Re: [ovs-dev] [PATCH ovn 1/4] ovn-northd.at: Fix test "northd ssl file change -- ovn-northd-ddlog".

Fri, 11 Jun 2021 11:24:43 -0700 

Hi Han,
I'm fine with fixing the test this way, since like you said it's not meant to test RBAC. 

Acked-by: Mark Michelson <[email protected]>


However, based on how this sounds, there is still a bug in 
ovn-northd-ddlog wrt RBAC, and that should still be fixed since this 
could cause failures for other tests.


On 6/11/21 2:24 AM, Han Zhou wrote:

This test fails for ovn-northd-ddlog because of the RBAC role when using
the SSL connection. RBAC is not the purpose of the test case, so this
patch fixes it without enabling RBAC.

Signed-off-by: Han Zhou <[email protected]>
---
  tests/ovn-northd.at | 19 +++++++++++++++++--
  1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
index 4692775ad..ad1732da3 100644
--- a/tests/ovn-northd.at
+++ b/tests/ovn-northd.at
@@ -3618,9 +3618,23 @@ ovn_start --backup-northd=none
  as northd
  OVS_APP_EXIT_AND_WAIT([NORTHD_TYPE])

  
+as ovn-sb

+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
+
+key_server=testpki-test-privkey.pem
+cert_server=testpki-test-cert.pem
+cacert=testpki-cacert.pem
+
+cd ovn-sb
+rm ovsdb-server.log
+ssl_options="--remote=pssl:0:127.0.0.1 ovn-sb.db -p $PKIDIR/$key_server -c 
$PKIDIR/$cert_server -C $PKIDIR/$cacert"
+AT_CHECK([ovsdb-server --detach --no-chdir --pidfile --log-file $ssl_options], 
[0], [], [stderr])
+on_exit "kill `cat ovsdb-server.pid`"
+PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT])
+cd ..
+
  key=testpki-hv1-privkey.pem
  cert=testpki-hv1-cert.pem
-cacert=testpki-cacert.pem

  
  key2=testpki-hv2-privkey.pem

  cert3=testpki-hv3-cert.pem
@@ -3629,8 +3643,9 @@ cert3=testpki-hv3-cert.pem
  cp $PKIDIR/$key2 $key
  cp $PKIDIR/$cert3 $cert
  cp $PKIDIR/$cacert $cacert
+as northd
  start_daemon ovn$NORTHD_TYPE -vjsonrpc \
-    --ovnnb-db=$OVN_NB_DB --ovnsb-db=$SSL_OVN_SB_DB \
+    --ovnnb-db=$OVN_NB_DB --ovnsb-db=ssl:127.0.0.1:$TCP_PORT \
      -p $key -c $cert -C $cacert

  
  # SSL should not connect because of key and cert mismatch




_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev






















					Reply via email to