Add X.509 intermedaite and root certificates to Helm tests

This commit is contained in:
Herman Slatman 2022-10-14 01:06:43 +02:00
parent 1a5523f5c0
commit 3262ffd43b
No known key found for this signature in database
GPG key ID: F4D8A44EA0A75A4F
6 changed files with 53 additions and 3 deletions

View file

@ -2,6 +2,7 @@ package pki
import ( import (
"bytes" "bytes"
"crypto/x509"
"encoding/json" "encoding/json"
"os" "os"
"testing" "testing"
@ -114,13 +115,19 @@ func TestPKI_WriteHelmTemplate(t *testing.T) {
p, err := New(o, opts...) p, err := New(o, opts...)
assert.NoError(t, err) assert.NoError(t, err)
// setKeyPairs sets a predefined JWK and a default JWK provisioner. This is one // setKeyPair sets a predefined JWK and a default JWK provisioner. This is one
// of the things performed in the `ca init` code that's not part of `New`, but // of the things performed in the `ca init` code that's not part of `New`, but
// performed after that in p.GenerateKeyPairs`. We're currently using the same // performed after that in p.GenerateKeyPairs`. We're currently using the same
// JWK for every test to keep test variance small: we're not testing JWK generation // JWK for every test to keep test variance small: we're not testing JWK generation
// here after all. It's a bit dangerous to redefine the function here, but it's // here after all. It's a bit dangerous to redefine the function here, but it's
// the simplest way to make this fully testable without refactoring the init now. // the simplest way to make this fully testable without refactoring the init now.
setKeyPairs(t, p) // The password for the predefined encrypted key is \x01\x03\x03\x07.
setKeyPair(t, p)
// setFiles sets some static intermediate and root CA certificate bytes. It
// replaces the logic executed in `p.GenerateRootCertificate`, `p.WriteRootCertificate`,
// and `p.GenerateIntermediateCertificate`.
setFiles(t, p)
w := &bytes.Buffer{} w := &bytes.Buffer{}
if err := p.WriteHelmTemplate(w); (err != nil) != tt.wantErr { if err := p.WriteHelmTemplate(w); (err != nil) != tt.wantErr {
@ -133,12 +140,14 @@ func TestPKI_WriteHelmTemplate(t *testing.T) {
if diff := cmp.Diff(wantBytes, w.Bytes()); diff != "" { if diff := cmp.Diff(wantBytes, w.Bytes()); diff != "" {
t.Logf("Generated Helm template did not match reference %q\n", tt.testFile) t.Logf("Generated Helm template did not match reference %q\n", tt.testFile)
t.Errorf("Diff follows:\n%s\n", diff) t.Errorf("Diff follows:\n%s\n", diff)
t.Errorf("Full output:\n%s\n", w.Bytes())
} }
}) })
} }
} }
func setKeyPairs(t *testing.T, p *PKI) { // setKeyPair sets a predefined JWK and a default JWK provisioner.
func setKeyPair(t *testing.T, p *PKI) {
t.Helper() t.Helper()
var err error var err error
@ -185,3 +194,9 @@ func setKeyPairs(t *testing.T, p *PKI) {
}, },
}) })
} }
// setFiles sets some static, gibberish intermediate and root CA certificate bytes.
func setFiles(t *testing.T, p *PKI) {
p.Files["/home/step/certs/root_ca.crt"] = encodeCertificate(&x509.Certificate{Raw: []byte("these are just some fake root CA cert bytes")})
p.Files["/home/step/certs/intermediate_ca.crt"] = encodeCertificate(&x509.Certificate{Raw: []byte("these are just some fake intermediate CA cert bytes")})
}

View file

@ -40,10 +40,17 @@ inject:
certificates: certificates:
# intermediate_ca contains the text of the intermediate CA Certificate # intermediate_ca contains the text of the intermediate CA Certificate
intermediate_ca: | intermediate_ca: |
-----BEGIN CERTIFICATE-----
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIGludGVybWVkaWF0ZSBDQSBjZXJ0IGJ5
dGVz
-----END CERTIFICATE-----
# root_ca contains the text of the root CA Certificate # root_ca contains the text of the root CA Certificate
root_ca: | root_ca: |
-----BEGIN CERTIFICATE-----
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIHJvb3QgQ0EgY2VydCBieXRlcw==
-----END CERTIFICATE-----
# Secrets contains the root and intermediate keys and optionally the SSH # Secrets contains the root and intermediate keys and optionally the SSH

View file

@ -41,10 +41,17 @@ inject:
certificates: certificates:
# intermediate_ca contains the text of the intermediate CA Certificate # intermediate_ca contains the text of the intermediate CA Certificate
intermediate_ca: | intermediate_ca: |
-----BEGIN CERTIFICATE-----
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIGludGVybWVkaWF0ZSBDQSBjZXJ0IGJ5
dGVz
-----END CERTIFICATE-----
# root_ca contains the text of the root CA Certificate # root_ca contains the text of the root CA Certificate
root_ca: | root_ca: |
-----BEGIN CERTIFICATE-----
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIHJvb3QgQ0EgY2VydCBieXRlcw==
-----END CERTIFICATE-----
# Secrets contains the root and intermediate keys and optionally the SSH # Secrets contains the root and intermediate keys and optionally the SSH

View file

@ -40,10 +40,17 @@ inject:
certificates: certificates:
# intermediate_ca contains the text of the intermediate CA Certificate # intermediate_ca contains the text of the intermediate CA Certificate
intermediate_ca: | intermediate_ca: |
-----BEGIN CERTIFICATE-----
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIGludGVybWVkaWF0ZSBDQSBjZXJ0IGJ5
dGVz
-----END CERTIFICATE-----
# root_ca contains the text of the root CA Certificate # root_ca contains the text of the root CA Certificate
root_ca: | root_ca: |
-----BEGIN CERTIFICATE-----
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIHJvb3QgQ0EgY2VydCBieXRlcw==
-----END CERTIFICATE-----
# Secrets contains the root and intermediate keys and optionally the SSH # Secrets contains the root and intermediate keys and optionally the SSH

View file

@ -40,10 +40,17 @@ inject:
certificates: certificates:
# intermediate_ca contains the text of the intermediate CA Certificate # intermediate_ca contains the text of the intermediate CA Certificate
intermediate_ca: | intermediate_ca: |
-----BEGIN CERTIFICATE-----
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIGludGVybWVkaWF0ZSBDQSBjZXJ0IGJ5
dGVz
-----END CERTIFICATE-----
# root_ca contains the text of the root CA Certificate # root_ca contains the text of the root CA Certificate
root_ca: | root_ca: |
-----BEGIN CERTIFICATE-----
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIHJvb3QgQ0EgY2VydCBieXRlcw==
-----END CERTIFICATE-----
# Secrets contains the root and intermediate keys and optionally the SSH # Secrets contains the root and intermediate keys and optionally the SSH

View file

@ -43,10 +43,17 @@ inject:
certificates: certificates:
# intermediate_ca contains the text of the intermediate CA Certificate # intermediate_ca contains the text of the intermediate CA Certificate
intermediate_ca: | intermediate_ca: |
-----BEGIN CERTIFICATE-----
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIGludGVybWVkaWF0ZSBDQSBjZXJ0IGJ5
dGVz
-----END CERTIFICATE-----
# root_ca contains the text of the root CA Certificate # root_ca contains the text of the root CA Certificate
root_ca: | root_ca: |
-----BEGIN CERTIFICATE-----
dGhlc2UgYXJlIGp1c3Qgc29tZSBmYWtlIHJvb3QgQ0EgY2VydCBieXRlcw==
-----END CERTIFICATE-----
# ssh_host_ca contains the text of the public ssh key for the SSH root CA # ssh_host_ca contains the text of the public ssh key for the SSH root CA
ssh_host_ca: ssh_host_ca: