Commit 3cd238a
authored
feat(e2e): enable mTLS for Podman compute driver (#1430)
* feat(e2e): enable mTLS for Podman compute driver e2e harness
The Podman driver already supported mTLS certificate injection into
sandbox containers, but the e2e test harness explicitly blocked HTTPS
and ran plaintext-only gateways. Generate ephemeral PKI (CA, server,
client certs) with host.containers.internal in the server SANs, wire
guest_tls_* paths into the TOML config, replace --disable-tls with
--tls-cert/--tls-key/--tls-client-ca, and switch to mTLS gateway
registration. The health check remains on the plaintext health port.
Closes #1428
* refactor(e2e): extract shared PKI generation into gateway-common.sh
The Docker and Podman e2e scripts had near-identical 35-line PKI
generation blocks differing only in the host-gateway SAN. Extract
into e2e_generate_pki(pki_dir, host_alias) in gateway-common.sh,
which also eliminates the cd/cd pattern by using absolute paths
throughout.
* refactor(e2e): use generate-certs instead of raw openssl for PKI
Replace the hand-rolled openssl PKI generation in e2e_generate_pki()
with the gateway's built-in generate-certs --output-dir command. This
uses the same PKI generation as production deployments (Helm and RPM).
The helper now takes the gateway binary path and passes extra SANs
via --server-san (host.openshell.internal always, plus the driver's
host alias for Podman). The default SAN list already includes
host.docker.internal and localhost.
Update all cert path references to match the generate-certs output
layout (server/tls.{crt,key}, client/tls.{crt,key}) and remove the
openssl preflight checks from both gateway scripts.1 parent a54758c commit 3cd238a
4 files changed
Lines changed: 43 additions & 56 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
7 | | - | |
| 7 | + | |
8 | 8 | | |
9 | 9 | | |
10 | 10 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
34 | 34 | | |
35 | 35 | | |
36 | 36 | | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
37 | 53 | | |
38 | 54 | | |
39 | 55 | | |
| |||
63 | 79 | | |
64 | 80 | | |
65 | 81 | | |
66 | | - | |
67 | | - | |
68 | | - | |
| 82 | + | |
| 83 | + | |
| 84 | + | |
69 | 85 | | |
70 | 86 | | |
71 | 87 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
234 | 234 | | |
235 | 235 | | |
236 | 236 | | |
237 | | - | |
238 | | - | |
239 | | - | |
240 | | - | |
241 | 237 | | |
242 | 238 | | |
243 | 239 | | |
| |||
390 | 386 | | |
391 | 387 | | |
392 | 388 | | |
393 | | - | |
394 | | - | |
395 | | - | |
396 | | - | |
397 | | - | |
398 | | - | |
399 | | - | |
400 | | - | |
401 | | - | |
402 | | - | |
403 | | - | |
404 | | - | |
405 | | - | |
406 | | - | |
407 | | - | |
408 | | - | |
409 | | - | |
410 | | - | |
411 | | - | |
412 | | - | |
413 | | - | |
414 | | - | |
415 | | - | |
416 | | - | |
417 | | - | |
418 | | - | |
419 | | - | |
420 | | - | |
421 | | - | |
422 | | - | |
423 | | - | |
424 | | - | |
425 | | - | |
426 | | - | |
427 | | - | |
| 389 | + | |
428 | 390 | | |
429 | 391 | | |
430 | 392 | | |
| |||
473 | 435 | | |
474 | 436 | | |
475 | 437 | | |
476 | | - | |
477 | | - | |
| 438 | + | |
| 439 | + | |
478 | 440 | | |
479 | 441 | | |
480 | 442 | | |
| |||
498 | 460 | | |
499 | 461 | | |
500 | 462 | | |
501 | | - | |
502 | | - | |
| 463 | + | |
| 464 | + | |
503 | 465 | | |
504 | 466 | | |
505 | 467 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
11 | 11 | | |
12 | 12 | | |
13 | 13 | | |
14 | | - | |
15 | | - | |
| 14 | + | |
| 15 | + | |
16 | 16 | | |
17 | 17 | | |
18 | 18 | | |
| |||
277 | 277 | | |
278 | 278 | | |
279 | 279 | | |
280 | | - | |
281 | | - | |
| 280 | + | |
| 281 | + | |
282 | 282 | | |
283 | 283 | | |
284 | 284 | | |
285 | | - | |
| 285 | + | |
286 | 286 | | |
287 | 287 | | |
288 | 288 | | |
| |||
328 | 328 | | |
329 | 329 | | |
330 | 330 | | |
| 331 | + | |
| 332 | + | |
| 333 | + | |
331 | 334 | | |
332 | 335 | | |
333 | 336 | | |
| |||
366 | 369 | | |
367 | 370 | | |
368 | 371 | | |
| 372 | + | |
| 373 | + | |
| 374 | + | |
369 | 375 | | |
370 | 376 | | |
371 | 377 | | |
| |||
382 | 388 | | |
383 | 389 | | |
384 | 390 | | |
385 | | - | |
| 391 | + | |
| 392 | + | |
| 393 | + | |
386 | 394 | | |
387 | 395 | | |
388 | 396 | | |
| |||
401 | 409 | | |
402 | 410 | | |
403 | 411 | | |
404 | | - | |
405 | | - | |
| 412 | + | |
| 413 | + | |
406 | 414 | | |
407 | 415 | | |
408 | 416 | | |
409 | | - | |
| 417 | + | |
| 418 | + | |
410 | 419 | | |
411 | 420 | | |
412 | 421 | | |
| |||
0 commit comments