+81
-11
lines changedFilter options
+81
-11
lines changed Original file line number Diff line number Diff line change
@@ -11,10 +11,45 @@ jobs:
11 11
strategy:
12 12
matrix:
13 13
go: ["1.18", "1.19"]
14 +
services:
15 +
# Label used to access the service container
16 +
postgres:
17 +
# Docker Hub image
18 +
image: postgres
19 +
# Provide the password for postgres
20 +
env:
21 +
POSTGRES_DB: postgres_db
22 +
POSTGRES_PASSWORD: ""
23 +
POSTGRES_HOST_AUTH_METHOD: trust # allow no password
24 +
POSTGRES_PORT: 5432
25 +
POSTGRES_USER: postgres
26 +
# Set health checks to wait until postgres has started
27 +
options: >-
28 +
--health-cmd pg_isready
29 +
--health-interval 10s
30 +
--health-timeout 5s
31 +
--health-retries 5
32 +
ports:
33 +
- 5432:5432
34 +
mysql:
35 +
image: mysql
36 +
env:
37 +
MYSQL_ALLOW_EMPTY_PASSWORD: yes
38 +
MYSQL_ROOT_PASSWORD: ""
39 +
ports:
40 +
- 3306:3306
41 +
options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
42 + 14 43
env:
15 44
GOFLAGS: "-mod=vendor"
16 45
GODEBUG: "x509sha1=1"
46 +
BUILD_TAGS: "postgresql"
47 +
PGHOST: localhost
48 +
MYSQL_HOST: 127.0.0.1
17 49
steps:
50 +
- run: psql -c 'create database certdb_development;' -U postgres;
51 +
- run: mysql -e 'create database certdb_development;' -u root;
52 +
- run: mysql -e 'SET global sql_mode = 0;' -u root;
18 53
- uses: actions/checkout@v2
19 54 20 55
- name: Set up Go
@@ -24,11 +59,11 @@ jobs:
24 59 25 60
- name: Build
26 61
run: go build -v ./...
27 - 62 +
- run: make bin/goose;
63 +
- run: ./bin/goose -path certdb/pg up;
64 +
- run: ./bin/goose -path certdb/mysql up;
28 65
- name: Test
29 66
run: ./test.sh
30 -
# todo: these Actions tests still need to be updated to run the database tests
31 -
# that used to run in travis
32 67
- uses: codecov/codecov-action@v3
33 68 34 69
golangci:
@@ -76,6 +76,7 @@ type Accessor interface {
76 76
GetCertificate(serial, aki string) ([]CertificateRecord, error)
77 77
GetUnexpiredCertificates() ([]CertificateRecord, error)
78 78
GetRevokedAndUnexpiredCertificates() ([]CertificateRecord, error)
79 +
GetUnexpiredCertificatesByLabel(labels []string) (crs []CertificateRecord, err error)
79 80
GetRevokedAndUnexpiredCertificatesByLabel(label string) ([]CertificateRecord, error)
80 81
GetRevokedAndUnexpiredCertificatesByLabelSelectColumns(label string) ([]CertificateRecord, error)
81 82
RevokeCertificate(serial, aki string, reasonCode int) error
@@ -1,6 +1,6 @@
1 1
development:
2 2
driver: postgres
3 -
open: dbname=certdb_development sslmode=disable
3 +
open: dbname=certdb_development sslmode=disable user=postgres
4 4 5 5
test:
6 6
driver: postgres
@@ -72,6 +72,8 @@ type Accessor struct {
72 72
db *sqlx.DB
73 73
}
74 74 75 +
var _ certdb.Accessor = &Accessor{}
76 + 75 77
func wrapSQLError(err error) error {
76 78
if err != nil {
77 79
return cferr.Wrap(cferr.CertStoreError, cferr.Unknown, err)
@@ -176,6 +178,29 @@ func (d *Accessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, e
176 178
return crs, nil
177 179
}
178 180 181 +
// GetUnexpiredCertificatesByLabel gets all unexpired certificate from db that have the provided label.
182 +
func (d *Accessor) GetUnexpiredCertificatesByLabel(labels []string) (crs []certdb.CertificateRecord, err error) {
183 +
err = d.checkDB()
184 +
if err != nil {
185 +
return nil, err
186 +
}
187 + 188 +
query, args, err := sqlx.In(
189 +
fmt.Sprintf(`SELECT %s FROM certificates WHERE CURRENT_TIMESTAMP < expiry AND ca_label IN (?)`,
190 +
sqlstruct.Columns(certdb.CertificateRecord{}),
191 +
), labels)
192 +
if err != nil {
193 +
return nil, wrapSQLError(err)
194 +
}
195 + 196 +
err = d.db.Select(&crs, d.db.Rebind(query), args...)
197 +
if err != nil {
198 +
return nil, wrapSQLError(err)
199 +
}
200 + 201 +
return crs, nil
202 +
}
203 + 179 204
// GetRevokedAndUnexpiredCertificates gets all revoked and unexpired certificate from db (for CRLs).
180 205
func (d *Accessor) GetRevokedAndUnexpiredCertificates() (crs []certdb.CertificateRecord, err error) {
181 206
err = d.checkDB()
@@ -114,12 +114,13 @@ func testInsertCertificateAndGetUnexpiredCertificate(ta TestAccessor, t *testing
114 114 115 115
expiry := time.Now().Add(time.Minute)
116 116
want := certdb.CertificateRecord{
117 -
PEM: "fake cert data",
118 -
Serial: "fake serial 2",
119 -
AKI: fakeAKI,
120 -
Status: "good",
121 -
Reason: 0,
122 -
Expiry: expiry,
117 +
PEM: "fake cert data",
118 +
Serial: "fake serial 2",
119 +
AKI: fakeAKI,
120 +
Status: "good",
121 +
Reason: 0,
122 +
Expiry: expiry,
123 +
CALabel: "foo",
123 124
}
124 125 125 126
if err := ta.Accessor.InsertCertificate(want); err != nil {
@@ -153,6 +154,14 @@ func testInsertCertificateAndGetUnexpiredCertificate(ta TestAccessor, t *testing
153 154
if len(unexpired) != 1 {
154 155
t.Error("Should have 1 unexpired certificate record:", len(unexpired))
155 156
}
157 + 158 +
unexpiredFiltered, err := ta.Accessor.GetUnexpiredCertificatesByLabel([]string{"foo"})
159 +
require.NoError(t, err)
160 +
require.Len(t, unexpiredFiltered, 1)
161 +
unexpiredFiltered, err = ta.Accessor.GetUnexpiredCertificatesByLabel([]string{"bar"})
162 +
require.NoError(t, err)
163 +
require.Len(t, unexpiredFiltered, 0)
164 + 156 165
}
157 166
func testInsertCertificateAndGetUnexpiredCertificateNullCommonName(ta TestAccessor, t *testing.T) {
158 167
ta.Truncate()
@@ -60,7 +60,7 @@ func MySQLDB() *sqlx.DB {
60 60 61 61
// PostgreSQLDB returns a PostgreSQL db instance for certdb testing.
62 62
func PostgreSQLDB() *sqlx.DB {
63 -
connStr := "dbname=certdb_development sslmode=disable"
63 +
connStr := "dbname=certdb_development sslmode=disable user=postgres"
64 64 65 65
if dbURL := os.Getenv("DATABASE_URL"); dbURL != "" {
66 66
connStr = dbURL
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4