upload custom CA into terraform state

Signed-off-by: Tarun Pothulapati <[email protected]>

Author: Pothulapati

.werft/eks-installer-tests.yaml

@@ -89,6 +89,8 @@ pod:
       value: "/mnt/secrets/sh-playground-sa-perm/sh-sa.json"
     - name: TF_VAR_dns_sa_creds
       value: "/mnt/secrets/sh-playground-dns-perm/sh-dns-sa.json"
+    - name: TF_VAR_sa_creds
+      value: "/mnt/secrets/sh-playground-sa-perm/sh-sa.json"
     - name: NODENAME
       valueFrom:
         fieldRef:

.werft/installer-tests.ts

@@ -347,6 +347,12 @@ export async function installerTests(config: TestConfig) {
             console.error("Failed to send message to Slack", error);
         });
 
+        if (selfSigned === "true") {
+            exec(
+                `werft log result -d  "Custom CA Certificate store underd GCP project 'sh-automated-tests'" url "gs://nightly-tests/tf-state/${process.env["TF_VAR_TEST_ID"]}-ca.pem"`,
+            );
+        }
+
         exec(
             `werft log result -d  "Terraform state" url "Terraform state file name is ${process.env["TF_VAR_TEST_ID"]}"`,
         );
@@ -384,10 +390,7 @@ function runIntegrationTests() {
 function callMakeTargets(phase: string, description: string, makeTarget: string, failable: boolean = false) {
     werft.log(phase, `Calling ${makeTarget}`);
     // exporting cloud env var is important for the make targets
-    var env = `export TF_VAR_cluster_version=${k8s_version} cloud=${cloud} TF_VAR_domain=${baseDomain} TF_VAR_gcp_zone=${gcpDnsZone}`;
-    if (selfSigned) {
-        env = env.concat(` self_signed=${selfSigned}`)
-    }
+    const env = `export TF_VAR_cluster_version=${k8s_version} cloud=${cloud} TF_VAR_domain=${baseDomain} TF_VAR_gcp_zone=${gcpDnsZone}`;
 
     const response = exec(
         `${env} && make -C ${makefilePath} ${makeTarget}`,

install/tests/Makefile

@@ -314,6 +314,9 @@ self-signed-config:
 	envsubst < ./manifests/kots-config-self-signed.yaml > tmp_2_config.yml
 	yq m -i tmp_config.yml tmp_2_config.yml
 
+	# upload the Custom CA Cert into tf-state
+	gsutil cp ./ca.pem gs://nightly-tests/tf-state/${TF_VAR_TEST_ID}-ca.pem
+
 storage-config-incluster:
 	@echo "Nothing to do"
 
@@ -449,6 +452,9 @@ destroy-kubeconfig:
 	gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS} --project=sh-automated-tests
 	gsutil rm gs://nightly-tests/tf-state/${TF_VAR_TEST_ID}-kubeconfig || echo "No kubeconfig"
 	gsutil rm gs://nightly-tests/tf-state/${TF_VAR_TEST_ID}-creds || echo "No credentials file"
+ifeq (true,$(self_signed))
+	gsutil rm gs://nightly-tests/tf-state/${TF_VAR_TEST_ID}-ca.pem || echo "No custom CA cert file"
+endif
 	rm ${KUBECONFIG} || echo "No kubeconfig"
 
 select-workspace: