dubey/kat
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Minor fixes

Browse Source
This commit is contained in:
Tanishq Dubey 2025-05-17 12:48:37 -04:00
parent b33127bd34
commit ce6f2ce29d
No known key found for this signature in database
GPG Key ID: CFC1931B84DFC3F9
9 changed files with 27 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.gitignore vendored
View File

@ -29,3 +29,9 @@ go.work.sum
.local .local
*.csr
*.crt
*.key
*.srl
.kat/

6
Makefile
View File

@ -23,19 +23,19 @@ test: generate
# Run unit tests only (faster, no integration tests) # Run unit tests only (faster, no integration tests)
test-unit: test-unit:
@echo "Running unit tests..." @echo "Running unit tests..."
@go test -count=1 -short ./... @go test -v -count=1 -short ./...
# Run integration tests only # Run integration tests only
test-integration: test-integration:
@echo "Running integration tests..." @echo "Running integration tests..."
@go test -count=1 -run Integration ./... @go test -v -count=1 -run Integration ./...
# Run tests for a specific package # Run tests for a specific package
test-package: test-package:
@echo "Running tests for package $(PACKAGE)..." @echo "Running tests for package $(PACKAGE)..."
@go test -v ./$(PACKAGE) @go test -v ./$(PACKAGE)
kat-agent: kat-agent: $(shell find ./cmd/kat-agent -name '*.go') $(shell find . -name 'go.mod' -o -name 'go.sum')
@echo "Building kat-agent..." @echo "Building kat-agent..."
@go build -o kat-agent ./cmd/kat-agent/main.go @go build -o kat-agent ./cmd/kat-agent/main.go

10
internal/api/join_handler.go
View File

@ -11,8 +11,8 @@ import (
"github.com/google/uuid" "github.com/google/uuid"
"kat-system/internal/pki" "git.dws.rip/dubey/kat/internal/pki"
"kat-system/internal/store" "git.dws.rip/dubey/kat/internal/store"
) )
// JoinRequest represents the data sent by an agent when joining // JoinRequest represents the data sent by an agent when joining
@ -103,10 +103,10 @@ func NewJoinHandler(stateStore store.StateStore, caKeyPath, caCertPath string) h
// Store node registration in etcd // Store node registration in etcd
nodeRegKey := fmt.Sprintf("/kat/nodes/registration/%s", nodeName) nodeRegKey := fmt.Sprintf("/kat/nodes/registration/%s", nodeName)
nodeReg := map[string]interface{}{ nodeReg := map[string]interface{}{
"uid": nodeUID, "uid": nodeUID,
"advertiseAddr": joinReq.AdvertiseAddr, "advertiseAddr": joinReq.AdvertiseAddr,
"wireguardPubKey": joinReq.WireguardPubKey, "wireguardPubKey": joinReq.WireguardPubKey,
"joinTimestamp": time.Now().Unix(), "joinTimestamp": time.Now().Unix(),
} }
nodeRegData, err := json.Marshal(nodeReg) nodeRegData, err := json.Marshal(nodeReg)
if err != nil { if err != nil {

3
internal/api/server.go
View File

@ -8,7 +8,6 @@ import (
"log" "log"
"net/http" "net/http"
"os" "os"
"strings"
"time" "time"
) )
@ -113,7 +112,7 @@ func (s *Server) Start() error {
ClientAuth: tls.NoClientCert, // Don't require client certs for now ClientAuth: tls.NoClientCert, // Don't require client certs for now
MinVersion: tls.VersionTLS12, MinVersion: tls.VersionTLS12,
} }
log.Printf("WARNING: TLS configured without client certificate verification for Phase 2") log.Printf("WARNING: TLS configured without client certificate verification for Phase 2")
log.Printf("This is a temporary development configuration and should be secured in production") log.Printf("This is a temporary development configuration and should be secured in production")

10
internal/api/server_test.go
View File

@ -12,7 +12,7 @@ import (
"testing" "testing"
"time" "time"
"kat-system/internal/pki" "git.dws.rip/dubey/kat/internal/pki"
) )
func TestServerWithMTLS(t *testing.T) { func TestServerWithMTLS(t *testing.T) {
@ -31,7 +31,7 @@ func TestServerWithMTLS(t *testing.T) {
// Generate CA // Generate CA
caKeyPath := filepath.Join(tempDir, "ca.key") caKeyPath := filepath.Join(tempDir, "ca.key")
caCertPath := filepath.Join(tempDir, "ca.crt") caCertPath := filepath.Join(tempDir, "ca.crt")
if err := pki.GenerateCA(caKeyPath, caCertPath, "KAT Test CA", 24*time.Hour); err != nil { if err := pki.GenerateCA(tempDir, caKeyPath, caCertPath); err != nil {
t.Fatalf("Failed to generate CA: %v", err) t.Fatalf("Failed to generate CA: %v", err)
} }
@ -39,7 +39,7 @@ func TestServerWithMTLS(t *testing.T) {
serverKeyPath := filepath.Join(tempDir, "server.key") serverKeyPath := filepath.Join(tempDir, "server.key")
serverCSRPath := filepath.Join(tempDir, "server.csr") serverCSRPath := filepath.Join(tempDir, "server.csr")
serverCertPath := filepath.Join(tempDir, "server.crt") serverCertPath := filepath.Join(tempDir, "server.crt")
if err := pki.GenerateCertificateRequest("server.test", serverKeyPath, serverCSRPath); err != nil { if err := pki.GenerateCertificateRequest("localhost", serverKeyPath, serverCSRPath); err != nil {
t.Fatalf("Failed to generate server CSR: %v", err) t.Fatalf("Failed to generate server CSR: %v", err)
} }
if err := pki.SignCertificateRequest(caKeyPath, caCertPath, serverCSRPath, serverCertPath, 24*time.Hour); err != nil { if err := pki.SignCertificateRequest(caKeyPath, caCertPath, serverCSRPath, serverCertPath, 24*time.Hour); err != nil {
@ -58,7 +58,7 @@ func TestServerWithMTLS(t *testing.T) {
} }
// Create and start server // Create and start server
server, err := NewServer("localhost:0", serverCertPath, serverKeyPath, caCertPath) server, err := NewServer("localhost:8443", serverCertPath, serverKeyPath, caCertPath)
if err != nil { if err != nil {
t.Fatalf("Failed to create server: %v", err) t.Fatalf("Failed to create server: %v", err)
} }
@ -76,7 +76,7 @@ func TestServerWithMTLS(t *testing.T) {
}() }()
// Wait for server to start // Wait for server to start
time.Sleep(100 * time.Millisecond) time.Sleep(250 * time.Millisecond)
// Load CA cert // Load CA cert
caCert, err := os.ReadFile(caCertPath) caCert, err := os.ReadFile(caCertPath)

4
internal/config/parse_test.go
View File

@ -201,8 +201,8 @@ func TestValidateClusterConfiguration_InvalidValues(t *testing.T) {
ApiPort: 10251, ApiPort: 10251,
EtcdPeerPort: 2380, EtcdPeerPort: 2380,
EtcdClientPort: 2379, EtcdClientPort: 2379,
VolumeBasePath: "~/.kat/volumes", VolumeBasePath: ".kat/volumes",
BackupPath: "~/.kat/backups", BackupPath: ".kat/backups",
BackupIntervalMinutes: 30, BackupIntervalMinutes: 30,
AgentTickSeconds: 15, AgentTickSeconds: 15,
NodeLossTimeoutSeconds: 60, NodeLossTimeoutSeconds: 60,

4
internal/config/types.go
View File

@ -11,8 +11,8 @@ const (
DefaultApiPort = 9115 DefaultApiPort = 9115
DefaultEtcdPeerPort = 2380 DefaultEtcdPeerPort = 2380
DefaultEtcdClientPort = 2379 DefaultEtcdClientPort = 2379
DefaultVolumeBasePath = "~/.kat/volumes" DefaultVolumeBasePath = ".kat/volumes"
DefaultBackupPath = "~/.kat/backups" DefaultBackupPath = ".kat/backups"
DefaultBackupIntervalMins = 30 DefaultBackupIntervalMins = 30
DefaultAgentTickSeconds = 15 DefaultAgentTickSeconds = 15
DefaultNodeLossTimeoutSec = 60 // DefaultNodeLossTimeoutSeconds = DefaultAgentTickSeconds * 4 (example logic) DefaultNodeLossTimeoutSec = 60 // DefaultNodeLossTimeoutSeconds = DefaultAgentTickSeconds * 4 (example logic)

14
internal/pki/ca.go
View File

@ -22,7 +22,7 @@ const (
// Default certificate validity period // Default certificate validity period
DefaultCertValidityDays = 365 // 1 year DefaultCertValidityDays = 365 // 1 year
// Default PKI directory // Default PKI directory
DefaultPKIDir = "/var/lib/kat/pki" DefaultPKIDir = ".kat/pki"
) )
// GenerateCA creates a new Certificate Authority key pair and certificate. // GenerateCA creates a new Certificate Authority key pair and certificate.
@ -271,18 +271,6 @@ func GetPKIPathFromClusterConfig(backupPath string) string {
return filepath.Dir(backupPath) + "/pki" return filepath.Dir(backupPath) + "/pki"
} }
// GetPKIPathFromClusterConfig determines the PKI directory from the cluster configuration.
// If backupPath is provided, it uses the parent directory of backupPath.
// Otherwise, it uses the default PKI directory.
func GetPKIPathFromClusterConfig(backupPath string) string {
if backupPath == "" {
return DefaultPKIDir
}
// Use the parent directory of backupPath
return filepath.Dir(backupPath) + "/pki"
}
// generateSerialNumber creates a random serial number for certificates // generateSerialNumber creates a random serial number for certificates
func generateSerialNumber() (*big.Int, error) { func generateSerialNumber() (*big.Int, error) {
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) // 128 bits serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) // 128 bits

4
internal/testutil/testutil.go
View File

@ -51,8 +51,8 @@ spec:
apiPort: 9115 apiPort: 9115
etcdPeerPort: 2380 etcdPeerPort: 2380
etcdClientPort: 2379 etcdClientPort: 2379
volumeBasePath: "~/.kat/volumes" volumeBasePath: ".kat/volumes"
backupPath: "~/.kat/backups" backupPath: ".kat/backups"
backupIntervalMinutes: 30 backupIntervalMinutes: 30
agentTickSeconds: 15 agentTickSeconds: 15
nodeLossTimeoutSeconds: 60 nodeLossTimeoutSeconds: 60