chore: jit secrets (#589)

.github/pull_request_template.md

@@ -4,7 +4,7 @@
 
 ## Linear Ticket
 
-< Replace_with_Linear_Link >
+< Linear_Link >
 
 ## Security
 

kafkaclient/client_test.go

@@ -21,6 +21,7 @@ import (
 	"github.com/rudderlabs/rudder-go-kit/kafkaclient/testutil"
 	dockerKafka "github.com/rudderlabs/rudder-go-kit/testhelper/docker/resource/kafka"
 	"github.com/rudderlabs/rudder-go-kit/testhelper/docker/resource/sshserver"
+	"github.com/rudderlabs/rudder-go-kit/testhelper/keygen"
 )
 
 const (
@@ -838,8 +839,9 @@ func TestSSH(t *testing.T) {
 	require.NoError(t, err)
 
 	// Let's setup the SSH server
-	publicKeyPath, err := filepath.Abs("./testdata/ssh/test_key.pub")
+	privateKeyPath, publicKeyPath, err := keygen.NewRSAKeyPair(2048, keygen.SaveTo(t.TempDir()))
 	require.NoError(t, err)
+
 	sshServer, err := sshserver.Setup(pool, t,
 		sshserver.WithPublicKeyPath(publicKeyPath),
 		sshserver.WithCredentials("linuxserver.io", ""),
@@ -850,7 +852,7 @@ func TestSSH(t *testing.T) {
 	t.Logf("SSH server is listening on %s", sshServerHost)
 
 	// Read private key
-	privateKey, err := os.ReadFile("./testdata/ssh/test_key")
+	privateKey, err := os.ReadFile(privateKeyPath)
 	require.NoError(t, err)
 
 	// Setup client and ping

sftp/sftp_test.go

@@ -18,6 +18,7 @@ import (
 
 	"github.com/rudderlabs/rudder-go-kit/sftp/mock_sftp"
 	"github.com/rudderlabs/rudder-go-kit/testhelper/docker/resource/sshserver"
+	"github.com/rudderlabs/rudder-go-kit/testhelper/keygen"
 )
 
 type nopReadWriteCloser struct {
@@ -30,7 +31,10 @@ func (nwc *nopReadWriteCloser) Close() error {
 
 func TestSSHClientConfig(t *testing.T) {
 	// Read private key
-	privateKey, err := os.ReadFile("testdata/ssh/test_key")
+	privateKeyPath, _, err := keygen.NewRSAKeyPair(2048, keygen.SaveTo(t.TempDir()))
+	require.NoError(t, err)
+
+	privateKey, err := os.ReadFile(privateKeyPath)
 	require.NoError(t, err)
 
 	type testCase struct {
@@ -218,8 +222,9 @@ func TestSFTP(t *testing.T) {
 	require.NoError(t, err)
 
 	// Let's setup the SSH server
-	publicKeyPath, err := filepath.Abs("testdata/ssh/test_key.pub")
+	privateKeyPath, publicKeyPath, err := keygen.NewRSAKeyPair(2048, keygen.SaveTo(t.TempDir()))
 	require.NoError(t, err)
+
 	sshServer, err := sshserver.Setup(pool, t,
 		sshserver.WithPublicKeyPath(publicKeyPath),
 		sshserver.WithCredentials("linuxserver.io", ""),
@@ -229,7 +234,7 @@ func TestSFTP(t *testing.T) {
 	t.Logf("SSH server is listening on %s", sshServerHost)
 
 	// Read private key
-	privateKey, err := os.ReadFile("testdata/ssh/test_key")
+	privateKey, err := os.ReadFile(privateKeyPath)
 	require.NoError(t, err)
 
 	// Setup ssh client

testhelper/docker/resource/kafka/kafka_test.go

@@ -28,6 +28,7 @@ import (
 	"golang.org/x/crypto/ssh"
 
 	"github.com/rudderlabs/rudder-go-kit/testhelper/docker/resource/sshserver"
+	"github.com/rudderlabs/rudder-go-kit/testhelper/keygen"
 )
 
 const (
@@ -266,8 +267,9 @@ func TestSSH(t *testing.T) {
 	require.NoError(t, err)
 
 	// Let's setup the SSH server
-	publicKeyPath, err := filepath.Abs("./testdata/ssh/test_key.pub")
+	privateKeyPath, publicKeyPath, err := keygen.NewRSAKeyPair(2048, keygen.SaveTo(t.TempDir()))
 	require.NoError(t, err)
+
 	sshServer, err := sshserver.Setup(pool, t,
 		sshserver.WithPublicKeyPath(publicKeyPath),
 		sshserver.WithCredentials("linuxserver.io", ""),
@@ -278,7 +280,7 @@ func TestSSH(t *testing.T) {
 	t.Logf("SSH server is listening on %s", sshServerHost)
 
 	// Prepare SSH configuration
-	privateKey, err := os.ReadFile("./testdata/ssh/test_key")
+	privateKey, err := os.ReadFile(privateKeyPath)
 	require.NoError(t, err)
 
 	signer, err := ssh.ParsePrivateKey(privateKey)

testhelper/docker/resource/postgres/config.go

@@ -1,5 +1,7 @@
 package postgres
 
+import "github.com/ory/dockertest/v3/docker"
+
 type Opt func(*Config)
 
 func WithTag(tag string) Opt {
@@ -38,11 +40,18 @@ func WithPrintLogsOnError(printLogsOnError bool) Opt {
 	}
 }
 
+func WithNetwork(network *docker.Network) Opt {
+	return func(c *Config) {
+		c.NetworkID = network.ID
+	}
+}
+
 type Config struct {
 	Tag              string
 	Options          []string
 	ShmSize          int64
 	Memory           int64
 	OOMKillDisable   bool
 	PrintLogsOnError bool
+	NetworkID        string
 }

testhelper/docker/resource/postgres/postgres.go

@@ -51,6 +51,7 @@ func Setup(pool *dockertest.Pool, d resource.Cleaner, opts ...func(*Config)) (*R
 	postgresContainer, err := pool.RunWithOptions(&dockertest.RunOptions{
 		Repository: "postgres",
 		Tag:        c.Tag,
+		NetworkID:  c.NetworkID,
 		Env: []string{
 			"POSTGRES_PASSWORD=" + postgresDefaultPassword,
 			"POSTGRES_DB=" + postgresDefaultDB,

testhelper/docker/resource/sshserver/sshserver_test.go

@@ -1,9 +1,10 @@
 package sshserver
 
 import (
-	"path/filepath"
 	"testing"
 
+	"github.com/rudderlabs/rudder-go-kit/testhelper/keygen"
+
 	"github.com/melbahja/goph"
 	"github.com/ory/dockertest/v3"
 	dc "github.com/ory/dockertest/v3/docker"
@@ -50,17 +51,16 @@ func TestKeys(t *testing.T) {
 		}
 	})
 
-	publicKeyPath, err := filepath.Abs("./testdata/test_key.pub")
+	privateKeyPath, publicKeyPath, err := keygen.NewRSAKeyPair(2048, keygen.SaveTo(t.TempDir()))
 	require.NoError(t, err)
+
 	res, err := Setup(pool, t,
 		WithPublicKeyPath(publicKeyPath),
 		WithCredentials("linuxserver.io", ""),
 		WithDockerNetwork(network),
 	)
 	require.NoError(t, err)
 
-	privateKeyPath, err := filepath.Abs("./testdata/test_key")
-	require.NoError(t, err)
 	auth, err := goph.Key(privateKeyPath, "")
 	require.NoError(t, err)