[DPE-3421] Switch to self signed certificates (#379)

* Update TLS tests to use Self Signed Certificates operator

Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>

* Update backup tests to use Self Signed Certificates operator

Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>

* Remove unused config options

Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>

---------

Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>

Author: marceloneppel

poetry.lock

@@ -21,14 +21,22 @@
     scale_application,
     wait_for_idle_on_blocked,
 )
+from .juju_ import juju_major_version
 
 ANOTHER_CLUSTER_REPOSITORY_ERROR_MESSAGE = "the S3 repository has backups from another cluster"
 FAILED_TO_ACCESS_CREATE_BUCKET_ERROR_MESSAGE = (
     "failed to access/create the bucket, check your S3 settings"
 )
 FAILED_TO_INITIALIZE_STANZA_ERROR_MESSAGE = "failed to initialize stanza, check your S3 settings"
 S3_INTEGRATOR_APP_NAME = "s3-integrator"
-TLS_CERTIFICATES_APP_NAME = "tls-certificates-operator"
+if juju_major_version < 3:
+    TLS_CERTIFICATES_APP_NAME = "tls-certificates-operator"
+    TLS_CHANNEL = "legacy/stable"
+    TLS_CONFIG = {"generate-self-signed-certificates": "true", "ca-common-name": "Test CA"}
+else:
+    TLS_CERTIFICATES_APP_NAME = "self-signed-certificates"
+    TLS_CHANNEL = "latest/stable"
+    TLS_CONFIG = {"ca-common-name": "Test CA"}
 
 logger = logging.getLogger(__name__)
 
@@ -92,8 +100,7 @@ async def test_backup_and_restore(ops_test: OpsTest, cloud_configs: Tuple[Dict,
     """Build and deploy two units of PostgreSQL and then test the backup and restore actions."""
     # Deploy S3 Integrator and TLS Certificates Operator.
     await ops_test.model.deploy(S3_INTEGRATOR_APP_NAME)
-    config = {"generate-self-signed-certificates": "true", "ca-common-name": "Test CA"}
-    await ops_test.model.deploy(TLS_CERTIFICATES_APP_NAME, config=config, channel="legacy/stable")
+    await ops_test.model.deploy(TLS_CERTIFICATES_APP_NAME, config=TLS_CONFIG, channel=TLS_CHANNEL)
 
     for cloud, config in cloud_configs[0].items():
         # Deploy and relate PostgreSQL to S3 integrator (one database app for each cloud for now

tests/integration/test_backups.py

@@ -8,7 +8,6 @@
 from pytest_operator.plugin import OpsTest
 from tenacity import Retrying, stop_after_delay, wait_fixed
 
-from . import markers
 from .helpers import (
     DATABASE_APP_NAME,
     build_and_deploy,
@@ -24,12 +23,19 @@
     primary_changed,
     run_command_on_unit,
 )
+from .juju_ import juju_major_version
 
 logger = logging.getLogger(__name__)
 
 MATTERMOST_APP_NAME = "mattermost"
-SELF_SIGNED_CERTIFICATES_APP_NAME = "self-signed-certificates"
-TLS_CERTIFICATES_APP_NAME = "tls-certificates-operator"
+if juju_major_version < 3:
+    TLS_CERTIFICATES_APP_NAME = "tls-certificates-operator"
+    TLS_CHANNEL = "legacy/stable"
+    TLS_CONFIG = {"generate-self-signed-certificates": "true", "ca-common-name": "Test CA"}
+else:
+    TLS_CERTIFICATES_APP_NAME = "self-signed-certificates"
+    TLS_CHANNEL = "latest/stable"
+    TLS_CONFIG = {"ca-common-name": "Test CA"}
 APPLICATION_UNITS = 2
 DATABASE_UNITS = 3
 
@@ -72,9 +78,8 @@ async def test_mattermost_db(ops_test: OpsTest) -> None:
     """
     async with ops_test.fast_forward():
         # Deploy TLS Certificates operator.
-        config = {"generate-self-signed-certificates": "true", "ca-common-name": "Test CA"}
         await ops_test.model.deploy(
-            TLS_CERTIFICATES_APP_NAME, config=config, channel="legacy/stable"
+            TLS_CERTIFICATES_APP_NAME, config=TLS_CONFIG, channel=TLS_CHANNEL
         )
         # Relate it to the PostgreSQL to enable TLS.
         await ops_test.model.relate(DATABASE_APP_NAME, TLS_CERTIFICATES_APP_NAME)
@@ -171,20 +176,3 @@ async def test_mattermost_db(ops_test: OpsTest) -> None:
         for unit in ops_test.model.applications[DATABASE_APP_NAME].units:
             assert await check_tls(ops_test, unit.name, enabled=False)
             assert await check_tls_patroni_api(ops_test, unit.name, enabled=False)
-
-
-@markers.juju3
-@pytest.mark.group(1)
-async def test_relation_with_self_signed_certificates_operator(ops_test: OpsTest) -> None:
-    """Test the relation with the Self Signed Certificates operator."""
-    async with ops_test.fast_forward(fast_interval="60s"):
-        # Deploy Self Signed Certificates operator.
-        await ops_test.model.deploy(SELF_SIGNED_CERTIFICATES_APP_NAME)
-        # Relate it to the PostgreSQL to enable TLS.
-        await ops_test.model.relate(DATABASE_APP_NAME, SELF_SIGNED_CERTIFICATES_APP_NAME)
-        await ops_test.model.wait_for_idle(status="active", timeout=1500)
-
-        # Wait for all units enabling TLS.
-        for unit in ops_test.model.applications[DATABASE_APP_NAME].units:
-            assert await check_tls(ops_test, unit.name, enabled=True)
-            assert await check_tls_patroni_api(ops_test, unit.name, enabled=True)