diff options
author | Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> | 2020-11-03 17:06:13 +0100 |
---|---|---|
committer | Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> | 2020-11-05 08:34:41 +0000 |
commit | 15446c2ccfc117a0feb5a5249c2e62714b2cd3d7 (patch) | |
tree | 1f162c4c79ed2f95092f159edf2f4890aa606231 /certServiceK8sExternalProvider/src/cmpv2controller | |
parent | 39cc4f095a0107f7edaa4f86629775e1c09d5650 (diff) |
[OOM-K8S-CERT-EXTERNAL-PROVIDER] Add CertificateRequest controller test
- Add CertificateRequest controller test with fake K8s API
Issue-ID: OOM-2559
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I4e32c2d28f5c4ea35dd013119dfc31acb1646582
Diffstat (limited to 'certServiceK8sExternalProvider/src/cmpv2controller')
-rw-r--r-- | certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go | 119 | ||||
-rw-r--r-- | certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller_test.go | 47 |
2 files changed, 126 insertions, 40 deletions
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go index 2c401cce..f5869ea2 100644 --- a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go +++ b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go @@ -21,13 +21,51 @@ package cmpv2controller import ( + "context" "testing" cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" + cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1" "github.com/stretchr/testify/assert" + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/tools/record" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + + "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" + provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner" + provisionersdata "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/csr/testdata" + "onap.org/oom-certservice/k8s-external-provider/src/testdata" + x509 "onap.org/oom-certservice/k8s-external-provider/src/x509/testdata" +) + +const ( + group = "certmanager.onap.org" + certificateRequestName = "testRequest" + recorderBufferSize = 3 ) -const group = "certmanager.onap.org" +func Test_shouldSaveCorrectSignedPems_whenRequestReceived(t *testing.T) { + verifiedIssuer := getVerifiedIssuer() + createProvisioner(verifiedIssuer) + fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme(), &verifiedIssuer, + getValidCertificateRequest(), getValidPrivateKeySecret()) + fakeRecorder := record.NewFakeRecorder(recorderBufferSize) + controller := getCertRequestController(fakeRecorder, fakeClient) + fakeRequest := testdata.GetFakeRequest(certificateRequestName) + + res, err := controller.Reconcile(fakeRequest) + + signedPEM, trustedCAs := getCertificates(controller, fakeRequest.NamespacedName) + assert.Nil(t, err) + assert.NotNil(t, res) + assert.Equal(t, <-fakeRecorder.Events, "Normal Issued Certificate issued") + testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs) + clearProvisioner() +} func Test_shouldBeInvalidCMPv2CertificateRequest_whenEmpty(t *testing.T) { request := new(cmapi.CertificateRequest) @@ -50,3 +88,82 @@ func Test_shouldBeValidCMPv2CertificateRequest_whenKindIsCMPvIssuer(t *testing.T assert.True(t, isCMPv2CertificateRequest(request)) } + +func getCertificates(controller CertificateRequestController, namespacedName types.NamespacedName) ([]byte, []byte) { + certificateRequest := new(cmapi.CertificateRequest) + _ = controller.Client.Get(context.Background(), namespacedName, certificateRequest) + + signedPEM := certificateRequest.Status.Certificate + trustedCAs := certificateRequest.Status.CA + + return signedPEM, trustedCAs +} + +func getValidPrivateKeySecret() *v1.Secret { + const privateKeySecretKey = "tls.key" + + return &v1.Secret{ + Data: map[string][]byte{ + privateKeySecretKey: provisionersdata.PrivateKeyBytes, + }, + ObjectMeta: metav1.ObjectMeta{ + Name: testdata.PrivateKeySecret, + Namespace: testdata.Namespace, + }, + } +} + +func getValidCertificateRequest() *cmapi.CertificateRequest { + return &cmapi.CertificateRequest{ + TypeMeta: metav1.TypeMeta{ + Kind: "", + APIVersion: testdata.APIVersion, + }, + ObjectMeta: metav1.ObjectMeta{ + Name: certificateRequestName, + Namespace: testdata.Namespace, + Annotations: map[string]string{ + privateKeySecretNameAnnotation: testdata.PrivateKeySecret, + }, + }, + + Spec: cmapi.CertificateRequestSpec{ + IssuerRef: cmmeta.ObjectReference{ + Group: cmpv2api.GroupVersion.Group, + Kind: cmpv2api.CMPv2IssuerKind, + Name: testdata.IssuerObjectName, + }, + Request: []byte(x509.ValidCertificateSignRequest), + }, + } +} + +func getCertRequestController(fakeRecorder *record.FakeRecorder, fakeClient client.Client) CertificateRequestController { + controller := CertificateRequestController{ + Client: fakeClient, + Log: ctrl.Log.WithName("controllers").WithName("CertificateRequest"), + Recorder: fakeRecorder, + } + return controller +} + +func getVerifiedIssuer() cmpv2api.CMPv2Issuer { + issuer, _ := testdata.GetValidIssuerWithSecret() + issuer.Status = cmpv2api.CMPv2IssuerStatus{ + Conditions: []cmpv2api.CMPv2IssuerCondition{{ + Type: cmpv2api.ConditionReady, + Status: cmpv2api.ConditionTrue}}, + } + return issuer +} + +func createProvisioner(verifiedIssuer cmpv2api.CMPv2Issuer) { + provisionerFactory := provisioners.ProvisionerFactoryMock{} + fakeProvisioner, _ := provisionerFactory.CreateProvisioner(&verifiedIssuer, v1.Secret{}) + + provisioners.Store(testdata.GetIssuerStoreKey(), fakeProvisioner) +} + +func clearProvisioner() { + provisioners.Store(testdata.GetIssuerStoreKey(), nil) +} diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller_test.go b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller_test.go index 88aaf5ec..f4cb6944 100644 --- a/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller_test.go +++ b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller_test.go @@ -24,43 +24,37 @@ import ( "testing" "github.com/go-logr/logr" - certmanager "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" - apiv1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - clientgoscheme "k8s.io/client-go/kubernetes/scheme" "k8s.io/client-go/tools/record" "k8s.io/utils/clock" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" - "sigs.k8s.io/controller-runtime/pkg/reconcile" "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" - certserviceapi "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner" "onap.org/oom-certservice/k8s-external-provider/src/testdata" ) func Test_shouldPrepareAndVerifyCMPv2Issuer_whenRequestReceived(t *testing.T) { - scheme := initScheme() + scheme := testdata.GetScheme() issuer, secret := testdata.GetValidIssuerWithSecret() - fakeClient := getFakeClient(scheme, issuer, secret) - fakeRequest := getFakeRequest() - fakeRecorder := record.NewFakeRecorder(3) - controller := getController(fakeRecorder, fakeClient) + fakeClient := fake.NewFakeClientWithScheme(scheme, &issuer, &secret) + fakeRequest := testdata.GetFakeRequest(testdata.IssuerObjectName) + fakeRecorder := record.NewFakeRecorder(recorderBufferSize) + controller := getCMPv2IssuerController(fakeRecorder, fakeClient) res, err := controller.Reconcile(fakeRequest) expectedProvisioner, _ := controller.ProvisionerFactory.CreateProvisioner(&issuer, secret) - actualProvisioner, _ := provisioners.Load(types.NamespacedName{Name: testdata.IssuerObjectName, Namespace: testdata.Namespace}) + actualProvisioner, _ := provisioners.Load(testdata.GetIssuerStoreKey()) assert.Nil(t, err) assert.NotNil(t, res) assert.Equal(t, <-fakeRecorder.Events, "Normal Verified CMPv2Issuer verified and ready to sign certificates") assert.NotNil(t, actualProvisioner) assert.ObjectsAreEqual(expectedProvisioner, actualProvisioner) + clearProvisioner() } func Test_shouldBeValidCMPv2IssuerSpec_whenAllFieldsAreSet(t *testing.T) { @@ -100,7 +94,7 @@ func test_shouldBeInvalidCMPv2IssuerSpec_whenFunctionApplied(t *testing.T, trans assert.NotNil(t, err) } -func getController(fakeRecorder *record.FakeRecorder, mockClient client.Client) CMPv2IssuerController { +func getCMPv2IssuerController(fakeRecorder *record.FakeRecorder, mockClient client.Client) CMPv2IssuerController { controller := CMPv2IssuerController{ Log: ctrl.Log.WithName("controllers").WithName("CertificateRequest"), Clock: clock.RealClock{}, @@ -111,31 +105,6 @@ func getController(fakeRecorder *record.FakeRecorder, mockClient client.Client) return controller } -func getFakeRequest() reconcile.Request { - fakeRequest := reconcile.Request{ - NamespacedName: types.NamespacedName{ - Namespace: testdata.Namespace, - Name: testdata.IssuerObjectName, - }, - } - return fakeRequest -} - -func getFakeClient(scheme *runtime.Scheme, issuer cmpv2api.CMPv2Issuer, secret apiv1.Secret) client.Client { - fakeClient := func() client.Client { - return fake.NewFakeClientWithScheme(scheme, &issuer, &secret) - }() - return fakeClient -} - -func initScheme() *runtime.Scheme { - scheme := runtime.NewScheme() - _ = clientgoscheme.AddToScheme(scheme) - _ = certmanager.AddToScheme(scheme) - _ = certserviceapi.AddToScheme(scheme) - return scheme -} - type MockLogger struct { mock.Mock } |