Trying to fix tests

Author: Matthew Mark Miller

Makefile

@@ -30,6 +30,7 @@ clean:
 	rm -rf vendor-ansible/out
 	rm -rf vendor-cfssl/out
 	rm -rf vendor-provision/out
+	rm -rf integration/vendor
 
 test: vendor
 	go test ./cmd/... ./pkg/... $(TEST_OPTS)

integration/aws/client.go

@@ -6,7 +6,7 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/apprenda/kismatic/pkg/retry"
+	"github.com/apprenda/kismatic/integration/retry"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/session"

integration/glide.lock

@@ -12,7 +12,7 @@ import (
 	"path/filepath"
 	"time"
 
-	"github.com/apprenda/kismatic/pkg/retry"
+	"github.com/apprenda/kismatic/integration/retry"
 	homedir "github.com/mitchellh/go-homedir"
 	. "github.com/onsi/ginkgo"
 )

integration/install.go

@@ -12,8 +12,8 @@ import (
 	"strings"
 	"time"
 
-	"github.com/apprenda/kismatic/pkg/retry"
-	"github.com/apprenda/kismatic/pkg/tls"
+	"github.com/apprenda/kismatic/integration/retry"
+	"github.com/apprenda/kismatic/integration/tls"
 	"github.com/cloudflare/cfssl/csr"
 	. "github.com/onsi/ginkgo"
 )

integration/prepare.go

@@ -9,7 +9,8 @@ import (
 
 	"github.com/apprenda/kismatic/integration/aws"
 	"github.com/apprenda/kismatic/integration/packet"
-	"github.com/apprenda/kismatic/pkg/retry"
+	"github.com/apprenda/kismatic/integration/retry"
+
 	homedir "github.com/mitchellh/go-homedir"
 )
 

integration/provision.go

@@ -0,0 +1,21 @@
+package retry
+
+import "time"
+
+// WithBackoff will retry a function specified number of times
+func WithBackoff(fn func() error, retries uint) error {
+	var attempts uint
+	var err error
+	for {
+		err = fn()
+		if err == nil {
+			break
+		}
+		if attempts == retries {
+			break
+		}
+		time.Sleep((1 << attempts) * time.Second)
+		attempts++
+	}
+	return err
+}

integration/retry/retry.go

@@ -0,0 +1,77 @@
+package tls
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/cloudflare/cfssl/csr"
+	"github.com/cloudflare/cfssl/initca"
+	"github.com/cloudflare/cfssl/log"
+)
+
+func init() {
+	log.Level = log.LevelError
+}
+
+// The Subject contains the fields of the X.509 Subject
+type Subject struct {
+	Country            string
+	State              string
+	Locality           string
+	Organization       string
+	OrganizationalUnit string
+}
+
+// NewCACert creates a new Certificate Authority and returns it's private key and public certificate.
+func NewCACert(csrFile string, commonName string, subject Subject) (key, cert []byte, err error) {
+	// Open CSR file
+	f, err := os.Open(csrFile)
+	if os.IsNotExist(err) {
+		return nil, nil, fmt.Errorf("%q does not exist", csrFile)
+	}
+	if err != nil {
+		return nil, nil, fmt.Errorf("error opening %q", csrFile)
+	}
+	// Create CSR struct
+	caCSR := &csr.CertificateRequest{
+		KeyRequest: csr.NewBasicKeyRequest(),
+	}
+	err = json.NewDecoder(f).Decode(caCSR)
+	if err != nil {
+		return nil, nil, fmt.Errorf("error decoding CSR: %v", err)
+	}
+	// Set the subject information
+	name := csr.Name{
+		C:  subject.Country,
+		ST: subject.State,
+		L:  subject.Locality,
+		O:  subject.Organization,
+		OU: subject.OrganizationalUnit,
+	}
+	caCSR.Names = []csr.Name{name}
+	caCSR.CN = commonName
+	// Generate CA Cert according to CSR
+	cert, _, key, err = initca.New(caCSR)
+	if err != nil {
+		return nil, nil, fmt.Errorf("error creating CA cert: %v", err)
+	}
+	return key, cert, nil
+}
+
+// ReadCACert read CA file
+func ReadCACert(name, dir string) (key, cert []byte, err error) {
+	dest := filepath.Join(dir, keyName(name))
+	key, errKey := ioutil.ReadFile(dest)
+	if errKey != nil {
+		return nil, nil, fmt.Errorf("error reading private key: %v", errKey)
+	}
+	dest = filepath.Join(dir, certName(name))
+	cert, errCert := ioutil.ReadFile(dest)
+	if errCert != nil {
+		return nil, nil, fmt.Errorf("error reading certificate: %v", errKey)
+	}
+	return key, cert, nil
+}

integration/tls/ca.go

@@ -0,0 +1,63 @@
+package tls
+
+import (
+	"reflect"
+	"testing"
+	"time"
+
+	"github.com/cloudflare/cfssl/helpers"
+)
+
+func TestNewCACert(t *testing.T) {
+	subject := Subject{
+		Organization:       "someOrg",
+		OrganizationalUnit: "someOrgUnit",
+	}
+	_, cert, err := NewCACert("test/ca-csr.json", "someCommonName", subject)
+	if err != nil {
+		t.Fatalf("error creating CA cert: %v", err)
+	}
+
+	parsedCert, err := helpers.ParseCertificatePEM(cert)
+	if err != nil {
+		t.Fatalf("error parsing certificate: %v", err)
+	}
+
+	if !parsedCert.IsCA {
+		t.Errorf("Genereated CA cert is not CA")
+	}
+
+	expectedCN := "someCommonName"
+	if parsedCert.Subject.CommonName != expectedCN {
+		t.Errorf("CN mismatch: expected %q, found %q", expectedCN, parsedCert.Subject.CommonName)
+	}
+
+	if parsedCert.Subject.Organization[0] != subject.Organization {
+		t.Errorf("Organization mismatch: expected %q, found %q", subject.Organization, parsedCert.Subject.Organization[0])
+	}
+
+	if parsedCert.Subject.OrganizationalUnit[0] != subject.OrganizationalUnit {
+		t.Errorf("OrganizationalUnit mismatch: expected %q, found %q", subject.OrganizationalUnit, parsedCert.Subject.OrganizationalUnit[0])
+	}
+
+	if !reflect.DeepEqual(parsedCert.Issuer, parsedCert.Subject) {
+		t.Errorf("cert issuer is not equal to the CA's subject")
+	}
+
+	// You might be tempted to test for this, but it seems like the AuthKeyID doesn't have to be set
+	// for self-signed certificates. https://go.googlesource.com/go/+/b623b71509b2d24df915d5bc68602e1c6edf38ca
+	// if !bytes.Equal(parsedCert.AuthorityKeyId, parsedCert.SubjectKeyId) {
+	// 	t.Errorf("certificate auth key ID %q is not the subject key ID of the CA %q", string(parsedCert.AuthorityKeyId), string(parsedCert.SubjectKeyId))
+	// }
+
+	// Verify expiration
+	now := time.Now().UTC()
+	d, err := time.ParseDuration("8760h")
+	if err != nil {
+		t.Fatalf("error parsing duration: %v", err)
+	}
+	expectedExpiration := now.Add(d)
+	if expectedExpiration.Year() != parsedCert.NotAfter.Year() || expectedExpiration.YearDay() != parsedCert.NotAfter.YearDay() {
+		t.Errorf("expected expiration date %q, got %q", expectedExpiration, parsedCert.NotAfter)
+	}
+}