Skip to content

Commit ce9fab6

Browse files
oliweroliwer
committed
MEDIUM: Add support for the crt-store section
1 parent e2389be commit ce9fab6

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

58 files changed

+9784
-448
lines changed

configure_data_plane.go

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -663,6 +663,19 @@ func configureAPI(api *operations.DataPlaneAPI) http.Handler { //nolint:cyclop,m
663663
api.MapsReplaceRuntimeMapEntryHandler = &handlers.ReplaceRuntimeMapEntryHandlerImpl{Client: client}
664664
api.MapsDeleteRuntimeMapEntryHandler = &handlers.DeleteRuntimeMapEntryHandlerImpl{Client: client}
665665

666+
// crt-store handlers
667+
api.CrtStoreGetCrtStoresHandler = &handlers.GetCrtStoresHandlerImpl{Client: client}
668+
api.CrtStoreGetCrtStoreHandler = &handlers.GetCrtStoreHandlerImpl{Client: client}
669+
api.CrtStoreCreateCrtStoreHandler = &handlers.CreateCrtStoreHandlerImpl{Client: client, ReloadAgent: ra}
670+
api.CrtStoreEditCrtStoreHandler = &handlers.EditCrtStoreHandler{Client: client, ReloadAgent: ra}
671+
api.CrtStoreDeleteCrtStoreHandler = &handlers.DeleteCrtStoreHandlerImpl{Client: client, ReloadAgent: ra}
672+
// crt-store load handlers
673+
api.CrtLoadGetCrtLoadsHandler = &handlers.GetCrtLoadsHandlerImpl{Client: client}
674+
api.CrtLoadGetCrtLoadHandler = &handlers.GetCrtLoadHandlerImpl{Client: client}
675+
api.CrtLoadCreateCrtLoadHandler = &handlers.CreateCrtLoadHandlerImpl{Client: client, ReloadAgent: ra}
676+
api.CrtLoadReplaceCrtLoadHandler = &handlers.ReplaceCrtLoadHandler{Client: client, ReloadAgent: ra}
677+
api.CrtLoadDeleteCrtLoadHandler = &handlers.DeleteCrtLoadHandlerImpl{Client: client, ReloadAgent: ra}
678+
666679
// setup info handler
667680
api.InformationGetInfoHandler = &handlers.GetInfoHandlerImpl{SystemInfo: haproxyOptions.ShowSystemInfo, BuildTime: BuildTime, Version: Version}
668681

e2e/tests/crt_store/crt_store.bats

Lines changed: 99 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,99 @@
1+
#!/usr/bin/env bats
2+
#
3+
# Copyright 2024 HAProxy Technologies
4+
#
5+
# Licensed under the Apache License, Version 2.0 (the "License");
6+
# you may not use this file except in compliance with the License.
7+
# You may obtain a copy of the License at
8+
#
9+
# http:#www.apache.org/licenses/LICENSE-2.0
10+
#
11+
# Unless required by applicable law or agreed to in writing, software
12+
# distributed under the License is distributed on an "AS IS" BASIS,
13+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14+
# See the License for the specific language governing permissions and
15+
# limitations under the License.
16+
#
17+
18+
load '../../libs/dataplaneapi'
19+
load '../../libs/debug'
20+
load '../../libs/get_json_path'
21+
load '../../libs/haproxy_config_setup'
22+
load '../../libs/haproxy_version'
23+
load '../../libs/resource_client'
24+
load '../../libs/version'
25+
26+
load 'utils/_helpers'
27+
28+
# We are using "haproxy_config_setup" here because we need the files
29+
# from data/container. HAProxy will actually load those PEM files when
30+
# checking if the configuration is valid.
31+
32+
@test "crt_store: all tests (>=3.0)" {
33+
haproxy_version_ge "3.0" || skip
34+
35+
debug "crt_store: create a new section"
36+
resource_post "$_CRT_STORE_PATH" "data/new_store.json" "force_reload=true"
37+
assert_equal "$SC" "201"
38+
39+
debug "crt_store: get a section"
40+
resource_get "$_CRT_STORE_PATH/$_STORE_NAME"
41+
assert_equal "$SC" "200"
42+
assert_equal "$_STORE_NAME" "$(get_json_path "$BODY" .name)"
43+
assert_equal "/secure/certs" "$(get_json_path "$BODY" .crt_base)"
44+
assert_equal "/secure/keys" "$(get_json_path "$BODY" .key_base)"
45+
46+
debug "crt_store: edit a section"
47+
resource_put "$_CRT_STORE_PATH/$_STORE_NAME" "data/edit_store.json" "force_reload=true"
48+
assert_equal "$SC" "200"
49+
resource_get "$_CRT_STORE_PATH/$_STORE_NAME"
50+
assert_equal "/sec" "$(get_json_path "$BODY" .key_base)"
51+
52+
debug "crt_store: get a list of sections"
53+
resource_get "$_CRT_STORE_PATH"
54+
assert_equal "$SC" "200"
55+
assert_equal "$_STORE_NAME" "$(get_json_path "$BODY" .[0].name)"
56+
57+
debug "crt_store: add load entries"
58+
resource_post "$_CRT_LOAD_PATH" "data/post_entry1.json" "crt_store=$_STORE_NAME"
59+
assert_equal "$SC" "202"
60+
resource_post "$_CRT_LOAD_PATH" "data/post_entry2.json" "crt_store=$_STORE_NAME"
61+
assert_equal "$SC" "202"
62+
63+
debug "crt_store: get a load entry"
64+
resource_get "$_CRT_LOAD_PATH/c1.pem" "crt_store=$_STORE_NAME"
65+
assert_equal "$SC" "200"
66+
assert_equal "c1.pem" "$(get_json_path "$BODY" .certificate)"
67+
assert_equal "k1.pem" "$(get_json_path "$BODY" .key)"
68+
assert_equal "disabled" "$(get_json_path "$BODY" .ocsp_update)"
69+
70+
debug "crt_store: get all load entries"
71+
resource_get "$_CRT_LOAD_PATH" "crt_store=$_STORE_NAME"
72+
assert_equal "$SC" "200"
73+
assert_equal "2" "$(get_json_path "$BODY" '.|length')"
74+
assert_equal "c1.pem" "$(get_json_path "$BODY" .[0].certificate)"
75+
assert_equal "c2.pem" "$(get_json_path "$BODY" .[1].certificate)"
76+
77+
debug "crt_store: modify a load entry"
78+
resource_put "$_CRT_LOAD_PATH/c2.pem" "data/put_entry.json" \
79+
"crt_store=$_STORE_NAME" "force_reload=true"
80+
assert_equal "$SC" "202"
81+
resource_get "$_CRT_LOAD_PATH/c2.pem" "crt_store=$_STORE_NAME"
82+
assert_equal "c2.pem" "$(get_json_path "$BODY" .certificate)"
83+
assert_equal "disabled" "$(get_json_path "$BODY" .ocsp_update)"
84+
assert_equal "example.com" "$(get_json_path "$BODY" .alias)"
85+
86+
debug "crt_store: delete a load entry"
87+
resource_delete "$_CRT_LOAD_PATH/c1.pem" "crt_store=$_STORE_NAME" "force_reload=true"
88+
assert_equal "$SC" "202"
89+
resource_delete "$_CRT_LOAD_PATH/c2.pem" "crt_store=$_STORE_NAME" "force_reload=true"
90+
assert_equal "$SC" "202"
91+
resource_get "$_CRT_LOAD_PATH/c2.pem" "crt_store=$_STORE_NAME"
92+
assert_equal "$SC" "404"
93+
94+
debug "crt_store: delete a section"
95+
resource_delete "$_CRT_STORE_PATH/$_STORE_NAME" "force_reload=true"
96+
assert_equal "$SC" "204"
97+
resource_get "$_CRT_STORE_PATH/$_STORE_NAME"
98+
assert_equal "$SC" "404"
99+
}

e2e/tests/crt_store/data/container/sec/c1.pem

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIICVjCCAb8CAg37MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG
3+
A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE
4+
MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl
5+
YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw
6+
ODIyMDUyNzIzWhcNMTcwODIxMDUyNzIzWjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE
7+
CAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs
8+
ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYBBrx5PlP0WNI/ZdzD
9+
+6Pktmurn+F2kQYbtc7XQh8/LTBvCo+P6iZoLEmUA9e7EXLRxgU1CVqeAi7QcAn9
10+
MwBlc8ksFJHB0rtf9pmf8Oza9E0Bynlq/4/Kb1x+d+AyhL7oK9tQwB24uHOueHi1
11+
C/iVv8CSWKiYe6hzN1txYe8rAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAASPdjigJ
12+
kXCqKWpnZ/Oc75EUcMi6HztaW8abUMlYXPIgkV2F7YanHOB7K4f7OOLjiz8DTPFf
13+
jC9UeuErhaA/zzWi8ewMTFZW/WshOrm3fNvcMrMLKtH534JKvcdMg6qIdjTFINIr
14+
evnAhf0cwULaebn+lMs8Pdl7y37+sfluVok=
15+
-----END CERTIFICATE-----

e2e/tests/crt_store/data/container/sec/c2.pem

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIICVjCCAb8CAg37MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG
3+
A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE
4+
MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl
5+
YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw
6+
ODIyMDUyNzIzWhcNMTcwODIxMDUyNzIzWjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE
7+
CAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs
8+
ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYBBrx5PlP0WNI/ZdzD
9+
+6Pktmurn+F2kQYbtc7XQh8/LTBvCo+P6iZoLEmUA9e7EXLRxgU1CVqeAi7QcAn9
10+
MwBlc8ksFJHB0rtf9pmf8Oza9E0Bynlq/4/Kb1x+d+AyhL7oK9tQwB24uHOueHi1
11+
C/iVv8CSWKiYe6hzN1txYe8rAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAASPdjigJ
12+
kXCqKWpnZ/Oc75EUcMi6HztaW8abUMlYXPIgkV2F7YanHOB7K4f7OOLjiz8DTPFf
13+
jC9UeuErhaA/zzWi8ewMTFZW/WshOrm3fNvcMrMLKtH534JKvcdMg6qIdjTFINIr
14+
evnAhf0cwULaebn+lMs8Pdl7y37+sfluVok=
15+
-----END CERTIFICATE-----

e2e/tests/crt_store/data/container/sec/k1.pem

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
-----BEGIN RSA PRIVATE KEY-----
2+
MIICWwIBAAKBgQDGAQa8eT5T9FjSP2Xcw/uj5LZrq5/hdpEGG7XO10IfPy0wbwqP
3+
j+omaCxJlAPXuxFy0cYFNQlangIu0HAJ/TMAZXPJLBSRwdK7X/aZn/Ds2vRNAcp5
4+
av+Pym9cfnfgMoS+6CvbUMAduLhzrnh4tQv4lb/AkliomHuoczdbcWHvKwIDAQAB
5+
AoGAXzxrIwgmBHeIqUe5FOBnDsOZQlyAQA+pXYjCf8Rll2XptFwUdkzAUMzWUGWT
6+
G5ZspA9l8Wc7IozRe/bhjMxuVK5yZhPDKbjqRdWICA95Jd7fxlIirHOVMQRdzI7x
7+
NKqMNQN05MLJfsEHUYtOLhZE+tfhJTJnnmB7TMwnJgc4O5ECQQD8oOJ45tyr46zc
8+
OAt6ao7PefVLiW5Qu+PxfoHmZmDV2UQqeM5XtZg4O97VBSugOs3+quIdAC6LotYl
9+
/6N+E4y3AkEAyKWD2JNCrAgtjk2bfF1HYt24tq8+q7x2ek3/cUhqwInkrZqOFoke
10+
x3+yBB879TuUOadvBXndgMHHcJQKSAJlLQJAXRuGnHyptAhTe06EnHeNbtZKG67p
11+
I4Q8PJMdmSb+ZZKP1v9zPUxGb+NQ+z3OmF1T8ppUf8/DV9+KAbM4NI1L/QJAdGBs
12+
BKYFObrUkYE5+fwwd4uao3sponqBTZcH3jDemiZg2MCYQUHu9E+AdRuYrziLVJVk
13+
s4xniVLb1tRG0lVxUQJASfjdGT81HDJSzTseigrM+JnBKPPrzpeEp0RbTP52Lm23
14+
YARjLCwmPMMdAwYZsvqeTuHEDQcOHxLHWuyN/zgP2A==
15+
-----END RSA PRIVATE KEY-----

e2e/tests/crt_store/data/edit_store.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
{
2+
"name": "test_store1",
3+
"crt_base": "/sec",
4+
"key_base": "/sec"
5+
}

e2e/tests/crt_store/data/new_store.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
{
2+
"name": "test_store1",
3+
"crt_base": "/secure/certs",
4+
"key_base": "/secure/keys"
5+
}

e2e/tests/crt_store/data/post_entry1.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
{
2+
"certificate": "c1.pem",
3+
"key": "k1.pem",
4+
"ocsp_update": "disabled"
5+
}

e2e/tests/crt_store/data/post_entry2.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
{
2+
"certificate": "c2.pem",
3+
"ocsp_update": "enabled"
4+
}

e2e/tests/crt_store/data/put_entry.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
{
2+
"certificate": "c2.pem",
3+
"ocsp_update": "disabled",
4+
"alias": "example.com"
5+
}

0 commit comments

Comments
 (0)