Skip to content

Commit

Permalink
feat: add certificates for ssl test and an ssl test image
Browse files Browse the repository at this point in the history
Signed-off-by: Simon Schrottner <[email protected]>
  • Loading branch information
aepfli committed Dec 16, 2024
1 parent e132d25 commit 742ad5f
Show file tree
Hide file tree
Showing 8 changed files with 153 additions and 17 deletions.
12 changes: 11 additions & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,11 +35,21 @@ jobs:
with:
context: .
file: flagd/Dockerfile
target: testbed
push: false

- name: Build flagd-testbed-unstable Docker image
uses: docker/build-push-action@v6
with:
context: .
file: flagd/Dockerfile.unstable
file: flagd/Dockerfile
target: unstable
push: false

- name: Build flagd-testbed-ssl Docker image
uses: docker/build-push-action@v6
with:
context: .
file: flagd/Dockerfile
target: ssl
push: false
16 changes: 14 additions & 2 deletions .github/workflows/release-please.yml
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ jobs:
with:
context: .
file: flagd/Dockerfile
target: testbed
push: true
tags: |
${{ env.REGISTRY }}/open-feature/${{ env.FLAGD_IMAGE_NAME }}:${{ needs.release-please.outputs.release_tag_name }}
Expand All @@ -68,12 +69,23 @@ jobs:
uses: docker/build-push-action@v6
with:
context: .
file: flagd/Dockerfile.unstable
file: flagd/Dockerfile
target: unstable
push: true
tags: |
${{ env.REGISTRY }}/open-feature/${{ env.FLAGD_IMAGE_NAME }}-unstable:${{ needs.release-please.outputs.release_tag_name }}
${{ env.REGISTRY }}/open-feature/${{ env.FLAGD_IMAGE_NAME }}-unstable:latest
${{ env.REGISTRY }}/open-feature/${{ env.SYNC_IMAGE_NAME }}:${{ needs.release-please.outputs.release_tag_name }}
${{ env.REGISTRY }}/open-feature/${{ env.SYNC_IMAGE_NAME }}:latest
- name: Build and push flagd-testbed-ssl Docker image
uses: docker/build-push-action@v6
with:
context: .
file: flagd/Dockerfile
target: ssl
push: true
tags: |
${{ env.REGISTRY }}/open-feature/${{ env.FLAGD_IMAGE_NAME }}-ssl:${{ needs.release-please.outputs.release_tag_name }}
${{ env.REGISTRY }}/open-feature/${{ env.FLAGD_IMAGE_NAME }}-ssl:latest
8 changes: 7 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,12 @@ The _flagd-testbed_ container is a docker image built on flagd, which essentiall

See the [flagd docs](https://flagd.dev/) for more information on flagd.

### SSL

The _flagd-testbed-ssl_ container is based on _flagd-testbed_ but replaces all the certificates for SSL testing with a custom root CA.
Within the SSL folder you will find all the necessary OpenSSL files, and the commands used for generation.
Please do not use this CA in any kind of production environment.

## Gherkin test suite

The [gherkin/](gherkin/) dir includes a set of [_gherkin_](https://cucumber.io/docs/gherkin/) tests that define expected behavior associated with the configurations defined in the flagd-testbed (see [flags/](flags/)).
Expand All @@ -31,4 +37,4 @@ Included suites:
The Gherkin files structure can be linted using [gherkin-lint](https://github.com/vsiakka/gherkin-lint). The following commands require Node.js 10 or later.

1. npm install
1. npm run gherkin-lint
1. npm run gherkin-lint
30 changes: 29 additions & 1 deletion flagd/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# we NEED flagd v0.6.4 as a minimum
FROM ghcr.io/open-feature/flagd:v0.11.4 AS flagd

FROM busybox:1.37
FROM busybox:1.37 AS testbed

COPY --from=flagd /flagd-build /flagd
COPY flags/* .
Expand All @@ -15,3 +15,31 @@ ENTRYPOINT ["sh", "change-flag-wrapper.sh", "./flagd", "start", \
"-f", "file:evaluator-refs.json", \
"-f", "file:edge-case-flags.json", \
"-f", "file:zero-flags.json"]

FROM testbed AS unstable

ENTRYPOINT ["sh", "restart-wrapper.sh", "./flagd", "start", \
"-f", "file:testing-flags.json"]

FROM alpine/openssl AS certs

# Copy the server and CA certificates
COPY ssl/* ./

RUN openssl genpkey -algorithm RSA -out server-key.pem -pkeyopt rsa_keygen_bits:2048
RUN openssl req -new -key server-key.pem -out server.csr -subj "/CN=localhost" \
&& openssl x509 -req -in server.csr -CA custom-root-cert.crt -CAkey custom-ca.key -CAcreateserial -out server-cert.pem -days 365 -sha256

FROM testbed AS ssl

# Copy the custom root CA certificate into the image

COPY --from=certs server-cert.pem /etc/ssl/certs/
COPY --from=certs server-key.pem /etc/ssl/private/
COPY --from=certs custom-root-cert.crt /etc/ssl/certs/


ENTRYPOINT ["./flagd", "start",\
"-f", "file:testing-flags.json", \
"-c", "/etc/ssl/certs/server-cert.pem", \
"-k", "/etc/ssl/private/server-key.pem"]
12 changes: 0 additions & 12 deletions flagd/Dockerfile.unstable

This file was deleted.

10 changes: 10 additions & 0 deletions ssl/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
commands used to generate the cert

```shell
# generating custom ca
openssl genpkey -algorithm RSA -out custom-ca.key -pkeyopt rsa_keygen_bits:4096

# generating root cert
openssl req -x509 -new -key custom-ca.key -out custom-root-cert.crt -days 3650 -sha256 -subj "/CN=Flagd testbed ROOT CA"

```
52 changes: 52 additions & 0 deletions ssl/custom-ca.key
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDQYbJXuYOPP1/m
4+Zewb71MX0rqQmBWx03/p2InTkgA80py1OhrdAb67BFcYueq3zmWAgvZHbyS8aj
NJqhLsFA7peuqffB1k2iprjkjJjMcCUOGXGnWdDG+8/lmFnUIEdz65eKixvZc5Vd
QWy0vFjhIpu2ueP2x9wVstNdVWR3FOdZ30xkCu26X1mBen1zLtfyoVp/Vq0PaSLa
mqft/kLq8nruCDvLFctuArP/cq/1nC1UekUwuacOvCuSJfRmOPd3OKj3558RIPiK
fdcEjoMxG827716MkWJRpaO+nN0repg2bi8usLP2xUIg7szuGijNcEWhFM75zThl
XCgMEZYnDPGNnI6HeZG+Do2UPu/g+sAJQt+VTo707l2auL9ubvVJejOj5LJqtMyr
qvX0XIFDEEt14kyK8fVSvIuW3tMZXsSSZA+Gzuvl5Tgc2UgEfbB8ERO1MRyBZHMR
/TDbe66x/x3lleVrqmrbSRBWpgNtDET5T9sJ1FZTjhf3qKOs6v22ppMfs9pSTjL6
QhdoUKjSYEK0Ci710EKRDSFBWkLMlSdDCEHHWZzKT8NFhb5BfJ0S3n4qfK2kHIrb
2/HL5YeTCPzbFcsSHfGpu9CZRrLYRE7qc8pUcbzo2CSMNVRiO57cMpvlj/uSmROl
wupykvaJCutqCSu3vGfXSC2hdF7wWwIDAQABAoICAAEjHaDzJ7dzXq6Vu2X0k7SO
PDQNbOLd4apBS+lrUz4TldEJ6ftAumIWWFJFDKM/Vho39A7Sz2EJC5zKeF7fPY+b
GhMvotMtazpvKzHE6Tv/67XfWq/ORpumeKahPrGEKg90362L0uw48ckRLlwhRtlf
oERlNqUwOMKqg/+OhS8gRJV5M0VlJu+f8UeopXdfk7cTVAPI+PoRSXI3TBMOaikM
My2qh5vXEu/wMkS9D8OmLRhxgapye1mDlyRRhBlDuWjVemYsskx9jhpt6JDJXrdH
b4nvZWnIVa5dJMPYFostKSH4LOAR8ssXTMsI3IGjreTeR3My+0OKry/tM+9NVLXS
nYOht33JBKr3Sk4pv4CC2voB/vUpkR69Z59CNPSYrb1JetJ6NMgqaTMsv05i/SJu
j8HNkiXkojcs+LyVfM/MBE5qL1bPJ3xYVX5TUd+o45vcerVoS0EHpWDnBnmdK+VF
H73HscrCHL4Bp/YOS58lNuSKUNGkQ2fyak/U66RJYHKWa0HSSBZWX5fi4IEpagEb
3h4sRbqqw1GSKVszrP5nnM1towu6du6343s+DzhT6PSHmWN7MVTrpfdoSUFnBySr
CEiIs3Z90emAoSpLTFZ0xEcqIEvJw7+zn3M7wuJMjqFelTSuBYGU8vD8B/pV64Wp
Xy5qN5EBfOG37YATDkdxAoIBAQDrP6lQJvcNEi6lG/EvVWQ9I5YXqxEQEuAJz52x
42v64C4nNJrkn0K//hUc/Ei76QhD3n6JBCQrfRysTP2FuuSn90iFNTQfI6yuvMXe
EZDrT0pIH9OM7mM78WtAUkjLppVqKHgGwGjnrgMeqdB53mVlECCG3R5dq6tmteuI
excS18nOvEcKk0Bwyv1DI+iMzW4S2co92DPA5oEwu9YeWwPaJaOLaVHboX9s1JOI
ZMWpmFyjrTIbyla5fcKwc9wqhv2nSMyZKCv0fkQUtPmnbfYDQUNp03gAwN9kT+nb
FIRX9b6rvqmW11/lqR4umYgE3/pMOMU23UqM43zAybxxskGlAoIBAQDiw1Q0WdvF
HQu8b4cLHRCy/wvaAEJXhokXc7oVCkc7aYpZyTo04pQViQJATqnJBZJXwI15ypHx
SPXcjYJkEuIMrW4tqE2j3VlTdvQb7JONuHSJAumfNm4iwnWTU/C38Hk2kM40konH
Wo9XQX2wcZgZCRQCrX3aKfQjOqyT5VMiswHSzdAcqsiGOECGDk8c+gFFNfH2obS2
+VoF5pvEZnLtTHruN7AVoxncRAjUWrFFTB8QQOAUFnNEBt66oQZXpq8K6OaV+OIE
oRhEfCEAvpTPc2YJ0ytHsPY0Tm5K7OZ/kEmLgh9efNwUzmO1sgBfrCigKHVSPPhd
J4+Iw88oIcn/AoIBACP1zUnlSuqClwLCLLIRmYsG/5CKo8cTO5AEXpSssPrefe+c
SPkdpzR2AIA3yF6BFrRZNHp5WZYUP+fOtQpWMVHDqSBDq73+1Ay56n0xrjdqHW68
/reSUTT+iGiCq4IF6t0ZZo+RpfeUUAHF74pRhqpWNsKm1ld3QHIo6OIp/rLwrXae
rTVeoQEc5m329Ttgw6y6AgJGJFMeaS0r6WUmgIY+LqvG465xF2tpa0v0K4rrMW4L
sZcx7OPZ54LVkxglHm0N4cifrWhoTLvlliwT0QFaXpW0r6ld0kghNxw4HKrdc9IJ
CR93uL8AhQ6WhYZJPpecLflfBmBW/eDydY3js8kCggEBAIe6eJ05J9VM9GherQsW
45bwF+zteMggy8/QwhGz7D0AiAID8yYSdKaLMmDBdNjQz+5cX5IFkONGU3sm7GPv
9YO3DxqfAZHSfJP7wFMygIM0Y/RaXPGiR7vgfzWm6Y9/jV3+wJ4xE+zSJLgKiCvj
YjGiAGs14v2BXRL1HLUNb3x2fuHptOZjxtCnvN9Ak1P5xGbjyidgVOWsTJj5lkSx
OZsVywLpLClXTbRMuKg6fJ7I2FMHMdh0M5wFLK2ykjRGncE+9D3SEZ7JudfMIIjs
ie+919aLof0wS721MEkCkVjLSWoKgbIxtB10B7SKjbS2PD7Y2JhXzCUd98jZwxX3
W4sCggEBAI1V8FkHNPaw89Cd2rhpxLk+k6pQr8K6pqUJGxIJPXQdhE0dNkUb5UDi
8ZxQk34wnjrV68XAxcF1Ee1dtqSPiz9YQu3TAglXbktpLcNM33RWRJ0l66NYTLtI
1cTpZK7NPKy3MAtAN5yo3Ar24kBrPOaY4xD7rXxJb4Q/3+cOyN97T8CjoWefS4L5
RcoXlrgbf2O4i8xds7mDZjzyB5Si8S9E4z7iUwXFAg3EAuYR6ln8zftggz8RT7kI
yiWq6gc9AvsB27BE3h1ncsS2lMwfuT9C7bSHO8RSsn3LTZ2lbiBWF3OBaDoC2e71
adBbftlaZFzSZgw976uIBJEyeHw2sgs=
-----END PRIVATE KEY-----
30 changes: 30 additions & 0 deletions ssl/custom-root-cert.crt
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIFITCCAwmgAwIBAgIUWs226ZOg6QZpwL7sdah6owpAnEYwDQYJKoZIhvcNAQEL
BQAwIDEeMBwGA1UEAwwVRmxhZ2QgdGVzdGJlZCBST09UIENBMB4XDTI0MTIxNjE4
NDQyNFoXDTM0MTIxNDE4NDQyNFowIDEeMBwGA1UEAwwVRmxhZ2QgdGVzdGJlZCBS
T09UIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0GGyV7mDjz9f
5uPmXsG+9TF9K6kJgVsdN/6diJ05IAPNKctToa3QG+uwRXGLnqt85lgIL2R28kvG
ozSaoS7BQO6Xrqn3wdZNoqa45IyYzHAlDhlxp1nQxvvP5ZhZ1CBHc+uXiosb2XOV
XUFstLxY4SKbtrnj9sfcFbLTXVVkdxTnWd9MZArtul9ZgXp9cy7X8qFaf1atD2ki
2pqn7f5C6vJ67gg7yxXLbgKz/3Kv9ZwtVHpFMLmnDrwrkiX0Zjj3dzio9+efESD4
in3XBI6DMRvNu+9ejJFiUaWjvpzdK3qYNm4vLrCz9sVCIO7M7hoozXBFoRTO+c04
ZVwoDBGWJwzxjZyOh3mRvg6NlD7v4PrACULflU6O9O5dmri/bm71SXozo+SyarTM
q6r19FyBQxBLdeJMivH1UryLlt7TGV7EkmQPhs7r5eU4HNlIBH2wfBETtTEcgWRz
Ef0w23uusf8d5ZXla6pq20kQVqYDbQxE+U/bCdRWU44X96ijrOr9tqaTH7PaUk4y
+kIXaFCo0mBCtAou9dBCkQ0hQVpCzJUnQwhBx1mcyk/DRYW+QXydEt5+KnytpByK
29vxy+WHkwj82xXLEh3xqbvQmUay2ERO6nPKVHG86NgkjDVUYjue3DKb5Y/7kpkT
pcLqcpL2iQrragkrt7xn10gtoXRe8FsCAwEAAaNTMFEwHQYDVR0OBBYEFAwmtinE
4a67ad+n3658+WbvBlvYMB8GA1UdIwQYMBaAFAwmtinE4a67ad+n3658+WbvBlvY
MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAJdjkDxlygrbnRrP
zFk6lXxlo5nNdvMt4GdQm9mS4BRVApGrVgcDh3kvE/uMhYd0pI2Zx0PNzo55L4Ml
ujMX61d/U1NL/n6K+3UnmeSCIQw1z4GtRzA9ex0Gx1RPRXZEJuCtDvhMDxQA5gCK
DDOim4a67lTRsSz9WGFyz9IGSzuPF+vR9ZRA8EJACKh3SQu9nqyn3+Kw3w28878p
sADYVzCI0BRP+iT18oYel7p+rStQa4O1UBbMdjX85BWB22YYMW8imWrvF7jFjiU0
w7/MD4+Dz2Vq/qsDbC9RQmMxdri329GArP/VS7bNT3lyxBQl2mQaPi43PQ7gc2EK
AiNn1OM2wl6GVMyTm2Tvl8p70SC3WT9AP59j1hzSp1hDz0G3rgzF4xlNEf6BeYXA
dJHJ9S9JuqXHIAyWdC89tY+VWsRPqwAyhaP/fPeKaGV9IvVCziU1YqkyqQD/8plM
AaxERQwmaCQrK9EVRpB/1ifimbEBPnjp3cHJsA7ikkanMxmtLkyLemb52K3ZglUr
6m0HPjciXd/wEV4zUaZeeInN32qHJjt4fMJl4UvIv6m/sMTnxp4My2e/LOiqvp18
9A9s6D5JP+pQuIJFywU3quNsIe1Q8eLigJlEWHlkSRFoWO3qvr0Da/8sTDLfEaOv
1RjlE6tZkQ2t2JYMH9lSy4NVWNpH
-----END CERTIFICATE-----

0 comments on commit 742ad5f

Please sign in to comment.