[OOM-K8S-CERT-EXTERNAL-PROVIDER] Refactor provider code

- add csr and key params to SignCertificateModel
- correct handling error when signing csr fails
- create factory for SignCertificateModel

Issue-ID: OOM-2753
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I9bc296dfc999de0390ec90a00cbaa9dd82c89265

3 files changed, 120 insertions, 5 deletions

diff --git a/certServiceK8sExternalProvider/src/model/sign_certificate_model.go b/certServiceK8sExternalProvider/src/model/sign_certificate_model.go
index 40dca1ae..6fcf0cff 100644
--- a/certServiceK8sExternalProvider/src/model/sign_certificate_model.go
+++ b/certServiceK8sExternalProvider/src/model/sign_certificate_model.go
@@ -23,9 +23,9 @@ package model
 import cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
 
 type SignCertificateModel struct {
-	CertificateRequest *cmapi.CertificateRequest
-	PrivateKeyBytes    []byte
-	IsUpdateRevision   bool
-	OldCertificate     string
-	OldPrivateKey      string
+	CertificateRequest  *cmapi.CertificateRequest
+	FilteredCsr         []byte
+	PrivateKeyBytes     []byte
+	OldCertificateBytes []byte
+	OldPrivateKeyBytes  []byte
 }
diff --git a/certServiceK8sExternalProvider/src/model/sign_certificate_model_factory.go b/certServiceK8sExternalProvider/src/model/sign_certificate_model_factory.go
new file mode 100644
index 00000000..297201be
--- /dev/null
+++ b/certServiceK8sExternalProvider/src/model/sign_certificate_model_factory.go
@@ -0,0 +1,56 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2021 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package model
+
+import (
+	"context"
+
+	"github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"onap.org/oom-certservice/k8s-external-provider/src/cmpv2controller/util"
+	"onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/csr"
+	"onap.org/oom-certservice/k8s-external-provider/src/leveledlogger"
+)
+
+func CreateSignCertificateModel(client client.Client, certificateRequest *v1.CertificateRequest, ctx context.Context, privateKeyBytes []byte) (SignCertificateModel, error) {
+	log := leveledlogger.GetLoggerWithName("certservice-certificate-model")
+	oldCertificateBytes, oldPrivateKeyBytes := util.RetrieveOldCertificateAndPkForCertificateUpdate(
+		client, certificateRequest, ctx)
+
+	csrBytes := certificateRequest.Spec.Request
+	log.Debug("Original CSR PEM: ", "bytes", csrBytes)
+
+	filteredCsrBytes, err := csr.FilterFieldsFromCSR(csrBytes, privateKeyBytes)
+	if err != nil {
+		return SignCertificateModel{}, err
+	}
+	log.Debug("Filtered out CSR PEM: ", "bytes", filteredCsrBytes)
+
+	signCertificateModel := SignCertificateModel{
+		CertificateRequest:  certificateRequest,
+		FilteredCsr:         filteredCsrBytes,
+		PrivateKeyBytes:     privateKeyBytes,
+		OldCertificateBytes: oldCertificateBytes,
+		OldPrivateKeyBytes:  oldPrivateKeyBytes,
+	}
+	return signCertificateModel, nil
+}
diff --git a/certServiceK8sExternalProvider/src/model/sign_certificate_model_factory_test.go b/certServiceK8sExternalProvider/src/model/sign_certificate_model_factory_test.go
new file mode 100644
index 00000000..def9a377
--- /dev/null
+++ b/certServiceK8sExternalProvider/src/model/sign_certificate_model_factory_test.go
@@ -0,0 +1,59 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2021 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package model
+
+import (
+	"context"
+	"testing"
+
+	cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+	"github.com/stretchr/testify/assert"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+
+	"onap.org/oom-certservice/k8s-external-provider/src/testdata"
+)
+
+const (
+	revisionAnnotation                 = "cert-manager.io/certificate-revision"
+	certificateConfigurationAnnotation = "kubectl.kubernetes.io/last-applied-configuration"
+	testPrivateKeyData                 = "test-private-key"
+	testCertificateData                = "test-certificate"
+)
+
+func Test_shouldCreateCertificateModelWithCorrectParameters(t *testing.T) {
+	request := new(cmapi.CertificateRequest)
+	request.ObjectMeta.Annotations = map[string]string{
+		revisionAnnotation:                 "2",
+		certificateConfigurationAnnotation: testdata.OldCertificateConfig,
+	}
+	request.Spec.Request = testdata.CsrBytes
+	fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme(), testdata.GetValidCertificateSecret())
+
+	signCertModel, err := CreateSignCertificateModel(fakeClient, request, *new(context.Context), testdata.PkBytes)
+
+	assert.Nil(t, err)
+	assert.NotNil(t, signCertModel)
+	assert.NotNil(t, signCertModel.FilteredCsr)
+	assert.Equal(t, testdata.PkBytes, signCertModel.PrivateKeyBytes)
+	assert.Equal(t, request, signCertModel.CertificateRequest)
+	assert.Equal(t, []byte(testCertificateData), signCertModel.OldCertificateBytes)
+	assert.Equal(t, []byte(testPrivateKeyData), signCertModel.OldPrivateKeyBytes)
+}