Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / octavia-tempest-plugin / d0ea406ee45399bf329d82e403889a4ceeaa0a39^! / .
commitd0ea406ee45399bf329d82e403889a4ceeaa0a39[log] [tgz]
authorAde Lee <alee@redhat.com>Mon Sep 06 15:33:27 2021 -0400
committerAde Lee <alee@redhat.com>Fri Nov 05 20:38:44 2021 +0000
tree79db27cd045e0e04fec68f5469b41364548f18c9
parent7de0490e79a450a3fabe3188bf7a9af16c554c2d [diff]
Add type to allow ECDSA keys

Some tempest tests will fail under FIPS because they are trying to
ssh to a cirrus instance that has a version of dropbear that does
not support signatures other than using SHA-1 for RSA keys. This
is not allowed under FIPS.  The workaround until cirros is updated
is to use ECDSA keys.  This patch allows the key type to be
specified.

Depends-On: https://review.opendev.org/c/openstack/tempest/+/807465
Change-Id: I34ac429ab5442cef056ee8b63fcb2ba41e8b9b27

diff --git a/octavia_tempest_plugin/tests/act_stdby_scenario/v2/test_active_standby_iptables.py b/octavia_tempest_plugin/tests/act_stdby_scenario/v2/test_active_standby_iptables.py
index 83f2d50..397b98b 100644
--- a/octavia_tempest_plugin/tests/act_stdby_scenario/v2/test_active_standby_iptables.py
+++ b/octavia_tempest_plugin/tests/act_stdby_scenario/v2/test_active_standby_iptables.py

@@ -185,7 +185,8 @@
         ssh_key = cls._get_amphora_ssh_key()
         linux_client = remote_client.RemoteClient(
             amp['lb_network_ip'], CONF.load_balancer.amphora_ssh_user,
-            pkey=ssh_key)
+            pkey=ssh_key,
+            ssh_key_type=CONF.validation.ssh_key_type)
         linux_client.validate_authentication()
 
         # Allow logging from non-init namespaces
@@ -202,7 +203,8 @@
     def _has_vip_traffic(cls, ip_address, log_prefix):
         ssh_key = cls._get_amphora_ssh_key()
         linux_client = remote_client.RemoteClient(
-            ip_address, CONF.load_balancer.amphora_ssh_user, pkey=ssh_key)
+            ip_address, CONF.load_balancer.amphora_ssh_user, pkey=ssh_key,
+            ssh_key_type=CONF.validation.ssh_key_type)
         linux_client.validate_authentication()
 
         try:

diff --git a/octavia_tempest_plugin/tests/test_base.py b/octavia_tempest_plugin/tests/test_base.py
index e7a344d..d9562c6 100644
--- a/octavia_tempest_plugin/tests/test_base.py
+++ b/octavia_tempest_plugin/tests/test_base.py

@@ -981,7 +981,8 @@
         local_file = CONF.load_balancer.test_server_path
 
         linux_client = remote_client.RemoteClient(
-            ip_address, CONF.validation.image_ssh_user, pkey=ssh_key)
+            ip_address, CONF.validation.image_ssh_user, pkey=ssh_key,
+            ssh_key_type=CONF.validation.ssh_key_type)
         linux_client.validate_authentication()
 
         with tempfile.NamedTemporaryFile() as key:
@@ -1036,7 +1037,8 @@
     def _enable_ipv6_nic_webserver(cls, ip_address, ssh_key,
                                    ipv6_address, ipv6_prefix):
         linux_client = remote_client.RemoteClient(
-            ip_address, CONF.validation.image_ssh_user, pkey=ssh_key)
+            ip_address, CONF.validation.image_ssh_user, pkey=ssh_key,
+            ssh_key_type=CONF.validation.ssh_key_type)
         linux_client.validate_authentication()
 
         linux_client.exec_command('sudo ip address add {0}/{1} dev '