From 356b23643b5cea7a6dfaa56ca1518bc2cdcb5a39 Mon Sep 17 00:00:00 2001 From: Magnus Kulke Date: Wed, 14 Feb 2024 17:54:57 +0100 Subject: [PATCH] ci: set certs/key as makefile deps in e2e test token-cert-chain.pem, ca-cert.pem and token-key.pem are specified in the configfiles. Without them a launch of kbs or resource-kbs will fail. Hence they are added as dependencies in the Makefile. Signed-off-by: Magnus Kulke --- .github/workflows/kbs-e2e.yaml | 4 ---- kbs/test/Makefile | 31 +++++++++++++++++++---------- kbs/test/data/e2e/kbs.toml | 4 ++-- kbs/test/data/e2e/resource-kbs.toml | 2 +- 4 files changed, 23 insertions(+), 18 deletions(-) diff --git a/.github/workflows/kbs-e2e.yaml b/.github/workflows/kbs-e2e.yaml index 9ce3816601..183e12d75a 100644 --- a/.github/workflows/kbs-e2e.yaml +++ b/.github/workflows/kbs-e2e.yaml @@ -60,10 +60,6 @@ jobs: working-directory: kbs/test run: make bins - - name: Generate Attestation Token Signer - working-directory: kbs/test - run: make generate-attestation-token-signer - - name: Set cc_kbc sample attester env if: inputs.sample == true run: echo "AA_SAMPLE_ATTESTER_TEST=1" >> "$GITHUB_ENV" diff --git a/kbs/test/Makefile b/kbs/test/Makefile index feaec706f3..576e82cb69 100644 --- a/kbs/test/Makefile +++ b/kbs/test/Makefile @@ -52,16 +52,25 @@ client: .PHONY: bins bins: kbs resource-kbs client +ca-key.pem: + openssl genrsa -traditional -out ca-key.pem 2048 + +ca-cert.pem: ca-key.pem + openssl req -new -key ca-key.pem -out ca-req.csr -subj "/O=CNCF/OU=CoCo/CN=KBS-test-root" && \ + openssl req -x509 -days 3650 -key ca-key.pem -in ca-req.csr -out ca-cert.pem + +token-key.pem: + openssl genrsa -traditional -out token-key.pem 2048 + +token-cert.pem: token-key.pem ca-cert.pem ca-key.pem + openssl req -new -key token-key.pem -out token-req.csr -subj "/O=CNCF/OU=CoCo/CN=CoCo-AS" && \ + openssl x509 -req -in token-req.csr -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out token-cert.pem -extensions req_ext + +token-cert-chain.pem: token-cert.pem ca-cert.pem + cat token-cert.pem ca-cert.pem > token-cert-chain.pem + .PHONY: generate-attestation-token-signer -generate-attestation-token-signer: - mkdir $(CURDIR)/token-signer/ - openssl genrsa -traditional -out ./token-signer/cakey.pem 2048 - openssl req -new -key ./token-signer/cakey.pem -out ./token-signer/careq.csr -subj "/O=CNCF/OU=CoCo/CN=KBS-test-root" - openssl req -x509 -days 3650 -key ./token-signer/cakey.pem -in ./token-signer/careq.csr -out ./token-signer/cacert.pem - openssl genrsa -traditional -out ./token-signer/token-key.pem 2048 - openssl req -new -key ./token-signer/token-key.pem -out ./token-signer/token-cert-req.csr -subj "/O=CNCF/OU=CoCo/CN=CoCo-AS" - openssl x509 -req -in ./token-signer/token-cert-req.csr -CA ./token-signer/cacert.pem -CAkey ./token-signer/cakey.pem -CAcreateserial -out ./token-signer/token-cert.pem -extensions req_ext - cat ./token-signer/token-cert.pem ./token-signer/cacert.pem > ./token-signer/token-cert-chain.pem +generate-attestation-token-signer: token-cert-chain.pem kbs.key: openssl genpkey -algorithm ed25519 > kbs.key @@ -82,7 +91,7 @@ start-kbs: kbs.PID .PHONY: start-resource-kbs start-resource-kbs: resource-kbs.PID -kbs.PID: kbs kbs.pem $(KBS_REPO_PATH)/one/two/three +kbs.PID: kbs kbs.pem token-key.pem token-cert-chain.pem $(KBS_REPO_PATH)/one/two/three @printf "${BOLD}start kbs${SGR0}\n" { \ RUST_LOG=actix-server=warn \ @@ -91,7 +100,7 @@ kbs.PID: kbs kbs.pem $(KBS_REPO_PATH)/one/two/three } && \ sleep 1 -resource-kbs.PID: resource-kbs kbs.pem $(KBS_REPO_PATH)/one/two/three +resource-kbs.PID: resource-kbs kbs.pem ca-cert.pem $(KBS_REPO_PATH)/one/two/three @printf "${BOLD}start resource-kbs${SGR0}\n" { \ RUST_LOG=actix-server=debug \ diff --git a/kbs/test/data/e2e/kbs.toml b/kbs/test/data/e2e/kbs.toml index dfb73398cc..3fd4cf5757 100644 --- a/kbs/test/data/e2e/kbs.toml +++ b/kbs/test/data/e2e/kbs.toml @@ -19,8 +19,8 @@ attestation_token_broker = "Simple" duration_min = 5 [as_config.attestation_token_config.signer] -key_path = "./token-signer/token-key.pem" -cert_path = "./token-signer/token-cert-chain.pem" +key_path = "./token-key.pem" +cert_path = "./token-cert-chain.pem" [as_config.rvps_config] store_type = "LocalFs" diff --git a/kbs/test/data/e2e/resource-kbs.toml b/kbs/test/data/e2e/resource-kbs.toml index bb0d1e1474..792333e91a 100644 --- a/kbs/test/data/e2e/resource-kbs.toml +++ b/kbs/test/data/e2e/resource-kbs.toml @@ -4,7 +4,7 @@ insecure_http = true [attestation_token_config] attestation_token_type = "CoCo" -trusted_certs_paths = ["./token-signer/cacert.pem"] +trusted_certs_paths = ["./ca-cert.pem"] [repository_config] type = "LocalFs"