webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

cmd/derper: add --acme-email flag for GCP cert mode (#18278)

Browse Source 
GCP Certificate Manager requires an email contact on ACME accounts.
Add --acme-email flag that is required for --certmode=gcp and
optional for --certmode=letsencrypt.

Fixes #18277

Signed-off-by: Raj Singh <raj@tailscale.com>
This commit is contained in:
Raj Singh
2025-12-25 01:57:11 -05:00
committed by GitHub
parent 2917ea8d0e
commit d451cd54a7
3 changed files with 21 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/derper/cert_test.go
+11 -5
View File
@@ -91,7 +91,7 @@ func TestCertIP(t *testing.T) {
t.Fatalf("Error closing key.pem: %v", err)
}
cp, err := certProviderByCertMode("manual", dir, hostname, "", "")
cp, err := certProviderByCertMode("manual", dir, hostname, "", "", "")
if err != nil {
t.Fatal(err)
}
@@ -174,19 +174,25 @@ func TestGCPCertMode(t *testing.T) {
dir := t.TempDir()
// Missing EAB credentials
_, err := certProviderByCertMode("gcp", dir, "test.example.com", "", "")
_, err := certProviderByCertMode("gcp", dir, "test.example.com", "", "", "test@example.com")
if err == nil {
t.Fatal("expected error when EAB credentials are missing")
}
// Missing email
_, err = certProviderByCertMode("gcp", dir, "test.example.com", "kid", "dGVzdC1rZXk", "")
if err == nil {
t.Fatal("expected error when email is missing")
}
// Invalid base64
_, err = certProviderByCertMode("gcp", dir, "test.example.com", "kid", "not-valid!")
_, err = certProviderByCertMode("gcp", dir, "test.example.com", "kid", "not-valid!", "test@example.com")
if err == nil {
t.Fatal("expected error for invalid base64")
}
// Valid base64url (no padding)
cp, err := certProviderByCertMode("gcp", dir, "test.example.com", "kid", "dGVzdC1rZXk")
cp, err := certProviderByCertMode("gcp", dir, "test.example.com", "kid", "dGVzdC1rZXk", "test@example.com")
if err != nil {
t.Fatalf("base64url: %v", err)
}
@@ -195,7 +201,7 @@ func TestGCPCertMode(t *testing.T) {
}
// Valid standard base64 (with padding, gcloud format)
cp, err = certProviderByCertMode("gcp", dir, "test.example.com", "kid", "dGVzdC1rZXk=")
cp, err = certProviderByCertMode("gcp", dir, "test.example.com", "kid", "dGVzdC1rZXk=", "test@example.com")
if err != nil {
t.Fatalf("base64: %v", err)
}