OpenLiberty · kabicin · Jun 28, 2023 · Jun 28, 2023 · Jun 28, 2023 · Jun 29, 2023
diff --git a/build/buildAll.sh b/build/buildAll.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 currentRelease=$1
-tests=(test-pet-clinic test-stock-quote test-stock-trader)
+tests=(test-pet-clinic test-stock-quote test-stock-trader test-liberty-certificates)
 
 echo "Starting to process release $currentRelease"
 
@@ -37,8 +37,15 @@ then
     testBuild="./build.sh --dir=$test --dockerfile=Dockerfile --tag=$test"
     echo "Running build script for test - $testBuild"
     eval $testBuild
+
     verifyCommand="./verify.sh $test"
     echo "Running verify script - $verifyCommand"
     eval $verifyCommand
+
+    if [ "$test" == "test-liberty-certificates" ]; then
+      verifyCommand="./verifyLibertyCertificates.sh $test"
+      echo "Running verify script - $verifyCommand"
+      eval $verifyCommand
+    fi
   done
 fi
diff --git a/build/test-liberty-certificates/Dockerfile b/build/test-liberty-certificates/Dockerfile
@@ -0,0 +1,24 @@
+ARG IMAGE=openliberty/open-liberty:kernel-slim-java8-openj9-ubi
+
+# Generate certificates (for test only)
+FROM registry.access.redhat.com/ubi8/openssl as staging
+RUN openssl req -new -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out /tls.crt -keyout /tls.key -subj "/C=CA/ST=Ontario/L=Markham/O=IBM/OU=WAS/CN=ci.docker.test"
+
+FROM ${IMAGE}
+
+COPY --chown=1001:0 server.xml /config/
+# Add certificates to TLS_DIR
+ENV TLS_DIR=/config/certs
+RUN mkdir -p /config/certs
+COPY --from=staging --chown=1001:0 /tls.crt /config/certs/
+COPY --from=staging --chown=1001:0 /tls.key /config/certs/
+COPY --from=staging --chown=1001:0 /tls.crt /config/certs/ca.crt
+
+# Add rw perms for non-default user
+RUN setfacl -R -Lm g:root:rw /config/certs
+
+# This script will add the requested XML snippets to enable Liberty features and grow image to be fit-for-purpose using featureUtility
+RUN features.sh
+
+# This script will add the requested server configurations, apply any iFixes and populate caches to optimize runtime
+RUN configure.sh
diff --git a/build/test-liberty-certificates/server.xml b/build/test-liberty-certificates/server.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server description="new server">
+
+    <!-- Enable features -->
+    <featureManager>
+        <feature>transportSecurity-1.0</feature>
+    </featureManager>
+
+    <!-- To access this server from a remote client add a host attribute to the following element, e.g. host="*" -->
+    <httpEndpoint id="defaultHttpEndpoint"
+                  httpPort="9080"
+                  httpsPort="9443" />
+
+</server>
diff --git a/build/test-stock-quote/Dockerfile b/build/test-stock-quote/Dockerfile
@@ -1,4 +1,4 @@
-ARG IMAGE=openliberty/open-liberty:kernel-slim-ubi
+ARG IMAGE=openliberty/open-liberty:kernel-slim-java8-openj9-ubi
 FROM ${IMAGE}
 
 ARG VERBOSE=false

diff --git a/build/test-stock-trader/Dockerfile b/build/test-stock-trader/Dockerfile
@@ -1,4 +1,4 @@
-ARG IMAGE=openliberty/open-liberty:kernel-slim-ubi
+ARG IMAGE=openliberty/open-liberty:kernel-slim-java8-openj9-ubi
 FROM ${IMAGE}
 
 ARG VERBOSE=false

diff --git a/build/verify.sh b/build/verify.sh
@@ -15,12 +15,12 @@ DOCKER=docker
 
 waitForServerStart()
 {
-   cid=$1
+   image=$1
    count=${2:-1}
    end=$((SECONDS+120))
-   while (( $SECONDS < $end && $($DOCKER inspect -f {{.State.Running}} $cid) == "true" ))
+   while (( $SECONDS < $end ))
    do
-      result=$($DOCKER logs $cid 2>&1 | grep "CWWKF0011I" | wc -l)
+      result=$($DOCKER logs $image 2>&1 | grep "CWWKF0011I" | wc -l)
       if [ $result = $count ]
       then
          return 0
@@ -33,11 +33,11 @@ waitForServerStart()
 
 waitForServerStop()
 {
-   cid=$1
+   image=$1
    end=$((SECONDS+120))
    while (( $SECONDS < $end ))
    do
-      result=$($DOCKER logs $cid 2>&1 | grep "CWWKE0036I" | wc -l)
+      result=$($DOCKER logs $image 2>&1 | grep "CWWKE0036I" | wc -l)
       if [ $result = 1 ]
       then
          return 0
@@ -50,12 +50,13 @@ waitForServerStop()
 
 testLibertyStopsAndRestarts()
 {
+   staticImage=$2
    if [ "$1" == "OpenShift" ]; then
       timestamp=$(date '+%Y/%m/%d %H:%M:%S')
       echo "$timestamp *** testLibertyStopsAndRestarts on OpenShift"
-      cid=$($DOCKER run -d -u 1005:0 $security_opt $image)
+      $DOCKER run --name $image -d -u 1005:0 $security_opt $image
    else
-      cid=$($DOCKER run -d $security_opt $image)
+      $DOCKER run --name $image -d $security_opt $image
    fi
 
    if [ $? != 0 ]
@@ -64,54 +65,58 @@ testLibertyStopsAndRestarts()
       exit 1
    fi
 
-   waitForServerStart $cid
+   waitForServerStart $image
    if [ $? != 0 ]
    then
       echo "Liberty failed to start; exiting"
-      $DOCKER logs $cid
-      $DOCKER rm -f $cid >/dev/null
+      $DOCKER logs $image
+      $DOCKER rm -f $image >/dev/null
       exit 1
    fi
    sleep 45
-   $DOCKER stop $cid >/dev/null
+   $DOCKER stop $image >/dev/null
    if [ $? != 0 ]
    then
       echo "Error stopping container or server; exiting"
-      $DOCKER logs $cid
-      $DOCKER rm -f $cid >/dev/null
+      $DOCKER logs $image
+      $DOCKER rm -f $image >/dev/null
       exit 1
    fi
 
-   $DOCKER start $cid >/dev/null
+   $DOCKER start $image >/dev/null
    if [ $? != 0 ]
    then
       echo "Failed to rerun container; exiting"
-      $DOCKER logs $cid
-      $DOCKER rm -f $cid >/dev/null
+      $DOCKER logs $image
+      $DOCKER rm -f $image >/dev/null
       exit 1
    fi
 
-   waitForServerStart $cid 2
+   if [ "$staticImage" = "true" ]; then
+      waitForServerStart $image 2
+   else
+      waitForServerStart $image
+   fi
    if [ $? != 0 ]
    then
       echo "Server failed to restart; exiting"
-      $DOCKER logs $cid
-      $DOCKER rm -f $cid >/dev/null
+      $DOCKER logs $image
+      $DOCKER rm -f $image >/dev/null
       exit 1
    fi
 
-   $DOCKER logs $cid 2>&1 | grep "ERROR"
+   $DOCKER logs $image 2>&1 | grep "ERROR"
    if [ $? = 0 ]
    then
       echo "Errors found in logs for container; exiting"
       echo "DEBUG START full log"
-      $DOCKER logs $cid
+      $DOCKER logs $image
       echo "DEBUG END full log"
-      $DOCKER rm -f $cid >/dev/null
+      $DOCKER rm -f $image >/dev/null
       exit 1
    fi
 
-   $DOCKER rm -f $cid >/dev/null
+   $DOCKER rm -f $image >/dev/null
 }
 
 testDockerOnOpenShift()

diff --git a/build/verifyLibertyCertificates.sh b/build/verifyLibertyCertificates.sh
@@ -0,0 +1,79 @@
+#! /bin/bash
+#####################################################################################
+#                                                                                   #
+#  Script to verify an Open Liberty image certificates                              #
+#                                                                                   #
+#                                                                                   #
+#  Usage : verifyLibertyCertificates.sh <Image name>                                # 
+#                                                                                   #
+#####################################################################################
+
+image=$1
+tag=`echo $image | cut -d ":" -f2`
+cname="${tag}test"
+DOCKER=docker
+
+serverCleanup()
+{
+    cid=$1
+    $DOCKER logs $cid
+    $DOCKER stop $cid >/dev/null
+    $DOCKER rm -f $cid >/dev/null
+}
+
+checkCommandForSuccess()
+{
+    cid=$1
+    command=$2
+    failMessage=$3
+    $DOCKER exec -it $cid sh -c "$command"
+    if [ $? != 0 ]
+    then
+        echo "$failMessage"
+        serverCleanup $cid
+        exit 1
+    fi
+}
+
+testLibertyCertificates()
+{
+    cid=$($DOCKER run -d $image)
+    # Wait until the server starts to know that the certs have been loaded 
+    maxRetry=10
+    i=0
+    serverLaunched=false
+    while [ $serverLaunched = false ] && [ $i -lt $maxRetry ]; do
+        sleep 1
+        launchMessage=$($DOCKER logs $cid | grep "Launching defaultServer" -c)
+        if [ $launchMessage -eq 1 ]; then
+            serverLaunched=true
+        fi
+        i=$(( $i + 1 ))
+    done
+    if [ $serverLaunched = false ]; then
+        echo "Server failed to start"
+        serverCleanup $cid
+        exit 1
+    fi
+
+    # Validate that openssl package is present in the Liberty image
+    checkCommandForSuccess $cid "which openssl" "Server failed to generate keystore"
+
+    # Validate that the certificate is added to the Liberty default keystore
+    checkCommandForSuccess $cid "ls /output/resources/security/key.p12" "Server failed to add certificate to keystore"
+
+    # Validate that the certificate is added to the Liberty default truststore
+    checkCommandForSuccess $cid "ls /output/resources/security/trust.p12" "Server failed to add certificate to truststore"
+
+    serverCleanup $cid >/dev/null
+}
+
+tests=$(declare -F | cut -d" " -f3 | grep "test")
+for name in $tests
+do
+   timestamp=$(date '+%Y/%m/%d %H:%M:%S')
+   echo "$timestamp *** $name - Executing"
+   eval $name
+   timestamp=$(date '+%Y/%m/%d %H:%M:%S')
+   echo "$timestamp *** $name - Completed successfully"
+done