WIP: Copy test_verify_engine_certs to test_001

I want to use it as a simple means to make sure the engine is up.
Making it loop, in a previous patch, was enough then, but now that I
need the engine to be up also for
test_add_dwh_to_keycloak_redirect_uris_for_grafana, that's not enough.
For now, just copy it. Later, perhaps reorganize, perhaps move
test_add_dwh_to_keycloak_redirect_uris_for_grafana elsewhere, etc.

Change-Id: Id141160a36d360517586a0180dcc145890521687
Signed-off-by: Yedidyah Bar David <[email protected]>

Author: didib

separate-machine-basic-suite-master/test-scenarios/test_001_initialize_engine_and_dwh.py

@@ -5,9 +5,18 @@
 #
 from __future__ import absolute_import
 
+import logging
+import pytest
+import tempfile
+
+from ost_utils import assert_utils
+from ost_utils import shell
 from ost_utils.ansible.collection import engine_setup
 
 
+LOGGER = logging.getLogger(__name__)
+
+
 def test_initialize_engine(
     ansible_engine,
     ansible_inventory,
@@ -62,6 +71,43 @@ def test_initialize_dwh(
     )
 
 
+@pytest.mark.parametrize(
+    "key_format, verification_fn",
+    [
+        pytest.param(
+            'X509-PEM-CA',
+            lambda path: shell.shell(["openssl", "x509", "-in", path, "-text", "-noout"]),
+            id="CA certificate",
+        ),
+        pytest.param(
+            'OPENSSH-PUBKEY',
+            lambda path: shell.shell(["ssh-keygen", "-l", "-f", path]),
+            id="ssh pubkey",
+        ),
+    ],
+)
+def test_verify_engine_certs(key_format, verification_fn, engine_fqdn, engine_download):
+    url_template = 'http://{}/ovirt-engine/services/pki-resource?resource=ca-certificate&format={}'
+    url = url_template.format(engine_fqdn, key_format)
+
+    def _verify_engine_certs_once():
+        with tempfile.NamedTemporaryFile() as tmp:
+            try:
+                engine_download(url, tmp.name)
+            except shell.ShellError as ex:
+                LOGGER.debug("Certificate download failed for %s", url, exc_info=True)
+                return False
+            try:
+                verification_fn(tmp.name)
+            except shell.ShellError:
+                LOGGER.debug("Certificate verification failed. Certificate contents:\n")
+                LOGGER.debug(tmp.read())
+                return False
+        return True
+
+    assert assert_utils.true_within_short(_verify_engine_certs_once)
+
+
 def test_add_dwh_to_keycloak_redirect_uris_for_grafana(
     ansible_engine,
     engine_fqdn,