diff --git a/admission-webhook/.gitignore b/admission-webhook/.gitignore index a82f8f3f..7625037f 100644 --- a/admission-webhook/.gitignore +++ b/admission-webhook/.gitignore @@ -1,3 +1,4 @@ /dev/ /integration_tests/tmp/ /vendor/ +/testdata/ \ No newline at end of file diff --git a/admission-webhook/main_test.go b/admission-webhook/main_test.go index 98d4a21a..a9eb716c 100644 --- a/admission-webhook/main_test.go +++ b/admission-webhook/main_test.go @@ -144,3 +144,10 @@ func Test_env_bool(t *testing.T) { os.Setenv(envkey, envVal) env_bool("TEST_ENV_BOOL") } + +func TestMain(m *testing.M) { + GenerateTestCertAndKey() + code := m.Run() // run tests + ClearTestdata() + os.Exit(code) +} diff --git a/admission-webhook/testdata/cert.pem b/admission-webhook/testdata/cert.pem deleted file mode 100644 index 300db313..00000000 --- a/admission-webhook/testdata/cert.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFCTCCAvGgAwIBAgIUDlTAXZUZ0DGcutGxcspszdn4lAowDQYJKoZIhvcNAQEL -BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI0MDIwODA2MDAyN1oXDTM0MDIw -NTA2MDAyN1owFDESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEAg1kVSkS0tl8+VMBH8nVwfXy3yNgDS5a8uWAFv62O1vI4 -KEOClNhPaFvihL7ubi3rhCmHoUfbIhe1MMqwV7mEXI+AVObs7Sf8feX5WkW6zJyF -AByH8O37fGFfEsISJBcMwmS5/gCShPfUuG2vr7Zg28brxU+Ixp1DhA87X+A+CEG0 -JTH2LDiKMv86At/olH/IeDOH7j2tD25MThDN+xyKa9u2cpy73GcF822haUtFzmVX -mA8Mw4Qs5B2lMPY3k/C2UaqRDnNFu+0U011hvAGFA4+Jw4Cvpy13/4kQQZ0JHSOD -oy+jtbpqMQJn2oCMQ9DX0WQTS7E4W03y5gKS4v8xkUneAWuWoSwTm8TXRoAXbT3n -ZqDXmdy69ckLiLgn/w5uAeKjeHdk522QiJ2MHqYRLJbzUQ6LsrYdcR3nhh1pgh5K -tdnuz7HQtg77KR9g1X1aAT20SqV9rV85FwWI50dTfg8ehWXOSuXlZMlRUuMOn0a0 -iAyw+rCbaLvmuXwPZxuk/PPW+4lWwE1OqHSjs3iHl/fZM5AfmVS9Av3n3JRD2hrA -2aoOnjiFSjI/9qzcjUl8LTvrzGFt3QWcVRDzMqNQW8qPvBFvxrRcZlPTElRM023p -TO8P3k4n08EGgY+dV9s3xC6dnIkyVp7b2UtEDAC6E53mI2e+wG5uYrKu4QSaM9MC -AwEAAaNTMFEwHQYDVR0OBBYEFCEw8jWYUa8ed+R5O9dxhUSVqBJwMB8GA1UdIwQY -MBaAFCEw8jWYUa8ed+R5O9dxhUSVqBJwMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggIBAAE7F7qZ4B5PzqydYRJ0Er39kdfEugs0L3/LYwHfQ4eJKedI -CNXnSW+2kh5kQW9YnXy77VewZ/wtaZyGndNNocRKlN6X2yr97HOtuysdSvHuNmUl -Dyk9brgPcRJK4YizO44DHuQmn0LUhxbeph2VjYxs6B5XEdD6aGFpljWNCHzuWqao -so3uF588lhudSPVkx9VEWHF/N5BKQeJr6gPy1BB8rlSkD8ImxHmq7ledV7ri0mCS -o5WO+17kaLBvyj5H8sN/M+zWPKMHLohe5BXFWwlgl8nGnaXNW0HaKhgyjGTZBZJe -u5kTVQnhTDUo706K4BC8Zz78L6Xcb44FMUIRF5yZ8iKN2M6mPmEQmrE6aKEmiNxc -j0Yfz5MGumog8goYEgOkxp49aI6zojOq7GskDVKo9NxPsfotASriDOhpe106F/yK -cboL1oeL3pAjgICgwdy2pNawjDVNt8cadU4RAxF+m0gpa/xAsGhlz5YKsdOv/7V8 -Lb7KguUyYHmyBFwzJluhBrUWrGpPEKxdjrMbn/9G8b7AbXyV2w/9bwqkLvFU6qyJ -vuv4HpHIywsm9tST8p62RDVRbWlYfBwWIsnz4sraOPJXt8SU9QE3XI3MLw3iiEbs -1oToxKEj+6KbAgaC81cIkohZ+6RYnX+huhhe89Mgg0r7wWnt+huHiKLhGnm/ ------END CERTIFICATE----- diff --git a/admission-webhook/testdata/key.pem b/admission-webhook/testdata/key.pem deleted file mode 100644 index 6f335be9..00000000 --- a/admission-webhook/testdata/key.pem +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCDWRVKRLS2Xz5U -wEfydXB9fLfI2ANLlry5YAW/rY7W8jgoQ4KU2E9oW+KEvu5uLeuEKYehR9siF7Uw -yrBXuYRcj4BU5uztJ/x95flaRbrMnIUAHIfw7ft8YV8SwhIkFwzCZLn+AJKE99S4 -ba+vtmDbxuvFT4jGnUOEDztf4D4IQbQlMfYsOIoy/zoC3+iUf8h4M4fuPa0PbkxO -EM37HIpr27ZynLvcZwXzbaFpS0XOZVeYDwzDhCzkHaUw9jeT8LZRqpEOc0W77RTT -XWG8AYUDj4nDgK+nLXf/iRBBnQkdI4OjL6O1umoxAmfagIxD0NfRZBNLsThbTfLm -ApLi/zGRSd4Ba5ahLBObxNdGgBdtPedmoNeZ3Lr1yQuIuCf/Dm4B4qN4d2TnbZCI -nYwephEslvNRDouyth1xHeeGHWmCHkq12e7PsdC2DvspH2DVfVoBPbRKpX2tXzkX -BYjnR1N+Dx6FZc5K5eVkyVFS4w6fRrSIDLD6sJtou+a5fA9nG6T889b7iVbATU6o -dKOzeIeX99kzkB+ZVL0C/efclEPaGsDZqg6eOIVKMj/2rNyNSXwtO+vMYW3dBZxV -EPMyo1Bbyo+8EW/GtFxmU9MSVEzTbelM7w/eTifTwQaBj51X2zfELp2ciTJWntvZ -S0QMALoTneYjZ77Abm5isq7hBJoz0wIDAQABAoICAB9DIDidkr+Hes/0Nguk3SHZ -AetJUrt2hLPAgY3GMuXBIBGhQ97Gf1vw5sC+qwRJZLF/qvr9ndAHAYa7723px3G6 -bAqJLiIiLswOZSORziyuIk/M+qQjGITZriXKUEQLwmswSz6EB1ujmxtMbBDv4Sze -Mzayv/S58JxpfbHLrygK72Qc+KE80dPigH23qmVR5raJWVSglGTEVWANSuF2QRH7 -6Phtip8iXD28vbrQgixmXYthJaIRfxfKYIt/Ruos1FAqvzzHvfTFMHxAUSdM20pm -Kx1/rw8k2NdW2aosRMONNOMtzxLNbEH+9xYAG6J2fi+l2Jve8fF1Y5dQTIK/x52c -QrpTpjTyejU7FfDxYcJflZovraaA7uLwsLnVB2KREEyjm0TBms0CraQDOdPfQqgr -nNG0PbeahWhdzcPuE75K9fxKqeThPwN+WzoEccPjivDIvriBCSiDsiJKKCTj/x8r -BDn2NvCBN0qmsxy0mjDjEzVuJCXs8N47aQ6VsKfhMihPiivXvUmxCmDHE+I4udqH -nH5o9F88CtetjyZ0nqBN5c17O2t3f49PkQiAuUf6ZFSAPsTBYodd6OzgSqi+h0M2 -e9k3j4BN9CV0zTQVWKDTWLoYKB0D0WFML9FVG1mCL0iC6Cw5ATXWVDdTmQdv8vpt -RcL6trjkUuQSDaXTq1BZAoIBAQC45bUSHdieI1BZtfV/BQoUllxlFYvONwqcgmoH -nBgVX97Yj+fkGtCE1V11nQ8t5WmEKP46+gYbhUbJhJTA+NzwczAn0lsh8T67J6j3 -avNWb3hYghhKdUCOzRlxjehARXe9KVlsAYgvfM8dtto41rIXPGHDgLuWhhCQHVkf -PR4EsI9+IoFI/ZwI7miXVkHgkqvVrZpX3f+yv4yXCGLjaTxYTDtxAZiPKWvaQFC1 -e3MA3BJkSTgWU0Q5ym6rwP7l0udkyMHgoA+UenZItlyqwWlHDvazsajk+FhD4xPF -5ZenE6ukmo6lgtMQ+GR0M925N036kjbFKZTk5Wc2+AQh1ybZAoIBAQC127Dj8jRt -KWNRR1eYsHIOxVRtPg0xltXajkfx3sfKjfLr4VJ5nLaF0p4yalgyb8P88Cn+KLcD -ZnKSMPkgYMkLNVYbcHNLxhTPMLjOk7XmkXIpb7h4CcUe07J5BFNXTvavg91lmkQX -udE0U3mtzl+8VJ4rKWbTRQrmSTVRiMrLeeWO8EBaFG9FoV3M5W/gclIuzpm6t64f -1bODTyyPGghnPrk8dTvnbZBJd/ANp1mnt/55JdEF2Xh3Qug88gwzdU1f1+cfIdvY -xVmIBR6XLSA3hKsEcUBy75Ki+VckD9sYCgW+k3W5YpxRrkmnyHf8ORGJ4uqiHJUW -1hpx8hhZT3yLAoIBAHl5qVHiu/uBdfvKmSS/edT2yHM9CaIM9XLIF8MyIXyBhRZA -zXhGybJLv+BStLNRotZKXGUA+NxB3rTs3xI9LmLnOr8e6/LL3Yv2TYNoB8FE8Qst -Rao9iJGJXGsHcYwwV6+2p+JWy1Nvq195T7vCCjVL3Wsle5k0MVONhI0KiVtJaKzV -HJ2IyWfwwlSTPiq+EhkLunh6CNE2GbbsspN4A0Z7px3ij4mXDB3S3XOuTGtHKuoq -VKgOQqe5QKak4JK70nybjQz3++Rv5KB290DUW0dtJFYApdbw9oR7fvUol08UlFNL -m+ZPoj3nA5B4tvZFyHyUbVlxrToJIZuyrHxTL1kCggEAdOUoSP1Q8bIe4wnmpoEU -b6Yr5KR0OqHoCLpYSIKZDfw8X57QMtenA1Ik2ec9lf39jsKZW4O0T/00PAA6wrMz -x36bQLwBgH1sttlskWylCfYH2da0ToSJLo2JNPywzXg2XQ936m1Ew7NvZCEcH7p+ -E0KZAMl2DOteXDRGj4hMQoqyIjUQSFbGR424C5KXXUBezzOB4WFcDZ6B6y+jRsDH -EgZhbxk0TkhA7Nipdz1RBdvhOOIz/3yQUKizOymi6hjGiYrwRzSuaiJAsIwJ48bf -5I/kldBuSvLv4M5BUy7V+BfJJX0HuQhHzsEnGzBi37+XJHi1tUqGEs3A5ell+VJ8 -jQKCAQA7fLze8yvK2Lh8KbNGFMyFp9KxzwHVkVaB/YQX4pN8hfnGhRIae6QTFp9U -Q89bWvpEqXjfAvHW3cD8bR8HouHczK0Cj6ij4wwsCIIxj35Jn2hNyxWmL9+s/p3/ -jGdvXeUHtXI5pUinlRb3ix5zpPBPFn08F7sqRIi5fLMgkGi2UcaRzPsiBX6s81o5 -KSXG7gWqNt7o81Q4tcIAbmbEf07HXgmtJgk4jtCHcnQclckxdFMoPNaaM6tVnjxJ -n5KBZqmuRkFdp5gk9QIE81m1iRzioJV84rzSSkX9wD36BwTsa6iy5nbEtDDSBSrm -Qq94HQjGtc+tQXYMH1mJfTWqcfyT ------END PRIVATE KEY----- diff --git a/admission-webhook/utils_test.go b/admission-webhook/utils_test.go index 4ba14d73..f16a0150 100644 --- a/admission-webhook/utils_test.go +++ b/admission-webhook/utils_test.go @@ -2,7 +2,14 @@ package main import ( "context" + crand "crypto/rand" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "math/big" "math/rand" + "os" "time" corev1 "k8s.io/api/core/v1" @@ -106,3 +113,56 @@ func shuffleContainers(a []corev1.Container) { a[i] = tmp } } + +func GenerateTestCertAndKey() { + // Generate a 2048-bit RSA private key + priv, err := rsa.GenerateKey(crand.Reader, 2048) + if err != nil { + panic(err) + } + + // Create a certificate template + certTemplate := &x509.Certificate{ + SerialNumber: big.NewInt(1), + Subject: pkix.Name{ + Organization: []string{"test"}, + }, + NotBefore: time.Now(), + NotAfter: time.Now().AddDate(1, 0, 0), // Valid for 1 year + KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + BasicConstraintsValid: true, + } + + // Create the certificate + certDER, err := x509.CreateCertificate(crand.Reader, certTemplate, certTemplate, &priv.PublicKey, priv) + if err != nil { + panic(err) + } + + err = os.Mkdir("testdata", 0755) + if err != nil { + panic(err) + } + + // Write the certificate to a PEM file + certFile, err := os.Create("testdata/cert.pem") + if err != nil { + panic(err) + } + pem.Encode(certFile, &pem.Block{Type: "CERTIFICATE", Bytes: certDER}) + certFile.Close() + + // Write the private key to a PEM file + keyFile, err := os.Create("testdata/key.pem") + if err != nil { + panic(err) + } + keyBytes := x509.MarshalPKCS1PrivateKey(priv) + pem.Encode(keyFile, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: keyBytes}) + keyFile.Close() +} + +func ClearTestdata() { + os.RemoveAll("testdata") +}