feat(datagen): add DomainIdentity and CertAuthority generation#146
Conversation
Dylan-M
force-pushed
the
04-06-feat_datagen_add_networkidentity_and_ip_port_mac_generation_utilities
branch
from
091fbe4 to
608349c
Compare
Dylan-M
force-pushed
the
04-06-feat_datagen_add_domainidentity_and_certauthority_generation
branch
from
9b49fe7 to
a58b606
Compare
Dylan-M
force-pushed
the
04-06-feat_datagen_add_networkidentity_and_ip_port_mac_generation_utilities
branch
from
608349c to
ecdd932
Compare
Dylan-M
force-pushed
the
04-06-feat_datagen_add_domainidentity_and_certauthority_generation
branch
from
a58b606 to
ba4203d
Compare
| now := time.Now() | ||
| validFrom := now.AddDate(-5, 0, 0) // 5 years ago | ||
| validTo := now.AddDate(5, 0, 0) // 5 years from now |
There was a problem hiding this comment.
Nit: It is documented as deterministic from a seed, but the generated CertAuthority validity window is based on time.Now(). Two calls with the same seed on different days will produce different ValidFrom/ValidTo values, so the returned object is not actually deterministic. The current tests only compare DomainSID and Thumbprint, which misses this contract break.
There was a problem hiding this comment.
CA validity window is now pinned to a now time.Time parameter on GenerateDomainIdentity, propagated from EnvironmentOpts.Now (which falls back to time.Now() once at the top of GenerateEnvironment). Determinism contract is (seed, now) → same output. Tests pin a fixed timestamp and assert the validity window matches.
| crl := fmt.Sprintf("ldap:///CN=%s,CN=AIA,CN=Public Key Services,CN=Services,CN=Configuration,DC=%s", | ||
| caName, strings.ReplaceAll(strings.ToLower(netbios), ".", ",DC=")) |
There was a problem hiding this comment.
Just wanted to know the behaviour when contoso.com. I beleieve this produces DC=contoso instead of DC=contoso,DC=com. Is this intended?
There was a problem hiding this comment.
netbios is the first label only — no dots — so the existing ReplaceAll was a no-op and the CRL emitted DC=contoso instead of DC=contoso,DC=com. Pulled the domainToDC helper into domain.go (it's a domain-name string utility — lived in groups.go only because that's where it was first needed) and the CRL line now calls it. Test asserts the full DC chain in the CRL.
Dylan-M
force-pushed
the
04-06-feat_datagen_add_networkidentity_and_ip_port_mac_generation_utilities
branch
from
ecdd932 to
ee7b49c
Compare
Dylan-M
force-pushed
the
04-06-feat_datagen_add_domainidentity_and_certauthority_generation
branch
from
ba4203d to
c919f87
Compare
Dylan-M
force-pushed
the
04-06-feat_datagen_add_networkidentity_and_ip_port_mac_generation_utilities
branch
from
ee7b49c to
df89093
Compare
Dylan-M
force-pushed
the
04-06-feat_datagen_add_domainidentity_and_certauthority_generation
branch
from
c919f87 to
3a8183d
Compare
Dylan-M
force-pushed
the
04-06-feat_datagen_add_networkidentity_and_ip_port_mac_generation_utilities
branch
from
df89093 to
4196ac8
Compare
Dylan-M
force-pushed
the
04-06-feat_datagen_add_domainidentity_and_certauthority_generation
branch
from
3a8183d to
c95013d
Compare
Dylan-M
force-pushed
the
04-06-feat_datagen_add_domainidentity_and_certauthority_generation
branch
from
c95013d to
6328197
Compare
3 participants
Proposed Change
Adds
DomainIdentityandCertAuthoritygeneration.Part of PIPE-927 common data generation package stack. Foundation for PIPE-785, PIPE-928, PIPE-943, and the rest of the simulator stack.
Checklist