From 8f3b0f756215f72408599687c79d34885174821a Mon Sep 17 00:00:00 2001 From: Theo Chatzimichos Date: Jan 20 2018 19:29:04 +0000 Subject: use fake cert/key pair for testing nginx configs We are replacing both the cert/key pair because: - the key is encrypted and the CI worker can't decrypt it - the nginx validation command tries to match the pair --- diff --git a/bin/test_nginx.sh b/bin/test_nginx.sh index 6c7dde3..1f4df1a 100755 --- a/bin/test_nginx.sh +++ b/bin/test_nginx.sh @@ -16,6 +16,23 @@ reset_nginx() { printf "roles:\n- $role" | $SUDO tee /etc/salt/grains > /dev/null } +create_fake_certs() { + # We are replacing both the cert/key pair because: + # - the key is encrypted and the CI worker can't decrypt it + # - the nginx validation command tries to match the pair + + PRIVATE_KEYS=( $(grep ssl_certificate_key pillar/role/$role.sls | cut -d':' -f2) ) + for key in ${PRIVATE_KEYS[@]}; do + $SUDO cp test/fixtures/domain.key $key + done + + PUBLIC_CERTS=( $(grep "ssl_certificate:" pillar/role/$role.sls | cut -d':' -f2) ) + for cert in ${PUBLIC_CERTS[@]}; do + $SUDO cp test/fixtures/domain.crt $cert + done +} + + WEB_ROLES=( $(bin/get_roles.py | grep web_) ) for role in ${WEB_ROLES[@]}; do @@ -23,6 +40,7 @@ for role in ${WEB_ROLES[@]}; do echo "Testing role: $role" reset_nginx $SUDO salt-call --local -l quiet state.apply role.$role > /dev/null + create_fake_certs if $(nginx -tq); then echo 'PASSED' else diff --git a/test/fixtures/domain.crt b/test/fixtures/domain.crt new file mode 100644 index 0000000..78cbf0d --- /dev/null +++ b/test/fixtures/domain.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDYDCCAkigAwIBAgIJAMGh92ER6UWuMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMTgwMTIwMTkwMjMyWhcNMTkwMTIwMTkwMjMyWjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAmI1R6qCY/8y/hgilPz+8wpHj9ibvgoJZlOlQykQT9hsvZdZqc7RcZ3Ct +KEdIdyUD9msNQzuqV7+bB86C2NLAAr03gGgcxS7puFDo0NadVkYefpRDIl7Ec/C/ +3ftnAGwnPKnf1psu3VxcgFATFKwe/YC++R18H3CujdxOq2dGl/hkPPvSdL/Dy4SU +av8ZniAMhTQTgZjC36BfC0D5JI/GcnGK4ZisbDIDD3iJ8aAR//mALNHCPVTX6XUx +diJdzJyfgMSiRsgu9IcQ2tbLooKrTsqTuTm7dX3pUZEO7lIvsDZJdOEXr8YOSV4D +8cDXTX2v8Bfkj2f7Mcku7FV29rsjvQIDAQABo1MwUTAdBgNVHQ4EFgQUkt6h9ozu +nw9UJEiKqrtqrC5PJAgwHwYDVR0jBBgwFoAUkt6h9ozunw9UJEiKqrtqrC5PJAgw +DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAE+wiK9fPLbn+uaf8 +hrtTeUR9MTdnsu/D52LfqviatsG+GrYb6O+i/MeWJ+g4Q/NmQPWWwRRahq13tcNx +ZQGi7BOX6FT3yYFGg3YbSKwgelLIrEr5VwC61qdBouEfhbrduuOUzQ7nU+OtJsQq +m4oDCQB8RlSKyBJcMFSSOou11i8Hwyx4bT4bl87ZDEHLoylOfnTEgQXRUqkTsQV7 +WsmRnmoChDHnCZRJ8XJOdFZiktQaSKN9RIRQYIH3U5jiNeTKE3OibP74dV1pITa3 +/ivdk3IzYLry579PhWOaqhS3TNjMxHjV/el9Vf6KTZXDpyR6M8eaX0SbtS4+boEr +fgk6Jw== +-----END CERTIFICATE----- diff --git a/test/fixtures/domain.key b/test/fixtures/domain.key new file mode 100644 index 0000000..d8ebbd5 --- /dev/null +++ b/test/fixtures/domain.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCYjVHqoJj/zL+G +CKU/P7zCkeP2Ju+CglmU6VDKRBP2Gy9l1mpztFxncK0oR0h3JQP2aw1DO6pXv5sH +zoLY0sACvTeAaBzFLum4UOjQ1p1WRh5+lEMiXsRz8L/d+2cAbCc8qd/Wmy7dXFyA +UBMUrB79gL75HXwfcK6N3E6rZ0aX+GQ8+9J0v8PLhJRq/xmeIAyFNBOBmMLfoF8L +QPkkj8ZycYrhmKxsMgMPeInxoBH/+YAs0cI9VNfpdTF2Il3MnJ+AxKJGyC70hxDa +1suigqtOypO5Obt1felRkQ7uUi+wNkl04Revxg5JXgPxwNdNfa/wF+SPZ/sxyS7s +VXb2uyO9AgMBAAECggEBAIH8GIqVYQjFS4RHpZYpFwurB9TcBETuEKqjyyUtsNyI ++XAKrRX93qZ9Ce5CHur2bVPwj5J0KocuSkjym+doXBd5ZutQywLxIFDfECGyXMoA +YUd1yWZl3Xr07meVKYTgouY70PCptdsEMgVbNYbtylIy+4aEqxiXCQTzbUz7aNlf +iiw1A9ZgQbM9s9zgx9kXxcG4XpKL4fDuSWZh4KZFetzfoEfL0a18Xfn7tCWOZiV1 +P3iWZMBavItnn6H3GQtOWMlhBVa/297SN0bQTG0/qO9kejmowoTEPiLJNUBD7i5s +pF3d8pz9KhEreljE171dmFJjoueUHTg1KASDNHFuAsECgYEAyCpP91MZbAS+XeqE +RcusVrNREj723/IF2qoGTytpVhPLU6mx+PYbl9VEYdXQ1636bwwHEegKQUXi3Weq +P7b0+XClm+LXRXAx7z9YKXOSZSOt1C1HqbPQqBLY0j8XzNqlZX5GVUx9ozHcwTLL +eUdKRBObSu9olZ8NfbLr/lgHT9kCgYEAwxr5BRAVAlErdUSwBWOHzd8r8NgUnMr2 +jR+quoNQJsVPK/PgwL/8v7cvIbGkbffoQDgsMSsuhyuwkjtF/yNmzpljFx1+BBpl +jVEesgnEpgEYP4XqzpH+9AfK9/VH6GvDp3KHEA1DTncsamGWfwMo7wnO1Bagiup5 +5X8nI+Xi6IUCgYBs4JcesNTjLLFf5HCOhnr3rhIrGpSuu7bzegh0h+iEKcAvgd6M +zVG1BQxtKyCuMLRIMwKletIZLyp3xCuW/K3EAMIUSQ9Pdfeza4FJCtRWr1GeWALj +DCwzQA0wT6FijIvq6QTY4QJ2AmlRrY+AKIb9AK031YHN4PY1qV00vC0+AQKBgQCF +SZP9pXL01kb+IiKuS8SnHGOEcdoDE5VD6/JS4QqMshbYTA+rHn2o65hDSHyws7/y +v21RWdK7fVlvTRcQqjq9wYQ0cm14mB/wXw69SncRgYXzP6Wd4ZdvVzOOGf86BQTx +DAjBKo5kuH2bX3fU5W+9fdHSinK69Fy6MBepKo/NkQKBgEYYpNcNTJcuBYGf27eL +FiZcsdNu1267xZxP4cDE2/4cI3KMUw79b6jNltnCjIzL4biN3159WXpYxKu+KZlf +fL5BgOzYPb07ORe/78L2pylr9wJKqOertPgZKgwszBGYeiUzXJekaR9jIVKEFfZT +Vn1oIDHa5lvlEo4gPVBXIe3C +-----END PRIVATE KEY-----