Add X.509 intermedaite and root certificates to Helm tests
This commit is contained in:
parent
1a5523f5c0
commit
3262ffd43b
6 changed files with 53 additions and 3 deletions
|
@ -2,6 +2,7 @@ package pki
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
|
"crypto/x509"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"os"
|
"os"
|
||||||
"testing"
|
"testing"
|
||||||
|
@ -114,13 +115,19 @@ func TestPKI_WriteHelmTemplate(t *testing.T) {
|
||||||
p, err := New(o, opts...)
|
p, err := New(o, opts...)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
// setKeyPairs sets a predefined JWK and a default JWK provisioner. This is one
|
// setKeyPair sets a predefined JWK and a default JWK provisioner. This is one
|
||||||
// of the things performed in the `ca init` code that's not part of `New`, but
|
// of the things performed in the `ca init` code that's not part of `New`, but
|
||||||
// performed after that in p.GenerateKeyPairs`. We're currently using the same
|
// performed after that in p.GenerateKeyPairs`. We're currently using the same
|
||||||
// JWK for every test to keep test variance small: we're not testing JWK generation
|
// JWK for every test to keep test variance small: we're not testing JWK generation
|
||||||
// here after all. It's a bit dangerous to redefine the function here, but it's
|
// here after all. It's a bit dangerous to redefine the function here, but it's
|
||||||
// the simplest way to make this fully testable without refactoring the init now.
|
// the simplest way to make this fully testable without refactoring the init now.
|
||||||
setKeyPairs(t, p)
|
// The password for the predefined encrypted key is \x01\x03\x03\x07.
|
||||||
|
setKeyPair(t, p)
|
||||||
|
|
||||||
|
// setFiles sets some static intermediate and root CA certificate bytes. It
|
||||||
|
// replaces the logic executed in `p.GenerateRootCertificate`, `p.WriteRootCertificate`,
|
||||||
|
// and `p.GenerateIntermediateCertificate`.
|
||||||
|
setFiles(t, p)
|
||||||
|
|
||||||
w := &bytes.Buffer{}
|
w := &bytes.Buffer{}
|
||||||
if err := p.WriteHelmTemplate(w); (err != nil) != tt.wantErr {
|
if err := p.WriteHelmTemplate(w); (err != nil) != tt.wantErr {
|
||||||
|
@ -133,12 +140,14 @@ func TestPKI_WriteHelmTemplate(t *testing.T) {
|
||||||
if diff := cmp.Diff(wantBytes, w.Bytes()); diff != "" {
|
if diff := cmp.Diff(wantBytes, w.Bytes()); diff != "" {
|
||||||
t.Logf("Generated Helm template did not match reference %q\n", tt.testFile)
|
t.Logf("Generated Helm template did not match reference %q\n", tt.testFile)
|
||||||
t.Errorf("Diff follows:\n%s\n", diff)
|
t.Errorf("Diff follows:\n%s\n", diff)
|
||||||
|
t.Errorf("Full output:\n%s\n", w.Bytes())
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func setKeyPairs(t *testing.T, p *PKI) {
|
// setKeyPair sets a predefined JWK and a default JWK provisioner.
|
||||||
|
func setKeyPair(t *testing.T, p *PKI) {
|
||||||
t.Helper()
|
t.Helper()
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
|
@ -185,3 +194,9 @@ func setKeyPairs(t *testing.T, p *PKI) {
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// setFiles sets some static, gibberish intermediate and root CA certificate bytes.
|
||||||
|
func setFiles(t *testing.T, p *PKI) {
|
||||||
|
p.Files["/home/step/certs/root_ca.crt"] = encodeCertificate(&x509.Certificate{Raw: []byte("these are just some fake root CA cert bytes")})
|
||||||
|
p.Files["/home/step/certs/intermediate_ca.crt"] = encodeCertificate(&x509.Certificate{Raw: []byte("these are just some fake intermediate CA cert bytes")})
|
||||||
|
}
|
||||||
|
|
7
pki/testdata/helm/simple.yml
vendored
7
pki/testdata/helm/simple.yml
vendored
|
@ -40,10 +40,17 @@ inject:
|
||||||
certificates:
|
certificates:
|
||||||
# intermediate_ca contains the text of the intermediate CA Certificate
|
# intermediate_ca contains the text of the intermediate CA Certificate
|
||||||
intermediate_ca: |
|
intermediate_ca: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIGludGVybWVkaWF0ZSBDQSBjZXJ0IGJ5
|
||||||
|
dGVz
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
|
||||||
# root_ca contains the text of the root CA Certificate
|
# root_ca contains the text of the root CA Certificate
|
||||||
root_ca: |
|
root_ca: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIHJvb3QgQ0EgY2VydCBieXRlcw==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
|
||||||
# Secrets contains the root and intermediate keys and optionally the SSH
|
# Secrets contains the root and intermediate keys and optionally the SSH
|
||||||
|
|
7
pki/testdata/helm/with-acme.yml
vendored
7
pki/testdata/helm/with-acme.yml
vendored
|
@ -41,10 +41,17 @@ inject:
|
||||||
certificates:
|
certificates:
|
||||||
# intermediate_ca contains the text of the intermediate CA Certificate
|
# intermediate_ca contains the text of the intermediate CA Certificate
|
||||||
intermediate_ca: |
|
intermediate_ca: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIGludGVybWVkaWF0ZSBDQSBjZXJ0IGJ5
|
||||||
|
dGVz
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
|
||||||
# root_ca contains the text of the root CA Certificate
|
# root_ca contains the text of the root CA Certificate
|
||||||
root_ca: |
|
root_ca: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIHJvb3QgQ0EgY2VydCBieXRlcw==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
|
||||||
# Secrets contains the root and intermediate keys and optionally the SSH
|
# Secrets contains the root and intermediate keys and optionally the SSH
|
||||||
|
|
7
pki/testdata/helm/with-admin.yml
vendored
7
pki/testdata/helm/with-admin.yml
vendored
|
@ -40,10 +40,17 @@ inject:
|
||||||
certificates:
|
certificates:
|
||||||
# intermediate_ca contains the text of the intermediate CA Certificate
|
# intermediate_ca contains the text of the intermediate CA Certificate
|
||||||
intermediate_ca: |
|
intermediate_ca: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIGludGVybWVkaWF0ZSBDQSBjZXJ0IGJ5
|
||||||
|
dGVz
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
|
||||||
# root_ca contains the text of the root CA Certificate
|
# root_ca contains the text of the root CA Certificate
|
||||||
root_ca: |
|
root_ca: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIHJvb3QgQ0EgY2VydCBieXRlcw==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
|
||||||
# Secrets contains the root and intermediate keys and optionally the SSH
|
# Secrets contains the root and intermediate keys and optionally the SSH
|
||||||
|
|
7
pki/testdata/helm/with-provisioner.yml
vendored
7
pki/testdata/helm/with-provisioner.yml
vendored
|
@ -40,10 +40,17 @@ inject:
|
||||||
certificates:
|
certificates:
|
||||||
# intermediate_ca contains the text of the intermediate CA Certificate
|
# intermediate_ca contains the text of the intermediate CA Certificate
|
||||||
intermediate_ca: |
|
intermediate_ca: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIGludGVybWVkaWF0ZSBDQSBjZXJ0IGJ5
|
||||||
|
dGVz
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
|
||||||
# root_ca contains the text of the root CA Certificate
|
# root_ca contains the text of the root CA Certificate
|
||||||
root_ca: |
|
root_ca: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIHJvb3QgQ0EgY2VydCBieXRlcw==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
|
||||||
# Secrets contains the root and intermediate keys and optionally the SSH
|
# Secrets contains the root and intermediate keys and optionally the SSH
|
||||||
|
|
7
pki/testdata/helm/with-ssh.yml
vendored
7
pki/testdata/helm/with-ssh.yml
vendored
|
@ -43,10 +43,17 @@ inject:
|
||||||
certificates:
|
certificates:
|
||||||
# intermediate_ca contains the text of the intermediate CA Certificate
|
# intermediate_ca contains the text of the intermediate CA Certificate
|
||||||
intermediate_ca: |
|
intermediate_ca: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIGludGVybWVkaWF0ZSBDQSBjZXJ0IGJ5
|
||||||
|
dGVz
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
|
||||||
# root_ca contains the text of the root CA Certificate
|
# root_ca contains the text of the root CA Certificate
|
||||||
root_ca: |
|
root_ca: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIHJvb3QgQ0EgY2VydCBieXRlcw==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
# ssh_host_ca contains the text of the public ssh key for the SSH root CA
|
# ssh_host_ca contains the text of the public ssh key for the SSH root CA
|
||||||
ssh_host_ca:
|
ssh_host_ca:
|
||||||
|
|
Loading…
Reference in a new issue