-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: use local ca to generate device certificates #2619
Conversation
Signed-off-by: Reuben Miller <reuben.d.miller@gmail.com>
Signed-off-by: Reuben Miller <reuben.d.miller@gmail.com>
Local CA is provided via environment variables which have the cert as base64 encoded, CA_PUB and CA_KEY. Signed-off-by: Reuben Miller <reuben.d.miller@gmail.com>
Only remove self signed device certificates Signed-off-by: Reuben Miller <reuben.d.miller@gmail.com>
Inject local ca via environment variables so that each container can create their own leaf certificate. This avoid maintaining multiple trusted certificates in the cloud Signed-off-by: Reuben Miller <reuben.d.miller@gmail.com>
Robot Results
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I only have comments related to the documentation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved. This is working as expected on a dev laptop.
Signed-off-by: Reuben Miller <reuben.d.miller@gmail.com>
… shell to bash Signed-off-by: Reuben Miller <reuben.d.miller@gmail.com>
bb43d2f
to
01afbd0
Compare
Some tests will need to be updated as they are failing due to switching to a CA signed certificate...will update the tests shortly |
…thod Signed-off-by: Reuben Miller <reuben.d.miller@gmail.com>
… name is not accepted Some tests use older versions of the agent, so the bootstrap script needs to support both the new and older key names to get the certificate paths Signed-off-by: Reuben Miller <reuben.d.miller@gmail.com>
…elf signed certificates when needed Signed-off-by: Reuben Miller <reuben.d.miller@gmail.com>
…d object does not exist in c8y The warning log entries cause too much noise in the system test log output and give the impression that something is wrong Signed-off-by: Reuben Miller <reuben.d.miller@gmail.com>
Signed-off-by: Reuben Miller <reuben.d.miller@gmail.com>
Proposed changes
Use a local CA to generate the device certificates used in each test. This should improve overall performance, and avoid creating large amounts of device certificates in Cumulocity IoT
CA_KEY
andCA_PUB
are present, which are base64 encoded values), otherwise continue using self signed certificateTypes of changes
Paste Link to the issue
Checklist
cargo fmt
as mentioned in CODING_GUIDELINEScargo clippy
as mentioned in CODING_GUIDELINESFurther comments