-
Notifications
You must be signed in to change notification settings - Fork 129
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add --skip-ca-certificates flag (#617)
* feat: add --skip-ca-certificates flag Since CA certificates are 'global' entities in Kong, they cannot be managed on a per-workspace basis, making it hard to be handled declaratively with decK. This introduces a new --skip-ca-certificates to sync/dump/diff/reset to make sure CA certs are ignored when needed. * tests: add integration tests for --skip-ca-certificates
- Loading branch information
Showing
11 changed files
with
291 additions
and
90 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
//go:build integration | ||
|
||
package integration | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/kong/deck/utils" | ||
"github.com/kong/go-kong/kong" | ||
) | ||
|
||
var caCert = &kong.CACertificate{ | ||
CertDigest: kong.String("b865971cecadd7bac9487901c9269c1fa903b3a3b521a927c5e2513f692ac61e"), | ||
Cert: kong.String(`-----BEGIN CERTIFICATE----- | ||
MIICvDCCAaSgAwIBAgIJAID17vZt1yWyMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNV | ||
BAMMCEhlbGxvTmV3MB4XDTIyMDMxNTE5MTgzOVoXDTIyMDQxNDE5MTgzOVowEzER | ||
MA8GA1UEAwwISGVsbG9OZXcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB | ||
AQDL1l6EB2rDPjKDoJX52VsnO8bdKnoGq2s5Er7piVQjYBA6U7NzEJwvsaL9uG1p | ||
/OFud8uwJFCm0NF1DxkNA+qpUvaBXBnn4htbXE20C7HwAWCUU0TUWgTpGYC0EkGZ | ||
VlbXoQ1SewK+AERjdBKqa0U9Wk0gkD0kVc2UfO7rxU7w6nkoFPgBI1IlJZXM5TVg | ||
1AeJDrdgUSa/fsja5qOYVcwGiUgqMr3nMs1jBJRgwhC0ELF1lFaANouqPC4KweLE | ||
FNgam69AZallFNZOKVh6vJLKBfE9I8TM5yBpRllhKAaUv1qWlPFYxoIPvnFzQPku | ||
ExGbYR6asSXwq6UHxREIOno1AgMBAAGjEzARMA8GA1UdEwQIMAYBAf8CAQAwDQYJ | ||
KoZIhvcNAQELBQADggEBAHXc6lc6BGzdjwWX8XViBxY1NnK5HxNfD+rP7/JJ4m33 | ||
zoTteY+KRcKo6t49TDqfpnVfCGunnoGOFP5ATY29vUavigICw7SGGLKWIM38c0bH | ||
bx14/d/LQd2LaNd/cemTDkF3XJi3OdrGJPNOVLfX0InqbmwBzariWCwzufwHGxwR | ||
WpOh8Qv2kFPuFVwlQNPNMhV7qsa/NM77Wo4Q6kA5V3aYSnF+KbWF3by/SqUC5JMz | ||
cbvPj0Yzt97v7FpOILcDcMWjxuUnvuUYvGuB5tzBEe91s3ZTUK0A5moYOYkTHUlX | ||
9CkGSwFE+jBTxUBPKzm3MVoK2cGoX8gEpzcYSwjM8Ws= | ||
-----END CERTIFICATE-----`), | ||
} | ||
|
||
func Test_Reset_SkipCACert(t *testing.T) { | ||
// setup stage | ||
client, err := getTestClient() | ||
if err != nil { | ||
t.Errorf(err.Error()) | ||
} | ||
|
||
tests := []struct { | ||
name string | ||
kongFile string | ||
expectedState utils.KongRawState | ||
}{ | ||
{ | ||
name: "reset with --skip-ca-certificates should ignore CA certs", | ||
kongFile: "testdata/reset/001-skip-ca-cert/kong.yaml", | ||
expectedState: utils.KongRawState{ | ||
CACertificates: []*kong.CACertificate{caCert}, | ||
}, | ||
}, | ||
} | ||
|
||
for _, tc := range tests { | ||
t.Run(tc.name, func(t *testing.T) { | ||
// ca_certificates first appeared in 1.3, but we limit to 2.7+ | ||
// here because the schema changed and the entities aren't the same | ||
// across all versions, even though the skip functionality works the same. | ||
kong.RunWhenKong(t, ">=2.7.0") | ||
teardown := setup(t) | ||
defer teardown(t) | ||
|
||
sync(tc.kongFile) | ||
reset(t, "--skip-ca-certificates") | ||
testKongState(t, client, tc.expectedState, nil) | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
//nolint:unused,deadcode | ||
package integration | ||
|
||
import ( | ||
"context" | ||
"os" | ||
"testing" | ||
|
||
"github.com/google/go-cmp/cmp" | ||
"github.com/google/go-cmp/cmp/cmpopts" | ||
"github.com/kong/deck/cmd" | ||
"github.com/kong/deck/dump" | ||
"github.com/kong/deck/utils" | ||
"github.com/kong/go-kong/kong" | ||
) | ||
|
||
func getKongAddress() string { | ||
address := os.Getenv("DECK_KONG_ADDR") | ||
if address != "" { | ||
return address | ||
} | ||
return "http://localhost:8001" | ||
} | ||
|
||
func getTestClient() (*kong.Client, error) { | ||
return utils.GetKongClient(utils.KongClientConfig{ | ||
Address: getKongAddress(), | ||
}) | ||
} | ||
|
||
func sortSlices(x, y interface{}) bool { | ||
var xName, yName string | ||
switch xEntity := x.(type) { | ||
case *kong.Service: | ||
yEntity := y.(*kong.Service) | ||
xName = *xEntity.Name | ||
yName = *yEntity.Name | ||
case *kong.Route: | ||
yEntity := y.(*kong.Route) | ||
xName = *xEntity.Name | ||
yName = *yEntity.Name | ||
case *kong.Plugin: | ||
yEntity := y.(*kong.Plugin) | ||
xName = *xEntity.Name | ||
yName = *yEntity.Name | ||
} | ||
return xName < yName | ||
} | ||
|
||
func testKongState(t *testing.T, client *kong.Client, | ||
expectedState utils.KongRawState, ignoreFields []cmp.Option) { | ||
// Get entities from Kong | ||
ctx := context.Background() | ||
kongState, err := dump.Get(ctx, client, dump.Config{}) | ||
if err != nil { | ||
t.Errorf(err.Error()) | ||
} | ||
|
||
opt := []cmp.Option{ | ||
cmpopts.IgnoreFields(kong.Service{}, "ID", "CreatedAt", "UpdatedAt"), | ||
cmpopts.IgnoreFields(kong.Route{}, "ID", "CreatedAt", "UpdatedAt"), | ||
cmpopts.IgnoreFields(kong.Plugin{}, "ID", "CreatedAt"), | ||
cmpopts.IgnoreFields(kong.Upstream{}, "ID", "CreatedAt"), | ||
cmpopts.IgnoreFields(kong.Target{}, "ID", "CreatedAt"), | ||
cmpopts.IgnoreFields(kong.CACertificate{}, "ID", "CreatedAt"), | ||
cmpopts.SortSlices(sortSlices), | ||
cmpopts.EquateEmpty(), | ||
} | ||
opt = append(opt, ignoreFields...) | ||
|
||
if diff := cmp.Diff(kongState, &expectedState, opt...); diff != "" { | ||
t.Errorf(diff) | ||
} | ||
} | ||
|
||
func reset(t *testing.T, opts ...string) { | ||
deckCmd := cmd.NewRootCmd() | ||
args := []string{"reset", "--force"} | ||
if len(opts) > 0 { | ||
args = append(args, opts...) | ||
} | ||
deckCmd.SetArgs(args) | ||
if err := deckCmd.Execute(); err != nil { | ||
t.Fatalf(err.Error(), "failed to reset Kong's state") | ||
} | ||
} | ||
|
||
func setup(t *testing.T) func(t *testing.T) { | ||
return func(t *testing.T) { | ||
reset(t) | ||
} | ||
} | ||
|
||
func sync(kongFile string, opts ...string) { | ||
deckCmd := cmd.NewRootCmd() | ||
args := []string{"sync", "-s", kongFile} | ||
if len(opts) > 0 { | ||
args = append(args, opts...) | ||
} | ||
deckCmd.SetArgs(args) | ||
deckCmd.ExecuteContext(context.Background()) //nolint:errcheck | ||
} |
Oops, something went wrong.