aboutsummaryrefslogtreecommitdiffstats
path: root/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go')
-rw-r--r--certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go119
1 files changed, 118 insertions, 1 deletions
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go
index 2c401cce..f5869ea2 100644
--- a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go
@@ -21,13 +21,51 @@
package cmpv2controller
import (
+ "context"
"testing"
cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+ cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
"github.com/stretchr/testify/assert"
+ v1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/types"
+ "k8s.io/client-go/tools/record"
+ ctrl "sigs.k8s.io/controller-runtime"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/client/fake"
+
+ "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
+ provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
+ provisionersdata "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/csr/testdata"
+ "onap.org/oom-certservice/k8s-external-provider/src/testdata"
+ x509 "onap.org/oom-certservice/k8s-external-provider/src/x509/testdata"
+)
+
+const (
+ group = "certmanager.onap.org"
+ certificateRequestName = "testRequest"
+ recorderBufferSize = 3
)
-const group = "certmanager.onap.org"
+func Test_shouldSaveCorrectSignedPems_whenRequestReceived(t *testing.T) {
+ verifiedIssuer := getVerifiedIssuer()
+ createProvisioner(verifiedIssuer)
+ fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme(), &verifiedIssuer,
+ getValidCertificateRequest(), getValidPrivateKeySecret())
+ fakeRecorder := record.NewFakeRecorder(recorderBufferSize)
+ controller := getCertRequestController(fakeRecorder, fakeClient)
+ fakeRequest := testdata.GetFakeRequest(certificateRequestName)
+
+ res, err := controller.Reconcile(fakeRequest)
+
+ signedPEM, trustedCAs := getCertificates(controller, fakeRequest.NamespacedName)
+ assert.Nil(t, err)
+ assert.NotNil(t, res)
+ assert.Equal(t, <-fakeRecorder.Events, "Normal Issued Certificate issued")
+ testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
+ clearProvisioner()
+}
func Test_shouldBeInvalidCMPv2CertificateRequest_whenEmpty(t *testing.T) {
request := new(cmapi.CertificateRequest)
@@ -50,3 +88,82 @@ func Test_shouldBeValidCMPv2CertificateRequest_whenKindIsCMPvIssuer(t *testing.T
assert.True(t, isCMPv2CertificateRequest(request))
}
+
+func getCertificates(controller CertificateRequestController, namespacedName types.NamespacedName) ([]byte, []byte) {
+ certificateRequest := new(cmapi.CertificateRequest)
+ _ = controller.Client.Get(context.Background(), namespacedName, certificateRequest)
+
+ signedPEM := certificateRequest.Status.Certificate
+ trustedCAs := certificateRequest.Status.CA
+
+ return signedPEM, trustedCAs
+}
+
+func getValidPrivateKeySecret() *v1.Secret {
+ const privateKeySecretKey = "tls.key"
+
+ return &v1.Secret{
+ Data: map[string][]byte{
+ privateKeySecretKey: provisionersdata.PrivateKeyBytes,
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Name: testdata.PrivateKeySecret,
+ Namespace: testdata.Namespace,
+ },
+ }
+}
+
+func getValidCertificateRequest() *cmapi.CertificateRequest {
+ return &cmapi.CertificateRequest{
+ TypeMeta: metav1.TypeMeta{
+ Kind: "",
+ APIVersion: testdata.APIVersion,
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Name: certificateRequestName,
+ Namespace: testdata.Namespace,
+ Annotations: map[string]string{
+ privateKeySecretNameAnnotation: testdata.PrivateKeySecret,
+ },
+ },
+
+ Spec: cmapi.CertificateRequestSpec{
+ IssuerRef: cmmeta.ObjectReference{
+ Group: cmpv2api.GroupVersion.Group,
+ Kind: cmpv2api.CMPv2IssuerKind,
+ Name: testdata.IssuerObjectName,
+ },
+ Request: []byte(x509.ValidCertificateSignRequest),
+ },
+ }
+}
+
+func getCertRequestController(fakeRecorder *record.FakeRecorder, fakeClient client.Client) CertificateRequestController {
+ controller := CertificateRequestController{
+ Client: fakeClient,
+ Log: ctrl.Log.WithName("controllers").WithName("CertificateRequest"),
+ Recorder: fakeRecorder,
+ }
+ return controller
+}
+
+func getVerifiedIssuer() cmpv2api.CMPv2Issuer {
+ issuer, _ := testdata.GetValidIssuerWithSecret()
+ issuer.Status = cmpv2api.CMPv2IssuerStatus{
+ Conditions: []cmpv2api.CMPv2IssuerCondition{{
+ Type: cmpv2api.ConditionReady,
+ Status: cmpv2api.ConditionTrue}},
+ }
+ return issuer
+}
+
+func createProvisioner(verifiedIssuer cmpv2api.CMPv2Issuer) {
+ provisionerFactory := provisioners.ProvisionerFactoryMock{}
+ fakeProvisioner, _ := provisionerFactory.CreateProvisioner(&verifiedIssuer, v1.Secret{})
+
+ provisioners.Store(testdata.GetIssuerStoreKey(), fakeProvisioner)
+}
+
+func clearProvisioner() {
+ provisioners.Store(testdata.GetIssuerStoreKey(), nil)
+}