[OOM-K8S-CERT-EXTERNAL-PROVIDER] Mock implementaion enhanced (part III)

Code refactoring
Added unit tests

Issue-ID: OOM-2559
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: I3f3b7b39d739818fa82842993f621c6134816079

9 files changed, 368 insertions, 114 deletions

diff --git a/certServiceK8sExternalProvider/src/cmpv2api/cmpv2_groupversion_info_test.go b/certServiceK8sExternalProvider/src/cmpv2api/cmpv2_groupversion_info_test.go
new file mode 100644
index 00000000..b95bded5
--- /dev/null
+++ b/certServiceK8sExternalProvider/src/cmpv2api/cmpv2_groupversion_info_test.go
@@ -0,0 +1,36 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package cmpv2api
+
+import (
+	"testing"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_shouldHaveRightGroupVersion(t *testing.T) {
+	assert.Equal(t, "certmanager.onap.org", GroupVersion.Group)
+	assert.Equal(t, "v1", GroupVersion.Version)
+}
+
+func Test_shouldRightIssuerKind(t *testing.T) {
+	assert.Equal(t, "CMPv2Issuer", CMPv2IssuerKind)
+}
+
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go
index 1669c97f..38b5cdf3 100644
--- a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go
@@ -53,91 +53,104 @@ type CertificateRequestController struct {
 // Reconcile will read and validate a CMPv2Issuer resource associated to the
 // CertificateRequest resource, and it will sign the CertificateRequest with the
 // provisioner in the CMPv2Issuer.
-func (controller *CertificateRequestController) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+func (controller *CertificateRequestController) Reconcile(k8sRequest ctrl.Request) (ctrl.Result, error) {
 	ctx := context.Background()
-	log := controller.Log.WithValues("certificate-request-controller", req.NamespacedName)
+	log := controller.Log.WithValues("certificate-request-controller", k8sRequest.NamespacedName)
 
-	// Fetch the CertificateRequest resource being reconciled.
-	// Just ignore the request if the certificate request has been deleted.
+	// 1. Fetch the CertificateRequest resource being reconciled.
 	certificateRequest := new(cmapi.CertificateRequest)
-	if err := controller.Client.Get(ctx, req.NamespacedName, certificateRequest); err != nil {
-		if apierrors.IsNotFound(err) {
-			return ctrl.Result{}, nil
-		}
-
-		log.Error(err, "failed to retrieve CertificateRequest resource")
+	if err := controller.Client.Get(ctx, k8sRequest.NamespacedName, certificateRequest); err != nil {
+		err = handleErrorResourceNotFound(log, err)
 		return ctrl.Result{}, err
 	}
 
+	// 2. Check if CertificateRequest is meant for CMPv2Issuer (if not ignore)
 	if !isCMPv2CertificateRequest(certificateRequest) {
-		log.V(4).Info("certificate request is not CMPv2",
+		log.V(4).Info("Certificate request is not meant for CMPv2Issuer (ignoring)",
 			"group", certificateRequest.Spec.IssuerRef.Group,
 			"kind", certificateRequest.Spec.IssuerRef.Kind)
 		return ctrl.Result{}, nil
 	}
 
-	// If the certificate data is already set then we skip this request as it
+	// 3. If the certificate data is already set then we skip this request as it
 	// has already been completed in the past.
 	if len(certificateRequest.Status.Certificate) > 0 {
-		log.V(4).Info("existing certificate data found in status, skipping already completed CertificateRequest")
+		log.V(4).Info("Existing certificate data found in status, skipping already completed CertificateRequest")
 		return ctrl.Result{}, nil
 	}
 
-	// Fetch the CMPv2Issuer resource
+	// 4. Fetch the CMPv2Issuer resource
 	issuer := cmpv2api.CMPv2Issuer{}
 	issuerNamespaceName := types.NamespacedName{
-		Namespace: req.Namespace,
+		Namespace: k8sRequest.Namespace,
 		Name:      certificateRequest.Spec.IssuerRef.Name,
 	}
 	if err := controller.Client.Get(ctx, issuerNamespaceName, &issuer); err != nil {
-		log.Error(err, "failed to retrieve CMPv2Issuer resource", "namespace", req.Namespace, "name", certificateRequest.Spec.IssuerRef.Name)
-		_ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to retrieve CMPv2Issuer resource %s: %v", issuerNamespaceName, err)
+		controller.handleErrorGettingCMPv2Issuer(ctx, log, err, certificateRequest, issuerNamespaceName, k8sRequest)
 		return ctrl.Result{}, err
 	}
 
-	// Check if the CMPv2Issuer resource has been marked Ready
-	if !cmpv2IssuerHasCondition(issuer, cmpv2api.CMPv2IssuerCondition{Type: cmpv2api.ConditionReady, Status: cmpv2api.ConditionTrue}) {
-		err := fmt.Errorf("resource %s is not ready", issuerNamespaceName)
-		log.Error(err, "failed to retrieve CMPv2Issuer resource", "namespace", req.Namespace, "name", certificateRequest.Spec.IssuerRef.Name)
-		_ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "CMPv2Issuer resource %s is not Ready", issuerNamespaceName)
+	// 5. Check if CMPv2Issuer is ready to sing certificates
+	if !isCMPv2IssuerReady(issuer) {
+		err := controller.handleErrorCMPv2IssuerIsNotReady(ctx, log, issuerNamespaceName, certificateRequest, k8sRequest)
 		return ctrl.Result{}, err
 	}
 
-	// Load the provisioner that will sign the CertificateRequest
+	// 6. Load the provisioner that will sign the CertificateRequest
 	provisioner, ok := provisioners.Load(issuerNamespaceName)
 	if !ok {
-		err := fmt.Errorf("provisioner %s not found", issuerNamespaceName)
-		log.Error(err, "failed to provisioner for CMPv2Issuer resource")
-		_ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to load provisioner for CMPv2Issuer resource %s", issuerNamespaceName)
+		err := controller.handleErrorCouldNotLoadCMPv2Provisioner(ctx, log, issuerNamespaceName, certificateRequest)
 		return ctrl.Result{}, err
 	}
 
-	// Sign CertificateRequest
+	// 7. Sign CertificateRequest
 	signedPEM, trustedCAs, err := provisioner.Sign(ctx, certificateRequest)
 	if err != nil {
-		log.Error(err, "failed to sign certificate request")
-		return ctrl.Result{}, controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to sign certificate request: %v", err)
+		controller.handleErrorFailedToSignCertificate(ctx, log, err, certificateRequest)
+		return ctrl.Result{}, err
 	}
+
+	// 8. Store signed certificates in CertificateRequest
 	certificateRequest.Status.Certificate = signedPEM
 	certificateRequest.Status.CA = trustedCAs
+	if err := controller.updateCertificateRequestWithSignedCerficates(ctx, certificateRequest); err != nil {
+		return ctrl.Result{}, err
+	}
 
-	return ctrl.Result{}, controller.setStatus(ctx, certificateRequest, cmmeta.ConditionTrue, cmapi.CertificateRequestReasonIssued, "Certificate issued")
+	return ctrl.Result{}, nil
+}
+
+func (controller *CertificateRequestController) updateCertificateRequestWithSignedCerficates(ctx context.Context, certificateRequest *cmapi.CertificateRequest) error {
+	return controller.setStatus(ctx, certificateRequest, cmmeta.ConditionTrue, cmapi.CertificateRequestReasonIssued, "Certificate issued")
 }
 
-// SetupWithManager initializes the CertificateRequest controller into the
-// controller runtime.
 func (controller *CertificateRequestController) SetupWithManager(manager ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(manager).
 		For(&cmapi.CertificateRequest{}).
 		Complete(controller)
 }
 
-// cmpv2IssuerHasCondition will return true if the given CMPv2Issuer resource has
-// a condition matching the provided CMPv2IssuerCondition. Only the Type and
-// Status field will be used in the comparison, meaning that this function will
-// return 'true' even if the Reason, Message and LastTransitionTime fields do
-// not match.
-func cmpv2IssuerHasCondition(issuer cmpv2api.CMPv2Issuer, condition cmpv2api.CMPv2IssuerCondition) bool {
+func (controller *CertificateRequestController) setStatus(ctx context.Context, certificateRequest *cmapi.CertificateRequest, status cmmeta.ConditionStatus, reason, message string, args ...interface{}) error {
+	completeMessage := fmt.Sprintf(message, args...)
+	apiutil.SetCertificateRequestCondition(certificateRequest, cmapi.CertificateRequestConditionReady, status, reason, completeMessage)
+
+	// Fire an Event to additionally inform users of the change
+	eventType := core.EventTypeNormal
+	if status == cmmeta.ConditionFalse {
+		eventType = core.EventTypeWarning
+	}
+	controller.Recorder.Event(certificateRequest, eventType, reason, completeMessage)
+
+	return controller.Client.Status().Update(ctx, certificateRequest)
+}
+
+
+func isCMPv2IssuerReady(issuer cmpv2api.CMPv2Issuer) bool {
+	condition := cmpv2api.CMPv2IssuerCondition{Type: cmpv2api.ConditionReady, Status: cmpv2api.ConditionTrue}
+	return hasCondition(issuer, condition)
+}
+
+func hasCondition(issuer cmpv2api.CMPv2Issuer, condition cmpv2api.CMPv2IssuerCondition) bool {
 	existingConditions := issuer.Status.Conditions
 	for _, cond := range existingConditions {
 		if condition.Type == cond.Type && condition.Status == cond.Status {
@@ -150,20 +163,41 @@ func cmpv2IssuerHasCondition(issuer cmpv2api.CMPv2Issuer, condition cmpv2api.CMP
 func isCMPv2CertificateRequest(certificateRequest *cmapi.CertificateRequest) bool {
 	return certificateRequest.Spec.IssuerRef.Group != "" &&
 		certificateRequest.Spec.IssuerRef.Group == cmpv2api.GroupVersion.Group &&
-	    certificateRequest.Spec.IssuerRef.Kind == cmpv2api.CMPv2IssuerKind
+		certificateRequest.Spec.IssuerRef.Kind == cmpv2api.CMPv2IssuerKind
 
 }
 
-func (controller *CertificateRequestController) setStatus(ctx context.Context, certificateRequest *cmapi.CertificateRequest, status cmmeta.ConditionStatus, reason, message string, args ...interface{}) error {
-	completeMessage := fmt.Sprintf(message, args...)
-	apiutil.SetCertificateRequestCondition(certificateRequest, cmapi.CertificateRequestConditionReady, status, reason, completeMessage)
+// Error handling
 
-	// Fire an Event to additionally inform users of the change
-	eventType := core.EventTypeNormal
-	if status == cmmeta.ConditionFalse {
-		eventType = core.EventTypeWarning
-	}
-	controller.Recorder.Event(certificateRequest, eventType, reason, completeMessage)
+func (controller *CertificateRequestController) handleErrorCouldNotLoadCMPv2Provisioner(ctx context.Context, log logr.Logger, issuerNamespaceName types.NamespacedName, certificateRequest *cmapi.CertificateRequest) error {
+	err := fmt.Errorf("provisioner %s not found", issuerNamespaceName)
+	log.Error(err, "Failed to load CMPv2 Provisioner resource")
+	_ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to load provisioner for CMPv2Issuer resource %s", issuerNamespaceName)
+	return err
+}
 
-	return controller.Client.Status().Update(ctx, certificateRequest)
+func (controller *CertificateRequestController) handleErrorCMPv2IssuerIsNotReady(ctx context.Context, log logr.Logger, issuerNamespaceName types.NamespacedName, certificateRequest *cmapi.CertificateRequest, req ctrl.Request) error {
+	err := fmt.Errorf("resource %s is not ready", issuerNamespaceName)
+	log.Error(err, "CMPv2Issuer not ready", "namespace", req.Namespace, "name", certificateRequest.Spec.IssuerRef.Name)
+	_ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "CMPv2Issuer resource %s is not Ready", issuerNamespaceName)
+	return err
+}
+
+func (controller *CertificateRequestController) handleErrorGettingCMPv2Issuer(ctx context.Context, log logr.Logger, err error,  certificateRequest *cmapi.CertificateRequest, issuerNamespaceName types.NamespacedName, req ctrl.Request) {
+	log.Error(err, "Failed to retrieve CMPv2Issuer resource", "namespace", req.Namespace, "name", certificateRequest.Spec.IssuerRef.Name)
+	_ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to retrieve CMPv2Issuer resource %s: %v", issuerNamespaceName, err)
+}
+
+func (controller *CertificateRequestController) handleErrorFailedToSignCertificate(ctx context.Context, log logr.Logger, err error, certificateRequest *cmapi.CertificateRequest)  {
+	log.Error(err, "Failed to sign certificate request")
+	_ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to sign certificate request: %v", err)
+}
+
+func handleErrorResourceNotFound(log logr.Logger, err error) error {
+	if apierrors.IsNotFound(err) {
+		log.Error(err, "CertificateRequest resource not found")
+	} else {
+		log.Error(err, "Failed to retrieve CertificateRequest resource")
+	}
+	return err
 }
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go
index 36cfbc48..7e55f36f 100644
--- a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go
@@ -1,35 +1,54 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
 package cmpv2controller
 
 import (
 	cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
 	"testing"
+	"github.com/stretchr/testify/assert"
+
 )
 
-func TestIsCMPv2CertificateRequest_notCMPv2Request(t *testing.T) {
+const group = "certmanager.onap.org"
+
+func Test_shouldBeInvalidCMPv2CertificateRequest_whenEmpty(t *testing.T) {
 	request := new(cmapi.CertificateRequest)
-	if isCMPv2CertificateRequest(request) {
-		t.Logf("CPMv2 request [NOK]")
-		t.FailNow()
-	}
 
-	request.Spec.IssuerRef.Group = "certmanager.onap.org"
+	assert.False(t, isCMPv2CertificateRequest(request))
+}
+
+func Test_shouldBeInvalidCMPv2CertificateRequest_whenKindIsCertificateRequest(t *testing.T) {
+	request := new(cmapi.CertificateRequest)
+	request.Spec.IssuerRef.Group = group
 	request.Spec.IssuerRef.Kind = "CertificateRequest"
-	if isCMPv2CertificateRequest(request) {
-		t.Logf("CPMv2 request [NOK]")
-		t.FailNow()
-	}
+
+	assert.False(t, isCMPv2CertificateRequest(request))
 }
 
-func TestIsCMPv2CertificateRequest_CMPvRequest(t *testing.T) {
+
+func Test_shouldBeValidCMPv2CertificateRequest_whenKindIsCMPvIssuer(t *testing.T) {
 	request := new(cmapi.CertificateRequest)
-	request.Spec.IssuerRef.Group = "certmanager.onap.org"
+	request.Spec.IssuerRef.Group = group
 	request.Spec.IssuerRef.Kind = "CMPv2Issuer"
 
-	if isCMPv2CertificateRequest(request) {
-		t.Logf("CPMv2 request [OK]")
-	} else {
-		t.Logf("Not a CPMv2 request [NOK]")
-		t.FailNow()
-	}
+	assert.True(t, isCMPv2CertificateRequest(request))
 }
 
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller.go b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller.go
index e5b1b196..f57f5677 100644
--- a/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller.go
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller.go
@@ -31,6 +31,7 @@ import (
 	"github.com/go-logr/logr"
 	core "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/tools/record"
 	"k8s.io/utils/clock"
@@ -54,74 +55,120 @@ func (controller *CMPv2IssuerController) Reconcile(req ctrl.Request) (ctrl.Resul
 	ctx := context.Background()
 	log := controller.Log.WithValues("cmpv2-issuer-controller", req.NamespacedName)
 
+	// 1. Load CMPv2Issuer
 	issuer := new(cmpv2api.CMPv2Issuer)
-	if err := controller.Client.Get(ctx, req.NamespacedName, issuer); err != nil {
-		log.Error(err, "failed to retrieve CMPv2Issuer resource")
+	if err := controller.loadResource(ctx, req.NamespacedName, issuer); err != nil {
+		handleErrorLoadingCMPv2Issuer(log, err)
 		return ctrl.Result{}, client.IgnoreNotFound(err)
 	}
-	log.Info("Issuer loaded: ", "issuer", issuer)
+	log.Info("CMPv2Issuer loaded: ", "issuer", issuer)
 
+	// 2. Validate CMPv2Issuer
 	statusUpdater := newStatusUpdater(controller, issuer, log)
-	if err := validateCMPv2IssuerSpec(issuer.Spec); err != nil {
-		log.Error(err, "failed to validate CMPv2Issuer resource")
-		statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, "Validation", "Failed to validate resource: %v", err)
+	if err := validateCMPv2IssuerSpec(issuer.Spec, log); err != nil {
+		handleErrorCMPv2IssuerValidation(ctx, log, err, statusUpdater)
 		return ctrl.Result{}, err
 	}
-	log.Info("Issuer validated. ")
 
-	// Fetch the provisioner password
+	// 3. Load keystore and truststore information form k8s secret
 	var secret core.Secret
 	secretNamespaceName := types.NamespacedName{
 		Namespace: req.Namespace,
 		Name:      issuer.Spec.KeyRef.Name,
 	}
-	if err := controller.Client.Get(ctx, secretNamespaceName, &secret); err != nil {
-		log.Error(err, "failed to retrieve CMPv2Issuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name)
-		if apierrors.IsNotFound(err) {
-			statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, "NotFound", "Failed to retrieve provisioner secret: %v", err)
-		} else {
-			statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, "Error", "Failed to retrieve provisioner secret: %v", err)
-		}
+	if err := controller.loadResource(ctx, secretNamespaceName, &secret); err != nil {
+		handleErrorInvalidSecret(ctx, log, err, statusUpdater, secretNamespaceName)
 		return ctrl.Result{}, err
 	}
 	password, ok := secret.Data[issuer.Spec.KeyRef.Key]
 	if !ok {
-		err := fmt.Errorf("secret %s does not contain key %s", secret.Name, issuer.Spec.KeyRef.Key)
-		log.Error(err, "failed to retrieve CMPv2Issuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name)
-		statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, "NotFound", "Failed to retrieve provisioner secret: %v", err)
+		err := handleErrorSecretNotFound(ctx, log, issuer, statusUpdater, secretNamespaceName, secret)
 		return ctrl.Result{}, err
 	}
 
-	// Initialize and store the provisioner
+	// 4. Create CMPv2 provisioner and store the instance for further use
 	provisioner, err := provisioners.New(issuer, password)
 	if err != nil {
-		log.Error(err, "failed to initialize provisioner")
-		statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, "Error", "failed initialize provisioner")
+		handleErrorProvisionerInitialization(ctx, log, err, statusUpdater)
 		return ctrl.Result{}, err
 	}
 	provisioners.Store(req.NamespacedName, provisioner)
 
-	log.Info( "CMPv2Issuer verified. Updating status to Verified...")
-	return ctrl.Result{}, statusUpdater.Update(ctx, cmpv2api.ConditionTrue, "Verified", "CMPv2Issuer verified and ready to sign certificates")
+	// 5. Update the status of CMPv2Issuer to 'Validated'
+	if err := updateCMPv2IssuerStatusToVerified(statusUpdater, ctx, log); err != nil {
+		handleErrorUpdatingCMPv2IssuerStatus(log, err)
+		return ctrl.Result{}, err
+	}
+
+	return ctrl.Result{}, nil
 }
 
-// SetupWithManager initializes the CMPv2Issuer controller into the controller
-// runtime.
+
 func (controller *CMPv2IssuerController) SetupWithManager(manager ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(manager).
 		For(&cmpv2api.CMPv2Issuer{}).
 		Complete(controller)
 }
 
-func validateCMPv2IssuerSpec(issuerSpec cmpv2api.CMPv2IssuerSpec) error {
+func (controller *CMPv2IssuerController) loadResource(ctx context.Context, key client.ObjectKey, obj runtime.Object) error {
+	return controller.Client.Get(ctx, key, obj)
+}
+
+
+func validateCMPv2IssuerSpec(issuerSpec cmpv2api.CMPv2IssuerSpec, log logr.Logger) error {
 	switch {
-	case issuerSpec.URL == "":
-		return fmt.Errorf("spec.url cannot be empty")
-	case issuerSpec.KeyRef.Name == "":
-		return fmt.Errorf("spec.keyRef.name cannot be empty")
-	case issuerSpec.KeyRef.Key == "":
-		return fmt.Errorf("spec.keyRef.key cannot be empty")
-	default:
-		return nil
+		case issuerSpec.URL == "":
+			return fmt.Errorf("spec.url cannot be empty")
+		case issuerSpec.KeyRef.Name == "":
+			return fmt.Errorf("spec.keyRef.name cannot be empty")
+		case issuerSpec.KeyRef.Key == "":
+			return fmt.Errorf("spec.keyRef.key cannot be empty")
+		default:
+			log.Info("CMPv2Issuer validated. ")
+			return nil
+	}
+}
+
+func updateCMPv2IssuerStatusToVerified(statusUpdater *CMPv2IssuerStatusUpdater, ctx context.Context, log logr.Logger) error {
+	log.Info("CMPv2 provisioner created -> updating status to of CMPv2Issuer resource to: Verified")
+	return statusUpdater.Update(ctx, cmpv2api.ConditionTrue, Verified, "CMPv2Issuer verified and ready to sign certificates")
+}
+
+
+// Error handling
+
+func handleErrorUpdatingCMPv2IssuerStatus(log logr.Logger, err error) {
+	log.Error(err, "Failed to update CMPv2Issuer status")
+}
+
+
+func handleErrorLoadingCMPv2Issuer(log logr.Logger, err error) {
+	log.Error(err, "Failed to retrieve CMPv2Issuer resource")
+}
+
+
+func handleErrorProvisionerInitialization(ctx context.Context, log logr.Logger, err error, statusUpdater *CMPv2IssuerStatusUpdater) {
+	log.Error(err, "Failed to initialize provisioner")
+	statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, Error, "Failed initialize provisioner")
+}
+
+func handleErrorCMPv2IssuerValidation(ctx context.Context, log logr.Logger, err error, statusUpdater *CMPv2IssuerStatusUpdater) {
+	log.Error(err, "Failed to validate CMPv2Issuer resource")
+	statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, ValidationFailed, "Failed to validate resource: %v", err)
+}
+
+func handleErrorSecretNotFound(ctx context.Context, log logr.Logger, issuer *cmpv2api.CMPv2Issuer, statusUpdater *CMPv2IssuerStatusUpdater, secretNamespaceName types.NamespacedName, secret core.Secret) error {
+	err := fmt.Errorf("secret %s does not contain key %s", secret.Name, issuer.Spec.KeyRef.Key)
+	log.Error(err, "Failed to retrieve CMPv2Issuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name)
+	statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, NotFound, "Failed to retrieve provisioner secret: %v", err)
+	return err
+}
+
+func handleErrorInvalidSecret(ctx context.Context, log logr.Logger, err error, statusUpdater *CMPv2IssuerStatusUpdater, secretNamespaceName types.NamespacedName) {
+	log.Error(err, "Failed to retrieve CMPv2Issuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name)
+	if apierrors.IsNotFound(err) {
+		statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, NotFound, "Failed to retrieve provisioner secret: %v", err)
+	} else {
+		statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, Error, "Failed to retrieve provisioner secret: %v", err)
 	}
 }
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller_test.go b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller_test.go
new file mode 100644
index 00000000..8409ea78
--- /dev/null
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller_test.go
@@ -0,0 +1,66 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package cmpv2controller
+
+import (
+	"github.com/go-logr/logr"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
+	"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
+	"testing"
+)
+
+func Test_shouldBeInvalidCMPv2IssuerSpec_whenSpecIsEmpty(t *testing.T) {
+	spec := cmpv2api.CMPv2IssuerSpec{}
+	err := validateCMPv2IssuerSpec(spec, nil)
+	assert.NotNil(t, err)
+}
+
+func Test_shouldBeInvalidCMPv2IssuerSpec_whenNotAllFieldsAreSet(t *testing.T) {
+	spec := cmpv2api.CMPv2IssuerSpec{}
+	spec.URL = "https://localhost"
+	spec.KeyRef = cmpv2api.SecretKeySelector{}
+	spec.KeyRef.Name = "secret-key"
+
+	err := validateCMPv2IssuerSpec(spec, &MockLogger{})
+	assert.NotNil(t, err)
+}
+
+func Test_shouldBeValidCMPv2IssuerSpec_whenAllFieldsAreSet(t *testing.T) {
+	spec := cmpv2api.CMPv2IssuerSpec{}
+	spec.URL = "https://localhost"
+	spec.KeyRef = cmpv2api.SecretKeySelector{}
+	spec.KeyRef.Name = "secret-key"
+	spec.KeyRef.Key = "the-key"
+
+	err := validateCMPv2IssuerSpec(spec, &MockLogger{})
+	assert.Nil(t, err)
+}
+
+type MockLogger struct {
+	mock.Mock
+}
+func (m *MockLogger) Info(msg string, keysAndValues ...interface{}) {}
+func (m *MockLogger) Error(err error, msg string, keysAndValues ...interface{}) {}
+func (m *MockLogger) Enabled() bool { return false }
+func (m *MockLogger) V(level int) logr.Logger { return m }
+func (m *MockLogger) WithValues(keysAndValues ...interface{}) logr.Logger { return m }
+func (m *MockLogger) WithName(name string) logr.Logger { return m }
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_status_updater.go b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_status_updater.go
index f2ec5c5a..017e36a4 100644
--- a/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_status_updater.go
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_status_updater.go
@@ -57,10 +57,8 @@ func (updater *CMPv2IssuerStatusUpdater) Update(ctx context.Context, status cmpv
 	if status == cmpv2api.ConditionFalse {
 		eventType = core.EventTypeWarning
 	}
-	updater.logger.Info("Firing event: ", "issuer", updater.issuer, "eventtype", eventType, "reason", reason, "message", completeMessage)
 	updater.Recorder.Event(updater.issuer, eventType, reason, completeMessage)
 
-	updater.logger.Info("Updating issuer... ")
 	return updater.Client.Update(ctx, updater.issuer)
 }
 
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/status_reason.go b/certServiceK8sExternalProvider/src/cmpv2controller/status_reason.go
new file mode 100644
index 00000000..d41712d3
--- /dev/null
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/status_reason.go
@@ -0,0 +1,28 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package cmpv2controller
+
+const (
+	NotFound = "NotFound"
+	ValidationFailed = "ValidationFailed"
+	Error = "Error"
+	Verified = "Verified"
+)
diff --git a/certServiceK8sExternalProvider/src/exit_code.go b/certServiceK8sExternalProvider/src/exit_code.go
index dea56c83..7435c64f 100644
--- a/certServiceK8sExternalProvider/src/exit_code.go
+++ b/certServiceK8sExternalProvider/src/exit_code.go
@@ -5,16 +5,9 @@ type ExitCode struct {
 	Message string
 }
 
-func newExitCode(code int, message string) *ExitCode{
-	exitCode := new (ExitCode)
-	exitCode.Code = code
-	exitCode.Message = message
-	return exitCode
-}
-
 var (
-	FAILED_TO_CREATE_CONTROLLER_MANAGER = ExitCode{1, "unable to create k8s controller manager"}
-	FAILED_TO_REGISTER_CMPv2_ISSUER_CONTROLLER = ExitCode{2, "unable to register CMPv2Issuer controller"}
-	FAILED_TO_REGISTER_CERT_REQUEST_CONTROLLER = ExitCode{3, "unable to register CertificateRequestController"}
-	EXCEPTION_WHILE_RUNNING_CONTROLLER_MANAGER = ExitCode{4, "an exception occurs while running k8s controller manager"}
+	FAILED_TO_CREATE_CONTROLLER_MANAGER = ExitCode{1, "Unable to create k8s controller manager"}
+	FAILED_TO_REGISTER_CMPv2_ISSUER_CONTROLLER = ExitCode{2, "Unable to register CMPv2Issuer controller"}
+	FAILED_TO_REGISTER_CERT_REQUEST_CONTROLLER = ExitCode{3, "Unable to register CertificateRequestController"}
+	EXCEPTION_WHILE_RUNNING_CONTROLLER_MANAGER = ExitCode{4, "An exception occurs while running k8s controller manager"}
 )
diff --git a/certServiceK8sExternalProvider/src/exit_code_test.go b/certServiceK8sExternalProvider/src/exit_code_test.go
new file mode 100644
index 00000000..8a42909a
--- /dev/null
+++ b/certServiceK8sExternalProvider/src/exit_code_test.go
@@ -0,0 +1,33 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package app
+
+import (
+	"testing"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestExitCodes(t *testing.T) {
+	assert.Equal(t, FAILED_TO_CREATE_CONTROLLER_MANAGER.Code, 1)
+	assert.Equal(t, FAILED_TO_REGISTER_CMPv2_ISSUER_CONTROLLER.Code, 2)
+	assert.Equal(t, FAILED_TO_REGISTER_CERT_REQUEST_CONTROLLER.Code, 3)
+	assert.Equal(t, EXCEPTION_WHILE_RUNNING_CONTROLLER_MANAGER.Code, 4)
+}