enbable TLS for crypts APIs (#270)

TLS for crypts APIs Signed-off-by: YZ775 <[email protected]>
cybozu-go · Nov 8, 2023 · 7b589f9 · 7b589f9
1 parent 994a594
commit 7b589f9
Show file tree

Hide file tree

Showing 49 changed files with 612 additions and 411 deletions.
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -8,8 +8,8 @@ env:
   go-version: "1.20"
   filename: 'main.yaml'
 jobs:
-  build:
-    name: Build
+  static-check:
+    name: Static Check
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
@@ -20,9 +20,6 @@ jobs:
         with:
           go-version: ${{ env.go-version }}
 
-      - name: Start etcd container 
-        run: docker run -d --network host gcr.io/etcd-development/etcd:v3.5.7
-
       - name: Install test tools
         run: make SUDO="sudo" test-tools
 
@@ -32,35 +29,54 @@ jobs:
       - name: Run code check tools
         run: make code-check
 
+  unit-test:
+    name: Unit Test
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup golang
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ env.go-version }}
+
+      - name: Install test tools
+        run: make SUDO="sudo" test-tools
+
       - name: Build binaries
         run: make build
 
-      - name: Start sabakan
-        run: |
-          sudo ./sabakan -dhcp-bind 0.0.0.0:10067 \
-          -etcd-endpoints http://localhost:2379 \
-          -advertise-url http://localhost:10080 &
-
       - name: Run test
         run: make test
 
-      - name: Prepare for uploading sabakan binaries
-        run: |
-          mkdir /tmp/workspace
-          cp ./sabakan ./sabactl ./sabakan-cryptsetup /tmp/workspace
-          cp LICENSE /tmp/workspace
+  e2e-test:
+    name: e2e Test
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
 
-      - name: Upload sabakan binaries
-        uses: actions/upload-artifact@v3
+      - name: Setup golang
+        uses: actions/setup-go@v3
         with:
-          name: sabakan-binaries
-          path: /tmp/workspace
-          retention-days: 1
+          go-version: ${{ env.go-version }}
+
+      - name: Install test tools
+        run: make SUDO="sudo" test-tools
+
+      - name: Setup cfssl
+        run: make SUDO="sudo" setup-cfssl
+
+      - name: Build binaries
+        run: make build
+
+      - name: Run test
+        run: make e2e
 
   build-image:
     name: Build Images
     runs-on: ubuntu-22.04
-    needs: build
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -69,25 +85,12 @@ jobs:
         uses: actions/setup-go@v3
         with:
           go-version: ${{ env.go-version }}
-
-      - name: Download sabakan binaries
-        uses: actions/download-artifact@v3
-        with:
-          name: sabakan-binaries
-          path: ./docker
-
-      - name: Build sabakan image
-        run: docker build -t quay.io/cybozu/sabakan:latest ./docker
-
-      - name: Save Image
-        run: |
-            mkdir -p /tmp/docker
-            docker save quay.io/cybozu/sabakan:latest -o /tmp/docker/image
+      - name: Build image
+        run: make docker-build
 
   mtest:
     name: Multi-host test
     runs-on: ubuntu-22.04
-    needs: build
     steps:
       - name: Checkout
         uses: actions/checkout@v3

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -20,14 +20,8 @@ jobs:
         with:
           go-version: ${{ env.go-version }}
 
-      - name: Build Binaries
-        run: |
-          make build
-          cp LICENSE ./docker
-          cp ./sabakan ./sabactl ./sabakan-cryptsetup ./docker
-
       - name: Build image
-        run: docker build -t quay.io/cybozu/sabakan:latest ./docker
+        run: make docker-build
 
       - name: Push docker image to Quay.io
         run: |

diff --git a/Makefile b/Makefile
@@ -4,6 +4,12 @@
 ETCD_VERSION = 3.5.7
 GO_FILES=$(shell find -name '*.go' -not -name '*_test.go')
 BUILT_TARGET=sabakan sabactl sabakan-cryptsetup
+IMAGE ?= quay.io/cybozu/sabakan
+TAG ?= latest
+CFSSL_VER = 1.6.4
+CFSSL = /usr/local/bin/cfssl
+CFSSLJSON = /usr/local/bin/cfssljson
+E2E_OUTPUT=./e2e/output
 
 .PHONY: all
 all: build
@@ -31,11 +37,13 @@ test:
 
 .PHONY: e2e
 e2e: build
+	cd e2e/certs && ./gencerts.sh
 	RUN_E2E=1 go test -v -count=1 ./e2e
 
 .PHONY: clean
 clean:
 	rm -f $(BUILT_TARGET)
+	rm -rf $(E2E_OUTPUT)
 
 .PHONY: test-tools
 test-tools: custom-checker staticcheck etcd
@@ -61,3 +69,19 @@ etcd:
 		$(SUDO) mv /tmp/etcd/etcd /usr/local/bin/; \
 		rm -rf /tmp/etcd-v${ETCD_VERSION}-linux-amd64.tar.gz /tmp/etcd; \
 	fi
+
+.PHONY: docker-build
+docker-build: build
+	cp LICENSE ./docker
+	cp ./sabakan ./sabactl ./sabakan-cryptsetup ./docker
+	docker build --no-cache -t $(IMAGE):$(TAG) ./docker
+	rm ./docker/sabactl ./docker/sabakan ./docker/sabakan-cryptsetup ./docker/LICENSE
+
+.PHONY: setup-cfssl
+setup-cfssl:
+	if ! [ -f $(CFSSL) -a -f $(CFSSLJSON) ]; then \
+		curl -sSLf -o cfssl https://github.com/cloudflare/cfssl/releases/download/v$(CFSSL_VER)/cfssl_$(CFSSL_VER)_linux_amd64; \
+		curl -sSLf -o cfssljson https://github.com/cloudflare/cfssl/releases/download/v$(CFSSL_VER)/cfssljson_$(CFSSL_VER)_linux_amd64; \
+		chmod +x cfssl cfssljson; \
+		$(SUDO) mv cfssl cfssljson /usr/local/bin/; \
+	fi
diff --git a/bin/run-mtest.sh b/bin/run-mtest.sh
@@ -45,7 +45,7 @@ git checkout -qf ${GITHUB_SHA}
 cd mtest
 cp /assets/etcd-*.tar.gz .
 cp /assets/ubuntu-*.img .
-make setup
+make SUDO="sudo" setup
 make placemat
 sleep 3
 exec make test TARGET="${TARGET}"