Skip to content

Commit

Permalink
chore: update the rcgen dev dependency for the API server (#330)
Browse files Browse the repository at this point in the history 
This needed to be done manually due to breaking changes that occurred in
[v0.13.0](https://github.com/rustls/rcgen/releases/tag/v0.13.0).

More context:

The `generate_simple_self_signed` used to be implemented this way prior
to `0.13.0`:

```rust
pub fn generate_simple_self_signed(
	subject_alt_names: impl Into<Vec<String>>,
) -> Result<Certificate, Error> {
	Certificate::from_params(CertificateParams::new(subject_alt_names))
}
```

(link
[here](https://github.com/rustls/rcgen/blob/1d2df16085eacf2fe9cd0f54dcb2ccc5980c9a8e/rcgen/src/lib.rs#L106))

But in `0.13.0` was updated to this, and now returns a `CertifiedKey`
instead of just a `Certificate`:

```rust
pub fn generate_simple_self_signed(
	subject_alt_names: impl Into<Vec<String>>,
) -> Result<CertifiedKey, Error> {
	let key_pair = KeyPair::generate()?;
	let cert = CertificateParams::new(subject_alt_names)?.self_signed(&key_pair)?;
	Ok(CertifiedKey { cert, key_pair })
}
```

(see
[here](https://github.com/rustls/rcgen/blob/447322c693d6ef6420ce61fdcdb6de516c04660a/rcgen/src/lib.rs#L124))

And beyond that in general some things have been moved around.
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot authored Jan 6, 2025
2 parents 68b585c + 870292e commit f771b1c
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 166 deletions.
159 changes: 13 additions & 146 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dataplane/api-server/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,4 @@ tonic-build = { workspace = true }

[dev-dependencies]
tempfile = "3.14.0"
rcgen = "0.9.3"
rcgen = "0.13.2"
38 changes: 19 additions & 19 deletions dataplane/api-server/tests/test_setup_tls.rs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
use anyhow::Result;
use api_server::config::{MutualTLSConfig, ServerOnlyTLSConfig, TLSConfig};
use api_server::setup_tls;
use rcgen::{generate_simple_self_signed, Certificate, CertificateParams};
use rcgen::{generate_simple_self_signed, CertificateParams, CertifiedKey};
use std::fs;
use tempfile::tempdir;
use tonic::transport::Server;
Expand All @@ -12,9 +12,9 @@ async fn test_tls_self_signed_cert() -> Result<()> {
let temp_dir = tempdir().unwrap();

// Generate self-signed certificate
let cert = generate_simple_self_signed(vec!["localhost".into()])?;
let cert_pem = cert.serialize_pem()?;
let key_pem = cert.serialize_private_key_pem();
let CertifiedKey { cert, key_pair } = generate_simple_self_signed(vec!["localhost".into()])?;
let cert_pem = cert.pem();
let key_pem = key_pair.serialize_pem();

// Paths for the server cert and private key
let cert_path = temp_dir.path().join("server.crt");
Expand Down Expand Up @@ -46,8 +46,8 @@ async fn test_tls_missing_cert() -> Result<()> {
let temp_dir = tempdir().unwrap();

// Generate private key but skip certificate generation
let cert = generate_simple_self_signed(vec!["localhost".into()])?;
let key_pem = cert.serialize_private_key_pem();
let CertifiedKey { cert: _, key_pair } = generate_simple_self_signed(vec!["localhost".into()])?;
let key_pem = key_pair.serialize_pem();

// Only write the key file, omit the certificate
let missing_cert_path = temp_dir.path().join("missing_server.crt");
Expand Down Expand Up @@ -76,8 +76,8 @@ async fn test_tls_missing_key() -> Result<()> {
let temp_dir = tempdir().unwrap();

// Generate certificate but skip private key generation
let cert = generate_simple_self_signed(vec!["localhost".into()])?;
let cert_pem = cert.serialize_pem()?;
let CertifiedKey { cert, key_pair: _ } = generate_simple_self_signed(vec!["localhost".into()])?;
let cert_pem = cert.pem();

// Only write the certificate file, omit the private key
let cert_path = temp_dir.path().join("server.crt");
Expand Down Expand Up @@ -107,14 +107,14 @@ async fn test_mtls_self_signed_cert() -> Result<()> {
let temp_dir = tempdir().unwrap();

// Generate self-signed certificate
let cert = generate_simple_self_signed(vec!["localhost".into()])?;
let cert_pem = cert.serialize_pem()?;
let key_pem = cert.serialize_private_key_pem();
let CertifiedKey { cert, key_pair } = generate_simple_self_signed(vec!["localhost".into()])?;
let cert_pem = cert.pem();
let key_pem = key_pair.serialize_pem();

// Generate CA
let ca_params = CertificateParams::default();
let ca_cert = Certificate::from_params(ca_params)?;
let ca_cert_pem = ca_cert.serialize_pem()?;
let ca_cert = ca_params.self_signed(&key_pair)?;
let ca_cert_pem = ca_cert.pem();

// Cert file paths
let cert_path = temp_dir.path().join("server.crt");
Expand Down Expand Up @@ -150,9 +150,9 @@ async fn test_mtls_invalid_ca_cert() -> Result<()> {
let temp_dir = tempdir().unwrap();

// Generate server cert and key
let cert = generate_simple_self_signed(vec!["localhost".into()])?;
let cert_pem = cert.serialize_pem()?;
let key_pem = cert.serialize_private_key_pem();
let CertifiedKey { cert, key_pair } = generate_simple_self_signed(vec!["localhost".into()])?;
let cert_pem = cert.pem();
let key_pem = key_pair.serialize_pem();

// Write valid server cert and key
let cert_path = temp_dir.path().join("server.crt");
Expand Down Expand Up @@ -186,9 +186,9 @@ async fn test_mtls_missing_ca_cert() -> Result<()> {
let temp_dir = tempdir().unwrap();

// Generate server cert and key
let cert = generate_simple_self_signed(vec!["localhost".into()])?;
let cert_pem = cert.serialize_pem()?;
let key_pem = cert.serialize_private_key_pem();
let CertifiedKey { cert, key_pair } = generate_simple_self_signed(vec!["localhost".into()])?;
let cert_pem = cert.pem();
let key_pem = key_pair.serialize_pem();

// Write valid server cert and key
let cert_path = temp_dir.path().join("server.crt");
Expand Down

0 comments on commit f771b1c

Please sign in to comment.