[OOM-K8S-CERT-EXTERNAL-PROVIDER] Add handling request when updateEnpoint is missing

Issue-ID: OOM-2753
Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Change-Id: I06fc3043787631b83cc776b1e446700bd13f9863

5 files changed, 53 insertions, 6 deletions

diff --git a/certServiceK8sExternalProvider/deploy/configuration.yaml b/certServiceK8sExternalProvider/deploy/configuration.yaml
index 5764a52a..45fc5c4f 100644
--- a/certServiceK8sExternalProvider/deploy/configuration.yaml
+++ b/certServiceK8sExternalProvider/deploy/configuration.yaml
@@ -31,6 +31,7 @@ spec:
   url: https://oom-cert-service:8443
   healthEndpoint: actuator/health
   certEndpoint: v1/certificate
+  updateEndpoint: v1/certificate-update
   caName: RA
   certSecretRef:
     name: cmpv2-issuer-secret
diff --git a/certServiceK8sExternalProvider/deploy/crd.yaml b/certServiceK8sExternalProvider/deploy/crd.yaml
index b14d8063..71fb58eb 100644
--- a/certServiceK8sExternalProvider/deploy/crd.yaml
+++ b/certServiceK8sExternalProvider/deploy/crd.yaml
@@ -66,6 +66,9 @@ spec:
                 certEndpoint:
                   description: Path of cerfificate signing enpoint.
                   type: string
+                updateEndpoint:
+                  description: Path of certificate update endpoint.
+                  type: string
                 caName:
                   description: Name of the external CA server configured on CertService API side.
                   type: string
@@ -99,6 +102,7 @@ spec:
                 - url
                 - healthEndpoint
                 - certEndpoint
+                - updateEndpoint
                 - caName
                 - certSecretRef
               type: object
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/util/certificate_update_util_test.go b/certServiceK8sExternalProvider/src/cmpv2controller/util/certificate_update_util_test.go
index f9005277..a48cb60f 100644
--- a/certServiceK8sExternalProvider/src/cmpv2controller/util/certificate_update_util_test.go
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/util/certificate_update_util_test.go
@@ -35,8 +35,8 @@ import (
 )
 
 const (
-	testPrivateKeyData   = "test-private-key"
-	testCertificateData  = "test-certificate"
+	testPrivateKeyData  = "test-private-key"
+	testCertificateData = "test-certificate"
 )
 
 func Test_CheckIfCertificateUpdateAndRetrieveOldCertificateAndPk_revisionOne(t *testing.T) {
@@ -128,4 +128,3 @@ func Test_RetrieveOldCertificateAndPk_shouldBeEmptyWhenOldCertificateCannotBeUnm
 	assert.Equal(t, []byte{}, certificate)
 	assert.Equal(t, []byte{}, privateKey)
 }
-
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
index 53932494..db171e33 100644
--- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
+++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
@@ -43,6 +43,7 @@ type CertServiceCA struct {
 	url               string
 	healthEndpoint    string
 	certEndpoint      string
+	updateEndpoint    string
 	caName            string
 	certServiceClient certserviceclient.CertServiceClient
 }
@@ -55,10 +56,11 @@ func New(cmpv2Issuer *cmpv2api.CMPv2Issuer, certServiceClient certserviceclient.
 	ca.caName = cmpv2Issuer.Spec.CaName
 	ca.healthEndpoint = cmpv2Issuer.Spec.HealthEndpoint
 	ca.certEndpoint = cmpv2Issuer.Spec.CertEndpoint
+	ca.updateEndpoint = cmpv2Issuer.Spec.UpdateEndpoint
 	ca.certServiceClient = certServiceClient
 
 	log := leveledlogger.GetLoggerWithName("cmpv2-provisioner")
-	log.Info("Configuring CA: ", "name", ca.name, "url", ca.url, "caName", ca.caName, "healthEndpoint", ca.healthEndpoint, "certEndpoint", ca.certEndpoint)
+	log.Info("Configuring CA: ", "name", ca.name, "url", ca.url, "caName", ca.caName, "healthEndpoint", ca.healthEndpoint, "certEndpoint", ca.certEndpoint, "updateEndpoint", ca.updateEndpoint)
 
 	return &ca, nil
 }
@@ -93,7 +95,6 @@ func (ca *CertServiceCA) Sign(
 
 	var response *certserviceclient.CertificatesResponse
 	var errAPI error
-
 	if ca.isCertificateUpdate(signCertificateModel) {
 		log.Debug("Certificate will be updated.", "old-certificate", signCertificateModel.OldCertificateBytes)
 		log.Info("Attempt to send certificate update request")
@@ -124,7 +125,17 @@ func (ca *CertServiceCA) Sign(
 	return signedCertificateChain, trustedCertificates, nil
 }
 
+func (ca *CertServiceCA) updateEndpointIsConfigured() bool {
+	log := leveledlogger.GetLoggerWithName("certservice-provisioner")
+	isConfigured := ca.updateEndpoint != ""
+	if !isConfigured {
+		log.Info("Missing 'update endpoint' configuration. Certificates will received by certificate request instead of certificate update request")
+	}
+	return isConfigured
+}
 
 func (ca *CertServiceCA) isCertificateUpdate(signCertificateModel model.SignCertificateModel) bool {
-	return len(signCertificateModel.OldCertificateBytes) > 0 && len(signCertificateModel.OldPrivateKeyBytes) > 0
+	return len(signCertificateModel.OldCertificateBytes) > 0 &&
+		len(signCertificateModel.OldPrivateKeyBytes) > 0 &&
+		ca.updateEndpointIsConfigured()
 }
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go
index e0b0c2e9..39af8ec6 100644
--- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go
+++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go
@@ -37,6 +37,7 @@ import (
 
 const ISSUER_NAME = "cmpv2-issuer"
 const ISSUER_URL = "issuer/url"
+const ISSUER_UPDATE_URL = "update-url"
 const ISSUER_NAMESPACE = "onap"
 
 func Test_shouldCreateCorrectCertServiceCA(t *testing.T) {
@@ -122,10 +123,41 @@ func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForUpdateCertific
 	testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
 }
 
+func Test_shouldReturnCorrectSignedPemForCertificateRequestWhenUpdateEndpointConfigurationIsMissing(t *testing.T) {
+	issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
+	issuer.Spec.UpdateEndpoint = ""
+	provisionerFactory := ProvisionerFactoryMock{}
+	provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{})
+
+	issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
+	Store(issuerNamespaceName, provisioner)
+
+	provisioner, ok := Load(issuerNamespaceName)
+
+	testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
+
+	request := createCertificateRequest()
+	privateKeyBytes := getPrivateKeyBytes()
+
+	signCertificateModel := model.SignCertificateModel{
+		CertificateRequest:  request,
+		PrivateKeyBytes:     privateKeyBytes,
+		OldCertificateBytes: testdata.OldCertificateBytes,
+		OldPrivateKeyBytes:  testdata.OldPrivateKeyBytes,
+	}
+
+	signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
+
+	assert.Nil(t, err)
+
+	testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
+}
+
 func createIssuerAndCerts(name string, url string) cmpv2api.CMPv2Issuer {
 	issuer := cmpv2api.CMPv2Issuer{}
 	issuer.Name = name
 	issuer.Spec.URL = url
+	issuer.Spec.UpdateEndpoint = ISSUER_UPDATE_URL
 	return issuer
 }