This is an automated email from the ASF dual-hosted git repository.
albumenj pushed a commit to branch refactor-with-go
in repository https://gitbox.apache.org/repos/asf/dubbo-admin.git
The following commit(s) were added to refs/heads/refactor-with-go by this push:
new bfc4e92 Update ca
bfc4e92 is described below
commit bfc4e92ad1ec0e331e74a2b872dd7de3e70bc0b1
Author: Albumen Kevin <[email protected]>
AuthorDate: Tue Feb 28 09:55:09 2023 +0800
Update ca
---
ca/Dockerfile | 4 +-
ca/main.go | 1 +
ca/pkg/cert/storage.go | 130 ++++++++++++++++++++---------
ca/pkg/cert/storage_test.go | 18 ++--
ca/pkg/cert/util.go | 2 +-
ca/pkg/security/server.go | 31 +++----
ca/pkg/security/server_test.go | 181 ++++++++++++++++++++++++++++++++++++++++
ca/pkg/v1alpha1/ca_impl.go | 6 +-
ca/pkg/v1alpha1/ca_impl_test.go | 6 +-
9 files changed, 306 insertions(+), 73 deletions(-)
diff --git a/ca/Dockerfile b/ca/Dockerfile
index 38febab..04b0778 100644
--- a/ca/Dockerfile
+++ b/ca/Dockerfile
@@ -1,6 +1,6 @@
-FROM golang:latest as builder
+FROM golang:1.20.1 as builder
-RUN apk --update add gcc libc-dev upx ca-certificates && update-ca-certificates
+RUN apt-get update && apt-get install -y gcc libc-dev upx ca-certificates &&
update-ca-certificates
ADD . /workspace
diff --git a/ca/main.go b/ca/main.go
index 649df54..1fd0a2d 100644
--- a/ca/main.go
+++ b/ca/main.go
@@ -48,6 +48,7 @@ func main() {
c := make(chan os.Signal)
signal.Notify(c, syscall.SIGINT, syscall.SIGTERM)
signal.Notify(s.StopChan, syscall.SIGINT, syscall.SIGTERM)
+ signal.Notify(s.CertStorage.GetStopChan(), syscall.SIGINT,
syscall.SIGTERM)
<-c
}
diff --git a/ca/pkg/cert/storage.go b/ca/pkg/cert/storage.go
index c85bd7b..27c3af6 100644
--- a/ca/pkg/cert/storage.go
+++ b/ca/pkg/cert/storage.go
@@ -28,19 +28,37 @@ import (
"time"
)
-type Storage struct {
- Mutex *sync.Mutex
- StopChan chan os.Signal
+type storageImpl struct {
+ Storage
- CaValidity int64
- CertValidity int64
+ mutex *sync.Mutex
+ stopChan chan os.Signal
- RootCert *Cert
- AuthorityCert *Cert
+ caValidity int64
+ certValidity int64
- TrustedCert []*Cert
- ServerNames []string
- ServerCerts *Cert
+ rootCert *Cert
+ authorityCert *Cert
+
+ trustedCerts []*Cert
+ serverNames []string
+ serverCerts *Cert
+}
+
+type Storage interface {
+ GetServerCert(serverName string) *tls.Certificate
+ RefreshServerCert()
+
+ SetAuthorityCert(*Cert)
+ GetAuthorityCert() *Cert
+
+ SetRootCert(*Cert)
+ GetRootCert() *Cert
+
+ AddTrustedCert(*Cert)
+ GetTrustedCerts() []*Cert
+
+ GetStopChan() chan os.Signal
}
type Cert struct {
@@ -51,15 +69,15 @@ type Cert struct {
tlsCert *tls.Certificate
}
-func NewStorage(options *config.Options) *Storage {
- return &Storage{
- Mutex: &sync.Mutex{},
- StopChan: make(chan os.Signal, 1),
+func NewStorage(options *config.Options) *storageImpl {
+ return &storageImpl{
+ mutex: &sync.Mutex{},
+ stopChan: make(chan os.Signal, 1),
- AuthorityCert: &Cert{},
- TrustedCert: []*Cert{},
- CertValidity: options.CertValidity,
- CaValidity: options.CaValidity,
+ authorityCert: &Cert{},
+ trustedCerts: []*Cert{},
+ certValidity: options.CertValidity,
+ caValidity: options.CaValidity,
}
}
@@ -72,7 +90,7 @@ func (c *Cert) IsValid() bool {
}
if c.tlsCert == nil || !reflect.DeepEqual(c.tlsCert.PrivateKey,
c.PrivateKey) {
- tlsCert, err := tls.X509KeyPair([]byte(c.CertPem),
[]byte(EncodePri(c.PrivateKey)))
+ tlsCert, err := tls.X509KeyPair([]byte(c.CertPem),
[]byte(EncodePrivateKey(c.PrivateKey)))
if err != nil {
return false
}
@@ -104,7 +122,7 @@ func (c *Cert) GetTlsCert() *tls.Certificate {
if c.tlsCert != nil && reflect.DeepEqual(c.tlsCert.PrivateKey,
c.PrivateKey) {
return c.tlsCert
}
- tlsCert, err := tls.X509KeyPair([]byte(c.CertPem),
[]byte(EncodePri(c.PrivateKey)))
+ tlsCert, err := tls.X509KeyPair([]byte(c.CertPem),
[]byte(EncodePrivateKey(c.PrivateKey)))
if err != nil {
logger.Sugar.Warnf("Failed to load x509 cert. %v", err)
}
@@ -112,42 +130,74 @@ func (c *Cert) GetTlsCert() *tls.Certificate {
return c.tlsCert
}
-func (s *Storage) GetServerCert(serverName string) *tls.Certificate {
+func (s *storageImpl) GetServerCert(serverName string) *tls.Certificate {
nameSigned := serverName == ""
- for _, name := range s.ServerNames {
+ for _, name := range s.serverNames {
if name == serverName {
nameSigned = true
break
}
}
- if nameSigned && s.ServerCerts != nil && s.ServerCerts.IsValid() {
- return s.ServerCerts.GetTlsCert()
+ if nameSigned && s.serverCerts != nil && s.serverCerts.IsValid() {
+ return s.serverCerts.GetTlsCert()
}
- s.Mutex.Lock()
- defer s.Mutex.Unlock()
+ s.mutex.Lock()
+ defer s.mutex.Unlock()
if !nameSigned {
- s.ServerNames = append(s.ServerNames, serverName)
+ s.serverNames = append(s.serverNames, serverName)
}
- s.ServerCerts = SignServerCert(s.AuthorityCert, s.ServerNames,
s.CertValidity)
- return s.ServerCerts.GetTlsCert()
+
+ s.serverCerts = SignServerCert(s.authorityCert, s.serverNames,
s.certValidity)
+ return s.serverCerts.GetTlsCert()
}
-func (s *Storage) RefreshServerCert() {
- interval := math.Min(math.Floor(float64(s.CertValidity)/100), 10_000)
+func (s *storageImpl) RefreshServerCert() {
+ interval := math.Min(math.Floor(float64(s.certValidity)/100), 10_000)
for true {
- time.Sleep(time.Duration(interval) * time.Millisecond)
- s.Mutex.Lock()
- if s.ServerCerts == nil || !s.ServerCerts.IsValid() {
- logger.Sugar.Infof("Server cert is invalid, refresh
it.")
- s.ServerCerts = SignServerCert(s.AuthorityCert,
s.ServerNames, s.CertValidity)
- }
- s.Mutex.Unlock()
-
select {
- case <-s.StopChan:
+ case <-s.stopChan:
return
default:
+ }
+
+ time.Sleep(time.Duration(interval) * time.Millisecond)
+ s.mutex.Lock()
+ if s.authorityCert == nil || !s.authorityCert.IsValid() {
+ // ignore if authority cert is invalid
continue
}
+ if s.serverCerts == nil || !s.serverCerts.IsValid() {
+ logger.Sugar.Infof("Server cert is invalid, refresh
it.")
+ s.serverCerts = SignServerCert(s.authorityCert,
s.serverNames, s.certValidity)
+ }
+ s.mutex.Unlock()
}
}
+
+func (s *storageImpl) SetAuthorityCert(cert *Cert) {
+ s.authorityCert = cert
+}
+
+func (s *storageImpl) GetAuthorityCert() *Cert {
+ return s.authorityCert
+}
+
+func (s *storageImpl) SetRootCert(cert *Cert) {
+ s.rootCert = cert
+}
+
+func (s *storageImpl) GetRootCert() *Cert {
+ return s.rootCert
+}
+
+func (s *storageImpl) AddTrustedCert(cert *Cert) {
+ s.trustedCerts = append(s.trustedCerts, cert)
+}
+
+func (s *storageImpl) GetTrustedCerts() []*Cert {
+ return s.trustedCerts
+}
+
+func (s *storageImpl) GetStopChan() chan os.Signal {
+ return s.stopChan
+}
diff --git a/ca/pkg/cert/storage_test.go b/ca/pkg/cert/storage_test.go
index a34fc37..7139b9f 100644
--- a/ca/pkg/cert/storage_test.go
+++ b/ca/pkg/cert/storage_test.go
@@ -126,11 +126,11 @@ func TestGetTlsCert(t *testing.T) {
func TestGetServerCert(t *testing.T) {
cert := GenerateAuthorityCert(nil, 24*60*60*1000)
- s := &Storage{
- AuthorityCert: cert,
- Mutex: &sync.Mutex{},
- CaValidity: 24 * 60 * 60 * 1000,
- CertValidity: 2 * 60 * 60 * 1000,
+ s := &storageImpl{
+ authorityCert: cert,
+ mutex: &sync.Mutex{},
+ caValidity: 24 * 60 * 60 * 1000,
+ certValidity: 2 * 60 * 60 * 1000,
}
c := s.GetServerCert("localhost")
@@ -198,17 +198,17 @@ func TestRefreshServerCert(t *testing.T) {
CaValidity: 24 * 60 * 60 * 1000,
CertValidity: 10,
})
- s.AuthorityCert = GenerateAuthorityCert(nil, 24*60*60*1000)
+ s.authorityCert = GenerateAuthorityCert(nil, 24*60*60*1000)
go s.RefreshServerCert()
c := s.GetServerCert("localhost")
- origin := s.ServerCerts
+ origin := s.serverCerts
for i := 0; i < 100; i++ {
// at most 10s
time.Sleep(100 * time.Millisecond)
- if origin != s.ServerCerts {
+ if origin != s.serverCerts {
break
}
}
@@ -221,5 +221,5 @@ func TestRefreshServerCert(t *testing.T) {
t.Errorf("cert is not equal")
}
- s.StopChan <- os.Kill
+ s.stopChan <- os.Kill
}
diff --git a/ca/pkg/cert/util.go b/ca/pkg/cert/util.go
index 90f5fc4..bc4c871 100644
--- a/ca/pkg/cert/util.go
+++ b/ca/pkg/cert/util.go
@@ -219,7 +219,7 @@ func SignFromCSR(csr *x509.CertificateRequest,
authorityCert *Cert, certValidity
return cert, nil
}
-func EncodePri(caPrivKey *rsa.PrivateKey) string {
+func EncodePrivateKey(caPrivKey *rsa.PrivateKey) string {
caPrivKeyPEM := new(bytes.Buffer)
pem.Encode(caPrivKeyPEM, &pem.Block{
Type: "RSA PRIVATE KEY",
diff --git a/ca/pkg/security/server.go b/ca/pkg/security/server.go
index 1b71ee4..e9842a3 100644
--- a/ca/pkg/security/server.go
+++ b/ca/pkg/security/server.go
@@ -37,7 +37,7 @@ type Server struct {
StopChan chan os.Signal
Options *config.Options
- CertStorage *cert.Storage
+ CertStorage cert.Storage
KubeClient k8s.Client
@@ -62,8 +62,9 @@ func (s *Server) Init() {
panic("Failed to create kubernetes client.")
}
- s.CertStorage = cert.NewStorage(s.Options)
- s.StopChan = s.StopChan
+ if s.CertStorage == nil {
+ s.CertStorage = cert.NewStorage(s.Options)
+ }
go s.CertStorage.RefreshServerCert()
// TODO inject pod based on Webhook
@@ -103,9 +104,9 @@ func (s *Server) LoadRootCert() {
func (s *Server) LoadAuthorityCert() {
certStr, priStr := s.KubeClient.GetAuthorityCert(s.Options.Namespace)
if certStr != "" && priStr != "" {
- s.CertStorage.AuthorityCert.Cert = cert.DecodeCert(certStr)
- s.CertStorage.AuthorityCert.CertPem = certStr
- s.CertStorage.AuthorityCert.PrivateKey =
cert.DecodePrivateKey(priStr)
+ s.CertStorage.GetAuthorityCert().Cert = cert.DecodeCert(certStr)
+ s.CertStorage.GetAuthorityCert().CertPem = certStr
+ s.CertStorage.GetAuthorityCert().PrivateKey =
cert.DecodePrivateKey(priStr)
}
s.RefreshAuthorityCert()
@@ -116,13 +117,13 @@ func (s *Server) ScheduleRefreshAuthorityCert() {
interval := math.Min(math.Floor(float64(s.Options.CaValidity)/100),
10_000)
for true {
time.Sleep(time.Duration(interval) * time.Millisecond)
- if s.CertStorage.AuthorityCert.NeedRefresh() {
+ if s.CertStorage.GetAuthorityCert().NeedRefresh() {
logger.Sugar.Infof("Authority cert is invalid, refresh
it.")
// TODO lock if multi server
// TODO refresh signed cert
- s.CertStorage.AuthorityCert =
cert.GenerateAuthorityCert(s.CertStorage.RootCert, s.Options.CaValidity)
-
s.KubeClient.UpdateAuthorityCert(s.CertStorage.AuthorityCert.CertPem,
cert.EncodePri(s.CertStorage.AuthorityCert.PrivateKey), s.Options.Namespace)
- if
s.KubeClient.UpdateAuthorityPublicKey(s.CertStorage.AuthorityCert.CertPem) {
+
s.CertStorage.SetAuthorityCert(cert.GenerateAuthorityCert(s.CertStorage.GetRootCert(),
s.Options.CaValidity))
+
s.KubeClient.UpdateAuthorityCert(s.CertStorage.GetAuthorityCert().CertPem,
cert.EncodePrivateKey(s.CertStorage.GetAuthorityCert().PrivateKey),
s.Options.Namespace)
+ if
s.KubeClient.UpdateAuthorityPublicKey(s.CertStorage.GetAuthorityCert().CertPem)
{
logger.Sugar.Infof("Write ca to config maps
success.")
} else {
logger.Sugar.Warnf("Write ca to config maps
failed.")
@@ -139,24 +140,24 @@ func (s *Server) ScheduleRefreshAuthorityCert() {
}
func (s *Server) RefreshAuthorityCert() {
- if s.CertStorage.AuthorityCert.IsValid() {
+ if s.CertStorage.GetAuthorityCert().IsValid() {
logger.Sugar.Infof("Load authority cert from kubernetes secrect
success.")
} else {
logger.Sugar.Warnf("Load authority cert from kubernetes secrect
failed.")
- s.CertStorage.AuthorityCert =
cert.GenerateAuthorityCert(s.CertStorage.RootCert, s.Options.CaValidity)
+
s.CertStorage.SetAuthorityCert(cert.GenerateAuthorityCert(s.CertStorage.GetRootCert(),
s.Options.CaValidity))
// TODO lock if multi server
-
s.KubeClient.UpdateAuthorityCert(s.CertStorage.AuthorityCert.CertPem,
cert.EncodePri(s.CertStorage.AuthorityCert.PrivateKey), s.Options.Namespace)
+
s.KubeClient.UpdateAuthorityCert(s.CertStorage.GetAuthorityCert().CertPem,
cert.EncodePrivateKey(s.CertStorage.GetAuthorityCert().PrivateKey),
s.Options.Namespace)
}
// TODO add task to update ca
logger.Sugar.Info("Writing ca to config maps.")
- if
s.KubeClient.UpdateAuthorityPublicKey(s.CertStorage.AuthorityCert.CertPem) {
+ if
s.KubeClient.UpdateAuthorityPublicKey(s.CertStorage.GetAuthorityCert().CertPem)
{
logger.Sugar.Info("Write ca to config maps success.")
} else {
logger.Sugar.Warnf("Write ca to config maps failed.")
}
- s.CertStorage.TrustedCert = append(s.CertStorage.TrustedCert,
s.CertStorage.AuthorityCert)
+ s.CertStorage.AddTrustedCert(s.CertStorage.GetAuthorityCert())
}
func (s *Server) Start() {
diff --git a/ca/pkg/security/server_test.go b/ca/pkg/security/server_test.go
new file mode 100644
index 0000000..b572203
--- /dev/null
+++ b/ca/pkg/security/server_test.go
@@ -0,0 +1,181 @@
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package security
+
+import (
+ "crypto/tls"
+ "github.com/apache/dubbo-admin/ca/pkg/cert"
+ "github.com/apache/dubbo-admin/ca/pkg/config"
+ "github.com/apache/dubbo-admin/ca/pkg/k8s"
+ "github.com/apache/dubbo-admin/ca/pkg/logger"
+ "os"
+ "testing"
+ "time"
+)
+
+type mockKubeClient struct {
+ k8s.Client
+}
+
+var certPEM = ""
+var priPEM = ""
+
+func (s *mockKubeClient) Init() bool {
+ return true
+}
+
+func (s *mockKubeClient) GetAuthorityCert(namespace string) (string, string) {
+ return certPEM, priPEM
+}
+
+func (s *mockKubeClient) UpdateAuthorityCert(cert string, pri string,
namespace string) {
+
+}
+
+func (s *mockKubeClient) UpdateAuthorityPublicKey(cert string) bool {
+ return true
+}
+
+type mockStorage struct {
+ cert.Storage
+ origin cert.Storage
+}
+
+func (s *mockStorage) GetServerCert(serverName string) *tls.Certificate {
+ return nil
+}
+
+func (s *mockStorage) RefreshServerCert() {
+
+}
+
+func (s *mockStorage) SetAuthorityCert(cert *cert.Cert) {
+ s.origin.SetAuthorityCert(cert)
+}
+
+func (s *mockStorage) GetAuthorityCert() *cert.Cert {
+ return s.origin.GetAuthorityCert()
+}
+
+func (s *mockStorage) SetRootCert(cert *cert.Cert) {
+ s.origin.SetRootCert(cert)
+}
+
+func (s *mockStorage) GetRootCert() *cert.Cert {
+ return s.origin.GetRootCert()
+}
+
+func (s *mockStorage) AddTrustedCert(cert *cert.Cert) {
+ s.origin.AddTrustedCert(cert)
+}
+
+func (s *mockStorage) GetTrustedCerts() []*cert.Cert {
+ return s.origin.GetTrustedCerts()
+}
+
+func (s *mockStorage) GetStopChan() chan os.Signal {
+ return s.origin.GetStopChan()
+}
+
+func TestInit(t *testing.T) {
+ logger.Init()
+
+ options := &config.Options{
+ EnableKubernetes: false,
+ Namespace: "dubbo-system",
+ PlainServerPort: 30060,
+ SecureServerPort: 30062,
+ DebugPort: 30070,
+ CaValidity: 30 * 24 * 60 * 60 * 1000, // 30 day
+ CertValidity: 1 * 60 * 60 * 1000, // 1 hour
+ }
+
+ s := NewServer(options)
+ s.KubeClient = &mockKubeClient{}
+
+ s.Init()
+ if !s.CertStorage.GetAuthorityCert().IsValid() {
+ t.Fatal("Authority cert is not valid")
+ return
+ }
+
+ certPEM = s.CertStorage.GetAuthorityCert().CertPem
+ priPEM =
cert.EncodePrivateKey(s.CertStorage.GetAuthorityCert().PrivateKey)
+
+ s.PlainServer.Stop()
+ s.SecureServer.Stop()
+ s.StopChan <- os.Kill
+
+ s = NewServer(options)
+ s.KubeClient = &mockKubeClient{}
+ s.Init()
+
+ if !s.CertStorage.GetAuthorityCert().IsValid() {
+ t.Fatal("Authority cert is not valid")
+ return
+ }
+
+ if s.CertStorage.GetAuthorityCert().CertPem != certPEM {
+ t.Fatal("Authority cert is not equal")
+ return
+ }
+
+ s.PlainServer.Stop()
+ s.SecureServer.Stop()
+ s.StopChan <- os.Kill
+ s.CertStorage.GetStopChan() <- os.Kill
+}
+
+func TestRefresh(t *testing.T) {
+ logger.Init()
+
+ options := &config.Options{
+ EnableKubernetes: false,
+ Namespace: "dubbo-system",
+ PlainServerPort: 30060,
+ SecureServerPort: 30062,
+ DebugPort: 30070,
+ CaValidity: 10,
+ }
+
+ s := NewServer(options)
+
+ s.KubeClient = &mockKubeClient{}
+ storage := &mockStorage{}
+ storage.origin = cert.NewStorage(options)
+ s.CertStorage = storage
+
+ s.Init()
+
+ origin := s.CertStorage.GetAuthorityCert()
+
+ for i := 0; i < 1000; i++ {
+ // wait at most 100s
+ time.Sleep(100 * time.Millisecond)
+ if s.CertStorage.GetAuthorityCert() != origin {
+ break
+ }
+ }
+
+ if s.CertStorage.GetAuthorityCert() == origin {
+ t.Fatal("Authority cert is not refreshed")
+ return
+ }
+
+ s.PlainServer.Stop()
+ s.SecureServer.Stop()
+ s.StopChan <- os.Kill
+}
diff --git a/ca/pkg/v1alpha1/ca_impl.go b/ca/pkg/v1alpha1/ca_impl.go
index 1e8e218..cdcc225 100644
--- a/ca/pkg/v1alpha1/ca_impl.go
+++ b/ca/pkg/v1alpha1/ca_impl.go
@@ -30,7 +30,7 @@ import (
type DubboCertificateServiceServerImpl struct {
UnimplementedDubboCertificateServiceServer
Options *config.Options
- CertStorage *cert.Storage
+ CertStorage cert.Storage
KubeClient k8s.Client
}
@@ -91,7 +91,7 @@ func (s *DubboCertificateServiceServerImpl)
CreateCertificate(c context.Context,
}
// TODO check server token
- certPem, err := cert.SignFromCSR(csr, s.CertStorage.AuthorityCert,
s.Options.CertValidity)
+ certPem, err := cert.SignFromCSR(csr, s.CertStorage.GetAuthorityCert(),
s.Options.CertValidity)
if err != nil {
logger.Sugar.Warnf("Failed to sign certificate from csr: %v.
RemoteAddr: %s", err, p.Addr.String())
return &DubboCertificateResponse{
@@ -106,7 +106,7 @@ func (s *DubboCertificateServiceServerImpl)
CreateCertificate(c context.Context,
Success: true,
Message: "OK",
CertPem: certPem,
- TrustCerts: []string{s.CertStorage.AuthorityCert.CertPem},
+ TrustCerts: []string{s.CertStorage.GetAuthorityCert().CertPem},
ExpireTime: time.Now().UnixMilli() + (s.Options.CertValidity /
2),
}, nil
}
diff --git a/ca/pkg/v1alpha1/ca_impl_test.go b/ca/pkg/v1alpha1/ca_impl_test.go
index e3de6bf..f7a9598 100644
--- a/ca/pkg/v1alpha1/ca_impl_test.go
+++ b/ca/pkg/v1alpha1/ca_impl_test.go
@@ -57,7 +57,7 @@ func TestCSRFailed(t *testing.T) {
CaValidity: 365 * 24 * 60 * 60 * 1000,
}
storage := cert.NewStorage(options)
- storage.AuthorityCert = cert.GenerateAuthorityCert(nil,
options.CaValidity)
+ storage.SetAuthorityCert(cert.GenerateAuthorityCert(nil,
options.CaValidity))
kubeClient := &MockKubeClient{}
impl := &DubboCertificateServiceServerImpl{
@@ -122,7 +122,7 @@ func TestTokenFailed(t *testing.T) {
CaValidity: 365 * 24 * 60 * 60 * 1000,
}
storage := cert.NewStorage(options)
- storage.AuthorityCert = cert.GenerateAuthorityCert(nil,
options.CaValidity)
+ storage.SetAuthorityCert(cert.GenerateAuthorityCert(nil,
options.CaValidity))
kubeClient := &MockKubeClient{}
impl := &DubboCertificateServiceServerImpl{
@@ -233,7 +233,7 @@ func TestSuccess(t *testing.T) {
CaValidity: 365 * 24 * 60 * 60 * 1000,
}
storage := cert.NewStorage(options)
- storage.AuthorityCert = cert.GenerateAuthorityCert(nil,
options.CaValidity)
+ storage.SetAuthorityCert(cert.GenerateAuthorityCert(nil,
options.CaValidity))
kubeClient := &MockKubeClient{}
impl := &DubboCertificateServiceServerImpl{
