Be able to add public certificates to the keychain used by the remote tests

[techcobweb]

Story

As an admin of a Galasa ecosystem, I want to be able to specify a list of certificates which can be injected into the pod used by the tests (engine controller pods), so that my tests can make SSL connections to servers which use internal certificates.

Background

Note: These are public certificates of remote servers. They are not secrets.

There are a few ways to do this:

1. Allow the admin to specify different image registry. The admin could get the engine controller image, and use that as a base for their own image, and then direct the helm chart to use that... but we have only got a single variable to describe the registry that all the images come from.
   • For each docker image used, have the ability to separately specify which image registry the images will be drawn from.

OR

2. Set these into a collection of CPS properties. When a test pod launches, it looks in this CPS namespace and loads all the properties ending in a suffix of 'cert'. That allows users to have properties like:

   publiccertificates.my.server.cert
   publiccertificates.my.server.description

3. As solution 2, but create a new CPS namespace in the ecosystem for these "publiccertificates" to live in.

   • Using a namespace separate to the test or manager namespaces allows these certificates to be managed/get/set using a separate yaml file. They are big. They would make a normal yaml file of CPS properties look unreadable.

Either solution should work. Solution 2+3 is preferrable.

OR

3. Create a manager who reads it's own namespace, and sets these certificates into the image keyring when it initialises.

Tasks

• [ ] Decide on which solutions(s) we want to do.
• [ ] Flesh out this task list further.