add test for alternate certificate sync location

test/integration/functional_test.go

@@ -1528,11 +1528,23 @@ func testCert() string {
 	return fmt.Sprintf("%d.pem", os.Getpid())
 }
 
-// localTestCertPath is where the test file will be synced into the VM
+// testFileCert is name of the test certificate installed
+func testFileCert() string {
+	return fmt.Sprintf("%d2.pem", os.Getpid())
+}
+
+// localTestCertPath is where certs can be synced from the local host into the VM
+// precisely, it's $MINIKUBE_HOME/certs
 func localTestCertPath() string {
 	return filepath.Join(localpath.MiniPath(), "/certs", testCert())
 }
 
+// localTestCertFilesPath is an alternate location where certs can be synced into the minikube VM
+// precisely, it's $MINIKUBE_HOME/files/etc/ssl/certs
+func localTestCertFilesPath() string {
+	return filepath.Join(localpath.MiniPath(), "/files/etc/ssl/certs", testFileCert())
+}
+
 // localEmptyCertPath is where the test file will be synced into the VM
 func localEmptyCertPath() string {
 	return filepath.Join(localpath.MiniPath(), "/certs", fmt.Sprintf("%d_empty.pem", os.Getpid()))
@@ -1574,6 +1586,30 @@ func setupFileSync(ctx context.Context, t *testing.T, profile string) {
 		t.Errorf("%s size=%d, want %d", localTestCertPath(), got.Size(), want.Size())
 	}
 
+	testPem2 := filepath.Join(*testdataDir, "minikube_test2.pem")
+	tmpPem2 := localTestCertFilesPath() + ".pem"
+	if err := copy.Copy(testPem2, tmpPem2); err != nil {
+		t.Fatalf("failed to copy %s: %v", testPem2, err)
+	}
+
+	if err := os.Rename(tmpPem2, localTestCertFilesPath()); err != nil {
+		t.Fatalf("failed to rename %s: %v", tmpPem2, err)
+	}
+
+	want, err = os.Stat(testPem2)
+	if err != nil {
+		t.Fatalf("stat failed: %v", err)
+	}
+
+	got, err = os.Stat(localTestCertFilesPath())
+	if err != nil {
+		t.Fatalf("stat failed: %v", err)
+	}
+
+	if want.Size() != got.Size() {
+		t.Errorf("%s size=%d, want %d", localTestCertFilesPath(), got.Size(), want.Size())
+	}
+
 	// Create an empty file just to mess with people
 	if _, err := os.Create(localEmptyCertPath()); err != nil {
 		t.Fatalf("create failed: %v", err)
@@ -1608,7 +1644,7 @@ func validateFileSync(ctx context.Context, t *testing.T, profile string) {
 	}
 }
 
-// validateCertSync to check existence of the test certificate
+// validateCertSync checks to make sure a custom cert has been copied into the minikube guest and installed correctly
 func validateCertSync(ctx context.Context, t *testing.T, profile string) {
 	defer PostMortemLogs(t, profile)
 
@@ -1642,6 +1678,33 @@ func validateCertSync(ctx context.Context, t *testing.T, profile string) {
 			t.Errorf("failed verify pem file. minikube_test.pem -> %s mismatch (-want +got):\n%s", vp, diff)
 		}
 	}
+
+	testPem2 := filepath.Join(*testdataDir, "minikube_test2.pem")
+	want, err = ioutil.ReadFile(testPem2)
+	if err != nil {
+		t.Errorf("test file not found: %v", err)
+	}
+
+	// Check both the installed & reference certs (they should be symlinked)
+	paths = []string{
+		path.Join("/etc/ssl/certs", testFileCert()),
+		path.Join("/usr/share/ca-certificates", testFileCert()),
+		// hashed path generated by: 'openssl x509 -hash -noout -in testCert()'
+		"/etc/ssl/certs/3ec20f2e.0",
+	}
+	for _, vp := range paths {
+		t.Logf("Checking for existence of %s within VM", vp)
+		rr, err := Run(t, exec.CommandContext(ctx, Target(), "-p", profile, "ssh", fmt.Sprintf("sudo cat %s", vp)))
+		if err != nil {
+			t.Errorf("failed to check existence of %q inside minikube. args %q: %v", vp, rr.Command(), err)
+		}
+
+		// Strip carriage returned by ssh
+		got := strings.ReplaceAll(rr.Stdout.String(), "\r", "")
+		if diff := cmp.Diff(string(want), got); diff != "" {
+			t.Errorf("failed verify pem file. minikube_test2.pem -> %s mismatch (-want +got):\n%s", vp, diff)
+		}
+	}
 }
 
 // validateNotActiveRuntimeDisabled asserts that for a given runtime, the other runtimes disabled, for example for containerd runtime, docker and crio needs to be not running

test/integration/testdata/minikube_test2.pem

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEwDCCAqgCCQCUeXrVemI4eTANBgkqhkiG9w0BAQsFADAiMQswCQYDVQQGEwJV
+UzETMBEGA1UECAwKQ2FsaWZvcm5pYTAeFw0yMTA3MjEyMDM4MDdaFw0yMTA4MjAy
+MDM4MDdaMCIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAu1+sCiosrYIy83a+KtPdoGsKun+O
+jKhETWQrum5FGxqKyQzhHN8q6iZBI94m1sZb2xIJDcKaAsHpKf1z/5pkrWQW4JeL
+riqJ5U0kENy6mWGoFzPLQHkKMXSYUEkRjrgJphh5zLkWDzx6uwxHIrs5yaIwn71Z
+enYezHL8NyMd10+up1lNvH+xGqnSJ3ge7Rj+r5XbA3avvaJ9AVdiJMU5ArMw4Snu
+dLDSUueWFedmXoQud083EvDbMY61blNKUR6BKBJLPopH+9NnUP7FRU25lvTsA8qT
+zz/KertMFhCfwvK4y7a7+GbIPD3fItpm23GORuViEGgeRMH7GGSNVfm4VtK5mI4c
+XK9BrCE+FXowHOWU3MTH1qsvTigd3JZc8BKTaePJGMIDT1HIAaoK7SOoZOLka7bi
+IiLaojrIWY6tE5IIl46cQWLg09G+kjKVfEEvEHNe0t22I9etGeUUEwlcMITHmEdE
+WrXytC8dSNFObSG5B2MX2Ovm+yNblcK7TI7lW/tkbxtKs56J1mNmi4LXXBM8FdF8
+w9MpJc+ySVj2+f+eBE08amKjC9VVbBzNSw7MRaI9fFY5AAifJ8g55F3/KCNq5aTd
+rBADtAa5kQkTVjfMBhG++0Ow4f55hm73oJAy/qxb09OY7Vk9ky/K3l8GfWv8ozIF
+w+Oq6vdsspvtVJ8CAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAGKVxsf13kYGaQJ+J
+6eyRZXlV5Bp+9EGtMPGsuVv2HJa4oxMBn7Xc/bUhjY9Is/ZwfOpPUPO/nQtSSPmO
+aozQj/27p8HDTW201fwLNiZMcppBdJvIQdDzCh6e2ikg3lqsw2BoLX1vbgc9HPml
+P8QCHEz2lricGdTuMRtBgH5x/ZkZGLbADQBeyoPTsPaQceRt5hPYXWifqiHhcJoL
+2T+XgbaHJ4lEhCU0IXJG0vlLuAyxQzO3gMeHK8BlLt/h/JCiDndo63a4XCkenmY8
+8/6Y9Lgh+O3954YgwdXBIS33CzhY7c+tfpag1hwpDHro/zsyLwdN2JxZqWymfg8T
+RyIeJ5VpY+CGm1fVTx84twQbiM241eZDYaW6Ap5/ZuxPbzY++KDMZHMuJYURorAU
+JE/SE6WltXpKTvtzyPNKt8fgPQmFzlBosDZCf/5EiyVqbLzideF1l+Rd//5gRBg0
+B63fOlCdxGtDeX1gKzekV4sXQIsWKW1BSCEInJt5lOS8Ex4JTXy8crwKo7hv0zPc
+sOjAXbtDYlPf/jPFGKzkgFACB87Bx4ZUZMp/ShOzjMt20MLGLJvCGCQIHetUz+GG
+/LTwSNhgWCheYkbDwXhCmqbN249xE3fNHC6zQ/IMJ30v/UWN4RldGfFzmoVBRUUX
+eQ7g5kXER7H/Lh/2V9FyaRhPpZM=
+-----END CERTIFICATE-----