Skip to content

Commit

Permalink
rename key to keyRing
Browse files Browse the repository at this point in the history
  • Loading branch information
nklaassen committed Aug 6, 2024
1 parent cbb19fe commit ce700b7
Show file tree
Hide file tree
Showing 51 changed files with 769 additions and 768 deletions.
29 changes: 14 additions & 15 deletions integration/helpers/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -138,15 +138,14 @@ func ExternalSSHCommand(o CommandOptions) (*exec.Cmd, error) {
return cmd, nil
}

// CreateAgent creates a SSH agent with the passed in private key and
// certificate that can be used in tests. This is useful so tests don't
// clobber your system agent.
func CreateAgent(me *user.User, key *client.KeyRing) (*teleagent.AgentServer, string, string, error) {
// CreateAgent creates a SSH agent with the passed in key ring that can be used
// in tests. This is useful so tests don't clobber your system agent.
func CreateAgent(me *user.User, keyRing *client.KeyRing) (*teleagent.AgentServer, string, string, error) {
// create a path to the unix socket
sockDirName := "int-test"
sockName := "agent.sock"

agentKey, err := key.AsAgentKey()
agentKey, err := keyRing.AsAgentKey()
if err != nil {
return nil, "", "", trace.Wrap(err)
}
Expand Down Expand Up @@ -189,36 +188,36 @@ func CloseAgent(teleAgent *teleagent.AgentServer, socketDirPath string) error {
return nil
}

func MustCreateUserKey(t *testing.T, tc *TeleInstance, username string, ttl time.Duration) *client.KeyRing {
key, err := client.GenerateRSAKey()
func MustCreateUserKeyRing(t *testing.T, tc *TeleInstance, username string, ttl time.Duration) *client.KeyRing {
keyRing, err := client.GenerateRSAKeyRing()
require.NoError(t, err)
key.ClusterName = tc.Secrets.SiteName
keyRing.ClusterName = tc.Secrets.SiteName

sshCert, tlsCert, err := tc.Process.GetAuthServer().GenerateUserTestCerts(auth.GenerateUserTestCertsRequest{
Key: key.PrivateKey.MarshalSSHPublicKey(),
Key: keyRing.PrivateKey.MarshalSSHPublicKey(),
Username: username,
TTL: ttl,
Compatibility: constants.CertificateFormatStandard,
RouteToCluster: tc.Secrets.SiteName,
})
require.NoError(t, err)

key.Cert = sshCert
key.TLSCert = tlsCert
keyRing.Cert = sshCert
keyRing.TLSCert = tlsCert

hostCAs, err := tc.Process.GetAuthServer().GetCertAuthorities(context.Background(), types.HostCA, false)
require.NoError(t, err)
key.TrustedCerts = authclient.AuthoritiesToTrustedCerts(hostCAs)
return key
keyRing.TrustedCerts = authclient.AuthoritiesToTrustedCerts(hostCAs)
return keyRing
}

func MustCreateUserIdentityFile(t *testing.T, tc *TeleInstance, username string, ttl time.Duration) string {
key := MustCreateUserKey(t, tc, username, ttl)
keyRing := MustCreateUserKeyRing(t, tc, username, ttl)

idPath := filepath.Join(t.TempDir(), "user_identity")
_, err := identityfile.Write(context.Background(), identityfile.WriteConfig{
OutputPath: idPath,
Key: key,
KeyRing: keyRing,
Format: identityfile.FormatFile,
})
require.NoError(t, err)
Expand Down
4 changes: 2 additions & 2 deletions integration/helpers/instance.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ func fatalIf(err error) {
type User struct {
Username string `json:"username"`
AllowedLogins []string `json:"logins"`
Key *client.KeyRing `json:"key"`
KeyRing *client.KeyRing `json:"key"`
Roles []types.Role `json:"-"`
}

Expand Down Expand Up @@ -1640,7 +1640,7 @@ func (i *TeleInstance) AddClientCredentials(tc *client.TeleportClient, cfg Clien

// Add key to client and update CAs that will be trusted (equivalent to
// updating "known hosts" with OpenSSH.
err = tc.AddKey(&creds.Key)
err = tc.AddKeyRing(&creds.KeyRing)
if err != nil {
return nil, trace.Wrap(err)
}
Expand Down
10 changes: 5 additions & 5 deletions integration/helpers/usercreds.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,15 +36,15 @@ import (

// UserCreds holds user client credentials
type UserCreds struct {
// Key is user client key and certificate
Key client.KeyRing
// HostCA is a trusted host certificate authority
// KeyRing is user client key ring.
KeyRing client.KeyRing
// HostCA is a trusted host certificate authority.
HostCA types.CertAuthority
}

// SetupUserCreds sets up user credentials for client
func SetupUserCreds(tc *client.TeleportClient, proxyHost string, creds UserCreds) error {
err := tc.AddKey(&creds.Key)
err := tc.AddKeyRing(&creds.KeyRing)
if err != nil {
return trace.Wrap(err)
}
Expand Down Expand Up @@ -145,7 +145,7 @@ func GenerateUserCreds(req UserCredsRequest) (*UserCreds, error) {

return &UserCreds{
HostCA: ca,
Key: client.KeyRing{
KeyRing: client.KeyRing{
PrivateKey: priv,
Cert: sshCert,
TLSCert: x509Cert,
Expand Down
6 changes: 3 additions & 3 deletions integration/integration_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4533,7 +4533,7 @@ func testExternalClient(t *testing.T, suite *integrationTestSuite) {
require.NoError(t, err)

// Start (and defer close) a agent that runs during this integration test.
teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(suite.Me, &creds.Key)
teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(suite.Me, &creds.KeyRing)
require.NoError(t, err)
defer helpers.CloseAgent(teleAgent, socketDirPath)

Expand Down Expand Up @@ -4629,7 +4629,7 @@ func testControlMaster(t *testing.T, suite *integrationTestSuite) {
require.NoError(t, err)

// Start (and defer close) a agent that runs during this integration test.
teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(suite.Me, &creds.Key)
teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(suite.Me, &creds.KeyRing)
require.NoError(t, err)
defer helpers.CloseAgent(teleAgent, socketDirPath)

Expand Down Expand Up @@ -4726,7 +4726,7 @@ func testX11Forwarding(t *testing.T, suite *integrationTestSuite) {
require.NoError(t, err)

// Start an agent that runs during this integration test.
teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(suite.Me, &creds.Key)
teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(suite.Me, &creds.KeyRing)
require.NoError(t, err)
t.Cleanup(func() { helpers.CloseAgent(teleAgent, socketDirPath) })

Expand Down
10 changes: 5 additions & 5 deletions integration/tctl_terraform_env_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -217,15 +217,15 @@ func createTCTLTerraformUserAndRole(t *testing.T, username string, instance *hel
// For the tests, the client is configured to trust the proxy TLS certs on first connection.
func getAuthClientForProxy(t *testing.T, tc *helpers.TeleInstance, username string, ttl time.Duration) *authclient.Client {
// Get TLS and SSH material
key := helpers.MustCreateUserKey(t, tc, username, ttl)
keyRing := helpers.MustCreateUserKeyRing(t, tc, username, ttl)
ctx, cancel := context.WithCancel(context.Background())
t.Cleanup(cancel)
tlsConfig, err := key.TeleportClientTLSConfig(nil, []string{tc.Config.Auth.ClusterName.GetClusterName()})
tlsConfig, err := keyRing.TeleportClientTLSConfig(nil, []string{tc.Config.Auth.ClusterName.GetClusterName()})
require.NoError(t, err)
tlsConfig.InsecureSkipVerify = true
proxyAddr, err := tc.Process.ProxyWebAddr()
require.NoError(t, err)
sshConfig, err := key.ProxyClientSSHConfig(proxyAddr.Host())
sshConfig, err := keyRing.ProxyClientSSHConfig(proxyAddr.Host())
require.NoError(t, err)

// Build auth client configuration
Expand Down Expand Up @@ -276,10 +276,10 @@ func getAuthClientForProxy(t *testing.T, tc *helpers.TeleInstance, username stri
// This client only has TLSConfig set (as opposed to TLSConfig+SSHConfig).
func getAuthClientForAuth(t *testing.T, tc *helpers.TeleInstance, username string, ttl time.Duration) *authclient.Client {
// Get TLS and SSH material
key := helpers.MustCreateUserKey(t, tc, username, ttl)
keyRing := helpers.MustCreateUserKeyRing(t, tc, username, ttl)
ctx, cancel := context.WithCancel(context.Background())
t.Cleanup(cancel)
tlsConfig, err := key.TeleportClientTLSConfig(nil, []string{tc.Config.Auth.ClusterName.GetClusterName()})
tlsConfig, err := keyRing.TeleportClientTLSConfig(nil, []string{tc.Config.Auth.ClusterName.GetClusterName()})
require.NoError(t, err)

// Build auth client configuration
Expand Down
2 changes: 1 addition & 1 deletion integrations/terraform/testlib/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -194,7 +194,7 @@ func (s *TerraformBaseSuite) getTLSCreds(ctx context.Context, user types.User, o
// write the cert+private key to the output:
_, err = identityfile.Write(ctx, identityfile.WriteConfig{
OutputPath: outputPath,
Key: keyRing,
KeyRing: keyRing,
Format: identityfile.FormatTLS,
OverwriteDestination: false,
Writer: &identityfile.StandardConfigWriter{},
Expand Down
2 changes: 1 addition & 1 deletion lib/benchmark/kube.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ func getKubeTLSClientConfig(ctx context.Context, tc *client.TeleportClient) (res
return rest.TLSClientConfig{}, trace.Wrap(err)
}

credentials, err := tc.LocalAgent().GetCoreKey()
credentials, err := tc.LocalAgent().GetCoreKeyRing()
if err != nil {
return rest.TLSClientConfig{}, trace.Wrap(err)
}
Expand Down
6 changes: 3 additions & 3 deletions lib/client/alpn.go
Original file line number Diff line number Diff line change
Expand Up @@ -115,12 +115,12 @@ func RunALPNAuthTunnel(ctx context.Context, cfg ALPNAuthTunnelConfig) error {

func getUserCerts(ctx context.Context, client ALPNAuthClient, mfaResponse *proto.MFAAuthenticateResponse, expires time.Time, routeToDatabase proto.RouteToDatabase, connectionDiagnosticID string) (tls.Certificate, error) {
// TODO(nklaassen): support configurable signature algorithms.
key, err := GenerateRSAKey()
keyRing, err := GenerateRSAKeyRing()
if err != nil {
return tls.Certificate{}, trace.Wrap(err)
}

publicKeyPEM, err := keys.MarshalPublicKey(key.PrivateKey.Public())
publicKeyPEM, err := keys.MarshalPublicKey(keyRing.PrivateKey.Public())
if err != nil {
return tls.Certificate{}, trace.Wrap(err)
}
Expand All @@ -142,7 +142,7 @@ func getUserCerts(ctx context.Context, client ALPNAuthClient, mfaResponse *proto
return tls.Certificate{}, trace.Wrap(err)
}

tlsCert, err := keys.X509KeyPair(certs.TLS, key.PrivateKey.PrivateKeyPEM())
tlsCert, err := keys.X509KeyPair(certs.TLS, keyRing.PrivateKey.PrivateKeyPEM())
if err != nil {
return tls.Certificate{}, trace.BadParameter("failed to parse private key: %v", err)
}
Expand Down
Loading

0 comments on commit ce700b7

Please sign in to comment.