Skip to content

Commit 8177dc0

Browse files
aepfliaepfli
authoredDec 17, 2024··
feat: add certificates for ssl test and an ssl test image (#168)
Signed-off-by: Simon Schrottner <simon.schrottner@dynatrace.com>
·
v2.7.2v0.5.19
1 parent e908fb7 commit 8177dc0

File tree

8 files changed

+153
-17
lines changed

8 files changed

+153
-17
lines changed
 

‎.github/workflows/ci.yml

+11-1
Original file line numberDiff line numberDiff line change
@@ -35,11 +35,21 @@ jobs:
3535
with:
3636
context: .
3737
file: flagd/Dockerfile
38+
target: testbed
3839
push: false
3940

4041
- name: Build flagd-testbed-unstable Docker image
4142
uses: docker/build-push-action@v6
4243
with:
4344
context: .
44-
file: flagd/Dockerfile.unstable
45+
file: flagd/Dockerfile
46+
target: unstable
47+
push: false
48+
49+
- name: Build flagd-testbed-ssl Docker image
50+
uses: docker/build-push-action@v6
51+
with:
52+
context: .
53+
file: flagd/Dockerfile
54+
target: ssl
4555
push: false

‎.github/workflows/release-please.yml

+14-2
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,7 @@ jobs:
5757
with:
5858
context: .
5959
file: flagd/Dockerfile
60+
target: testbed
6061
push: true
6162
tags: |
6263
${{ env.REGISTRY }}/open-feature/${{ env.FLAGD_IMAGE_NAME }}:${{ needs.release-please.outputs.release_tag_name }}
@@ -68,12 +69,23 @@ jobs:
6869
uses: docker/build-push-action@v6
6970
with:
7071
context: .
71-
file: flagd/Dockerfile.unstable
72+
file: flagd/Dockerfile
73+
target: unstable
7274
push: true
7375
tags: |
7476
${{ env.REGISTRY }}/open-feature/${{ env.FLAGD_IMAGE_NAME }}-unstable:${{ needs.release-please.outputs.release_tag_name }}
7577
${{ env.REGISTRY }}/open-feature/${{ env.FLAGD_IMAGE_NAME }}-unstable:latest
7678
${{ env.REGISTRY }}/open-feature/${{ env.SYNC_IMAGE_NAME }}:${{ needs.release-please.outputs.release_tag_name }}
7779
${{ env.REGISTRY }}/open-feature/${{ env.SYNC_IMAGE_NAME }}:latest
7880
79-
81+
- name: Build and push flagd-testbed-ssl Docker image
82+
uses: docker/build-push-action@v6
83+
with:
84+
context: .
85+
file: flagd/Dockerfile
86+
target: ssl
87+
push: true
88+
tags: |
89+
${{ env.REGISTRY }}/open-feature/${{ env.FLAGD_IMAGE_NAME }}-ssl:${{ needs.release-please.outputs.release_tag_name }}
90+
${{ env.REGISTRY }}/open-feature/${{ env.FLAGD_IMAGE_NAME }}-ssl:latest
91+

‎README.md

+7-1
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,12 @@ The _flagd-testbed_ container is a docker image built on flagd, which essentiall
1010

1111
See the [flagd docs](https://flagd.dev/) for more information on flagd.
1212

13+
### SSL
14+
15+
The _flagd-testbed-ssl_ container is based on _flagd-testbed_ but replaces all the certificates for SSL testing with a custom root CA.
16+
Within the SSL folder you will find all the necessary OpenSSL files, and the commands used for generation.
17+
Please do not use this CA in any kind of production environment.
18+
1319
## Gherkin test suite
1420

1521
The [gherkin/](gherkin/) dir includes a set of [_gherkin_](https://cucumber.io/docs/gherkin/) tests that define expected behavior associated with the configurations defined in the flagd-testbed (see [flags/](flags/)).
@@ -31,4 +37,4 @@ Included suites:
3137
The Gherkin files structure can be linted using [gherkin-lint](https://github.com/vsiakka/gherkin-lint). The following commands require Node.js 10 or later.
3238

3339
1. npm install
34-
1. npm run gherkin-lint
40+
1. npm run gherkin-lint

‎flagd/Dockerfile

+29-1
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# we NEED flagd v0.6.4 as a minimum
22
FROM ghcr.io/open-feature/flagd:v0.11.4 AS flagd
33

4-
FROM busybox:1.37
4+
FROM busybox:1.37 AS testbed
55

66
COPY --from=flagd /flagd-build /flagd
77
COPY flags/* .
@@ -15,3 +15,31 @@ ENTRYPOINT ["sh", "change-flag-wrapper.sh", "./flagd", "start", \
1515
"-f", "file:evaluator-refs.json", \
1616
"-f", "file:edge-case-flags.json", \
1717
"-f", "file:zero-flags.json"]
18+
19+
FROM testbed AS unstable
20+
21+
ENTRYPOINT ["sh", "restart-wrapper.sh", "./flagd", "start", \
22+
"-f", "file:testing-flags.json"]
23+
24+
FROM alpine/openssl AS certs
25+
26+
# Copy the server and CA certificates
27+
COPY ssl/* ./
28+
29+
RUN openssl genpkey -algorithm RSA -out server-key.pem -pkeyopt rsa_keygen_bits:2048
30+
RUN openssl req -new -key server-key.pem -out server.csr -subj "/CN=localhost" \
31+
&& openssl x509 -req -in server.csr -CA custom-root-cert.crt -CAkey custom-ca.key -CAcreateserial -out server-cert.pem -days 365 -sha256
32+
33+
FROM testbed AS ssl
34+
35+
# Copy the custom root CA certificate into the image
36+
37+
COPY --from=certs server-cert.pem /etc/ssl/certs/
38+
COPY --from=certs server-key.pem /etc/ssl/private/
39+
COPY --from=certs custom-root-cert.crt /etc/ssl/certs/
40+
41+
42+
ENTRYPOINT ["./flagd", "start",\
43+
"-f", "file:testing-flags.json", \
44+
"-c", "/etc/ssl/certs/server-cert.pem", \
45+
"-k", "/etc/ssl/private/server-key.pem"]

‎flagd/Dockerfile.unstable

-12
This file was deleted.

‎ssl/README.md

+10
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
commands used to generate the cert
2+
3+
```shell
4+
# generating custom ca
5+
openssl genpkey -algorithm RSA -out custom-ca.key -pkeyopt rsa_keygen_bits:4096
6+
7+
# generating root cert
8+
openssl req -x509 -new -key custom-ca.key -out custom-root-cert.crt -days 3650 -sha256 -subj "/CN=Flagd testbed ROOT CA"
9+
10+
```

‎ssl/custom-ca.key

+52
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
-----BEGIN PRIVATE KEY-----
2+
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDQYbJXuYOPP1/m
3+
4+Zewb71MX0rqQmBWx03/p2InTkgA80py1OhrdAb67BFcYueq3zmWAgvZHbyS8aj
4+
NJqhLsFA7peuqffB1k2iprjkjJjMcCUOGXGnWdDG+8/lmFnUIEdz65eKixvZc5Vd
5+
QWy0vFjhIpu2ueP2x9wVstNdVWR3FOdZ30xkCu26X1mBen1zLtfyoVp/Vq0PaSLa
6+
mqft/kLq8nruCDvLFctuArP/cq/1nC1UekUwuacOvCuSJfRmOPd3OKj3558RIPiK
7+
fdcEjoMxG827716MkWJRpaO+nN0repg2bi8usLP2xUIg7szuGijNcEWhFM75zThl
8+
XCgMEZYnDPGNnI6HeZG+Do2UPu/g+sAJQt+VTo707l2auL9ubvVJejOj5LJqtMyr
9+
qvX0XIFDEEt14kyK8fVSvIuW3tMZXsSSZA+Gzuvl5Tgc2UgEfbB8ERO1MRyBZHMR
10+
/TDbe66x/x3lleVrqmrbSRBWpgNtDET5T9sJ1FZTjhf3qKOs6v22ppMfs9pSTjL6
11+
QhdoUKjSYEK0Ci710EKRDSFBWkLMlSdDCEHHWZzKT8NFhb5BfJ0S3n4qfK2kHIrb
12+
2/HL5YeTCPzbFcsSHfGpu9CZRrLYRE7qc8pUcbzo2CSMNVRiO57cMpvlj/uSmROl
13+
wupykvaJCutqCSu3vGfXSC2hdF7wWwIDAQABAoICAAEjHaDzJ7dzXq6Vu2X0k7SO
14+
PDQNbOLd4apBS+lrUz4TldEJ6ftAumIWWFJFDKM/Vho39A7Sz2EJC5zKeF7fPY+b
15+
GhMvotMtazpvKzHE6Tv/67XfWq/ORpumeKahPrGEKg90362L0uw48ckRLlwhRtlf
16+
oERlNqUwOMKqg/+OhS8gRJV5M0VlJu+f8UeopXdfk7cTVAPI+PoRSXI3TBMOaikM
17+
My2qh5vXEu/wMkS9D8OmLRhxgapye1mDlyRRhBlDuWjVemYsskx9jhpt6JDJXrdH
18+
b4nvZWnIVa5dJMPYFostKSH4LOAR8ssXTMsI3IGjreTeR3My+0OKry/tM+9NVLXS
19+
nYOht33JBKr3Sk4pv4CC2voB/vUpkR69Z59CNPSYrb1JetJ6NMgqaTMsv05i/SJu
20+
j8HNkiXkojcs+LyVfM/MBE5qL1bPJ3xYVX5TUd+o45vcerVoS0EHpWDnBnmdK+VF
21+
H73HscrCHL4Bp/YOS58lNuSKUNGkQ2fyak/U66RJYHKWa0HSSBZWX5fi4IEpagEb
22+
3h4sRbqqw1GSKVszrP5nnM1towu6du6343s+DzhT6PSHmWN7MVTrpfdoSUFnBySr
23+
CEiIs3Z90emAoSpLTFZ0xEcqIEvJw7+zn3M7wuJMjqFelTSuBYGU8vD8B/pV64Wp
24+
Xy5qN5EBfOG37YATDkdxAoIBAQDrP6lQJvcNEi6lG/EvVWQ9I5YXqxEQEuAJz52x
25+
42v64C4nNJrkn0K//hUc/Ei76QhD3n6JBCQrfRysTP2FuuSn90iFNTQfI6yuvMXe
26+
EZDrT0pIH9OM7mM78WtAUkjLppVqKHgGwGjnrgMeqdB53mVlECCG3R5dq6tmteuI
27+
excS18nOvEcKk0Bwyv1DI+iMzW4S2co92DPA5oEwu9YeWwPaJaOLaVHboX9s1JOI
28+
ZMWpmFyjrTIbyla5fcKwc9wqhv2nSMyZKCv0fkQUtPmnbfYDQUNp03gAwN9kT+nb
29+
FIRX9b6rvqmW11/lqR4umYgE3/pMOMU23UqM43zAybxxskGlAoIBAQDiw1Q0WdvF
30+
HQu8b4cLHRCy/wvaAEJXhokXc7oVCkc7aYpZyTo04pQViQJATqnJBZJXwI15ypHx
31+
SPXcjYJkEuIMrW4tqE2j3VlTdvQb7JONuHSJAumfNm4iwnWTU/C38Hk2kM40konH
32+
Wo9XQX2wcZgZCRQCrX3aKfQjOqyT5VMiswHSzdAcqsiGOECGDk8c+gFFNfH2obS2
33+
+VoF5pvEZnLtTHruN7AVoxncRAjUWrFFTB8QQOAUFnNEBt66oQZXpq8K6OaV+OIE
34+
oRhEfCEAvpTPc2YJ0ytHsPY0Tm5K7OZ/kEmLgh9efNwUzmO1sgBfrCigKHVSPPhd
35+
J4+Iw88oIcn/AoIBACP1zUnlSuqClwLCLLIRmYsG/5CKo8cTO5AEXpSssPrefe+c
36+
SPkdpzR2AIA3yF6BFrRZNHp5WZYUP+fOtQpWMVHDqSBDq73+1Ay56n0xrjdqHW68
37+
/reSUTT+iGiCq4IF6t0ZZo+RpfeUUAHF74pRhqpWNsKm1ld3QHIo6OIp/rLwrXae
38+
rTVeoQEc5m329Ttgw6y6AgJGJFMeaS0r6WUmgIY+LqvG465xF2tpa0v0K4rrMW4L
39+
sZcx7OPZ54LVkxglHm0N4cifrWhoTLvlliwT0QFaXpW0r6ld0kghNxw4HKrdc9IJ
40+
CR93uL8AhQ6WhYZJPpecLflfBmBW/eDydY3js8kCggEBAIe6eJ05J9VM9GherQsW
41+
45bwF+zteMggy8/QwhGz7D0AiAID8yYSdKaLMmDBdNjQz+5cX5IFkONGU3sm7GPv
42+
9YO3DxqfAZHSfJP7wFMygIM0Y/RaXPGiR7vgfzWm6Y9/jV3+wJ4xE+zSJLgKiCvj
43+
YjGiAGs14v2BXRL1HLUNb3x2fuHptOZjxtCnvN9Ak1P5xGbjyidgVOWsTJj5lkSx
44+
OZsVywLpLClXTbRMuKg6fJ7I2FMHMdh0M5wFLK2ykjRGncE+9D3SEZ7JudfMIIjs
45+
ie+919aLof0wS721MEkCkVjLSWoKgbIxtB10B7SKjbS2PD7Y2JhXzCUd98jZwxX3
46+
W4sCggEBAI1V8FkHNPaw89Cd2rhpxLk+k6pQr8K6pqUJGxIJPXQdhE0dNkUb5UDi
47+
8ZxQk34wnjrV68XAxcF1Ee1dtqSPiz9YQu3TAglXbktpLcNM33RWRJ0l66NYTLtI
48+
1cTpZK7NPKy3MAtAN5yo3Ar24kBrPOaY4xD7rXxJb4Q/3+cOyN97T8CjoWefS4L5
49+
RcoXlrgbf2O4i8xds7mDZjzyB5Si8S9E4z7iUwXFAg3EAuYR6ln8zftggz8RT7kI
50+
yiWq6gc9AvsB27BE3h1ncsS2lMwfuT9C7bSHO8RSsn3LTZ2lbiBWF3OBaDoC2e71
51+
adBbftlaZFzSZgw976uIBJEyeHw2sgs=
52+
-----END PRIVATE KEY-----

‎ssl/custom-root-cert.crt

+30
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIFITCCAwmgAwIBAgIUWs226ZOg6QZpwL7sdah6owpAnEYwDQYJKoZIhvcNAQEL
3+
BQAwIDEeMBwGA1UEAwwVRmxhZ2QgdGVzdGJlZCBST09UIENBMB4XDTI0MTIxNjE4
4+
NDQyNFoXDTM0MTIxNDE4NDQyNFowIDEeMBwGA1UEAwwVRmxhZ2QgdGVzdGJlZCBS
5+
T09UIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0GGyV7mDjz9f
6+
5uPmXsG+9TF9K6kJgVsdN/6diJ05IAPNKctToa3QG+uwRXGLnqt85lgIL2R28kvG
7+
ozSaoS7BQO6Xrqn3wdZNoqa45IyYzHAlDhlxp1nQxvvP5ZhZ1CBHc+uXiosb2XOV
8+
XUFstLxY4SKbtrnj9sfcFbLTXVVkdxTnWd9MZArtul9ZgXp9cy7X8qFaf1atD2ki
9+
2pqn7f5C6vJ67gg7yxXLbgKz/3Kv9ZwtVHpFMLmnDrwrkiX0Zjj3dzio9+efESD4
10+
in3XBI6DMRvNu+9ejJFiUaWjvpzdK3qYNm4vLrCz9sVCIO7M7hoozXBFoRTO+c04
11+
ZVwoDBGWJwzxjZyOh3mRvg6NlD7v4PrACULflU6O9O5dmri/bm71SXozo+SyarTM
12+
q6r19FyBQxBLdeJMivH1UryLlt7TGV7EkmQPhs7r5eU4HNlIBH2wfBETtTEcgWRz
13+
Ef0w23uusf8d5ZXla6pq20kQVqYDbQxE+U/bCdRWU44X96ijrOr9tqaTH7PaUk4y
14+
+kIXaFCo0mBCtAou9dBCkQ0hQVpCzJUnQwhBx1mcyk/DRYW+QXydEt5+KnytpByK
15+
29vxy+WHkwj82xXLEh3xqbvQmUay2ERO6nPKVHG86NgkjDVUYjue3DKb5Y/7kpkT
16+
pcLqcpL2iQrragkrt7xn10gtoXRe8FsCAwEAAaNTMFEwHQYDVR0OBBYEFAwmtinE
17+
4a67ad+n3658+WbvBlvYMB8GA1UdIwQYMBaAFAwmtinE4a67ad+n3658+WbvBlvY
18+
MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAJdjkDxlygrbnRrP
19+
zFk6lXxlo5nNdvMt4GdQm9mS4BRVApGrVgcDh3kvE/uMhYd0pI2Zx0PNzo55L4Ml
20+
ujMX61d/U1NL/n6K+3UnmeSCIQw1z4GtRzA9ex0Gx1RPRXZEJuCtDvhMDxQA5gCK
21+
DDOim4a67lTRsSz9WGFyz9IGSzuPF+vR9ZRA8EJACKh3SQu9nqyn3+Kw3w28878p
22+
sADYVzCI0BRP+iT18oYel7p+rStQa4O1UBbMdjX85BWB22YYMW8imWrvF7jFjiU0
23+
w7/MD4+Dz2Vq/qsDbC9RQmMxdri329GArP/VS7bNT3lyxBQl2mQaPi43PQ7gc2EK
24+
AiNn1OM2wl6GVMyTm2Tvl8p70SC3WT9AP59j1hzSp1hDz0G3rgzF4xlNEf6BeYXA
25+
dJHJ9S9JuqXHIAyWdC89tY+VWsRPqwAyhaP/fPeKaGV9IvVCziU1YqkyqQD/8plM
26+
AaxERQwmaCQrK9EVRpB/1ifimbEBPnjp3cHJsA7ikkanMxmtLkyLemb52K3ZglUr
27+
6m0HPjciXd/wEV4zUaZeeInN32qHJjt4fMJl4UvIv6m/sMTnxp4My2e/LOiqvp18
28+
9A9s6D5JP+pQuIJFywU3quNsIe1Q8eLigJlEWHlkSRFoWO3qvr0Da/8sTDLfEaOv
29+
1RjlE6tZkQ2t2JYMH9lSy4NVWNpH
30+
-----END CERTIFICATE-----

0 commit comments

Comments
 (0)
Please sign in to comment.