Create or inject SSL Certificates into the Docker-DB

[tkilias]

Background

• To test the SSL Hostname Verification in pyexasol it is necessary to create SSL certificates with the name of the docker container of the docker-db, because this name can be used in the docker-network to find the docker-db container via DNS and as this is valid target for SSL Hostname Verification
• An example for this Setup can be found here https://github.com/tkilias/pyexasol/tree/pyexasol_ssl_test/pyexasol_ssl_test

Acceptance Criteria

• We can create a SSL Certificate with the name of the docker-db container
• We can inject an external SSL Certificate

[littleK0i]

I suggest the following approach:

1. Add one more option for spawn-test-environment.sh called --create-certificates.
2. If this option is set, generate CA certificate, Exasol server server certificate, private key. Place it into specific directory in the container.
3. (optional) Add CA certificate as "trusted" to test container.
4. Copy certificate files to volume used for Exasol docker container. Update EXAConf.
5. Run Exasol in Docker.

Final result:

• Exasol in Docker starts with auto-generated server certificate in place. Certificate hostname should match the name of container.
• Generated certificates are available for tests to read & test.

Thank you.

[littleK0i]

On the second thought, maybe we do not even need a custom option.

Instead we can always generate a self-signed certificate for test environments. The only difference between custom generated certificates and "default" certificates generated by Exasol will be a hostname entry.

All the existing tests will keep working. I don't see any potential downsides.

[tomuben]

On the second thought, maybe we do not even need a custom option.

Instead we can always generate a self-signed certificate for test environments. The only difference between custom generated certificates and "default" certificates generated by Exasol will be a hostname entry.

All the existing tests will keep working. I don't see any potential downsides.

@littleK0i we still need the command option. The spawn-test-environment.sh script also can work with external databases, where we can't inject the certificate. So we need to keep this injection optional.

[tomuben]

@littleK0i I submitted a PR, and already tested (manually) with pyexasol, it works,also without indicating the the root CA (the root CA is installed automatically in the test container). If you want to test, here is the branch:

feature/#140_create_or_inject_ssl_certificates_into_the_docker