diff options
author | Bogumil Zebek <bogumil.zebek@nokia.com> | 2020-10-20 12:16:53 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2020-10-20 12:16:53 +0000 |
commit | 9c0aafccfea96d461723a1dd3c5cc0818bc02c42 (patch) | |
tree | 9ff1f33d00ac28a24d3fe92bdf240c3f0ba8bdb8 /certServiceK8sExternalProvider/src/cmpv2provisioner | |
parent | 5a2e510430cfdc8ce05f6a771ba8787c8e85b5e1 (diff) | |
parent | f85be7d76bf73d59dd4d70ffd07f1e34dfd1a2ef (diff) |
Merge "[OOM-K8S-CERT-EXTERNAL-PROVIDER] Provide certs to CMPv2 Issuer"
Diffstat (limited to 'certServiceK8sExternalProvider/src/cmpv2provisioner')
3 files changed, 191 insertions, 7 deletions
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go index a51b8425..e48b527d 100644 --- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go +++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go @@ -32,30 +32,39 @@ import ( "encoding/base64" "encoding/pem" "fmt" + "sync" + certmanager "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" "k8s.io/apimachinery/pkg/types" - "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" ctrl "sigs.k8s.io/controller-runtime" - "sync" + + "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" ) var collection = new(sync.Map) type CertServiceCA struct { - name string - url string - key []byte + name string + url string + caName string + key []byte + cert []byte + cacert []byte } -func New(cmpv2Issuer *cmpv2api.CMPv2Issuer, key []byte) (*CertServiceCA, error) { +func New(cmpv2Issuer *cmpv2api.CMPv2Issuer, key []byte, cert []byte, cacert []byte) (*CertServiceCA, error) { ca := CertServiceCA{} ca.name = cmpv2Issuer.Name ca.url = cmpv2Issuer.Spec.URL + ca.caName = cmpv2Issuer.Spec.CaName ca.key = key + ca.cert = cert + ca.cacert = cacert log := ctrl.Log.WithName("cmpv2-provisioner") - log.Info("Configuring CA: ", "name", ca.name, "url", ca.url, "key", ca.key) + log.Info("Configuring CA: ", "name", ca.name, "url", ca.url, "caName", ca.caName, "key", ca.key, + "cert", ca.cert, "cacert", ca.cacert) return &ca, nil } diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory.go new file mode 100644 index 00000000..4a3898e7 --- /dev/null +++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory.go @@ -0,0 +1,55 @@ +/* + * ============LICENSE_START======================================================= + * oom-certservice-k8s-external-provider + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package cmpv2provisioner + +import ( + "fmt" + + v1 "k8s.io/api/core/v1" + + "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" +) + +func CreateProvisioner(issuer *cmpv2api.CMPv2Issuer, secret v1.Secret) (*CertServiceCA, error) { + secretKeys := issuer.Spec.CertSecretRef + key, err := readValueFromSecret(secret, secretKeys.KeyRef) + if err != nil { + return nil, err + } + cert, err := readValueFromSecret(secret, secretKeys.CertRef) + if err != nil { + return nil, err + } + cacert, err := readValueFromSecret(secret, secretKeys.CacertRef) + if err != nil { + return nil, err + } + return New(issuer, key, cert, cacert) +} + +func readValueFromSecret(secret v1.Secret, secretKey string) ([]byte, error) { + value, ok := secret.Data[secretKey] + if !ok { + err := fmt.Errorf("secret %s does not contain key %s", secret.Name, secretKey) + return nil, err + } + return value, nil +} diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_test.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_test.go new file mode 100644 index 00000000..6ef33098 --- /dev/null +++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_test.go @@ -0,0 +1,120 @@ +/* + * ============LICENSE_START======================================================= + * oom-certservice-k8s-external-provider + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package cmpv2provisioner + +import ( + "fmt" + "testing" + + "github.com/stretchr/testify/assert" + v1 "k8s.io/api/core/v1" + + "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" +) + +const ( + secretName = "issuer-cert-secret" + url = "https://oom-cert-service:8443/v1/certificate/" + caName = "RA" + keySecretKey = "cmpv2Issuer-key.pem" + certSecretKey = "cmpv2Issuer-cert.pem" + cacertSecretKey = "cacert.pem" +) + +var ( + keySecretValue = []byte("keyData") + certSecretValue = []byte("certData") + cacertSecretValue = []byte("cacertData") +) + +func Test_shouldCreateProvisioner(t *testing.T) { + issuer, secret := getValidIssuerAndSecret() + + provisioner, _ := CreateProvisioner(&issuer, secret) + + assert.NotNil(t, provisioner) + assert.Equal(t, url, provisioner.url) + assert.Equal(t, caName, provisioner.caName) + assert.Equal(t, keySecretValue, provisioner.key) + assert.Equal(t, certSecretValue, provisioner.cert) + assert.Equal(t, cacertSecretValue, provisioner.cacert) +} + +func Test_shouldReturnError_whenSecretMissingKeyRef(t *testing.T) { + issuer, secret := getValidIssuerAndSecret() + delete(secret.Data, keySecretKey) + + provisioner, err := CreateProvisioner(&issuer, secret) + + assert.Nil(t, provisioner) + if assert.Error(t, err) { + assert.Equal(t, fmt.Errorf("secret %s does not contain key %s", secretName, keySecretKey), err) + } +} + +func Test_shouldReturnError_whenSecretMissingCertRef(t *testing.T) { + issuer, secret := getValidIssuerAndSecret() + delete(secret.Data, certSecretKey) + + provisioner, err := CreateProvisioner(&issuer, secret) + + assert.Nil(t, provisioner) + if assert.Error(t, err) { + assert.Equal(t, fmt.Errorf("secret %s does not contain key %s", secretName, certSecretKey), err) + } +} + +func Test_shouldReturnError_whenSecretMissingCacertRef(t *testing.T) { + issuer, secret := getValidIssuerAndSecret() + delete(secret.Data, cacertSecretKey) + + provisioner, err := CreateProvisioner(&issuer, secret) + + assert.Nil(t, provisioner) + if assert.Error(t, err) { + assert.Equal(t, fmt.Errorf("secret %s does not contain key %s", secretName, cacertSecretKey), err) + } +} + +func getValidIssuerAndSecret() (cmpv2api.CMPv2Issuer, v1.Secret) { + issuer := cmpv2api.CMPv2Issuer{ + Spec: cmpv2api.CMPv2IssuerSpec{ + URL: url, + CaName: caName, + CertSecretRef: cmpv2api.SecretKeySelector{ + Name: secretName, + KeyRef: keySecretKey, + CertRef: certSecretKey, + CacertRef: cacertSecretKey, + }, + }, + } + secret := v1.Secret{ + + Data: map[string][]byte{ + keySecretKey: keySecretValue, + certSecretKey: certSecretValue, + cacertSecretKey: cacertSecretValue, + }, + } + secret.Name = secretName + return issuer, secret +} |