Skip to content

Commit

Permalink
feat(dp-token): add test for keys not scoped to a mesh
Browse files Browse the repository at this point in the history 
Signed-off-by: nicoche <78445450+nicoche@users.noreply.github.com>
  • Loading branch information
@nicoche
nicoche committed Oct 27, 2023
1 parent d0809e2 commit cf02961
Show file tree
Hide file tree
Showing 6 changed files with 83 additions and 10 deletions.
51 changes: 43 additions & 8 deletions test/e2e_env/universal/auth/offline_auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,10 @@ import (
)

func OfflineAuth() {
meshName := "offline-auth"
meshes := []string{
"offline-auth-1",
"offline-auth-2",
}

var universal Cluster

Expand Down Expand Up @@ -44,7 +47,7 @@ dpServer:
useSecrets: false
publicKeys:
- kid: static-1
mesh: offline-auth
mesh: offline-auth-1
key: |
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAqwbFZ7LSuRGEkFPsZOLYuimsjDeie4sdtqIVW9bLDrTSql+o2sBL
Expand All @@ -54,6 +57,16 @@ dpServer:
FvX0KmBtADEJ4n9Jo4ja3hDmp83Q4KjJq0xKbhh9Fp3AjwjDb0fVFwbt+8SdVgyV
5PE+7HdigwlJ/cOVb9IY/UKVgCzlW5inCQIDAQAB
-----END RSA PUBLIC KEY-----
- kid: static-nomesh-1
key: |
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAsGQSfwmBU/DMDLnKCbg7cKUrBEAxDinCPaQ5foF87H8aul4EAzym
KswoSpwXyyhAqVf2pHJYqkIX0HwL5xkgGy3lvNekgJPLeQaGMg0qVol+tU0/go6i
50LUzSvPo6kBHCBOiFTNxZ+HRiCdTJd655ALBn1a4LbVPGDqPnHikSWsZg69gkV7
T+jdPz4rBqfhNahREinVRe1DsLVJ0trjc91+2dRYj1e+tKVQDwCNj5cP2GzYUkAb
XaMpe1ZGQSC9/gTlJIEU7Lyz7fyOJcCZbGASy8nBixM6E5l8QPrFVIDVkeNJNVQj
35gOQBJWtsCEiBx3spsKLeoim62wun05HwIDAQAB
-----END RSA PUBLIC KEY-----
`

BeforeAll(func() {
Expand All @@ -62,7 +75,8 @@ dpServer:
Install(Kuma(core.Standalone,
WithYamlConfig(cpCfg),
)).
Install(MeshUniversal(meshName)).
Install(MeshUniversal(meshes[0])).
Install(MeshUniversal(meshes[1])).
Setup(universal)).To(Succeed())
})

Expand All @@ -77,7 +91,7 @@ dpServer:
"--group", "mesh-system:admin",
"--valid-for", "24h",
"--kid", "static-1",
"--signing-key-path", filepath.Join("..", "..", "keys", "samplekey.pem"),
"--signing-key-path", filepath.Join("..", "..", "keys", "sample-key-static-1.pem"),
)
Expect(err).ToNot(HaveOccurred())

Expand All @@ -98,19 +112,40 @@ dpServer:
It("should use dp-token generated offline", func() {
// given
token, err := universal.GetKumactlOptions().RunKumactlAndGetOutput("generate", "dataplane-token",
"--mesh", meshName,
"--mesh", meshes[0],
"--kid", "static-1",
"--valid-for", "24h",
"--signing-key-path", filepath.Join("..", "..", "keys", "samplekey.pem"),
"--signing-key-path", filepath.Join("..", "..", "keys", "sample-key-static-1.pem"),
)
Expect(err).ToNot(HaveOccurred())

// when
Expect(universal.Install(DemoClientUniversal("test-server-1", meshes[0], WithToken(token)))).To(Succeed())

// then
Eventually(func(g Gomega) {
online, _, err := IsDataplaneOnline(universal, meshes[0], "test-server-1")
g.Expect(err).ToNot(HaveOccurred())
g.Expect(online).To(BeTrue())
}, "30s", "1s").Should(Succeed())
})

It("should use a dp-token generated offline, validated with a non-mesh scoped key", func() {
// given
token, err := universal.GetKumactlOptions().RunKumactlAndGetOutput("generate", "dataplane-token",
"--mesh", meshes[1],
"--kid", "static-nomesh-1",
"--valid-for", "24h",
"--signing-key-path", filepath.Join("..", "..", "keys", "sample-key-static-nomesh-1.pem"),
)
Expect(err).ToNot(HaveOccurred())

// when
Expect(universal.Install(DemoClientUniversal("test-server", meshName, WithToken(token)))).To(Succeed())
Expect(universal.Install(DemoClientUniversal("test-server-2", meshes[1], WithToken(token)))).To(Succeed())

// then
Eventually(func(g Gomega) {
online, _, err := IsDataplaneOnline(universal, meshName, "test-server")
online, _, err := IsDataplaneOnline(universal, meshes[1], "test-server-2")
g.Expect(err).ToNot(HaveOccurred())
g.Expect(online).To(BeTrue())
}, "30s", "1s").Should(Succeed())
Expand Down
7 changes: 5 additions & 2 deletions test/keys/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
Keys for tests generated by executing:

kumactl generate signing-key --format=pem > samplekey.pem
kumactl generate public-key --signing-key-path=samplekey.pem > publickey.pem
kumactl generate signing-key --format=pem > sample-key-static-1.pem
kumactl generate public-key --signing-key-path=sample-key-static-1.pem > sample-publickey-static-1.pem

kumactl generate signing-key --format=pem > sample-key-static-nomesh-1.pem
kumactl generate public-key --signing-key-path=sample-key-static-nomesh-1.pem > sample-publickey-static-nomesh-1.pem
0 test/keys/samplekey.pem → test/keys/sample-key-static-1.pem
View file
File renamed without changes.
27 changes: 27 additions & 0 deletions test/keys/sample-key-static-nomesh-1.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAsGQSfwmBU/DMDLnKCbg7cKUrBEAxDinCPaQ5foF87H8aul4E
AzymKswoSpwXyyhAqVf2pHJYqkIX0HwL5xkgGy3lvNekgJPLeQaGMg0qVol+tU0/
go6i50LUzSvPo6kBHCBOiFTNxZ+HRiCdTJd655ALBn1a4LbVPGDqPnHikSWsZg69
gkV7T+jdPz4rBqfhNahREinVRe1DsLVJ0trjc91+2dRYj1e+tKVQDwCNj5cP2GzY
UkAbXaMpe1ZGQSC9/gTlJIEU7Lyz7fyOJcCZbGASy8nBixM6E5l8QPrFVIDVkeNJ
NVQj35gOQBJWtsCEiBx3spsKLeoim62wun05HwIDAQABAoIBAEuXt22F70y/51KU
1Ibx01dlEVhTAjLlpn6wQIt8hsL7fcLcw693cGbq82F2H6RK7dsk/WhgMKtWg8ov
PxKc6+t58fjKGY+YxxxotV4B0mEfr5OXNV6ILjwZogUDf4rNxNH+7mjynvTQdzKQ
i5jlWiCe1HrFggrHj/6+MeTs/YHiAmFowQoLX376C1bfzNIdK3kTOSx9JTB40+kJ
6NJ+Rfnp4V86nDZn73QDD0wkvBe0DNCDp+VkSyVH4bE/5+sTGhm6aQg5MSZJxRK/
EGvglWeaOpuXLu9Zo14mob9qyDDazlakyAX86ZcVvVXq0XmMie6uPqUAll5tZobr
oMzS6tECgYEA6TJ+1tITUsJBDMYMK+6vv+MW31VDy5FVIqYqFZBALoM4MbzS3t08
7MAQ3F4ycKQLmnDZ59VlYPIQhhQ2EEb8gR8HP1Ek+bN8VHRwBewR/zUHxhycGvLi
ZZMKcGIJaeAwP+jZZGamZO8fl5DlWLCczvrIEyCUm32YmTZpEYPhQ80CgYEAwaOS
y6ofJiTSEWY52zM5CCB3bZ7fDxGHe1o6P0kViM3dXTfgZL2R5eGGcIajtV8MBzNl
byy7qOxt6i20sxQqD4IIZXgLiWP95Ry40di6KqYKBOpfRGwt0M2wUQizx+NXyu69
KKa/QA98RRDsEETCKqq7ivNqUZpj50/rbSsp3JsCgYEAzpXHO/O63pPsIK7KVZkL
5Qf+WTcl6g8DxsBBg/zYftwMSjOm83w23t1/kll4gcUx6k2THQg02V9YOA9rnZvl
UVX1i6gNA5B30jGclAKAJwAJtP3fZRhKbAWJN+oBwOO0msli3Mj7G2ujJxhbtOgw
4kPUPu2b+OuY5hIHnlaglvkCgYB2TqM8rfcUDgEOwl9s7rHUpklxf1SXV0VodysJ
SXTPvb+W2bHOuwft5MmH7KsPAEBQEfXSZAlP3wwUvNIfa517Fh5dKGgcDCyuk8rT
409zCTkr4apNGq8vWMx15hQ5d0xHX2/Q63gEArIRXJJuKiRbfy7QaYI201ZgmDKl
425TKwKBgQDULDPS3Pft7ajilHIOUhaeAmyL+t//HtO3iNVEKqBjCM5msim0yXCf
mWTHaccUmAeauA9YYefQnCVxW1IyLIClRIu1D8zqoXh9SoafUKOMQGX1jNKwTAl5
J23/q2ZhCmrahyBrlGvzMZnyl4/Zm2RJ9tS5TU58y2SvusP0K47VeA==
-----END RSA PRIVATE KEY-----
0 test/keys/publickey.pem → test/keys/sample-publickey-static-1.pem
View file
File renamed without changes.
8 changes: 8 additions & 0 deletions test/keys/sample-publickey-static-nomesh-1.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAsGQSfwmBU/DMDLnKCbg7cKUrBEAxDinCPaQ5foF87H8aul4EAzym
KswoSpwXyyhAqVf2pHJYqkIX0HwL5xkgGy3lvNekgJPLeQaGMg0qVol+tU0/go6i
50LUzSvPo6kBHCBOiFTNxZ+HRiCdTJd655ALBn1a4LbVPGDqPnHikSWsZg69gkV7
T+jdPz4rBqfhNahREinVRe1DsLVJ0trjc91+2dRYj1e+tKVQDwCNj5cP2GzYUkAb
XaMpe1ZGQSC9/gTlJIEU7Lyz7fyOJcCZbGASy8nBixM6E5l8QPrFVIDVkeNJNVQj
35gOQBJWtsCEiBx3spsKLeoim62wun05HwIDAQAB
-----END RSA PUBLIC KEY-----

0 comments on commit cf02961

Please sign in to comment.