Skip to content

Commit ef39324

Browse files
hslatmanhslatman
committed
Fix Nebula breaking changes
1 parent f9c546e commit ef39324

File tree

6 files changed

+262
-171
lines changed

6 files changed

+262
-171
lines changed

command/ca/provisioner/provisioner.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -651,14 +651,14 @@ func readNebulaRoots(rootFile string) ([][]byte, error) {
651651
return nil, err
652652
}
653653

654-
var crt *nebula.NebulaCertificate
655-
var certs []*nebula.NebulaCertificate
654+
var crt nebula.Certificate
655+
var certs []nebula.Certificate
656656
for len(b) > 0 {
657-
crt, b, err = nebula.UnmarshalNebulaCertificateFromPEM(b)
657+
crt, b, err = nebula.UnmarshalCertificateFromPEM(b)
658658
if err != nil {
659659
return nil, errors.Wrapf(err, "error reading %s", rootFile)
660660
}
661-
if crt.Details.IsCA {
661+
if crt.IsCA() {
662662
certs = append(certs, crt)
663663
}
664664
}
@@ -668,7 +668,7 @@ func readNebulaRoots(rootFile string) ([][]byte, error) {
668668

669669
rootBytes := make([][]byte, len(certs))
670670
for i, crt := range certs {
671-
b, err = crt.MarshalToPEM()
671+
b, err = crt.MarshalPEM()
672672
if err != nil {
673673
return nil, errors.Wrap(err, "error marshaling certificate")
674674
}

command/ca/provisioner/provisioner_test.go

Lines changed: 97 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,97 @@
1+
package provisioner
2+
3+
import (
4+
"crypto/ed25519"
5+
"crypto/rand"
6+
"net/netip"
7+
"os"
8+
"testing"
9+
"time"
10+
11+
nebula "github.com/slackhq/nebula/cert"
12+
"github.com/stretchr/testify/assert"
13+
"github.com/stretchr/testify/require"
14+
)
15+
16+
func TestReadNebulaRoots(t *testing.T) {
17+
t.Run("ok", func(t *testing.T) {
18+
tempDir := t.TempDir()
19+
ca, _ := mustNebulaCurve25519CA(t)
20+
file, _ := serializeAndWriteNebulaCert(t, tempDir, ca)
21+
22+
roots, err := readNebulaRoots(file)
23+
assert.NoError(t, err)
24+
assert.Len(t, roots, 1)
25+
})
26+
27+
t.Run("fail/reading", func(t *testing.T) {
28+
roots, err := readNebulaRoots("non-existing-file")
29+
assert.Error(t, err)
30+
assert.Empty(t, roots)
31+
})
32+
33+
t.Run("fail/invalid-pem", func(t *testing.T) {
34+
tempDir := t.TempDir()
35+
36+
file, err := os.CreateTemp(tempDir, "nebula-test-cert-*")
37+
require.NoError(t, err)
38+
defer file.Close()
39+
40+
_, err = file.Write([]byte{0})
41+
require.NoError(t, err)
42+
43+
roots, err := readNebulaRoots(file.Name())
44+
assert.Error(t, err)
45+
assert.Empty(t, roots)
46+
})
47+
48+
t.Run("fail/no-certificates", func(t *testing.T) {
49+
tempDir := t.TempDir()
50+
51+
file, err := os.CreateTemp(tempDir, "nebula-test-cert-*")
52+
require.NoError(t, err)
53+
defer file.Close()
54+
55+
roots, err := readNebulaRoots(file.Name())
56+
assert.Error(t, err)
57+
assert.Empty(t, roots)
58+
})
59+
}
60+
61+
func mustNebulaCurve25519CA(t *testing.T) (nebula.Certificate, ed25519.PrivateKey) {
62+
t.Helper()
63+
64+
pub, priv, err := ed25519.GenerateKey(rand.Reader)
65+
require.NoError(t, err)
66+
67+
tbs := &nebula.TBSCertificate{
68+
Version: nebula.Version1,
69+
Name: "TestCA",
70+
Groups: []string{"test"},
71+
Networks: []netip.Prefix{netip.MustParsePrefix("10.1.0.0/16")},
72+
NotBefore: time.Now().Add(-1 * time.Minute),
73+
NotAfter: time.Now().Add(10 * time.Minute),
74+
PublicKey: pub,
75+
IsCA: true,
76+
Curve: nebula.Curve_CURVE25519,
77+
}
78+
nc, err := tbs.Sign(nil, nebula.Curve_CURVE25519, priv)
79+
require.NoError(t, err)
80+
81+
return nc, priv
82+
}
83+
84+
func serializeAndWriteNebulaCert(t *testing.T, tempDir string, cert nebula.Certificate) (string, []byte) {
85+
file, err := os.CreateTemp(tempDir, "nebula-test-cert-*")
86+
require.NoError(t, err)
87+
defer file.Close()
88+
89+
pem, err := cert.MarshalPEM()
90+
require.NoError(t, err)
91+
data, err := cert.Marshal()
92+
require.NoError(t, err)
93+
_, err = file.Write(pem)
94+
require.NoError(t, err)
95+
96+
return file.Name(), data
97+
}

go.mod

Lines changed: 26 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ require (
1616
github.com/rogpeppe/go-internal v1.14.1
1717
github.com/slackhq/nebula v1.10.3
1818
github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262
19-
github.com/smallstep/certificates v0.29.0
19+
github.com/smallstep/certificates v0.30.0-rc2.0.20260217112636-bb94179fa4c6
2020
github.com/smallstep/certinfo v1.15.0
2121
github.com/smallstep/cli-utils v0.12.2
2222
github.com/smallstep/go-attestation v0.4.4-0.20241119153605-2306d5b464ca
@@ -28,20 +28,20 @@ require (
2828
github.com/urfave/cli v1.22.17
2929
go.mozilla.org/pkcs7 v0.9.0
3030
go.step.sm/crypto v0.76.0
31-
golang.org/x/crypto v0.47.0
32-
golang.org/x/sys v0.40.0
33-
golang.org/x/term v0.39.0
31+
golang.org/x/crypto v0.48.0
32+
golang.org/x/sys v0.41.0
33+
golang.org/x/term v0.40.0
3434
google.golang.org/protobuf v1.36.11
3535
software.sslmate.com/src/go-pkcs12 v0.7.0
3636
)
3737

3838
require (
39-
cloud.google.com/go v0.121.6 // indirect
40-
cloud.google.com/go/auth v0.18.0 // indirect
39+
cloud.google.com/go v0.123.0 // indirect
40+
cloud.google.com/go/auth v0.18.1 // indirect
4141
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
4242
cloud.google.com/go/compute/metadata v0.9.0 // indirect
4343
cloud.google.com/go/iam v1.5.3 // indirect
44-
cloud.google.com/go/longrunning v0.7.0 // indirect
44+
cloud.google.com/go/longrunning v0.8.0 // indirect
4545
cloud.google.com/go/security v1.19.2 // indirect
4646
dario.cat/mergo v1.0.2 // indirect
4747
filippo.io/bigmod v0.1.0 // indirect
@@ -63,7 +63,7 @@ require (
6363
github.com/cespare/xxhash/v2 v2.3.0 // indirect
6464
github.com/chzyer/readline v1.5.1 // indirect
6565
github.com/coreos/go-oidc/v3 v3.17.0 // indirect
66-
github.com/coreos/go-systemd/v22 v22.6.0 // indirect
66+
github.com/coreos/go-systemd/v22 v22.7.0 // indirect
6767
github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
6868
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
6969
github.com/dgraph-io/badger v1.6.2 // indirect
@@ -72,7 +72,7 @@ require (
7272
github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 // indirect
7373
github.com/dustin/go-humanize v1.0.1 // indirect
7474
github.com/felixge/httpsnoop v1.0.4 // indirect
75-
github.com/go-chi/chi/v5 v5.2.3 // indirect
75+
github.com/go-chi/chi/v5 v5.2.5 // indirect
7676
github.com/go-jose/go-jose/v4 v4.1.3 // indirect
7777
github.com/go-logr/logr v1.4.3 // indirect
7878
github.com/go-logr/stdr v1.2.2 // indirect
@@ -86,8 +86,8 @@ require (
8686
github.com/google/go-tpm-tools v0.4.7 // indirect
8787
github.com/google/go-tspi v0.3.0 // indirect
8888
github.com/google/s2a-go v0.1.9 // indirect
89-
github.com/googleapis/enterprise-certificate-proxy v0.3.9 // indirect
90-
github.com/googleapis/gax-go/v2 v2.16.0 // indirect
89+
github.com/googleapis/enterprise-certificate-proxy v0.3.11 // indirect
90+
github.com/googleapis/gax-go/v2 v2.17.0 // indirect
9191
github.com/huandu/xstrings v1.5.0 // indirect
9292
github.com/jackc/pgpassfile v1.0.0 // indirect
9393
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
@@ -107,8 +107,8 @@ require (
107107
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
108108
github.com/prometheus/client_golang v1.23.2 // indirect
109109
github.com/prometheus/client_model v0.6.2 // indirect
110-
github.com/prometheus/common v0.66.1 // indirect
111-
github.com/prometheus/procfs v0.16.1 // indirect
110+
github.com/prometheus/common v0.67.5 // indirect
111+
github.com/prometheus/procfs v0.19.2 // indirect
112112
github.com/rs/xid v1.6.0 // indirect
113113
github.com/russross/blackfriday/v2 v2.1.0 // indirect
114114
github.com/schollz/jsonstore v1.1.0 // indirect
@@ -125,21 +125,21 @@ require (
125125
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
126126
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect
127127
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
128-
go.opentelemetry.io/otel v1.38.0 // indirect
129-
go.opentelemetry.io/otel/metric v1.38.0 // indirect
130-
go.opentelemetry.io/otel/trace v1.38.0 // indirect
131-
go.yaml.in/yaml/v2 v2.4.2 // indirect
132-
golang.org/x/net v0.49.0 // indirect
133-
golang.org/x/oauth2 v0.34.0 // indirect
128+
go.opentelemetry.io/otel v1.39.0 // indirect
129+
go.opentelemetry.io/otel/metric v1.39.0 // indirect
130+
go.opentelemetry.io/otel/trace v1.39.0 // indirect
131+
go.yaml.in/yaml/v2 v2.4.3 // indirect
132+
golang.org/x/net v0.50.0 // indirect
133+
golang.org/x/oauth2 v0.35.0 // indirect
134134
golang.org/x/sync v0.19.0 // indirect
135-
golang.org/x/text v0.33.0 // indirect
135+
golang.org/x/text v0.34.0 // indirect
136136
golang.org/x/time v0.14.0 // indirect
137-
golang.org/x/tools v0.40.0 // indirect
138-
google.golang.org/api v0.260.0 // indirect
139-
google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217 // indirect
140-
google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect
141-
google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b // indirect
142-
google.golang.org/grpc v1.78.0 // indirect
137+
golang.org/x/tools v0.42.0 // indirect
138+
google.golang.org/api v0.266.0 // indirect
139+
google.golang.org/genproto v0.0.0-20260128011058-8636f8732409 // indirect
140+
google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 // indirect
141+
google.golang.org/genproto/googleapis/rpc v0.0.0-20260203192932-546029d2fa20 // indirect
142+
google.golang.org/grpc v1.79.1 // indirect
143143
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 // indirect
144144
gopkg.in/yaml.v3 v3.0.1 // indirect
145145
howett.net/plist v1.0.0 // indirect

0 commit comments

Comments
 (0)