Documentation
¶
Overview ¶
Package secrets provides Ginkgo/Gomega assertions for credential secret rotation, TLS certificate provisioning, and TLS verification from application pods.
Callers that also import tests/utils/secrets should alias one of the two to avoid the package name collision.
Index ¶
- func AssertSSLVerifyFullDBConnectionFromAppPod(env *environment.TestingEnvironment, namespace, clusterName string, ...)
- func AssertUpdateSecret(env *environment.TestingEnvironment, ...)
- func CreateAndAssertClientCertificatesSecrets(env *environment.TestingEnvironment, ...)
- func CreateAndAssertServerCertificatesSecrets(env *environment.TestingEnvironment, ...)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AssertSSLVerifyFullDBConnectionFromAppPod ¶
func AssertSSLVerifyFullDBConnectionFromAppPod( env *environment.TestingEnvironment, namespace, clusterName string, appPod corev1.Pod, )
AssertSSLVerifyFullDBConnectionFromAppPod verifies that the app pod can reach the cluster's -rw service over TLS with sslmode=verify-full, presenting a client certificate.
func AssertUpdateSecret ¶
func AssertUpdateSecret( env *environment.TestingEnvironment, namespace, clusterName, secretName, field, value string, timeout int, )
AssertUpdateSecret rotates the named field of the secret to the given value and waits until the cluster status reports the corresponding SecretsResourceVersion.
func CreateAndAssertClientCertificatesSecrets ¶
func CreateAndAssertClientCertificatesSecrets( env *environment.TestingEnvironment, namespace, clusterName, caSecName, tlsSecName, userSecName string, includeCAPrivateKey bool, )
CreateAndAssertClientCertificatesSecrets provisions a self-signed CA plus two client certificates: one for the streaming_replica user and one for the application user.
func CreateAndAssertServerCertificatesSecrets ¶
func CreateAndAssertServerCertificatesSecrets( env *environment.TestingEnvironment, namespace, clusterName, caSecName, tlsSecName string, includeCAPrivateKey bool, )
CreateAndAssertServerCertificatesSecrets provisions a self-signed CA secret plus a server-certificate secret signed by it, with the cluster DNS names plus "localhost" in SAN.
Types ¶
This section is empty.
Source Files