Skip to content

Commit

Permalink
change e2e to dynamically generate certs
Browse files Browse the repository at this point in the history
Signed-off-by: YZ775 <yuzuki-mimura@cybozu.co.jp>
  • Loading branch information
YZ775 committed Nov 2, 2023
1 parent 9a52a0b commit bcc5d09
Show file tree
Hide file tree
Showing 6 changed files with 33 additions and 21 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:

- name: Build image
run: make docker-build

- name: Push docker image to Quay.io
run: |
echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USER }} --password-stdin quay.io
Expand Down
23 changes: 17 additions & 6 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,13 @@ BUILT_TARGET=sabakan sabactl sabakan-cryptsetup
IMAGE ?= quay.io/cybozu/sabakan
TAG ?= latest
CFSSL_VER = 1.6.4
CFSSL = /usr/local/bin/cfssl
CFSSLJSON = /usr/local/bin/cfssljson
E2E_OUTPUT=$(abspath ./e2e/output)
E2E_CERTS = \
$(E2E_OUTPUT)/certs/ca.crt \
$(E2E_OUTPUT)/certs/server.crt\
$(E2E_OUTPUT)/certs/server.key.insecure

.PHONY: all
all: build
Expand All @@ -33,12 +40,13 @@ test:
go test -race -v ./...

.PHONY: e2e
e2e: build
e2e: build $(E2E_CERTS)
RUN_E2E=1 go test -v -count=1 ./e2e

.PHONY: clean
clean:
rm -f $(BUILT_TARGET)
rm -rf $(E2E_OUTPUT)

.PHONY: test-tools
test-tools: custom-checker staticcheck etcd
Expand Down Expand Up @@ -72,10 +80,13 @@ docker-build: build
docker build --no-cache -t $(IMAGE):$(TAG) ./docker
rm ./docker/sabactl ./docker/sabakan ./docker/sabakan-cryptsetup ./docker/LICENSE

.PHONY: setup-cfssl
setup-cfssl:
curl -sSLf -o cfssl https://github.com/cloudflare/cfssl/releases/download/v$(CFSSL_VER)/cfssl_$(CFSSL_VER)_linux_amd64
curl -sSLf -o cfssljson https://github.com/cloudflare/cfssl/releases/download/v$(CFSSL_VER)/cfssljson_$(CFSSL_VER)_linux_amd64
chmod +x cfssl cfssljson
$(SUDO) mv cfssl cfssljson /usr/local/bin/
if ! [ -f $(CFSSL) -a -f $(CFSSLJSON) ]; then \
curl -sSLf -o cfssl https://github.com/cloudflare/cfssl/releases/download/v$(CFSSL_VER)/cfssl_$(CFSSL_VER)_linux_amd64; \
curl -sSLf -o cfssljson https://github.com/cloudflare/cfssl/releases/download/v$(CFSSL_VER)/cfssljson_$(CFSSL_VER)_linux_amd64; \
chmod +x cfssl cfssljson; \
$(SUDO) mv cfssl cfssljson /usr/local/bin/; \
fi

$(E2E_CERTS): setup-cfssl
cd e2e/certs && ./gencerts.sh
1 change: 1 addition & 0 deletions e2e/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
/output
17 changes: 9 additions & 8 deletions e2e/certs/gencerts.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,19 +10,20 @@ if ! which cfssl; then
exit 255
fi

cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
mv ca.pem ca.crt
mkdir -p ../output/certs/
cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ../output/certs/ca
mv ../output/certs/ca.pem ../output/certs/ca.crt
if which openssl >/dev/null; then
openssl x509 -in ca.crt -noout -text
fi

# generate DNS: localhost, IP: 127.0.0.1, CN: example.com certificates
cfssl gencert \
--ca ./ca.crt \
--ca-key ./ca-key.pem \
--ca ../output/certs//ca.crt \
--ca-key ../output/certs//ca-key.pem \
--config ./gencert.json \
./server-ca-csr.json | cfssljson --bare ./server
mv server.pem server.crt
mv server-key.pem server.key.insecure
./server-ca-csr.json | cfssljson --bare ../output/certs/server
mv ../output/certs/server.pem ../output/certs/server.crt
mv ../output/certs/server-key.pem ../output/certs/server.key.insecure

rm -f *.pem *.stderr *.txt
cd ../output/certs/ && rm -f *.pem *.stderr *.txt
10 changes: 5 additions & 5 deletions e2e/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,11 @@ import (
const (
etcdClientURL = "https://localhost:12379"
etcdPeerURL = "https://localhost:12380"
etcdCA = "./certs/ca.crt"
etcdCert = "./certs/server.crt"
etcdKey = "./certs/server.key.insecure"
sabakanTLSCertFile = "./certs/server.crt"
sabakanTLSKeyFile = "./certs/server.key.insecure"
etcdCA = "./output/certs/ca.crt"
etcdCert = "./output/certs/server.crt"
etcdKey = "./output/certs/server.key.insecure"
sabakanTLSCertFile = "./output/certs/server.crt"
sabakanTLSKeyFile = "./output/certs/server.key.insecure"
)

func testMain(m *testing.M) (int, error) {
Expand Down
1 change: 0 additions & 1 deletion mtest/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,6 @@ $(CT):
$(OUTPUT)/host.ign: host-ign.yml $(CT) $(CERTS)
mkdir -p $(OUTPUT)
$(CT) -strict -in-file=host-ign.yml --files-dir=. -pretty -out-file=$@
# rm host-ign.yml.tmp

$(OUTPUT)/host1.ign: $(OUTPUT)/host.ign
sed -e 's/__BRIDGE_ADDRESS__/$(BRIDGE_ADDRESS)/' \
Expand Down

0 comments on commit bcc5d09

Please sign in to comment.