fix(deps): update module github.com/letsencrypt/pebble/v2 to v2.7.0 (#…

…394) * fix(deps): update module github.com/letsencrypt/pebble/v2 to v2.7.0 * fix: Use Pebble profiles from upstream * style: Format imports --------- Co-authored-by: Marc Vornetran <[email protected]>
gardener · Jan 24, 2025 · e7f4cbd · e7f4cbd
1 parent 766c21d
commit e7f4cbd
Showing 8 changed files with 42 additions and 26 deletions.
diff --git a/go.mod b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/gardener/gardener v1.111.0
 	github.com/go-acme/lego/v4 v4.21.0
 	github.com/go-logr/logr v1.4.2
-	github.com/letsencrypt/pebble/v2 v2.6.0
+	github.com/letsencrypt/pebble/v2 v2.7.0
 	github.com/miekg/dns v1.1.62
 	github.com/onsi/ginkgo/v2 v2.22.1
 	github.com/onsi/gomega v1.36.2

diff --git a/go.sum b/go.sum
@@ -272,8 +272,8 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/letsencrypt/challtestsrv v1.3.2 h1:pIDLBCLXR3B1DLmOmkkqg29qVa7DDozBnsOpL9PxmAY=
 github.com/letsencrypt/challtestsrv v1.3.2/go.mod h1:Ur4e4FvELUXLGhkMztHOsPIsvGxD/kzSJninOrkM+zc=
-github.com/letsencrypt/pebble/v2 v2.6.0 h1:7xetaJ4YaesUnWWeRGSs3UHOwyfX4I4sfOfDrkvnhNw=
-github.com/letsencrypt/pebble/v2 v2.6.0/go.mod h1:SID2E75Cx6sQ9AXFkdzhLdQ6S1zhRUbw08Cgu7GJLSk=
+github.com/letsencrypt/pebble/v2 v2.7.0 h1:3fqfs8+5lUooQSqZtXtYB4Jd+TPsQXBPaS8TBXOSzpY=
+github.com/letsencrypt/pebble/v2 v2.7.0/go.mod h1:BEYL/3lMsnIkKhJhieHZi3psEGt6hJV9T45058rTjGc=
 github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=

diff --git a/pkg/cert/utils/dns_utils_test.go b/pkg/cert/utils/dns_utils_test.go
@@ -5,9 +5,10 @@
 package utils_test
 
 import (
-	"github.com/gardener/cert-management/pkg/cert/utils"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+
+	"github.com/gardener/cert-management/pkg/cert/utils"
 )
 
 var _ = Describe("DnsUtils", func() {

diff --git a/pkg/cert/utils/domainrange_test.go b/pkg/cert/utils/domainrange_test.go
@@ -7,9 +7,10 @@
 package utils_test
 
 import (
-	"github.com/gardener/cert-management/pkg/cert/utils"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+
+	"github.com/gardener/cert-management/pkg/cert/utils"
 )
 
 var _ = Describe("DomainRange", func() {

diff --git a/pkg/cert/utils/issuerkey_test.go b/pkg/cert/utils/issuerkey_test.go
@@ -5,9 +5,10 @@
 package utils_test
 
 import (
-	"github.com/gardener/cert-management/pkg/cert/utils"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+
+	"github.com/gardener/cert-management/pkg/cert/utils"
 )
 
 var _ = Describe("IssuerKey", func() {
@@ -61,7 +62,7 @@ var _ = Describe("IssuerKey", func() {
 			It("should be true for default cluster", func() {
 				Expect(defaultClusterIssuerKey.Secondary()).To(BeTrue())
 			})
-			
+
 			It("should be false for non default cluster", func() {
 				Expect(targetClusterIssuerKey.Secondary()).To(BeFalse())
 				Expect(randomClusterIssuerKey.Secondary()).To(BeFalse())
@@ -72,11 +73,11 @@ var _ = Describe("IssuerKey", func() {
 			It("should return 'default' for default cluster", func() {
 				Expect(defaultClusterIssuerKey.ClusterName()).To(Equal("default"))
 			})
-			
+
 			It("should return 'target' for target cluster", func() {
 				Expect(targetClusterIssuerKey.ClusterName()).To(Equal("target"))
 			})
-			
+
 			It("should return '' for other clusters", func() {
 				Expect(randomClusterIssuerKey.ClusterName()).To(Equal(""))
 			})

diff --git a/pkg/cert/utils/utils_certificate_test.go b/pkg/cert/utils/utils_certificate_test.go
@@ -13,10 +13,11 @@ import (
 	"net"
 	"strings"
 
-	api "github.com/gardener/cert-management/pkg/apis/cert/v1alpha1"
-	"github.com/gardener/cert-management/pkg/cert/utils"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+
+	api "github.com/gardener/cert-management/pkg/apis/cert/v1alpha1"
+	"github.com/gardener/cert-management/pkg/cert/utils"
 )
 
 var _ = Describe("UtilsCertificate", func() {

diff --git a/pkg/cert/utils/utils_mod_test.go b/pkg/cert/utils/utils_mod_test.go
@@ -5,12 +5,12 @@
 package utils_test
 
 import (
+	"github.com/gardener/controller-manager-library/pkg/resources/abstract"
+	libUtils "github.com/gardener/controller-manager-library/pkg/utils"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 
 	"github.com/gardener/cert-management/pkg/cert/utils"
-	"github.com/gardener/controller-manager-library/pkg/resources/abstract"
-	libUtils "github.com/gardener/controller-manager-library/pkg/utils"
 )
 
 var _ = Describe("UtilsMod", func() {

diff --git a/test/utils/pebble.go b/test/utils/pebble.go
@@ -23,18 +23,30 @@ import (
 
 // The default values for the Pebble config have been taken from: https://github.com/letsencrypt/pebble/blob/main/test/config/pebble-config.json
 const (
-	listenAddress             = "localhost:14000"
-	ocspResponderURL          = ""
-	alternateRoots            = 0
-	chainLength               = 1
-	certificateValidityPeriod = 0
-	httpPort                  = 5002
-	tlsPort                   = 5001
-	strict                    = true
-	customResolverAddr        = ""
-	requireEAB                = false
-	retryAfterAuthz           = 3
-	retryAfterOrder           = 5
+	listenAddress      = "localhost:14000"
+	ocspResponderURL   = ""
+	alternateRoots     = 0
+	chainLength        = 1
+	httpPort           = 5002
+	tlsPort            = 5001
+	strict             = true
+	customResolverAddr = ""
+	requireEAB         = false
+	retryAfterAuthz    = 3
+	retryAfterOrder    = 5
+)
+
+var (
+	profiles = map[string]ca.Profile{
+		"default": {
+			Description:    "The profile you know and love",
+			ValidityPeriod: 7776000,
+		},
+		"shortlived": {
+			Description:    "A short-lived cert profile, without actual enforcement",
+			ValidityPeriod: 518400,
+		},
+	}
 )
 
 // RunPebble runs a pebble server with the given configuration.
@@ -57,7 +69,7 @@ func RunPebble(logr logr.Logger) (server *http.Server, certificatePath, director
 	log := NewLogBridge(logr)
 
 	database := db.NewMemoryStore()
-	certificateAuthority := ca.New(log, database, ocspResponderURL, alternateRoots, chainLength, certificateValidityPeriod)
+	certificateAuthority := ca.New(log, database, ocspResponderURL, alternateRoots, chainLength, profiles)
 	validationAuthority := va.New(log, httpPort, tlsPort, strict, customResolverAddr, database)
 
 	wfeImpl := wfe.New(log, database, validationAuthority, certificateAuthority, strict, requireEAB, retryAfterAuthz, retryAfterOrder)