From e7f4cbde891263a3f856e08da4464be919ae296b Mon Sep 17 00:00:00 2001 From: Gardener Prow Robot Date: Fri, 24 Jan 2025 13:06:20 +0100 Subject: [PATCH] fix(deps): update module github.com/letsencrypt/pebble/v2 to v2.7.0 (#394) * fix(deps): update module github.com/letsencrypt/pebble/v2 to v2.7.0 * fix: Use Pebble profiles from upstream * style: Format imports --------- Co-authored-by: Marc Vornetran --- go.mod | 2 +- go.sum | 4 +-- pkg/cert/utils/dns_utils_test.go | 3 +- pkg/cert/utils/domainrange_test.go | 3 +- pkg/cert/utils/issuerkey_test.go | 9 +++--- pkg/cert/utils/utils_certificate_test.go | 5 ++-- pkg/cert/utils/utils_mod_test.go | 4 +-- test/utils/pebble.go | 38 ++++++++++++++++-------- 8 files changed, 42 insertions(+), 26 deletions(-) diff --git a/go.mod b/go.mod index 55afa5e95..759c394a4 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/gardener/gardener v1.111.0 github.com/go-acme/lego/v4 v4.21.0 github.com/go-logr/logr v1.4.2 - github.com/letsencrypt/pebble/v2 v2.6.0 + github.com/letsencrypt/pebble/v2 v2.7.0 github.com/miekg/dns v1.1.62 github.com/onsi/ginkgo/v2 v2.22.1 github.com/onsi/gomega v1.36.2 diff --git a/go.sum b/go.sum index 1800c011b..7a66e6dde 100644 --- a/go.sum +++ b/go.sum @@ -272,8 +272,8 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/letsencrypt/challtestsrv v1.3.2 h1:pIDLBCLXR3B1DLmOmkkqg29qVa7DDozBnsOpL9PxmAY= github.com/letsencrypt/challtestsrv v1.3.2/go.mod h1:Ur4e4FvELUXLGhkMztHOsPIsvGxD/kzSJninOrkM+zc= -github.com/letsencrypt/pebble/v2 v2.6.0 h1:7xetaJ4YaesUnWWeRGSs3UHOwyfX4I4sfOfDrkvnhNw= -github.com/letsencrypt/pebble/v2 v2.6.0/go.mod h1:SID2E75Cx6sQ9AXFkdzhLdQ6S1zhRUbw08Cgu7GJLSk= +github.com/letsencrypt/pebble/v2 v2.7.0 h1:3fqfs8+5lUooQSqZtXtYB4Jd+TPsQXBPaS8TBXOSzpY= +github.com/letsencrypt/pebble/v2 v2.7.0/go.mod h1:BEYL/3lMsnIkKhJhieHZi3psEGt6hJV9T45058rTjGc= github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= diff --git a/pkg/cert/utils/dns_utils_test.go b/pkg/cert/utils/dns_utils_test.go index 0f0bc6030..192820179 100644 --- a/pkg/cert/utils/dns_utils_test.go +++ b/pkg/cert/utils/dns_utils_test.go @@ -5,9 +5,10 @@ package utils_test import ( - "github.com/gardener/cert-management/pkg/cert/utils" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + + "github.com/gardener/cert-management/pkg/cert/utils" ) var _ = Describe("DnsUtils", func() { diff --git a/pkg/cert/utils/domainrange_test.go b/pkg/cert/utils/domainrange_test.go index 2859ee8bb..62f6b3b6f 100644 --- a/pkg/cert/utils/domainrange_test.go +++ b/pkg/cert/utils/domainrange_test.go @@ -7,9 +7,10 @@ package utils_test import ( - "github.com/gardener/cert-management/pkg/cert/utils" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + + "github.com/gardener/cert-management/pkg/cert/utils" ) var _ = Describe("DomainRange", func() { diff --git a/pkg/cert/utils/issuerkey_test.go b/pkg/cert/utils/issuerkey_test.go index f648907ee..fc0ad88be 100644 --- a/pkg/cert/utils/issuerkey_test.go +++ b/pkg/cert/utils/issuerkey_test.go @@ -5,9 +5,10 @@ package utils_test import ( - "github.com/gardener/cert-management/pkg/cert/utils" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + + "github.com/gardener/cert-management/pkg/cert/utils" ) var _ = Describe("IssuerKey", func() { @@ -61,7 +62,7 @@ var _ = Describe("IssuerKey", func() { It("should be true for default cluster", func() { Expect(defaultClusterIssuerKey.Secondary()).To(BeTrue()) }) - + It("should be false for non default cluster", func() { Expect(targetClusterIssuerKey.Secondary()).To(BeFalse()) Expect(randomClusterIssuerKey.Secondary()).To(BeFalse()) @@ -72,11 +73,11 @@ var _ = Describe("IssuerKey", func() { It("should return 'default' for default cluster", func() { Expect(defaultClusterIssuerKey.ClusterName()).To(Equal("default")) }) - + It("should return 'target' for target cluster", func() { Expect(targetClusterIssuerKey.ClusterName()).To(Equal("target")) }) - + It("should return '' for other clusters", func() { Expect(randomClusterIssuerKey.ClusterName()).To(Equal("")) }) diff --git a/pkg/cert/utils/utils_certificate_test.go b/pkg/cert/utils/utils_certificate_test.go index 85e6d5fbf..ed5faf1ee 100644 --- a/pkg/cert/utils/utils_certificate_test.go +++ b/pkg/cert/utils/utils_certificate_test.go @@ -13,10 +13,11 @@ import ( "net" "strings" - api "github.com/gardener/cert-management/pkg/apis/cert/v1alpha1" - "github.com/gardener/cert-management/pkg/cert/utils" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + + api "github.com/gardener/cert-management/pkg/apis/cert/v1alpha1" + "github.com/gardener/cert-management/pkg/cert/utils" ) var _ = Describe("UtilsCertificate", func() { diff --git a/pkg/cert/utils/utils_mod_test.go b/pkg/cert/utils/utils_mod_test.go index 50d14bae1..739566c4b 100644 --- a/pkg/cert/utils/utils_mod_test.go +++ b/pkg/cert/utils/utils_mod_test.go @@ -5,12 +5,12 @@ package utils_test import ( + "github.com/gardener/controller-manager-library/pkg/resources/abstract" + libUtils "github.com/gardener/controller-manager-library/pkg/utils" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "github.com/gardener/cert-management/pkg/cert/utils" - "github.com/gardener/controller-manager-library/pkg/resources/abstract" - libUtils "github.com/gardener/controller-manager-library/pkg/utils" ) var _ = Describe("UtilsMod", func() { diff --git a/test/utils/pebble.go b/test/utils/pebble.go index 35cf39f24..fda2f4842 100644 --- a/test/utils/pebble.go +++ b/test/utils/pebble.go @@ -23,18 +23,30 @@ import ( // The default values for the Pebble config have been taken from: https://github.com/letsencrypt/pebble/blob/main/test/config/pebble-config.json const ( - listenAddress = "localhost:14000" - ocspResponderURL = "" - alternateRoots = 0 - chainLength = 1 - certificateValidityPeriod = 0 - httpPort = 5002 - tlsPort = 5001 - strict = true - customResolverAddr = "" - requireEAB = false - retryAfterAuthz = 3 - retryAfterOrder = 5 + listenAddress = "localhost:14000" + ocspResponderURL = "" + alternateRoots = 0 + chainLength = 1 + httpPort = 5002 + tlsPort = 5001 + strict = true + customResolverAddr = "" + requireEAB = false + retryAfterAuthz = 3 + retryAfterOrder = 5 +) + +var ( + profiles = map[string]ca.Profile{ + "default": { + Description: "The profile you know and love", + ValidityPeriod: 7776000, + }, + "shortlived": { + Description: "A short-lived cert profile, without actual enforcement", + ValidityPeriod: 518400, + }, + } ) // RunPebble runs a pebble server with the given configuration. @@ -57,7 +69,7 @@ func RunPebble(logr logr.Logger) (server *http.Server, certificatePath, director log := NewLogBridge(logr) database := db.NewMemoryStore() - certificateAuthority := ca.New(log, database, ocspResponderURL, alternateRoots, chainLength, certificateValidityPeriod) + certificateAuthority := ca.New(log, database, ocspResponderURL, alternateRoots, chainLength, profiles) validationAuthority := va.New(log, httpPort, tlsPort, strict, customResolverAddr, database) wfeImpl := wfe.New(log, database, validationAuthority, certificateAuthority, strict, requireEAB, retryAfterAuthz, retryAfterOrder)