diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5004469..d59c5f6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,11 +35,21 @@ jobs: with: context: . file: flagd/Dockerfile + target: testbed push: false - name: Build flagd-testbed-unstable Docker image uses: docker/build-push-action@v6 with: context: . - file: flagd/Dockerfile.unstable + file: flagd/Dockerfile + target: unstable + push: false + + - name: Build flagd-testbed-ssl Docker image + uses: docker/build-push-action@v6 + with: + context: . + file: flagd/Dockerfile + target: ssl push: false diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 88b95a1..51d3659 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -57,6 +57,7 @@ jobs: with: context: . file: flagd/Dockerfile + target: testbed push: true tags: | ${{ env.REGISTRY }}/open-feature/${{ env.FLAGD_IMAGE_NAME }}:${{ needs.release-please.outputs.release_tag_name }} @@ -68,7 +69,8 @@ jobs: uses: docker/build-push-action@v6 with: context: . - file: flagd/Dockerfile.unstable + file: flagd/Dockerfile + target: unstable push: true tags: | ${{ env.REGISTRY }}/open-feature/${{ env.FLAGD_IMAGE_NAME }}-unstable:${{ needs.release-please.outputs.release_tag_name }} @@ -76,4 +78,14 @@ jobs: ${{ env.REGISTRY }}/open-feature/${{ env.SYNC_IMAGE_NAME }}:${{ needs.release-please.outputs.release_tag_name }} ${{ env.REGISTRY }}/open-feature/${{ env.SYNC_IMAGE_NAME }}:latest - \ No newline at end of file + - name: Build and push flagd-testbed-ssl Docker image + uses: docker/build-push-action@v6 + with: + context: . + file: flagd/Dockerfile + target: ssl + push: true + tags: | + ${{ env.REGISTRY }}/open-feature/${{ env.FLAGD_IMAGE_NAME }}-ssl:${{ needs.release-please.outputs.release_tag_name }} + ${{ env.REGISTRY }}/open-feature/${{ env.FLAGD_IMAGE_NAME }}-ssl:latest + diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 2396e1a..13f053a 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "0.5.17" + ".": "0.5.20" } \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ccdfd8..83ddf9e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,26 @@ # Changelog +## [0.5.20](https://github.com/open-feature/flagd-testbed/compare/v0.5.19...v0.5.20) (2024-12-25) + + +### Features + +* move to grace period from grace attempts ([#172](https://github.com/open-feature/flagd-testbed/issues/172)) ([56a600f](https://github.com/open-feature/flagd-testbed/commit/56a600fd0f9bcdcc435ac41ed02edcf832a01b3c)) + +## [0.5.19](https://github.com/open-feature/flagd-testbed/compare/v0.5.18...v0.5.19) (2024-12-17) + + +### Features + +* add certificates for ssl test and an ssl test image ([#168](https://github.com/open-feature/flagd-testbed/issues/168)) ([8177dc0](https://github.com/open-feature/flagd-testbed/commit/8177dc0c4bde7ddadb5a939f55ee70663ca485b9)) + +## [0.5.18](https://github.com/open-feature/flagd-testbed/compare/v0.5.17...v0.5.18) (2024-12-16) + + +### Features + +* add yaml file with current version, to easier fetch images corr… ([#169](https://github.com/open-feature/flagd-testbed/issues/169)) ([ac1263a](https://github.com/open-feature/flagd-testbed/commit/ac1263af53f3d9380bfe4732034f4282f9a93228)) + ## [0.5.17](https://github.com/open-feature/flagd-testbed/compare/v0.5.16...v0.5.17) (2024-12-06) diff --git a/README.md b/README.md index 9f09576..b796465 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,12 @@ The _flagd-testbed_ container is a docker image built on flagd, which essentiall See the [flagd docs](https://flagd.dev/) for more information on flagd. +### SSL + +The _flagd-testbed-ssl_ container is based on _flagd-testbed_ but replaces all the certificates for SSL testing with a custom root CA. +Within the SSL folder you will find all the necessary OpenSSL files, and the commands used for generation. +Please do not use this CA in any kind of production environment. + ## Gherkin test suite The [gherkin/](gherkin/) dir includes a set of [_gherkin_](https://cucumber.io/docs/gherkin/) tests that define expected behavior associated with the configurations defined in the flagd-testbed (see [flags/](flags/)). @@ -31,4 +37,5 @@ Included suites: The Gherkin files structure can be linted using [gherkin-lint](https://github.com/vsiakka/gherkin-lint). The following commands require Node.js 10 or later. 1. npm install -1. npm run gherkin-lint \ No newline at end of file +1. npm run gherkin-lint + diff --git a/flagd/Dockerfile b/flagd/Dockerfile index 02ad830..fe9a5e0 100644 --- a/flagd/Dockerfile +++ b/flagd/Dockerfile @@ -1,7 +1,7 @@ # we NEED flagd v0.6.4 as a minimum -FROM ghcr.io/open-feature/flagd:v0.11.4 AS flagd +FROM ghcr.io/open-feature/flagd:v0.11.5 AS flagd -FROM busybox:1.37 +FROM busybox:1.37 AS testbed COPY --from=flagd /flagd-build /flagd COPY flags/* . @@ -15,3 +15,31 @@ ENTRYPOINT ["sh", "change-flag-wrapper.sh", "./flagd", "start", \ "-f", "file:evaluator-refs.json", \ "-f", "file:edge-case-flags.json", \ "-f", "file:zero-flags.json"] + +FROM testbed AS unstable + +ENTRYPOINT ["sh", "restart-wrapper.sh", "./flagd", "start", \ + "-f", "file:testing-flags.json"] + +FROM alpine/openssl AS certs + +# Copy the server and CA certificates +COPY ssl/* ./ + +RUN openssl genpkey -algorithm RSA -out server-key.pem -pkeyopt rsa_keygen_bits:2048 +RUN openssl req -new -key server-key.pem -out server.csr -subj "/CN=localhost" \ + && openssl x509 -req -in server.csr -CA custom-root-cert.crt -CAkey custom-ca.key -CAcreateserial -out server-cert.pem -days 365 -sha256 + +FROM testbed AS ssl + +# Copy the custom root CA certificate into the image + +COPY --from=certs server-cert.pem /etc/ssl/certs/ +COPY --from=certs server-key.pem /etc/ssl/private/ +COPY --from=certs custom-root-cert.crt /etc/ssl/certs/ + + +ENTRYPOINT ["./flagd", "start",\ + "-f", "file:testing-flags.json", \ + "-c", "/etc/ssl/certs/server-cert.pem", \ + "-k", "/etc/ssl/private/server-key.pem"] diff --git a/flagd/Dockerfile.unstable b/flagd/Dockerfile.unstable deleted file mode 100644 index 1cfd0f1..0000000 --- a/flagd/Dockerfile.unstable +++ /dev/null @@ -1,12 +0,0 @@ -# we NEED flagd v0.6.4 as a minimum -FROM ghcr.io/open-feature/flagd:v0.11.4 AS flagd - -FROM busybox:1.37 - -COPY --from=flagd /flagd-build /flagd -COPY flags/* . -COPY scripts/* . -LABEL org.opencontainers.image.source="https://github.com/open-feature/flagd-testbed" - -ENTRYPOINT ["sh", "restart-wrapper.sh", "./flagd", "start", \ - "-f", "file:testing-flags.json"] diff --git a/gherkin/config.feature b/gherkin/config.feature index c3944a0..37e1b1c 100644 --- a/gherkin/config.feature +++ b/gherkin/config.feature @@ -14,7 +14,7 @@ Feature: Configuration Test | streamDeadlineMs | FLAGD_STREAM_DEADLINE_MS | deadline for streaming calls, useful as an application-layer keepalive | int | 600000 | rpc & in-process | | retryBackoffMs | FLAGD_RETRY_BACKOFF_MS | initial backoff for stream retry | int | 1000 | rpc & in-process | | retryBackoffMaxMs | FLAGD_RETRY_BACKOFF_MAX_MS | maximum backoff for stream retry | int | 120000 | rpc & in-process | - | retryGracePeriod | FLAGD_RETRY_GRACE_PERIOD | amount of stream retry attempts before provider moves from STALE to ERROR state | int | 5 | rpc & in-process | + | retryGracePeriod | FLAGD_RETRY_GRACE_PERIOD | time before provider moves from STALE to ERROR state | int | 5 | rpc & in-process | | keepAliveTime | FLAGD_KEEP_ALIVE_TIME_MS | http 2 keepalive | long | 0 | rpc & in-process | | cache | FLAGD_CACHE | enable cache of static flags | String - `lru`, `disabled` | lru | rpc | | maxCacheSize | FLAGD_MAX_CACHE_SIZE | max size of static flag cache | int | 1000 | rpc | diff --git a/gherkin/flagd-reconnect.feature b/gherkin/flagd-reconnect.feature index 31c88e5..b1c709f 100644 --- a/gherkin/flagd-reconnect.feature +++ b/gherkin/flagd-reconnect.feature @@ -1,17 +1,55 @@ -@rpc @in-process @reconnect +@rpc @in-process Feature: flagd provider disconnect and reconnect functionality + Scenario Outline: Connection + Given a flagd provider + And a Boolean-flag with key "boolean-flag" and a default value "true" + When the flag was evaluated with details + Then the resolved details value should be "true" + + Examples: Stable + | name | + | stable | + @targetURI + Examples: Target URI + | name | + | target | + @customCert + Examples: Certificates + | name | + | ssl | + @unixsocket @os.linux + Examples: Unixsocket + | name | + | socket | + + @reconnect # This test suite tests the reconnection functionality of flagd providers - Scenario: Provider reconnection - Given a stable flagd provider + Scenario Outline: Provider reconnection + Given a flagd provider And a ready event handler And a error event handler When a ready event was fired - Then the ready event handler should have been executed - When the connection is lost for 6s + When the connection is lost for 4s Then the error event handler should have been executed Then the ready event handler should have been executed + Examples: Stable + | name | + | stable | + @targetURI + Examples: Target URI + | name | + | socket | + @customCert + Examples: Certificates + | name | + | ssl | + @unixsocket @os.linux + Examples: Unixsocket + | name | + | socket | + Scenario: Provider unavailable Given an option "deadlineMs" of type "Integer" with value "1000" And a unavailable flagd provider diff --git a/gherkin/flagd.feature b/gherkin/flagd.feature index ab0fa51..4b2ee10 100644 --- a/gherkin/flagd.feature +++ b/gherkin/flagd.feature @@ -1,3 +1,4 @@ +@rpc @in-process Feature: flagd providers # This test suite contains scenarios to test flagd providers. diff --git a/release-please-config.json b/release-please-config.json index 718d5b7..1b900a0 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -8,4 +8,4 @@ "bump-patch-for-minor-pre-major": true } } -} \ No newline at end of file +} diff --git a/ssl/README.md b/ssl/README.md new file mode 100644 index 0000000..e043d6b --- /dev/null +++ b/ssl/README.md @@ -0,0 +1,10 @@ +commands used to generate the cert + +```shell +# generating custom ca +openssl genpkey -algorithm RSA -out custom-ca.key -pkeyopt rsa_keygen_bits:4096 + +# generating root cert +openssl req -x509 -new -key custom-ca.key -out custom-root-cert.crt -days 3650 -sha256 -subj "/CN=Flagd testbed ROOT CA" + +``` diff --git a/ssl/custom-ca.key b/ssl/custom-ca.key new file mode 100644 index 0000000..2d6da44 --- /dev/null +++ b/ssl/custom-ca.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDQYbJXuYOPP1/m +4+Zewb71MX0rqQmBWx03/p2InTkgA80py1OhrdAb67BFcYueq3zmWAgvZHbyS8aj +NJqhLsFA7peuqffB1k2iprjkjJjMcCUOGXGnWdDG+8/lmFnUIEdz65eKixvZc5Vd +QWy0vFjhIpu2ueP2x9wVstNdVWR3FOdZ30xkCu26X1mBen1zLtfyoVp/Vq0PaSLa +mqft/kLq8nruCDvLFctuArP/cq/1nC1UekUwuacOvCuSJfRmOPd3OKj3558RIPiK +fdcEjoMxG827716MkWJRpaO+nN0repg2bi8usLP2xUIg7szuGijNcEWhFM75zThl +XCgMEZYnDPGNnI6HeZG+Do2UPu/g+sAJQt+VTo707l2auL9ubvVJejOj5LJqtMyr +qvX0XIFDEEt14kyK8fVSvIuW3tMZXsSSZA+Gzuvl5Tgc2UgEfbB8ERO1MRyBZHMR +/TDbe66x/x3lleVrqmrbSRBWpgNtDET5T9sJ1FZTjhf3qKOs6v22ppMfs9pSTjL6 +QhdoUKjSYEK0Ci710EKRDSFBWkLMlSdDCEHHWZzKT8NFhb5BfJ0S3n4qfK2kHIrb +2/HL5YeTCPzbFcsSHfGpu9CZRrLYRE7qc8pUcbzo2CSMNVRiO57cMpvlj/uSmROl +wupykvaJCutqCSu3vGfXSC2hdF7wWwIDAQABAoICAAEjHaDzJ7dzXq6Vu2X0k7SO +PDQNbOLd4apBS+lrUz4TldEJ6ftAumIWWFJFDKM/Vho39A7Sz2EJC5zKeF7fPY+b +GhMvotMtazpvKzHE6Tv/67XfWq/ORpumeKahPrGEKg90362L0uw48ckRLlwhRtlf +oERlNqUwOMKqg/+OhS8gRJV5M0VlJu+f8UeopXdfk7cTVAPI+PoRSXI3TBMOaikM +My2qh5vXEu/wMkS9D8OmLRhxgapye1mDlyRRhBlDuWjVemYsskx9jhpt6JDJXrdH +b4nvZWnIVa5dJMPYFostKSH4LOAR8ssXTMsI3IGjreTeR3My+0OKry/tM+9NVLXS +nYOht33JBKr3Sk4pv4CC2voB/vUpkR69Z59CNPSYrb1JetJ6NMgqaTMsv05i/SJu +j8HNkiXkojcs+LyVfM/MBE5qL1bPJ3xYVX5TUd+o45vcerVoS0EHpWDnBnmdK+VF +H73HscrCHL4Bp/YOS58lNuSKUNGkQ2fyak/U66RJYHKWa0HSSBZWX5fi4IEpagEb +3h4sRbqqw1GSKVszrP5nnM1towu6du6343s+DzhT6PSHmWN7MVTrpfdoSUFnBySr +CEiIs3Z90emAoSpLTFZ0xEcqIEvJw7+zn3M7wuJMjqFelTSuBYGU8vD8B/pV64Wp +Xy5qN5EBfOG37YATDkdxAoIBAQDrP6lQJvcNEi6lG/EvVWQ9I5YXqxEQEuAJz52x +42v64C4nNJrkn0K//hUc/Ei76QhD3n6JBCQrfRysTP2FuuSn90iFNTQfI6yuvMXe +EZDrT0pIH9OM7mM78WtAUkjLppVqKHgGwGjnrgMeqdB53mVlECCG3R5dq6tmteuI +excS18nOvEcKk0Bwyv1DI+iMzW4S2co92DPA5oEwu9YeWwPaJaOLaVHboX9s1JOI +ZMWpmFyjrTIbyla5fcKwc9wqhv2nSMyZKCv0fkQUtPmnbfYDQUNp03gAwN9kT+nb +FIRX9b6rvqmW11/lqR4umYgE3/pMOMU23UqM43zAybxxskGlAoIBAQDiw1Q0WdvF +HQu8b4cLHRCy/wvaAEJXhokXc7oVCkc7aYpZyTo04pQViQJATqnJBZJXwI15ypHx +SPXcjYJkEuIMrW4tqE2j3VlTdvQb7JONuHSJAumfNm4iwnWTU/C38Hk2kM40konH +Wo9XQX2wcZgZCRQCrX3aKfQjOqyT5VMiswHSzdAcqsiGOECGDk8c+gFFNfH2obS2 ++VoF5pvEZnLtTHruN7AVoxncRAjUWrFFTB8QQOAUFnNEBt66oQZXpq8K6OaV+OIE +oRhEfCEAvpTPc2YJ0ytHsPY0Tm5K7OZ/kEmLgh9efNwUzmO1sgBfrCigKHVSPPhd +J4+Iw88oIcn/AoIBACP1zUnlSuqClwLCLLIRmYsG/5CKo8cTO5AEXpSssPrefe+c +SPkdpzR2AIA3yF6BFrRZNHp5WZYUP+fOtQpWMVHDqSBDq73+1Ay56n0xrjdqHW68 +/reSUTT+iGiCq4IF6t0ZZo+RpfeUUAHF74pRhqpWNsKm1ld3QHIo6OIp/rLwrXae +rTVeoQEc5m329Ttgw6y6AgJGJFMeaS0r6WUmgIY+LqvG465xF2tpa0v0K4rrMW4L +sZcx7OPZ54LVkxglHm0N4cifrWhoTLvlliwT0QFaXpW0r6ld0kghNxw4HKrdc9IJ +CR93uL8AhQ6WhYZJPpecLflfBmBW/eDydY3js8kCggEBAIe6eJ05J9VM9GherQsW +45bwF+zteMggy8/QwhGz7D0AiAID8yYSdKaLMmDBdNjQz+5cX5IFkONGU3sm7GPv +9YO3DxqfAZHSfJP7wFMygIM0Y/RaXPGiR7vgfzWm6Y9/jV3+wJ4xE+zSJLgKiCvj +YjGiAGs14v2BXRL1HLUNb3x2fuHptOZjxtCnvN9Ak1P5xGbjyidgVOWsTJj5lkSx +OZsVywLpLClXTbRMuKg6fJ7I2FMHMdh0M5wFLK2ykjRGncE+9D3SEZ7JudfMIIjs +ie+919aLof0wS721MEkCkVjLSWoKgbIxtB10B7SKjbS2PD7Y2JhXzCUd98jZwxX3 +W4sCggEBAI1V8FkHNPaw89Cd2rhpxLk+k6pQr8K6pqUJGxIJPXQdhE0dNkUb5UDi +8ZxQk34wnjrV68XAxcF1Ee1dtqSPiz9YQu3TAglXbktpLcNM33RWRJ0l66NYTLtI +1cTpZK7NPKy3MAtAN5yo3Ar24kBrPOaY4xD7rXxJb4Q/3+cOyN97T8CjoWefS4L5 +RcoXlrgbf2O4i8xds7mDZjzyB5Si8S9E4z7iUwXFAg3EAuYR6ln8zftggz8RT7kI +yiWq6gc9AvsB27BE3h1ncsS2lMwfuT9C7bSHO8RSsn3LTZ2lbiBWF3OBaDoC2e71 +adBbftlaZFzSZgw976uIBJEyeHw2sgs= +-----END PRIVATE KEY----- diff --git a/ssl/custom-root-cert.crt b/ssl/custom-root-cert.crt new file mode 100644 index 0000000..963d199 --- /dev/null +++ b/ssl/custom-root-cert.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFITCCAwmgAwIBAgIUWs226ZOg6QZpwL7sdah6owpAnEYwDQYJKoZIhvcNAQEL +BQAwIDEeMBwGA1UEAwwVRmxhZ2QgdGVzdGJlZCBST09UIENBMB4XDTI0MTIxNjE4 +NDQyNFoXDTM0MTIxNDE4NDQyNFowIDEeMBwGA1UEAwwVRmxhZ2QgdGVzdGJlZCBS +T09UIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0GGyV7mDjz9f +5uPmXsG+9TF9K6kJgVsdN/6diJ05IAPNKctToa3QG+uwRXGLnqt85lgIL2R28kvG +ozSaoS7BQO6Xrqn3wdZNoqa45IyYzHAlDhlxp1nQxvvP5ZhZ1CBHc+uXiosb2XOV +XUFstLxY4SKbtrnj9sfcFbLTXVVkdxTnWd9MZArtul9ZgXp9cy7X8qFaf1atD2ki +2pqn7f5C6vJ67gg7yxXLbgKz/3Kv9ZwtVHpFMLmnDrwrkiX0Zjj3dzio9+efESD4 +in3XBI6DMRvNu+9ejJFiUaWjvpzdK3qYNm4vLrCz9sVCIO7M7hoozXBFoRTO+c04 +ZVwoDBGWJwzxjZyOh3mRvg6NlD7v4PrACULflU6O9O5dmri/bm71SXozo+SyarTM +q6r19FyBQxBLdeJMivH1UryLlt7TGV7EkmQPhs7r5eU4HNlIBH2wfBETtTEcgWRz +Ef0w23uusf8d5ZXla6pq20kQVqYDbQxE+U/bCdRWU44X96ijrOr9tqaTH7PaUk4y ++kIXaFCo0mBCtAou9dBCkQ0hQVpCzJUnQwhBx1mcyk/DRYW+QXydEt5+KnytpByK +29vxy+WHkwj82xXLEh3xqbvQmUay2ERO6nPKVHG86NgkjDVUYjue3DKb5Y/7kpkT +pcLqcpL2iQrragkrt7xn10gtoXRe8FsCAwEAAaNTMFEwHQYDVR0OBBYEFAwmtinE +4a67ad+n3658+WbvBlvYMB8GA1UdIwQYMBaAFAwmtinE4a67ad+n3658+WbvBlvY +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAJdjkDxlygrbnRrP +zFk6lXxlo5nNdvMt4GdQm9mS4BRVApGrVgcDh3kvE/uMhYd0pI2Zx0PNzo55L4Ml +ujMX61d/U1NL/n6K+3UnmeSCIQw1z4GtRzA9ex0Gx1RPRXZEJuCtDvhMDxQA5gCK +DDOim4a67lTRsSz9WGFyz9IGSzuPF+vR9ZRA8EJACKh3SQu9nqyn3+Kw3w28878p +sADYVzCI0BRP+iT18oYel7p+rStQa4O1UBbMdjX85BWB22YYMW8imWrvF7jFjiU0 +w7/MD4+Dz2Vq/qsDbC9RQmMxdri329GArP/VS7bNT3lyxBQl2mQaPi43PQ7gc2EK +AiNn1OM2wl6GVMyTm2Tvl8p70SC3WT9AP59j1hzSp1hDz0G3rgzF4xlNEf6BeYXA +dJHJ9S9JuqXHIAyWdC89tY+VWsRPqwAyhaP/fPeKaGV9IvVCziU1YqkyqQD/8plM +AaxERQwmaCQrK9EVRpB/1ifimbEBPnjp3cHJsA7ikkanMxmtLkyLemb52K3ZglUr +6m0HPjciXd/wEV4zUaZeeInN32qHJjt4fMJl4UvIv6m/sMTnxp4My2e/LOiqvp18 +9A9s6D5JP+pQuIJFywU3quNsIe1Q8eLigJlEWHlkSRFoWO3qvr0Da/8sTDLfEaOv +1RjlE6tZkQ2t2JYMH9lSy4NVWNpH +-----END CERTIFICATE----- diff --git a/version.txt b/version.txt new file mode 100644 index 0000000..5025832 --- /dev/null +++ b/version.txt @@ -0,0 +1 @@ +0.5.20