REQUEST_URL=" + request_url)
- container = client.containers.run(image=client_image, name=container_name, detach=True, environment=environment,
- network=network)
+ container = client.containers.run(
+ image=client_image,
+ name=container_name,
+ environment=environment,
+ network=network,
+ user='root', #Run container as root to avoid permission issues with volume mount access
+ mounts=[Mount(target='/var/certs', source=MOUNT_PATH, type='bind')],
+ detach=True
+ )
exitcode = container.wait()
return exitcode
@@ -39,40 +47,19 @@
text_file.write(container.logs())
text_file.close()
container.remove()
+ self.remove_mount_dir()
- def can_open_keystore_and_truststore_with_pass(self, container_name):
- self.copy_jks_file_to_tmp_dir(container_name)
-
- keystore_pass_path = TMP_PATH + '/logs/log/keystore.pass'
- keystore_jks_path = TMP_PATH + '/logs/log/keystore.jks'
+ def can_open_keystore_and_truststore_with_pass(self):
+ keystore_pass_path = MOUNT_PATH + '/keystore.pass'
+ keystore_jks_path = MOUNT_PATH + '/keystore.jks'
can_open_keystore = self.can_open_jks_file_by_pass_file(keystore_pass_path, keystore_jks_path)
- truststore_pass_path = TMP_PATH + '/logs/log/truststore.pass'
- truststore_jks_path = TMP_PATH + '/logs/log/truststore.jks'
+ truststore_pass_path = MOUNT_PATH + '/truststore.pass'
+ truststore_jks_path = MOUNT_PATH + '/truststore.jks'
can_open_truststore = self.can_open_jks_file_by_pass_file(truststore_pass_path, truststore_jks_path)
- self.remove_tmp_dir(TMP_PATH)
return can_open_keystore & can_open_truststore
- def copy_jks_file_to_tmp_dir(self, container_name):
- os.mkdir(TMP_PATH)
- self.copy_jks_file_from_container_to_tmp_dir(container_name)
- self.extract_tar_file()
-
- def copy_jks_file_from_container_to_tmp_dir(self, container_name):
- client = docker.from_env()
- container = client.containers.get(container_name)
- f = open(TMP_PATH + '/var_log.tar', 'wb')
- bits, stat = container.get_archive('/var/log/')
- for chunk in bits:
- f.write(chunk)
- f.close()
-
- def extract_tar_file(self):
- my_tar = tarfile.open(TMP_PATH + '/var_log.tar')
- my_tar.extractall(TMP_PATH + '/logs')
- my_tar.close()
-
def can_open_jks_file_by_pass_file(self, pass_file_path, jks_file_path):
try:
password = open(pass_file_path, 'rb').read()
@@ -81,8 +68,12 @@
except:
return False
- def remove_tmp_dir(self, tmp_path):
- shutil.rmtree(tmp_path)
+ def create_mount_dir(self):
+ if not os.path.exists(MOUNT_PATH):
+ os.makedirs(MOUNT_PATH)
+
+ def remove_mount_dir(self):
+ shutil.rmtree(MOUNT_PATH)
def can_find_api_response_in_logs(self, container_name):
logs = self.get_container_logs(container_name)