1#!/usr/bin/env bash
2set -euE -o pipefail
3
4if [[ $# -gt 0 ]]; then
5 testcert_gen=$1
6 testcert-gen() {
7 "$testcert_gen" "$@"
8 }
9fi
10
11indent() {
12 sed '2,$s/^/ /'
13}
14
15cert=' --out-cert=/dev/stdout --out-key=/dev/null '
16key=' --out-cert=/dev/null --out-key=/dev/stdout '
17
18master.datawire.io() {
19 testcert-gen ${!1} --is-ca=true --hosts=master.datawire.io
20}
21
22cat <<_EOF_
23# Code generated by ${0##*/}. DO NOT EDIT.
24
25from base64 import b64encode
26from typing import Dict, List, NamedTuple, Optional
27
28
29class Cert(NamedTuple):
30 names: List[str]
31 pubcert: str
32 privkey: str
33
34 @property
35 def k8s_crt(self) -> str:
36 return b64encode((self.pubcert + "\n").encode("utf-8")).decode("utf-8")
37
38 @property
39 def k8s_key(self) -> str:
40 return b64encode((self.privkey + "\n").encode("utf-8")).decode("utf-8")
41
42
43def strip(s: str) -> str:
44 return "\n".join(l.strip() for l in s.split("\n") if l.strip())
45
46
47_TLSCerts: List[Cert] = [
48 Cert(
49 names=["master.datawire.io"],
50 # Note: This cert is also used to sign several other certs in
51 # this file (as the issuer).
52 pubcert=strip(
53 """
54 $(master.datawire.io cert | indent)
55 """
56 ),
57 privkey=strip(
58 """
59 $(master.datawire.io key | indent)
60 """
61 ),
62 ),
63 Cert(
64 names=["presto.example.com"],
65 # Note:
66 # 1. This cert is signed by the "master.datawire.io" cert
67 # (rather than being self-signed).
68 # 2. This cert is a client cert (rather than being a server
69 # cert).
70 pubcert=strip(
71 """
72 $(testcert-gen ${cert} --is-client=true --is-server=false --hosts=presto.example.com --signed-by=<(master.datawire.io cert),<(master.datawire.io key) | indent)
73 """
74 ),
75 privkey=strip(
76 """
77 $(testcert-gen ${key} --is-client=true --is-server=false --hosts=presto.example.com --signed-by=<(master.datawire.io cert),<(master.datawire.io key) | indent)
78 """
79 ),
80 ),
81 Cert(
82 names=["ratelimit.datawire.io"],
83 pubcert=strip(
84 """
85 $(testcert-gen ${cert} --hosts=ratelimit.datawire.io | indent)
86 """
87 ),
88 privkey=strip(
89 """
90 $(testcert-gen ${key} --hosts=ratelimit.datawire.io | indent)
91 """
92 ),
93 ),
94 Cert(
95 names=["ambassador.example.com"],
96 # Note: This cert is signed by the "master.datawire.io" cert
97 # (rather than being self-signed).
98 pubcert=strip(
99 """
100 $(testcert-gen ${cert} --hosts=ambassador.example.com --signed-by=<(master.datawire.io cert),<(master.datawire.io key) | indent)
101 """
102 ),
103 privkey=strip(
104 """
105 $(testcert-gen ${key} --hosts=ambassador.example.com --signed-by=<(master.datawire.io cert),<(master.datawire.io key) | indent)
106 """
107 ),
108 ),
109 Cert(
110 names=["tls-context-host-2"],
111 pubcert=strip(
112 """
113 $(testcert-gen ${cert} --hosts=tls-context-host-2 | indent)
114 """
115 ),
116 privkey=strip(
117 """
118 $(testcert-gen ${key} --hosts=tls-context-host-2 | indent)
119 """
120 ),
121 ),
122 Cert(
123 names=["tls-context-host-1"],
124 pubcert=strip(
125 """
126 $(testcert-gen ${cert} --hosts=tls-context-host-1 | indent)
127 """
128 ),
129 privkey=strip(
130 """
131 $(testcert-gen ${key} --hosts=tls-context-host-1 | indent)
132 """
133 ),
134 ),
135 Cert(
136 names=["localhost"],
137 pubcert=strip(
138 """
139 $(testcert-gen ${cert} --hosts=localhost | indent)
140 """
141 ),
142 privkey=strip(
143 """
144 $(testcert-gen ${key} --hosts=localhost | indent)
145 """
146 ),
147 ),
148 Cert(
149 names=[
150 "a.domain.com",
151 "b.domain.com",
152 "*.domain.com",
153 # "localhost", # don't clash with the other "localhost" cert
154 "127.0.0.1",
155 "0:0:0:0:0:0:0:1",
156 ],
157 # Note: This cert is signed by a cert not present in this file
158 # (rather than being self-signed).
159 pubcert=strip(
160 """
161 $(testcert-gen ${cert} --hosts='a.domain.com,b.domain.com,*.domain.com,localhost,127.0.0.1,::1' | indent)
162 """
163 ),
164 privkey=strip(
165 """
166 $(testcert-gen ${key} --hosts='a.domain.com,b.domain.com,*.domain.com,localhost,127.0.0.1,::1' | indent)
167 """
168 ),
169 ),
170 Cert(
171 names=["acook"],
172 pubcert=strip(
173 """
174 $(testcert-gen ${cert} --hosts=acook | indent)
175 """
176 ),
177 privkey=strip(
178 """
179 $(testcert-gen ${key} --hosts=acook | indent)
180 """
181 ),
182 ),
183]
184
185TLSCerts: Dict[str, Cert] = {k: v for v in _TLSCerts for k in v.names}
186_EOF_
View as plain text