From 345be73849b0924e1c7a6744aacc81b775e56efb Mon Sep 17 00:00:00 2001 From: Zac Bergquist Date: Thu, 23 May 2024 14:58:38 -0600 Subject: [PATCH] Move etcd certs from examples to fixtures (#41971) These certs are test data, not an example meant for others to use. In addition, update the README to clarify this. Closes gravitational/teleport-private#1497 --- .github/services/Dockerfile.etcd | 2 +- .github/workflows/build-ci-service-images.yaml | 2 +- examples/etcd/certs/README | 4 ---- {examples/etcd/certs => fixtures/etcdcerts}/Makefile | 0 fixtures/etcdcerts/README | 6 ++++++ .../etcd/certs => fixtures/etcdcerts}/ca-cert.pem | 0 .../certs => fixtures/etcdcerts}/client-cert.pem | 0 .../etcd/certs => fixtures/etcdcerts}/client-key.pem | 0 .../etcd/certs => fixtures/etcdcerts}/openssl.cnf | 0 .../certs => fixtures/etcdcerts}/root-ca-cert.pem | 0 .../certs => fixtures/etcdcerts}/root-ca-key.pem | 0 .../certs => fixtures/etcdcerts}/server-cert.pem | 0 .../etcd/certs => fixtures/etcdcerts}/server-key.pem | 0 .../certs => fixtures/etcdcerts}/signing-ca-cert.pem | 0 .../certs => fixtures/etcdcerts}/signing-ca-key.pem | 0 integration/hsm/hsm_test.go | 6 +++--- lib/backend/etcdbk/etcd_test.go | 12 ++++++------ 17 files changed, 17 insertions(+), 15 deletions(-) delete mode 100644 examples/etcd/certs/README rename {examples/etcd/certs => fixtures/etcdcerts}/Makefile (100%) create mode 100644 fixtures/etcdcerts/README rename {examples/etcd/certs => fixtures/etcdcerts}/ca-cert.pem (100%) rename {examples/etcd/certs => fixtures/etcdcerts}/client-cert.pem (100%) rename {examples/etcd/certs => fixtures/etcdcerts}/client-key.pem (100%) rename {examples/etcd/certs => fixtures/etcdcerts}/openssl.cnf (100%) rename {examples/etcd/certs => fixtures/etcdcerts}/root-ca-cert.pem (100%) rename {examples/etcd/certs => fixtures/etcdcerts}/root-ca-key.pem (100%) rename {examples/etcd/certs => fixtures/etcdcerts}/server-cert.pem (100%) rename {examples/etcd/certs => fixtures/etcdcerts}/server-key.pem (100%) rename {examples/etcd/certs => fixtures/etcdcerts}/signing-ca-cert.pem (100%) rename {examples/etcd/certs => fixtures/etcdcerts}/signing-ca-key.pem (100%) diff --git a/.github/services/Dockerfile.etcd b/.github/services/Dockerfile.etcd index 0071e5844ad92..e88526ab87e33 100644 --- a/.github/services/Dockerfile.etcd +++ b/.github/services/Dockerfile.etcd @@ -3,7 +3,7 @@ ARG ETCD_VERSION FROM bitnami/etcd:${ETCD_VERSION} -COPY examples/etcd/certs /certs +COPY fixtures/etcdcerts /certs HEALTHCHECK CMD etcdctl --insecure-discovery --endpoint=https://etcd0:2379 --key-file /certs/client-key.pem --cert-file /certs/client-cert.pem --ca-file /certs/ca-cert.pem cluster-health diff --git a/.github/workflows/build-ci-service-images.yaml b/.github/workflows/build-ci-service-images.yaml index 23351b32b2ab4..7b1a27f7d98b0 100644 --- a/.github/workflows/build-ci-service-images.yaml +++ b/.github/workflows/build-ci-service-images.yaml @@ -4,7 +4,7 @@ on: push: paths: - .github/services/Dockerfile.* - - examples/etcd/certs/*.pem + - fixtures/etcdcerts/*.pem branches: - master diff --git a/examples/etcd/certs/README b/examples/etcd/certs/README deleted file mode 100644 index 4109577f7b75c..0000000000000 --- a/examples/etcd/certs/README +++ /dev/null @@ -1,4 +0,0 @@ -To generate self-signed certificates for secure connectivity to etcd run: - -$ make - diff --git a/examples/etcd/certs/Makefile b/fixtures/etcdcerts/Makefile similarity index 100% rename from examples/etcd/certs/Makefile rename to fixtures/etcdcerts/Makefile diff --git a/fixtures/etcdcerts/README b/fixtures/etcdcerts/README new file mode 100644 index 0000000000000..3de8ba48d736d --- /dev/null +++ b/fixtures/etcdcerts/README @@ -0,0 +1,6 @@ +# etcdcerts + +This directory contains certificates used for Teleport's etcd integration tests. +They should not be used for any other workloads. + +You can remove the certs with `make clean`, and regenerate them with `make`. diff --git a/examples/etcd/certs/ca-cert.pem b/fixtures/etcdcerts/ca-cert.pem similarity index 100% rename from examples/etcd/certs/ca-cert.pem rename to fixtures/etcdcerts/ca-cert.pem diff --git a/examples/etcd/certs/client-cert.pem b/fixtures/etcdcerts/client-cert.pem similarity index 100% rename from examples/etcd/certs/client-cert.pem rename to fixtures/etcdcerts/client-cert.pem diff --git a/examples/etcd/certs/client-key.pem b/fixtures/etcdcerts/client-key.pem similarity index 100% rename from examples/etcd/certs/client-key.pem rename to fixtures/etcdcerts/client-key.pem diff --git a/examples/etcd/certs/openssl.cnf b/fixtures/etcdcerts/openssl.cnf similarity index 100% rename from examples/etcd/certs/openssl.cnf rename to fixtures/etcdcerts/openssl.cnf diff --git a/examples/etcd/certs/root-ca-cert.pem b/fixtures/etcdcerts/root-ca-cert.pem similarity index 100% rename from examples/etcd/certs/root-ca-cert.pem rename to fixtures/etcdcerts/root-ca-cert.pem diff --git a/examples/etcd/certs/root-ca-key.pem b/fixtures/etcdcerts/root-ca-key.pem similarity index 100% rename from examples/etcd/certs/root-ca-key.pem rename to fixtures/etcdcerts/root-ca-key.pem diff --git a/examples/etcd/certs/server-cert.pem b/fixtures/etcdcerts/server-cert.pem similarity index 100% rename from examples/etcd/certs/server-cert.pem rename to fixtures/etcdcerts/server-cert.pem diff --git a/examples/etcd/certs/server-key.pem b/fixtures/etcdcerts/server-key.pem similarity index 100% rename from examples/etcd/certs/server-key.pem rename to fixtures/etcdcerts/server-key.pem diff --git a/examples/etcd/certs/signing-ca-cert.pem b/fixtures/etcdcerts/signing-ca-cert.pem similarity index 100% rename from examples/etcd/certs/signing-ca-cert.pem rename to fixtures/etcdcerts/signing-ca-cert.pem diff --git a/examples/etcd/certs/signing-ca-key.pem b/fixtures/etcdcerts/signing-ca-key.pem similarity index 100% rename from examples/etcd/certs/signing-ca-key.pem rename to fixtures/etcdcerts/signing-ca-key.pem diff --git a/integration/hsm/hsm_test.go b/integration/hsm/hsm_test.go index 0c55300a05066..3ce91c7a845b4 100644 --- a/integration/hsm/hsm_test.go +++ b/integration/hsm/hsm_test.go @@ -76,9 +76,9 @@ func etcdBackendConfig(t *testing.T) *backend.Config { Params: backend.Params{ "peers": []string{etcdTestEndpoint()}, "prefix": prefix, - "tls_key_file": "../../examples/etcd/certs/client-key.pem", - "tls_cert_file": "../../examples/etcd/certs/client-cert.pem", - "tls_ca_file": "../../examples/etcd/certs/ca-cert.pem", + "tls_key_file": "../../fixtures/etcdcerts/client-key.pem", + "tls_cert_file": "../../fixtures/etcdcerts/client-cert.pem", + "tls_ca_file": "../../fixtures/etcdcerts/ca-cert.pem", }, } t.Cleanup(func() { diff --git a/lib/backend/etcdbk/etcd_test.go b/lib/backend/etcdbk/etcd_test.go index 521a0e409ddd1..7ec811818065d 100644 --- a/lib/backend/etcdbk/etcd_test.go +++ b/lib/backend/etcdbk/etcd_test.go @@ -50,9 +50,9 @@ func TestMain(m *testing.M) { var commonEtcdParams = backend.Params{ "peers": []string{etcdTestEndpoint()}, "prefix": examplePrefix, - "tls_key_file": "../../../examples/etcd/certs/client-key.pem", - "tls_cert_file": "../../../examples/etcd/certs/client-cert.pem", - "tls_ca_file": "../../../examples/etcd/certs/ca-cert.pem", + "tls_key_file": "../../../fixtures/etcdcerts/client-key.pem", + "tls_cert_file": "../../../fixtures/etcdcerts/client-cert.pem", + "tls_ca_file": "../../../fixtures/etcdcerts/ca-cert.pem", } var commonEtcdOptions = []Option{ @@ -177,9 +177,9 @@ func TestCompareAndSwapOversizedValue(t *testing.T) { bk, err := New(context.Background(), backend.Params{ "peers": []string{etcdTestEndpoint()}, "prefix": "/teleport", - "tls_key_file": "../../../examples/etcd/certs/client-key.pem", - "tls_cert_file": "../../../examples/etcd/certs/client-cert.pem", - "tls_ca_file": "../../../examples/etcd/certs/ca-cert.pem", + "tls_key_file": "../../../fixtures/etcdcerts/client-key.pem", + "tls_cert_file": "../../../fixtures/etcdcerts/client-cert.pem", + "tls_ca_file": "../../../fixtures/etcdcerts/ca-cert.pem", "dial_timeout": 500 * time.Millisecond, "etcd_max_client_msg_size_bytes": maxClientMsgSize, }, commonEtcdOptions...)