Skip to content

Add acceptance tests for custom CA certificate parameters #3346

Description

@st3penta

The verify-enterprise-contract and verify-conforma-konflux-ta tasks support custom CA certificate configuration via CA_TRUST_CONFIGMAP_NAME and CA_TRUST_CONFIG_MAP_KEY parameters (introduced in PR #1814). These parameters allow mounting a ConfigMap containing a CA bundle so the CLI can communicate with registries and Rekor instances using non-standard CAs.

Currently, the only CA-related acceptance test covers the SSL_CERT_DIR parameter in task_validate_image.feature. There is no acceptance test coverage for:

  1. CA_TRUST_CONFIGMAP_NAME / CA_TRUST_CONFIG_MAP_KEY parameters - verifying that a ConfigMap-provided CA bundle is correctly mounted and used during validation in the verify-enterprise-contract task.
  2. verify-conforma-konflux-ta CA handling - the trusted artifacts variant has its own CA mount logic (mounting to /mnt/trusted-ca and conditionally exporting SSL_CERT_FILE), which has zero acceptance test coverage. This path has already required a production fix (PR fix(RELEASE-2397): custom ca support in verify-conforma task #3259 / RELEASE-2397).
  3. End-to-end custom CA scenario - validating an image from a registry served with a self-signed certificate, using the custom CA parameters to provide the trust chain.

The lack of test coverage for these paths has contributed to regressions (e.g., RELEASE-2397 where the volume mount style caused failures when the ConfigMap was absent).

Acceptance criteria:

  • Acceptance test exercises CA_TRUST_CONFIGMAP_NAME and CA_TRUST_CONFIG_MAP_KEY with a ConfigMap containing a custom CA bundle in the verify-enterprise-contract task
  • Acceptance test exercises the trusted-ca mount and SSL_CERT_FILE logic in the verify-conforma-konflux-ta task
  • Tests verify that the task succeeds when a valid CA bundle is provided and handles the case when the ConfigMap is absent gracefully

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions