Merge "[ FAB-1673 ] Integrate fabric/cop fvt in CI"

images/fabric-ca-fvt/Dockerfile.in

@@ -23,7 +23,7 @@ RUN echo "mysql-server mysql-server/root_password password mysql" | debconf-set-
 RUN echo "mysql-server mysql-server/root_password_again password mysql" | debconf-set-selections
 RUN apt-get -y install --no-install-recommends bc vim lsof sqlite3 haproxy postgresql-$PGVER postgresql-client-common \
                        isag jq git html2text debconf-utils zsh htop python2.7-minimal \
-                       mysql-client  mysql-common mysql-server
+                       libpython2.7-stdlib mysql-client  mysql-common mysql-server
 RUN apt-get -y autoremove
 
 # Configure and start postgres

scripts/fvt/enrollments_test.sh

@@ -19,18 +19,22 @@ export CA_CFG_PATH
 function genServerConfig {
 case "$1" in
    implicit) cat > $SERVERCONFIG <<EOF
-database:
+db:
   type: $DRIVER
   datasource: $DATASRC
   tls:
-    enabled: $FABRIC_TLS
-    certfile: $TESTDATA/tls_server-cert.pem
-    keyfile: $TESTDATA/tls_server-key.pem
+     enabled: $FABRIC_TLS
+     certfiles:
+       - $TESTDATA/tls_server-cert.pem
+     client:
+       certfile: $TESTDATA/tls_server-cert.pem
+       keyfile: $TESTDATA/tls_server-key.pem
 tls:
   enabled: $FABRIC_TLS
   certfile: $TESTDATA/tls_server-cert.pem
   keyfile: $TESTDATA/tls_server-key.pem
 ca:
+  name: fabric-ca-server
   certfile: $CA_CFG_PATH/fabric-ca-key.pem
   keyfile: $CA_CFG_PATH/fabric-ca-cert.pem
 registry:
@@ -84,18 +88,22 @@ EOF
 ;;
    # Max enroll for identities cannot surpass global setting
    invalid) cat > $SERVERCONFIG <<EOF
-database:
+db:
   type: $DRIVER
   datasource: $DATASRC
   tls:
-    enabled: $FABRIC_TLS
-    certfile: $TESTDATA/tls_server-cert.pem
-    keyfile: $TESTDATA/tls_server-key.pem
+     enabled: $FABRIC_TLS
+     certfiles:
+       - $TESTDATA/tls_server-cert.pem
+     client:
+       certfile: $TESTDATA/tls_server-cert.pem
+       keyfile: $TESTDATA/tls_server-key.pem
 tls:
   enabled: $FABRIC_TLS
   certfile: $TESTDATA/tls_server-cert.pem
   keyfile: $TESTDATA/tls_server-key.pem
 ca:
+  name: fabric-ca-server
   certfile: $CA_CFG_PATH/fabric-ca-key.pem
   keyfile: $CA_CFG_PATH/fabric-ca-cert.pem
 registry:

scripts/fvt/fabric-ca_utils

@@ -235,7 +235,6 @@ enroll() {
    $FABRIC_CA_CLIENTEXEC enroll -u "${PROTO}${username}:${userpswd}@${HOST}:${PORT}" $TLSOPT \
                          -c $ENROLLCONFIG \
                          --csr.cn $username \
-                         --tls.certfiles $ROOTCERT \
                          --enrollment.hosts "$username@fab-client.raleigh.ibm.com,$username.fabric.raleigh.ibm.com,127.0.0.2"
    RC=$?
    if test -n "$FABRIC_CA_DEBUG"; then
@@ -267,8 +266,7 @@ reenroll() {
    ENROLLCONFIG="$FABRIC_CA_CLIENT_HOME/enroll.yaml"
    export FABRIC_CA_CLIENT_HOME
    setTLS
-   $FABRIC_CA_CLIENTEXEC reenroll -u $PROTO$HOST:$PORT $TLSOPT -c $ENROLLCONFIG \
-                          --tls.certfiles $ROOTCERT
+   $FABRIC_CA_CLIENTEXEC reenroll -u $PROTO$HOST:$PORT $TLSOPT -c $ENROLLCONFIG 
    RC=$?
    $($FABRIC_CA_DEBUG) && printAuth $FABRIC_CA_CERT_FILE $FABRIC_CA_KEY_FILE
    $SCRIPTDIR/fabric-ca_setup.sh -L -d $driver
@@ -302,9 +300,9 @@ register() {
                            --id.maxenrollments 1 \
                            $USERGRP_OPT \
                            --id.attr "$USERATTR" \
-                           --tls.certfiles $ROOTCERT \
                            -c $FABRIC_CA_CLIENT_HOME/fabric-ca-client-config.yaml
-   return $?
+   local rc=$?
+   return $rc
 }
 
 function genRunconfig() {
@@ -536,11 +534,19 @@ debug: $FABRIC_CA_DEBUG
 db:
   type: $driver
   datasource: $datasrc
+  tls:
+     enabled: false
+     certfiles:
+       - $TESTDATA/tls_server-cert.pem
+     client:
+       certfile: $TESTDATA/tls_server-cert.pem
+       keyfile: $TESTDATA/tls_server-key.pem
 tls:
   enabled: $TLS_ON
   certfile: $TESTDATA/tls_server-cert.pem
   keyfile: $TESTDATA/tls_server-key.pem
 ca:
+  name: fabric-ca-server
   certfile: $serverCert
   keyfile: $serverKey
 registry:
@@ -624,10 +630,10 @@ ldap:
   url: ldap://CN=admin:adminPassword@localhost:$LDAP_PORT/<base>
   tls:
     certfiles:
-      - ldap-server-cert.pem
+      - $TESTDATA/tls_server-key.pem
     client:
-      certfile: ldap-client-cert.pem
-      keyfile: ldap-client-key.pem
+      certfile: $TESTDATA/tls_server-key.pem
+      keyfile: $TESTDATA/tls_server-key.pem
 affiliations:
   bank_a:
     - department1

scripts/fvt/revoke_test.sh

@@ -4,8 +4,6 @@ SCRIPTDIR="$FABRIC_CA/scripts/fvt"
 TESTDATA="$FABRIC_CA/testdata"
 export CA_CFG_PATH="/tmp/revoke_test"
 RC=0
-# FIXME should not require user:pass
-URI="http://user:pass@localhost:8888"
 DB="fabric_ca"
 USERS=("admin" "admin2" "notadmin" "testUser" "testUser2" "testUser3" )
 PSWDS=("adminpw" "adminpw2" "pass" "user1" "user2" "user3" )
@@ -14,6 +12,9 @@ PSWDS=("adminpw" "adminpw2" "pass" "user1" "user2" "user3" )
 HTTP_PORT="3755"
 
 . $SCRIPTDIR/fabric-ca_utils
+setTLS
+# FIXME should not require user:pass
+URI="${PROTO}user:pass@localhost:8888"
 
 genAffYaml() {
    local Planet=(0 1)
@@ -126,7 +127,7 @@ for driver in mysql postgres sqlite3; do
 
    # notadmin cannot revoke
    export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[2]}"
-   $FABRIC_CA_CLIENTEXEC revoke -u $URI --eid ${USERS[1]}
+   $FABRIC_CA_CLIENTEXEC revoke -u $URI --eid ${USERS[1]} $TLSOPT
    test "$?" -eq 0 && ErrorMsg "Non-revoker successfully revoked cert"
 
    # Check the DB contents
@@ -151,31 +152,31 @@ for driver in mysql postgres sqlite3; do
    echo "=========================> REVOKING by --eid"
    export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[0]}"
    #### Blanket revoke all of admin2 certs
-   $FABRIC_CA_CLIENTEXEC revoke -u $URI --eid ${USERS[1]}
+   $FABRIC_CA_CLIENTEXEC revoke -u $URI --eid ${USERS[1]} $TLSOPT
 
    #### Revoke notadmin's cert by serial number and authority keyid
    #### using upper-case hexidecimal
    echo "=========================> REVOKING by -s -a (UPPERCASE)"
-   $FABRIC_CA_CLIENTEXEC revoke -s $SN_UC -a $AKI_UC -u $URI
+   $FABRIC_CA_CLIENTEXEC revoke -s $SN_UC -a $AKI_UC -u $URI $TLSOPT
 
    #### Ensure that revoking an already revoked cert doesn't blow up
    echo "=========================> Issuing duplicate revoke by -s -a"
-   $FABRIC_CA_CLIENTEXEC revoke -s $SN_UC -a $AKI_UC -u $URI
+   $FABRIC_CA_CLIENTEXEC revoke -s $SN_UC -a $AKI_UC -u $URI $TLSOPT
 
    #### Revoke using lower-case hexadeciaml
    # FIXME - should allow combination of SN + AKI + EID
    #$FABRIC_CA_CLIENTEXEC revoke -s $SN_LC -a $AKI_LC -u $URI --eid ${USERS[3]}
    echo "=========================> REVOKING by -s -a (LOWERCASE)"
-   $FABRIC_CA_CLIENTEXEC revoke -s $SN_LC -a $AKI_LC -u $URI
+   $FABRIC_CA_CLIENTEXEC revoke -s $SN_LC -a $AKI_LC -u $URI $TLSOPT
 
    echo "=========================> REVOKING by --eid"
    export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[0]}"
    #### Revoke across affiliations not allowed
-   $FABRIC_CA_CLIENTEXEC revoke -u $URI --eid ${USERS[5]}
+   $FABRIC_CA_CLIENTEXEC revoke -u $URI --eid ${USERS[5]} $TLSOPT
 
    #### Revoke my own cert
    echo "=========================> REVOKING self"
-   $FABRIC_CA_CLIENTEXEC revoke --eid ${USERS[0]}
+   $FABRIC_CA_CLIENTEXEC revoke --eid ${USERS[0]} -u $URI $TLSOPT
 
    # Verify the DB update
    for ((i=${#USERS[@]}; i<=0; i--)); do

scripts/run_fvt_tests

@@ -15,7 +15,7 @@ echo "Running fvt tests ..."
 for TLS in $SCRIPTDIR/tls.env $SCRIPTDIR/notls.env; do
 . $TLS
 export PATH=$PATH:$GOPATH/bin
-tests="$(find $SCRIPTDIR -name "*test**sh")"
+tests="$(find $SCRIPTDIR -maxdepth 1 -name "*test**sh")"
 for cmd in $tests; do
   echo ""
   echo "*******************"