mirror of
https://github.com/gravitational/teleport
synced 2024-10-22 10:13:21 +00:00
b054261bc1
* Bump github.com/jonboulle/clockwork from 0.3.0 to 0.4.0 Bumps [github.com/jonboulle/clockwork](https://github.com/jonboulle/clockwork) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/jonboulle/clockwork/releases) - [Commits](https://github.com/jonboulle/clockwork/compare/v0.3.0...v0.4.0) --- updated-dependencies: - dependency-name: github.com/jonboulle/clockwork dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * also update clockwork in api/ * consistently use fake clock in TestGenerateCerts * fix TestGenerateUserCerts * test fixes * `go mod tidy` in api/ * fix TestGetKubeCredentialData * tentative fix for TestUsageReporterDiscard * fix test timeouts in lib/srv * pass current time to getCredentialData * fix timezone for circuit breaker test * remove UTC conversions in test instead of adding in the production code * tentative fix for TestSessionTracker_UpdateRetry flakiness * fix aggregating.TestSubmitOnce * add initial wait for session tracker retries * fix kube proxy forwarder tests --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>
85 lines
2.6 KiB
Go
85 lines
2.6 KiB
Go
/*
|
|
Copyright 2022 Gravitational, Inc.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package main
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/x509/pkix"
|
|
"encoding/json"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/jonboulle/clockwork"
|
|
"github.com/stretchr/testify/require"
|
|
"golang.org/x/crypto/ssh"
|
|
|
|
"github.com/gravitational/teleport/api/constants"
|
|
"github.com/gravitational/teleport/api/identityfile"
|
|
"github.com/gravitational/teleport/lib/fixtures"
|
|
"github.com/gravitational/teleport/lib/tlsca"
|
|
)
|
|
|
|
func TestGetKubeCredentialData(t *testing.T) {
|
|
// Generate a dummy cert.
|
|
ca, err := tlsca.FromKeys([]byte(fixtures.TLSCACertPEM), []byte(fixtures.TLSCAKeyPEM))
|
|
require.NoError(t, err)
|
|
|
|
privateKey, err := rsa.GenerateKey(rand.Reader, constants.RSAKeySize)
|
|
require.NoError(t, err)
|
|
|
|
clock := clockwork.NewFakeClock()
|
|
notAfter := clock.Now().Add(time.Hour)
|
|
certBytes, err := ca.GenerateCertificate(tlsca.CertificateRequest{
|
|
Clock: clock,
|
|
PublicKey: privateKey.Public(),
|
|
Subject: pkix.Name{CommonName: "test"},
|
|
NotAfter: notAfter,
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
privateKeyBytes := tlsca.MarshalPrivateKeyPEM(privateKey)
|
|
idFile := &identityfile.IdentityFile{
|
|
PrivateKey: privateKeyBytes,
|
|
Certs: identityfile.Certs{
|
|
SSH: []byte(ssh.CertAlgoRSAv01), // dummy value
|
|
TLS: certBytes,
|
|
},
|
|
CACerts: identityfile.CACerts{
|
|
SSH: [][]byte{[]byte(fixtures.SSHCAPublicKey)},
|
|
TLS: [][]byte{[]byte(fixtures.TLSCACertPEM)},
|
|
},
|
|
}
|
|
|
|
data, err := getCredentialData(idFile, clock.Now())
|
|
require.NoError(t, err)
|
|
|
|
var parsed map[string]interface{}
|
|
require.NoError(t, json.Unmarshal(data, &parsed))
|
|
status := parsed["status"].(map[string]interface{})
|
|
require.NotNil(t, status)
|
|
|
|
require.Equal(t, string(certBytes), status["clientCertificateData"])
|
|
require.Equal(t, string(privateKeyBytes), status["clientKeyData"])
|
|
|
|
// Note: We usually subtract a minute from the expiration time in
|
|
// getCredentialData to avoid the cert expiring mid-request.
|
|
ts, err := time.Parse(time.RFC3339, status["expirationTimestamp"].(string))
|
|
require.NoError(t, err)
|
|
require.WithinDuration(t, notAfter.Add(-1*time.Minute), ts, time.Second)
|
|
}
|