github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'jm/ent-deps'
${ noResults }
consul/test/integration/consul-container/libs/cluster/encryption.go

146 lines
4.0 KiB
Raw Permalink Normal View History Unescape

Copyright headers for missing files/folders (#16708) * copyright headers for agent folder
2 years ago
// Copyright (c) HashiCorp, Inc.
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
1 year ago
// SPDX-License-Identifier: BUSL-1.1
Copyright headers for missing files/folders (#16708) * copyright headers for agent folder
2 years ago
test: general cleanup and fixes for the container integration test suite (#15959) - remove dep on consul main module - use 'consul tls' subcommands instead of tlsutil - use direct json config construction instead of agent/config structs - merge libcluster and libagent packages together - more widely use BuildContext - get the OSS/ENT runner stuff working properly - reduce some flakiness - fix some correctness related to http/https API
2 years ago
package cluster
import (
"bytes"
"crypto/rand"
"encoding/base64"
"fmt"
fix flaking container tests (#19134)
1 year ago
"github.com/hashicorp/consul/sdk/testutil/retry"
test: general cleanup and fixes for the container integration test suite (#15959) - remove dep on consul main module - use 'consul tls' subcommands instead of tlsutil - use direct json config construction instead of agent/config structs - merge libcluster and libagent packages together - more widely use BuildContext - get the OSS/ENT runner stuff working properly - reduce some flakiness - fix some correctness related to http/https API
2 years ago
"io"
"path/filepath"
"testing"
"github.com/hashicorp/go-uuid"
"github.com/pkg/errors"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
)
const (
certVolumePrefix = "test-container-certs-"
consulUID = "100"
consulGID = "1000"
consulUserArg = consulUID + ":" + consulGID
)
func newSerfEncryptionKey() (string, error) {
key := make([]byte, 32)
n, err := rand.Reader.Read(key)
if err != nil {
return "", errors.Wrap(err, "error reading random data")
}
if n != 32 {
return "", errors.Wrap(err, "couldn't read enough entropy. Generate more entropy!")
}
return base64.StdEncoding.EncodeToString(key), nil
}
func (c *BuildContext) createTLSCAFiles(t *testing.T) {
id, err := uuid.GenerateUUID()
require.NoError(t, err, "could not create cert volume UUID")
c.certVolume = certVolumePrefix + id
// TODO: cleanup anything with the prefix?
fix flaking container tests (#19134)
1 year ago
retry.Run(t, func(r *retry.R) {
// Create a volume to hold the data.
err = utils.DockerExec([]string{"volume", "create", c.certVolume}, io.Discard)
require.NoError(r, err, "could not create docker volume to hold cert data: %s", c.certVolume)
})
test: general cleanup and fixes for the container integration test suite (#15959) - remove dep on consul main module - use 'consul tls' subcommands instead of tlsutil - use direct json config construction instead of agent/config structs - merge libcluster and libagent packages together - more widely use BuildContext - get the OSS/ENT runner stuff working properly - reduce some flakiness - fix some correctness related to http/https API
2 years ago
t.Cleanup(func() {
_ = utils.DockerExec([]string{"volume", "rm", c.certVolume}, io.Discard)
})
fix flaking container tests (#19134)
1 year ago
retry.Run(t, func(r *retry.R) {
err := utils.DockerExec([]string{"run",
"--rm",
"-i",
"--net=none",
"-v", c.certVolume + ":/data",
"busybox:latest",
"sh", "-c",
// Need this so the permissions stick; docker seems to treat unused volumes differently.
`touch /data/VOLUME_PLACEHOLDER && chown -R ` + consulUserArg + ` /data`,
}, io.Discard)
require.NoError(r, err, "could not initialize docker volume for cert data: %s", c.certVolume)
})
retry.Run(t, func(r *retry.R) {
err = utils.DockerExec([]string{"run",
"--rm",
"-i",
"--net=none",
"-u", consulUserArg,
"-v", c.certVolume + ":/data",
"-w", "/data",
"--entrypoint", "",
c.DockerImage(),
"consul", "tls", "ca", "create",
}, io.Discard)
require.NoError(r, err, "could not create TLS certificate authority in docker volume: %s", c.certVolume)
})
test: general cleanup and fixes for the container integration test suite (#15959) - remove dep on consul main module - use 'consul tls' subcommands instead of tlsutil - use direct json config construction instead of agent/config structs - merge libcluster and libagent packages together - more widely use BuildContext - get the OSS/ENT runner stuff working properly - reduce some flakiness - fix some correctness related to http/https API
2 years ago
var w bytes.Buffer
fix flaking container tests (#19134)
1 year ago
retry.Run(t, func(r *retry.R) {
err = utils.DockerExec([]string{"run",
"--rm",
"-i",
"--net=none",
"-u", consulUserArg,
"-v", c.certVolume + ":/data",
"-w", "/data",
"--entrypoint", "",
c.DockerImage(),
"cat", filepath.Join("/data", ConsulCACertPEM),
}, &w)
require.NoError(r, err, "could not extract TLS CA certificate authority public key from docker volume: %s", c.certVolume)
})
test: general cleanup and fixes for the container integration test suite (#15959) - remove dep on consul main module - use 'consul tls' subcommands instead of tlsutil - use direct json config construction instead of agent/config structs - merge libcluster and libagent packages together - more widely use BuildContext - get the OSS/ENT runner stuff working properly - reduce some flakiness - fix some correctness related to http/https API
2 years ago
c.caCert = w.String()
}
func (c *BuildContext) createTLSCertFiles(t *testing.T, dc string) (keyFileName, certFileName string) {
require.NotEmpty(t, "the CA has not been initialized yet")
fix flaking container tests (#19134)
1 year ago
retry.Run(t, func(r *retry.R) {
err := utils.DockerExec([]string{"run",
test: general cleanup and fixes for the container integration test suite (#15959) - remove dep on consul main module - use 'consul tls' subcommands instead of tlsutil - use direct json config construction instead of agent/config structs - merge libcluster and libagent packages together - more widely use BuildContext - get the OSS/ENT runner stuff working properly - reduce some flakiness - fix some correctness related to http/https API
2 years ago
"--rm",
"-i",
"--net=none",
"-u", consulUserArg,
fix flaking container tests (#19134)
1 year ago
"-v", c.certVolume + ":/data",
test: general cleanup and fixes for the container integration test suite (#15959) - remove dep on consul main module - use 'consul tls' subcommands instead of tlsutil - use direct json config construction instead of agent/config structs - merge libcluster and libagent packages together - more widely use BuildContext - get the OSS/ENT runner stuff working properly - reduce some flakiness - fix some correctness related to http/https API
2 years ago
"-w", "/data",
"--entrypoint", "",
c.DockerImage(),
fix flaking container tests (#19134)
1 year ago
"consul", "tls", "cert", "create", "-server", "-dc", dc,
test: general cleanup and fixes for the container integration test suite (#15959) - remove dep on consul main module - use 'consul tls' subcommands instead of tlsutil - use direct json config construction instead of agent/config structs - merge libcluster and libagent packages together - more widely use BuildContext - get the OSS/ENT runner stuff working properly - reduce some flakiness - fix some correctness related to http/https API
2 years ago
}, io.Discard)
fix flaking container tests (#19134)
1 year ago
require.NoError(r, err, "could not create TLS server certificate dc=%q in docker volume: %s", dc, c.certVolume)
})
prefix := fmt.Sprintf("%s-server-%s", dc, "consul")
certFileName = fmt.Sprintf("%s-%d.pem", prefix, c.tlsCertIndex)
keyFileName = fmt.Sprintf("%s-%d-key.pem", prefix, c.tlsCertIndex)
retry.Run(t, func(r *retry.R) {
for _, fn := range []string{certFileName, keyFileName} {
err := utils.DockerExec([]string{"run",
"--rm",
"-i",
"--net=none",
"-u", consulUserArg,
"-v", c.certVolume + ":/data:ro",
"-w", "/data",
"--entrypoint", "",
c.DockerImage(),
"stat", filepath.Join("/data", fn),
}, io.Discard)
require.NoError(r, err, "Generated TLS cert file %q does not exist in volume", fn)
}
})
test: general cleanup and fixes for the container integration test suite (#15959) - remove dep on consul main module - use 'consul tls' subcommands instead of tlsutil - use direct json config construction instead of agent/config structs - merge libcluster and libagent packages together - more widely use BuildContext - get the OSS/ENT runner stuff working properly - reduce some flakiness - fix some correctness related to http/https API
2 years ago
return keyFileName, certFileName
}