terraform-provider-grafana icon indicating copy to clipboard operation
terraform-provider-grafana copied to clipboard

Published 20 hours ago verified publisher icon grafana

Generate certificates on the fly

Open inkel opened this issue 3 years ago • 7 comments

In #486 it became apparent that keeping our certificates up to date when testing using Docker (make testacc-docker and make testacc-docker-tls) can become a tedious task, albeit one that we don't have to run too often. Not only this, but also had a dependency on an external tool to create the dependencies.

This PR removes away the certificates from the repository, and the external tool dependency, and replaces the mechanism with a Go file that creates certificates with an expiration of 1 hour since the time of creation. This might be low, but the testacc-docker and testacc-docker-tls targets were also modified to generate the certificates before running the tests using Docker, thus the 1 hour expiration should be more than enough (unless of course the test suite runs for longer than 1 hour, in which case we will have a bigger issue than the certificates being expired :wink:)

inkel avatar May 13 '22 19:05 inkel

The code is pretty crude at the moment, that's why it's a draft. I'll try to refactor it into simpler and more readable code.

inkel avatar May 13 '22 19:05 inkel

Code LGTM but running it gives me the following error: x509: certificate is not valid for any names, but wanted to match mtls-proxy

julienduchesne avatar May 14 '22 10:05 julienduchesne

🤔 funny. I'll look into it on Monday. I remember seeing something about mtls-proxy in an article.

inkel avatar May 14 '22 11:05 inkel

@julienduchesne can I ask you to add the following in line 75, right after crt.IPAddresses:

crt.DNSNames = []string{"mtls-proxy"}

And then try again? 🙏🏽

inkel avatar May 16 '22 17:05 inkel 

crt.DNSNames = []string{"mtls-proxy"}

I tried it, with or without the modification and now I get:

Error: Post "https://admin:***@mtls-proxy:3001/api/folders": x509: certificate has expired or is not yet valid: current time 2022-05-17T13:18:00Z is after 2022-05-14T11:29:35Z

I even cleared all files in testdata and I still get the same thing when they are regenerated

julienduchesne avatar May 17 '22 13:05 julienduchesne

This is really odd, because the generator uses the current time and set the expiration to an hour later 🤔

I could understand a difference in seconds or even minutes, but not days 🤔 🤔

inkel avatar May 17 '22 15:05 inkel

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Jun 15 '22 17:06 CLAassistant

In order to lower resource usage and have a faster runtime, PRs will not run Cloud tests automatically. To do so, a Grafana Labs employee must promote the Drone build.

github-actions[bot] avatar Dec 08 '22 15:12 github-actions[bot]

@inkel, I pushed a commit. It all works now. Can you test and confirm? Command: TESTARGS="-run TestAccTeam_basic" make testacc-docker-tls

julienduchesne avatar Dec 08 '22 15:12 julienduchesne 

=== RUN   TestAccTeam_basic
--- PASS: TestAccTeam_basic (8.93s)
PASS
ok      github.com/grafana/terraform-provider-grafana/grafana   8.945s

We're good to go! Thanks.

inkel avatar Dec 12 '22 12:12 inkel