feat: Integrate certificate store (#680)

So that we can rotate certificates. Fixes #49 TODO - [x] Move certificates from private key store to certificate store. - [x] Write migration script. - [x] Delete all references to `GATEWAY_KEY_ID` env var - [x] Alter `/cogrpc/service.spec.ts` to use real MongoDB instead of complicated mocks. - [x] Remove `retrieveOwnCertificates`. - [x] Remove all `VAULT_*` env vars from functional test dir.
relaycorp · Nov 30, 2021 · 5a78d88 · 5a78d88
1 parent 89df49a
commit 5a78d88
Show file tree

Hide file tree

Showing 47 changed files with 997 additions and 380 deletions.
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
@@ -22,7 +22,7 @@ jobs:
       - name: Install dependencies
         run: npm ci
       - run: npm run static-checks
-      - run: npm run test:ci:unit
+      - run: npm run test:unit
 
       - uses: azure/setup-helm@v1
         with:
@@ -61,7 +61,6 @@ jobs:
           kubectl port-forward --address 127.0.0.1 svc/public-gateway-pohttp 8081:8080 &
           kubectl port-forward --address 127.0.0.1 svc/public-gateway-cogrpc 8082:8081 &
           kubectl port-forward --address 127.0.0.1 svc/relaynet-pong-pohttp 8083:80 &
-          kubectl port-forward --address 127.0.0.1 svc/public-gateway-vault 8200:8200 &
           kubectl port-forward --address 127.0.0.1 svc/nats 4222:4222 &
           kubectl port-forward --address 127.0.0.1 svc/minio 9000:9000 &
 

diff --git a/.gitignore b/.gitignore
@@ -12,3 +12,6 @@ docs/vendor
 
 chart/charts
 chart/tmpcharts
+
+# Work around https://github.com/shelfio/jest-mongodb/issues/214
+/globalConfig.json
diff --git a/chart/templates/cogrpc-deploy.yml b/chart/templates/cogrpc-deploy.yml
@@ -18,7 +18,6 @@ spec:
         {{- toYaml .Values.podAnnotations | nindent 8 }}
         {{- end }}
         global-cm-digest: {{ include "relaynet-internet-gateway.resourceDigest" (merge (dict "fileName" "global-cm.yml") .) }}
-        generated-cm-digest: {{ include "relaynet-internet-gateway.resourceDigest" (merge (dict "fileName" "generated-cm.yml") .) }}
         mongo-cm-digest: {{ include "relaynet-internet-gateway.resourceDigest" (merge (dict "fileName" "mongo-cm.yml") .) }}
         global-secret-digest: {{ include "relaynet-internet-gateway.resourceDigest" (merge (dict "fileName" "global-secret.yml") .) }}
       labels:
@@ -50,8 +49,6 @@ spec:
           envFrom:
             - configMapRef:
                 name: {{ include "relaynet-internet-gateway.fullname" . }}
-            - configMapRef:
-                name: {{ include "relaynet-internet-gateway.fullname" . }}-generated
             - configMapRef:
                 name: {{ include "relaynet-internet-gateway.fullname" . }}-mongo
             - secretRef:

diff --git a/chart/templates/generated-cm.yml b/chart/templates/generated-cm.yml
diff --git a/chart/templates/keygen-job.yml b/chart/templates/keygen-job.yml
@@ -29,8 +29,6 @@ spec:
           envFrom:
             - configMapRef:
                 name: {{ include "relaynet-internet-gateway.fullname" . }}
-            - configMapRef:
-                name: {{ include "relaynet-internet-gateway.fullname" . }}-generated
             - configMapRef:
                 name: {{ include "relaynet-internet-gateway.fullname" . }}-mongo
             - secretRef:

diff --git a/chart/templates/poweb-deploy.yml b/chart/templates/poweb-deploy.yml
@@ -18,7 +18,6 @@ spec:
         {{- toYaml .Values.podAnnotations | nindent 8 }}
         {{- end }}
         global-cm-digest: {{ include "relaynet-internet-gateway.resourceDigest" (merge (dict "fileName" "global-cm.yml") .) }}
-        generated-cm-digest: {{ include "relaynet-internet-gateway.resourceDigest" (merge (dict "fileName" "generated-cm.yml") .) }}
         mongo-cm-digest: {{ include "relaynet-internet-gateway.resourceDigest" (merge (dict "fileName" "mongo-cm.yml") .) }}
         global-secret-digest: {{ include "relaynet-internet-gateway.resourceDigest" (merge (dict "fileName" "global-secret.yml") .) }}
       labels:
@@ -44,8 +43,6 @@ spec:
           envFrom:
             - configMapRef:
                 name: {{ include "relaynet-internet-gateway.fullname" . }}
-            - configMapRef:
-                name: {{ include "relaynet-internet-gateway.fullname" . }}-generated
             - configMapRef:
                 name: {{ include "relaynet-internet-gateway.fullname" . }}-mongo
             - secretRef:

diff --git a/chart/values.schema.json b/chart/values.schema.json
@@ -73,9 +73,6 @@
         }
       }
     },
-    "gatewayKeyId": {
-      "type": "string"
-    },
     "proxyRequestIdHeader": {
       "type": "string"
     },

diff --git a/jest-mongodb-config.js b/jest-mongodb-config.js
@@ -0,0 +1,11 @@
+module.exports = {
+  mongodbMemoryServerOptions: {
+    binary: {
+      version: '4.2.17',
+      skipMD5: false,
+    },
+    instance: {},
+    autoStart: false,
+  },
+  useSharedDBForAllJestWorkers: false,
+};
diff --git a/jest.config.ci.js b/jest.config.ci.js
diff --git a/jest.config.js b/jest.config.js
@@ -1,5 +1,4 @@
-// For a detailed explanation regarding each configuration property, visit:
-// https://jestjs.io/docs/en/configuration.html
+const { defaults: tsjPreset } = require('ts-jest/presets');
 
 module.exports = {
   // All imported modules in your tests should be mocked automatically
@@ -90,7 +89,7 @@ module.exports = {
   // notifyMode: "failure-change",
 
   // A preset that is used as a base for Jest's configuration
-  preset: "ts-jest",
+  preset: "@shelf/jest-mongodb",
 
   // Run tests from one or more projects
   // projects: null,
@@ -130,8 +129,8 @@ module.exports = {
   // A list of paths to snapshot serializer modules Jest should use for snapshot testing
   // snapshotSerializers: [],
 
-  // The test environment that will be used for testing
-  testEnvironment: "node",
+  // Work around https://github.com/shelfio/jest-mongodb/issues/109
+  // testEnvironment: "node",
 
   // Options that will be passed to the testEnvironment
   // testEnvironmentOptions: {},
@@ -167,7 +166,7 @@ module.exports = {
   // timers: "real",
 
   // A map from regular expressions to paths to transformers
-  // transform: null,
+  transform: tsjPreset.transform,
 
   // An array of regexp pattern strings that are matched against all source file paths, matched files will skip transformation
   // transformIgnorePatterns: [