diff --git a/k8sutils/finalizers_test.go b/k8sutils/finalizers_test.go index d8175ced9..ad67c0247 100644 --- a/k8sutils/finalizers_test.go +++ b/k8sutils/finalizers_test.go @@ -5,6 +5,8 @@ import ( "fmt" "testing" + // "time" + "github.com/OT-CONTAINER-KIT/redis-operator/api/v1beta2" "github.com/go-logr/logr/testr" "github.com/stretchr/testify/assert" @@ -12,8 +14,12 @@ import ( k8serrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + + // "k8s.io/apimachinery/pkg/types" + // utilruntime "k8s.io/apimachinery/pkg/util/runtime" k8sClientFake "k8s.io/client-go/kubernetes/fake" "k8s.io/utils/pointer" + // ctrlClientFake "sigs.k8s.io/controller-runtime/pkg/client/fake" ) // func TestHandleRedisFinalizer(t *testing.T) { diff --git a/k8sutils/redis.go b/k8sutils/redis.go index 9eaf02949..c84025671 100644 --- a/k8sutils/redis.go +++ b/k8sutils/redis.go @@ -334,14 +334,14 @@ func configureRedisClient(client kubernetes.Interface, logger logr.Logger, cr *r Addr: getRedisServerIP(redisInfo) + ":6379", Password: pass, DB: 0, - TLSConfig: getRedisTLSConfig(cr, redisInfo), + TLSConfig: getRedisTLSConfig(client, logger, cr, redisInfo), }) } else { redisClient = redis.NewClient(&redis.Options{ Addr: getRedisServerIP(redisInfo) + ":6379", Password: "", DB: 0, - TLSConfig: getRedisTLSConfig(cr, redisInfo), + TLSConfig: getRedisTLSConfig(client, logger, cr, redisInfo), }) } return redisClient @@ -455,14 +455,14 @@ func configureRedisReplicationClient(client kubernetes.Interface, logger logr.Lo Addr: getRedisServerIP(redisInfo) + ":6379", Password: pass, DB: 0, - TLSConfig: getRedisReplicationTLSConfig(cr, redisInfo), + TLSConfig: getRedisReplicationTLSConfig(client, logger, cr, redisInfo), }) } else { redisClient = redis.NewClient(&redis.Options{ Addr: getRedisServerIP(redisInfo) + ":6379", Password: "", DB: 0, - TLSConfig: getRedisReplicationTLSConfig(cr, redisInfo), + TLSConfig: getRedisReplicationTLSConfig(client, logger, cr, redisInfo), }) } return redisClient diff --git a/k8sutils/secrets.go b/k8sutils/secrets.go index fdd84ae35..40f3853fe 100644 --- a/k8sutils/secrets.go +++ b/k8sutils/secrets.go @@ -4,6 +4,7 @@ import ( "context" "crypto/tls" "crypto/x509" + "errors" "strings" redisv1beta2 "github.com/OT-CONTAINER-KIT/redis-operator/api/v1beta2" @@ -30,110 +31,89 @@ func getRedisPassword(client kubernetes.Interface, logger logr.Logger, namespace return "", nil } -func secretLogger(namespace string, name string) logr.Logger { - reqLogger := log.WithValues("Request.Secret.Namespace", namespace, "Request.Secret.Name", name) - return reqLogger -} - -func getRedisTLSConfig(cr *redisv1beta2.RedisCluster, redisInfo RedisDetails) *tls.Config { - client, err := GenerateK8sClient(GenerateK8sConfig) - if err != nil { - return nil - } +func getRedisTLSConfig(client kubernetes.Interface, logger logr.Logger, cr *redisv1beta2.RedisCluster, redisInfo RedisDetails) *tls.Config { if cr.Spec.TLS != nil { - reqLogger := log.WithValues("Request.Namespace", cr.Namespace, "Request.Name", cr.ObjectMeta.Name) - secretName, err := client.CoreV1().Secrets(cr.Namespace).Get(context.TODO(), cr.Spec.TLS.Secret.SecretName, metav1.GetOptions{}) + secret, err := client.CoreV1().Secrets(cr.Namespace).Get(context.TODO(), cr.Spec.TLS.Secret.SecretName, metav1.GetOptions{}) if err != nil { - reqLogger.Error(err, "Failed in getting TLS secret for redis") + logger.Error(err, "Failed in getting TLS secret for redis cluster") + logger.V(1).Error(err, "Failed in getting TLS secret for redis cluster", "secretName", cr.Spec.TLS.Secret.SecretName, "namespace", cr.Namespace, "redisClusterName", cr.Name) + return nil } - var ( - tlsClientCert []byte - tlsClientKey []byte - tlsCaCertificate []byte - tlsCaCertificates *x509.CertPool - tlsClientCertificates []tls.Certificate - ) - for key, value := range secretName.Data { - if key == cr.Spec.TLS.CaKeyFile || key == "ca.crt" { - tlsCaCertificate = value - } else if key == cr.Spec.TLS.CertKeyFile || key == "tls.crt" { - tlsClientCert = value - } else if key == cr.Spec.TLS.KeyFile || key == "tls.key" { - tlsClientKey = value - } + tlsClientCert, certExists := secret.Data["tls.crt"] + tlsClientKey, keyExists := secret.Data["tls.key"] + tlsCaCertificate, caExists := secret.Data["ca.crt"] + + if !certExists || !keyExists || !caExists { + logger.Error(errors.New("required TLS keys are missing in the secret"), "Missing TLS keys in the secret") + return nil } cert, err := tls.X509KeyPair(tlsClientCert, tlsClientKey) if err != nil { - reqLogger.Error(err, "Couldn't load TLS client key pair") + logger.Error(err, "Couldn't load TLS client key pair") + logger.V(1).Error(err, "Couldn't load TLS client key pair", "secretName", cr.Spec.TLS.Secret.SecretName, "namespace", cr.Namespace, "redisClusterName", cr.Name) + return nil } - tlsClientCertificates = append(tlsClientCertificates, cert) - tlsCaCertificates = x509.NewCertPool() + tlsCaCertificates := x509.NewCertPool() ok := tlsCaCertificates.AppendCertsFromPEM(tlsCaCertificate) if !ok { - reqLogger.V(1).Info("Failed to load CA Certificates from Secret") + logger.Error(errors.New("failed to load CA Certificates from secret"), "Invalid CA Certificates") + logger.V(1).Error(err, "Invalid CA Certificates", "secretName", cr.Spec.TLS.Secret.SecretName, "namespace", cr.Namespace, "redisClusterName", cr.Name) + return nil } return &tls.Config{ - Certificates: tlsClientCertificates, + Certificates: []tls.Certificate{cert}, ServerName: redisInfo.PodName, RootCAs: tlsCaCertificates, - MinVersion: 2, - ClientAuth: 0, + MinVersion: tls.VersionTLS12, + ClientAuth: tls.NoClientCert, } } return nil } -func getRedisReplicationTLSConfig(cr *redisv1beta2.RedisReplication, redisInfo RedisDetails) *tls.Config { - client, err := GenerateK8sClient(GenerateK8sConfig) - if err != nil { - return nil - } +func getRedisReplicationTLSConfig(client kubernetes.Interface, logger logr.Logger, cr *redisv1beta2.RedisReplication, redisInfo RedisDetails) *tls.Config { if cr.Spec.TLS != nil { - reqLogger := log.WithValues("Request.Namespace", cr.Namespace, "Request.Name", cr.ObjectMeta.Name) - secretName, err := client.CoreV1().Secrets(cr.Namespace).Get(context.TODO(), cr.Spec.TLS.Secret.SecretName, metav1.GetOptions{}) + secret, err := client.CoreV1().Secrets(cr.Namespace).Get(context.TODO(), cr.Spec.TLS.Secret.SecretName, metav1.GetOptions{}) if err != nil { - reqLogger.Error(err, "Failed in getting TLS secret for redis") + logger.Error(err, "Failed in getting TLS secret for redis replication") + logger.V(1).Error(err, "Failed in getting TLS secret for redis replication", "secretName", cr.Spec.TLS.Secret.SecretName, "namespace", cr.Namespace, "redisReplicationName", cr.Name) + return nil } - var ( - tlsClientCert []byte - tlsClientKey []byte - tlsCaCertificate []byte - tlsCaCertificates *x509.CertPool - tlsClientCertificates []tls.Certificate - ) - for key, value := range secretName.Data { - if key == cr.Spec.TLS.CaKeyFile || key == "ca.crt" { - tlsCaCertificate = value - } else if key == cr.Spec.TLS.CertKeyFile || key == "tls.crt" { - tlsClientCert = value - } else if key == cr.Spec.TLS.KeyFile || key == "tls.key" { - tlsClientKey = value - } + tlsClientCert, certExists := secret.Data["tls.crt"] + tlsClientKey, keyExists := secret.Data["tls.key"] + tlsCaCertificate, caExists := secret.Data["ca.crt"] + + if !certExists || !keyExists || !caExists { + logger.Error(errors.New("required TLS keys are missing in the secret"), "Missing TLS keys in the secret") + return nil } cert, err := tls.X509KeyPair(tlsClientCert, tlsClientKey) if err != nil { - reqLogger.Error(err, "Couldn't load TLS client key pair") + logger.Error(err, "Couldn't load TLS client key pair") + logger.V(1).Error(err, "Couldn't load TLS client key pair", "secretName", cr.Spec.TLS.Secret.SecretName, "namespace", cr.Namespace, "redisReplicationName", cr.Name) + return nil } - tlsClientCertificates = append(tlsClientCertificates, cert) - tlsCaCertificates = x509.NewCertPool() + tlsCaCertificates := x509.NewCertPool() ok := tlsCaCertificates.AppendCertsFromPEM(tlsCaCertificate) if !ok { - reqLogger.V(1).Info("Failed to load CA Certificates from Secret") + logger.Error(errors.New("failed to load CA Certificates from secret"), "Invalid CA Certificates") + logger.V(1).Error(err, "Invalid CA Certificates", "secretName", cr.Spec.TLS.Secret.SecretName, "namespace", cr.Namespace, "redisReplicationName", cr.Name) + return nil } return &tls.Config{ - Certificates: tlsClientCertificates, + Certificates: []tls.Certificate{cert}, ServerName: redisInfo.PodName, RootCAs: tlsCaCertificates, - MinVersion: 2, - ClientAuth: 0, + MinVersion: tls.VersionTLS12, + ClientAuth: tls.NoClientCert, } } return nil diff --git a/k8sutils/secrets_test.go b/k8sutils/secrets_test.go new file mode 100644 index 000000000..e8ae83fe3 --- /dev/null +++ b/k8sutils/secrets_test.go @@ -0,0 +1,382 @@ +package k8sutils + +import ( + "os" + "path/filepath" + "testing" + + common "github.com/OT-CONTAINER-KIT/redis-operator/api" + redisv1beta2 "github.com/OT-CONTAINER-KIT/redis-operator/api/v1beta2" + "github.com/go-logr/logr/testr" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + k8sClientFake "k8s.io/client-go/kubernetes/fake" +) + +func Test_getRedisPassword(t *testing.T) { + tests := []struct { + name string + setup func() *k8sClientFake.Clientset + namespace string + secretName string + secretKey string + expected string + expectedErr bool + }{ + { + name: "successful retrieval", + setup: func() *k8sClientFake.Clientset { + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "redis-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "password": []byte("secret-password"), + }, + } + client := k8sClientFake.NewSimpleClientset(secret.DeepCopyObject()) + return client + }, + namespace: "default", + secretName: "redis-secret", + secretKey: "password", + expected: "secret-password", + expectedErr: false, + }, + { + name: "secret not found", + setup: func() *k8sClientFake.Clientset { + client := k8sClientFake.NewSimpleClientset() + return client + }, + namespace: "default", + secretName: "non-existent", + secretKey: "password", + expected: "", + expectedErr: true, + }, + { + name: "secret exists but key is missing", + setup: func() *k8sClientFake.Clientset { + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "redis-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "anotherKey": []byte("some-value"), + }, + } + client := k8sClientFake.NewSimpleClientset(secret.DeepCopyObject()) + return client + }, + namespace: "default", + secretName: "redis-secret", + secretKey: "missingKey", + expected: "", + expectedErr: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + client := tt.setup() + logger := testr.New(t) + got, err := getRedisPassword(client, logger, tt.namespace, tt.secretName, tt.secretKey) + + if tt.expectedErr { + require.Error(t, err, "Expected an error but didn't get one") + } else { + require.NoError(t, err, "Expected no error but got one") + assert.Equal(t, tt.expected, got, "Expected and actual values do not match") + } + }) + } +} + +func Test_getRedisTLSConfig(t *testing.T) { + tests := []struct { + name string + setup func() *k8sClientFake.Clientset + redisCluster *redisv1beta2.RedisCluster + redisInfo RedisDetails + expectTLS bool + }{ + { + name: "TLS enabled and successful configuration", + setup: func() *k8sClientFake.Clientset { + tlsSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "redis-tls-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "ca.crt": helperReadFile(filepath.Join("..", "tests", "testdata", "secrets", "ca.crt")), + "tls.crt": helperReadFile(filepath.Join("..", "tests", "testdata", "secrets", "tls.crt")), + "tls.key": helperReadFile(filepath.Join("..", "tests", "testdata", "secrets", "tls.key")), + }, + } + client := k8sClientFake.NewSimpleClientset(tlsSecret) + return client + }, + redisCluster: &redisv1beta2.RedisCluster{ + ObjectMeta: metav1.ObjectMeta{ + Name: "redis-cluster", + Namespace: "default", + }, + Spec: redisv1beta2.RedisClusterSpec{ + TLS: &redisv1beta2.TLSConfig{ + TLSConfig: common.TLSConfig{ + CaKeyFile: "ca.crt", + CertKeyFile: "tls.crt", + KeyFile: "tls.key", + Secret: corev1.SecretVolumeSource{ + SecretName: "redis-tls-secret", + }, + }, + }, + }, + }, + redisInfo: RedisDetails{ + PodName: "redis-pod", + Namespace: "default", + }, + expectTLS: true, + }, + { + name: "TLS enabled but secret not found", + setup: func() *k8sClientFake.Clientset { + client := k8sClientFake.NewSimpleClientset() + return client + }, + redisCluster: &redisv1beta2.RedisCluster{ + ObjectMeta: metav1.ObjectMeta{ + Name: "redis-cluster", + Namespace: "default", + }, + Spec: redisv1beta2.RedisClusterSpec{ + TLS: &redisv1beta2.TLSConfig{ + TLSConfig: common.TLSConfig{ + CaKeyFile: "ca.crt", + CertKeyFile: "tls.crt", + KeyFile: "tls.key", + Secret: corev1.SecretVolumeSource{ + SecretName: "redis-tls-secret", + }, + }, + }, + }, + }, + redisInfo: RedisDetails{ + PodName: "redis-pod", + Namespace: "default", + }, + expectTLS: false, + }, + { + name: "TLS enabled but incomplete secret", + setup: func() *k8sClientFake.Clientset { + tlsSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "redis-tls-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "ca.crt": helperReadFile(filepath.Join("..", "tests", "testdata", "secrets", "ca.crt")), + // Missing tls.crt and tls.key + }, + } + client := k8sClientFake.NewSimpleClientset(tlsSecret) + return client + }, + redisCluster: &redisv1beta2.RedisCluster{ + ObjectMeta: metav1.ObjectMeta{ + Name: "redis-cluster", + Namespace: "default", + }, + Spec: redisv1beta2.RedisClusterSpec{ + TLS: &redisv1beta2.TLSConfig{ + TLSConfig: common.TLSConfig{ + CaKeyFile: "ca.crt", + CertKeyFile: "tls.crt", + KeyFile: "tls.key", + Secret: corev1.SecretVolumeSource{ + SecretName: "redis-tls-secret", + }, + }, + }, + }, + }, + redisInfo: RedisDetails{ + PodName: "redis-pod", + Namespace: "default", + }, + expectTLS: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + client := tt.setup() + logger := testr.New(t) + tlsConfig := getRedisTLSConfig(client, logger, tt.redisCluster, tt.redisInfo) + + if tt.expectTLS { + require.NotNil(t, tlsConfig, "Expected TLS configuration but got nil") + require.NotEmpty(t, tlsConfig.Certificates, "TLS Certificates should not be empty") + require.NotNil(t, tlsConfig.RootCAs, "Root CAs should not be nil") + } else { + assert.Nil(t, tlsConfig, "Expected no TLS configuration but got one") + } + }) + } +} + +func Test_getRedisReplicationTLSConfig(t *testing.T) { + tests := []struct { + name string + setup func() *k8sClientFake.Clientset + redisReplication *redisv1beta2.RedisReplication + redisInfo RedisDetails + expectTLS bool + }{ + { + name: "TLS enabled and successful configuration", + setup: func() *k8sClientFake.Clientset { + tlsSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "redis-tls-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "ca.crt": helperReadFile(filepath.Join("..", "tests", "testdata", "secrets", "ca.crt")), + "tls.crt": helperReadFile(filepath.Join("..", "tests", "testdata", "secrets", "tls.crt")), + "tls.key": helperReadFile(filepath.Join("..", "tests", "testdata", "secrets", "tls.key")), + }, + } + client := k8sClientFake.NewSimpleClientset(tlsSecret) + return client + }, + redisReplication: &redisv1beta2.RedisReplication{ + ObjectMeta: metav1.ObjectMeta{ + Name: "redis-cluster", + Namespace: "default", + }, + Spec: redisv1beta2.RedisReplicationSpec{ + TLS: &redisv1beta2.TLSConfig{ + TLSConfig: common.TLSConfig{ + CaKeyFile: "ca.crt", + CertKeyFile: "tls.crt", + KeyFile: "tls.key", + Secret: corev1.SecretVolumeSource{ + SecretName: "redis-tls-secret", + }, + }, + }, + }, + }, + redisInfo: RedisDetails{ + PodName: "redis-pod", + Namespace: "default", + }, + expectTLS: true, + }, + { + name: "TLS enabled but secret not found", + setup: func() *k8sClientFake.Clientset { + client := k8sClientFake.NewSimpleClientset() + return client + }, + redisReplication: &redisv1beta2.RedisReplication{ + ObjectMeta: metav1.ObjectMeta{ + Name: "redis-cluster", + Namespace: "default", + }, + Spec: redisv1beta2.RedisReplicationSpec{ + TLS: &redisv1beta2.TLSConfig{ + TLSConfig: common.TLSConfig{ + CaKeyFile: "ca.crt", + CertKeyFile: "tls.crt", + KeyFile: "tls.key", + Secret: corev1.SecretVolumeSource{ + SecretName: "redis-tls-secret", + }, + }, + }, + }, + }, + redisInfo: RedisDetails{ + PodName: "redis-pod", + Namespace: "default", + }, + expectTLS: false, + }, + { + name: "TLS enabled but incomplete secret", + setup: func() *k8sClientFake.Clientset { + tlsSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "redis-tls-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "ca.crt": helperReadFile(filepath.Join("..", "tests", "testdata", "secrets", "ca.crt")), + // Missing tls.crt and tls.key + }, + } + client := k8sClientFake.NewSimpleClientset(tlsSecret) + return client + }, + redisReplication: &redisv1beta2.RedisReplication{ + ObjectMeta: metav1.ObjectMeta{ + Name: "redis-cluster", + Namespace: "default", + }, + Spec: redisv1beta2.RedisReplicationSpec{ + TLS: &redisv1beta2.TLSConfig{ + TLSConfig: common.TLSConfig{ + CaKeyFile: "ca.crt", + CertKeyFile: "tls.crt", + KeyFile: "tls.key", + Secret: corev1.SecretVolumeSource{ + SecretName: "redis-tls-secret", + }, + }, + }, + }, + }, + redisInfo: RedisDetails{ + PodName: "redis-pod", + Namespace: "default", + }, + expectTLS: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + client := tt.setup() + logger := testr.New(t) + tlsConfig := getRedisReplicationTLSConfig(client, logger, tt.redisReplication, tt.redisInfo) + + if tt.expectTLS { + require.NotNil(t, tlsConfig, "Expected TLS configuration but got nil") + require.NotEmpty(t, tlsConfig.Certificates, "TLS Certificates should not be empty") + require.NotNil(t, tlsConfig.RootCAs, "Root CAs should not be nil") + } else { + assert.Nil(t, tlsConfig, "Expected no TLS configuration but got one") + } + }) + } +} + +func helperReadFile(filename string) []byte { + data, err := os.ReadFile(filename) + if err != nil { + panic(err) + } + return data +} diff --git a/tests/testdata/secrets/ca.crt b/tests/testdata/secrets/ca.crt new file mode 100644 index 000000000..483acebbe --- /dev/null +++ b/tests/testdata/secrets/ca.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/zCCAeegAwIBAgIULZgkEyKSTUyz9TPluGHMKp3kXMkwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwETXlDQTAeFw0yMzExMTAyMjQzNDdaFw0yNDExMDkyMjQz +NDdaMA8xDTALBgNVBAMMBE15Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCdvMDZNyA9XM7TLcWzV3GfT8obuQgrCPyAEREEngprCMe1JjtilYCAthZD +062FG6KtQYf5Ph+TCpxrm1x8cdbHBOMoogjJ3tOrKgg/sDqDIBJY5qqeoti1Sps5 +UGLlw8fmgAQIJ3Jie9dlgYtk7HkEFSfuHqHhozsInHkrHDhFAyYNKRf/UwNZvkcB +2st8SJJaC56Pxn5SP97kfBUc0K9dwsFIo5l8y/WWJ31M3CLNuIzBP6JgGdIHq8Fe +pvW3YtWOBRptjse5soZrXW3I6k1SqkkWMM6dvSJobmN5uarn2fFfQI+kYpX1Hx67 +I9sUYeDUVDyeVDyE9y5U7q3kLacNAgMBAAGjUzBRMB0GA1UdDgQWBBROkKWbx7zB +6KAGXCmh0SGNsgZeaTAfBgNVHSMEGDAWgBROkKWbx7zB6KAGXCmh0SGNsgZeaTAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBMvROzFeMPm52B8A9f +pinakVzXbLlQnhmYvevnIZ6jXKCxycp0Ompu/TqqyfpKJ0gJChPCVF2nWHkI6suR +FYI9m3ZXKUqafYlienFbJXmJxWt9V+jt4kBbIja+/ETdl8Vmbc7MIQ7eZS6XMJa9 +tkEB4yCOj72p3DmC/bJSa4zp0ng/AoATA7GPmm+l1hEMDLd+mtosMtev0DWDyF0j +acrlBvRv4Eq6kFuBBzcPqKC2DuFWIU/ZCBkwn2tScPEf0UjZUXl74k9Taz37Av9Z +KQByaF94pYf/7kPRIn2Zw0xXRTJ0wD9bi4Q6YfnN/ntrcs1CNKWb4MMbU2gnz0RN +zCjC +-----END CERTIFICATE----- diff --git a/tests/testdata/secrets/tls.crt b/tests/testdata/secrets/tls.crt new file mode 100644 index 000000000..b60b071aa --- /dev/null +++ b/tests/testdata/secrets/tls.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICqTCCAZECFCMWUrMjKUyph+9nVeNaq9ulIuSFMA0GCSqGSIb3DQEBCwUAMA8x +DTALBgNVBAMMBE15Q0EwHhcNMjMxMTEwMjI0NDEyWhcNMjQxMTA5MjI0NDEyWjAT +MREwDwYDVQQDDAhNeVNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBANsG8xaUF22cRbBZaMCjcuC3D8HHFPmmJI6xCF/MVg9+0afVG9uGpjpcOa8Q +wPD9MRHx8+abAUpR2JwWeYzCwLem+oY+gNPpSzshNUimlonrFnhq3d9OKpLHPC56 +5z1SUctBKlEqHvsV+Y+0xto2tXNDfdrjlKm+DaydFfe9G9BUaZGtjqljD2Yq95Qn +7Qf8bL2Sc5TLSztg/BH+zJmSsC8t4O4qs3iolaZ4kpCrDu4vy2X2V9ybqFPNCFyp +wZB1jLq2RzCcdxFUfYm0a83+LDvqgezXRwB29ZGsbTtb/L/HFkwIt+tqNeVWw+hI +HzRZ7lqI5W+8CpiM2xtJ8qpgs20CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEARjOw +dKDN9fIC8pabrZaXUPUFHwaB3jKrv5B/k4IkI+7VMz7t1mQ7fP+Ryuyinws3VpLh +DEeMyZ+a4gzcMvuxz9RL/p6B9gIVpebknfmTNZPqvSCg2kY9HCTUpsh5AawaGInN +iZ2Iw/MKLJEVxOxNRPzeKE6bHqvO6dijUGrB++XugrGVwMQjMZsJuu6bN7CYRgsA +OoRKohDkhaKsW/RkGIYDIxqm+zsPv69PTALlUXJtgnlkvNc6F5Fd5pwuW8TJ/wLe +eyQM56RaW2OInIOO4ehJkgRnLdukkECvYEwlZD3RgGFvUIGZFZXDS7FvpzZaUmdz +XtNWJjYUsc8d8iljTQ== +-----END CERTIFICATE----- diff --git a/tests/testdata/secrets/tls.key b/tests/testdata/secrets/tls.key new file mode 100644 index 000000000..485f0189c --- /dev/null +++ b/tests/testdata/secrets/tls.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDbBvMWlBdtnEWw +WWjAo3Lgtw/BxxT5piSOsQhfzFYPftGn1RvbhqY6XDmvEMDw/TER8fPmmwFKUdic +FnmMwsC3pvqGPoDT6Us7ITVIppaJ6xZ4at3fTiqSxzwueuc9UlHLQSpRKh77FfmP +tMbaNrVzQ33a45Spvg2snRX3vRvQVGmRrY6pYw9mKveUJ+0H/Gy9knOUy0s7YPwR +/syZkrAvLeDuKrN4qJWmeJKQqw7uL8tl9lfcm6hTzQhcqcGQdYy6tkcwnHcRVH2J +tGvN/iw76oHs10cAdvWRrG07W/y/xxZMCLfrajXlVsPoSB80We5aiOVvvAqYjNsb +SfKqYLNtAgMBAAECggEAM82ifBIdsm6WKv4SoRFnj8+sWeQoyV0q41bqyKGvLy4L +D1t/ob3ongAHIqlfQQBZdUmZKs85kGboSQ6lxA2iAC3trgeld7mDciJKFHtWOpuQ +Ln30KSc3OY0G5mVqQN4x+1VX2WeReUh6xKr4p07uPqtVXoqaNEV/vXZP5k7jf7Ov +UHYKkyOvv4Zo+W+0JUrgTi9LO64OMPHkArHmZbaYvLensyoGH64yXWr9x16mQhaV +gBuXNzYHJchdVN51FyaF9xmNzFFD9j6kKjm5FiTuUbuw5NMwgNKuj9eRy5Cqf+ao +JkjEUZHq4aXmj/1VwAJ9c9ra0eaxUiVgbN8dZGycXwKBgQDzZe416Jh+pYGaTCyl +aac6uyNiMwTHDvjj5r/faa33leGYmn9rZrcQyNdh7LNkU4NTJnpl5ZlLGtny4wMd +MiKIXT2RwjL/WdRbuGjoYF9MJpWVB9Hu3c+UkeL7F5qppZ3sVk3oPG4dW3gA10pL +we7m+MQfVbJwLL0HxV0isHLxowKBgQDmXf+f8udN72xBtf9MybXs8tMx70KCX43X +b0RK5Qt76DYWQSjen3XVPKvIEOfPMMlcvxDNm+v0byMTif0E8Q4jCFVTY3pEhK4p +nXiL2FgXD6AcS0rWJBI0JHUl4otCfqF+5ouGgXBoYdLNHBM+I+hALn2r2qzbMJEu +QhbS38a3rwKBgG6+sysuIKyHK7gD7tB4iRFs8oWMxyC3TEGNzUGe+PvM42+m5FD+ +1E67w1wX8eu1H+ymdkyEskH8/qvH5LPVCudW3VvDq6aJvdjZyEnrB5FDgQ3lF/0C +SZ/E3Sz4KXQFGhzdi+ceD9AlvS1Mx84+eC/5gmrreBwYDw5JG75b4IDXAoGBAIqT +GtUdqhRQpN92WmfXos8xVuff1DNWxZ1FemBPHbRggECs26fnZltqTq9ftAIHh+l5 +qeL1G2ADhqcXR5O0adubBLDP01nqMlYoOr5s2rislpTOmers8eJZ1/p9J2ZNhFow +1teHf5Xa2pK1g8HKmcgZ71D0jyyfL4YTDWW2ZPRTAoGBAOZeKTvyjpYHDtV4fRbZ +WTwyMda9qjnQvDovPcm5ci1SEjJUCusJKNwoZiU9/xuU1P9t234qmNsmQV5Tpplg +aH139Yw8kz7u9z1o2ajO6rG7rQ5qUgYXHgEhIoRnkCfx4uekeaO5lgdwIDR0zC1I +BfJBeduDgVHEyYxEU78tprfc +-----END PRIVATE KEY-----