mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-05 04:56:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ldap_client_test.go: refactor to use the LDAP server on the K8s cluster

Browse Source
This commit is contained in:
Ryan Richard
2021-04-14 17:49:40 -07:00
parent 8d75825635
commit 939b6b12cc
4 changed files with 107 additions and 225 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
test/deploy/tools/cert-issuer.yaml
View File

@@ -76,20 +76,31 @@ spec:
/tmp/csr.json \
| cfssljson -bare dex
# Cheat and add 127.0.0.1 as an IP SAN so we can use the ldaps port through port forwarding.
echo "generating LDAP server certificate..."
cfssl gencert \
-ca ca.pem -ca-key ca-key.pem \
-config /tmp/cfssl-default.json \
-profile www \
-cn "ldap.tools.svc.cluster.local" \
-hostname "ldap.tools.svc.cluster.local" \
-hostname "ldap.tools.svc.cluster.local,127.0.0.1" \
/tmp/csr.json \
| cfssljson -bare ldap
chmod -R 777 /var/certs
echo
echo "generated certificates:"
ls -l /var/certs
echo
echo "CA cert..."
cat ca.pem | openssl x509 -text
echo
echo "Dex cert..."
cat dex.pem | openssl x509 -text
echo
echo "LDAP cert..."
cat ldap.pem | openssl x509 -text
volumeMounts:
- name: certs
mountPath: /var/certs
@@ -100,8 +111,8 @@ spec:
args:
- -c
- |
kubectl get secrets -n tools certs -o jsonpath='created: {.metadata.creationTimestamp}' || \
kubectl create secret generic -n tools certs --from-file=/var/certs
kubectl create secret generic -n tools certs --from-file=/var/certs \
--dry-run=client --output yaml | kubectl apply -f -
volumeMounts:
- name: certs
mountPath: /var/certs

1
test/deploy/tools/ldap.yaml
View File

@@ -64,6 +64,7 @@ stringData:
sn: Walrus
givenName: Wally
mail: wally.ldap@example.com
mail: wally.alternate@example.com
uid: wally
uidNumber: 1001
gidNumber: 1001