aboutsummaryrefslogtreecommitdiffstats
path: root/certServiceK8sExternalProvider/src/cmpv2controller/util/certificate_update_util_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'certServiceK8sExternalProvider/src/cmpv2controller/util/certificate_update_util_test.go')
-rw-r--r--certServiceK8sExternalProvider/src/cmpv2controller/util/certificate_update_util_test.go153
1 files changed, 153 insertions, 0 deletions
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/util/certificate_update_util_test.go b/certServiceK8sExternalProvider/src/cmpv2controller/util/certificate_update_util_test.go
new file mode 100644
index 00000000..7dbbbe7a
--- /dev/null
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/util/certificate_update_util_test.go
@@ -0,0 +1,153 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2021 Nokia. All rights reserved.
+ * ================================================================================
+ * This source code was copied from the following git repository:
+ * https://github.com/smallstep/step-issuer
+ * The source code was modified for usage in the ONAP project.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package util
+
+import (
+ "encoding/base64"
+ "fmt"
+ "testing"
+
+ cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+ "github.com/stretchr/testify/assert"
+ v1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "onap.org/oom-certservice/k8s-external-provider/src/testdata"
+ "sigs.k8s.io/controller-runtime/pkg/client/fake"
+)
+
+const (
+ oldCertificateConfig = "{\"apiVersion\":\"cert-manager.io/v1\",\"kind\":\"Certificate\",\"metadata\":{\"annotations\":{},\"name\":\"cert-test\",\"namespace\":\"onap\"},\"spec\":{\"commonName\":\"certissuer.onap.org\",\"dnsNames\":[\"localhost\",\"certissuer.onap.org\"],\"emailAddresses\":[\"onap@onap.org\"],\"ipAddresses\":[\"127.0.0.1\"],\"issuerRef\":{\"group\":\"certmanager.onap.org\",\"kind\":\"CMPv2Issuer\",\"name\":\"cmpv2-issuer-onap\"},\"secretName\":\"cert-test-secret-name\",\"subject\":{\"countries\":[\"US\"],\"localities\":[\"San-Francisco\"],\"organizationalUnits\":[\"ONAP\"],\"organizations\":[\"Linux-Foundation\"],\"provinces\":[\"California\"]},\"uris\":[\"onap://cluster.local/\"]}}\n"
+ testPrivateKeyData = "test-private-key"
+ testCertificateData = "test-certificate"
+)
+
+func Test_CheckIfCertificateUpdateAndRetrieveOldCertificateAndPk_revisionOne(t *testing.T) {
+ request := new(cmapi.CertificateRequest)
+ request.ObjectMeta.Annotations = map[string]string{
+ revisionAnnotation: "2",
+ }
+ isUpdate, certificate, privateKey := CheckIfCertificateUpdateAndRetrieveOldCertificateAndPk(nil, request, nil)
+ assert.False(t, isUpdate)
+ assert.Equal(t, "", certificate)
+ assert.Equal(t, "", privateKey)
+}
+
+func Test_CheckIfCertificateUpdateAndRetrieveOldCertificateAndPk_revisionTwoSecretPresent(t *testing.T) {
+ request := new(cmapi.CertificateRequest)
+ request.ObjectMeta.Annotations = map[string]string{
+ revisionAnnotation: "2",
+ certificateConfigurationAnnotation: oldCertificateConfig,
+ }
+ fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme(), getValidCertificateSecret())
+ isUpdate, certificate, privateKey := CheckIfCertificateUpdateAndRetrieveOldCertificateAndPk(fakeClient, request, nil)
+ assert.True(t, isUpdate)
+ assert.Equal(t, base64.StdEncoding.EncodeToString([]byte(testCertificateData)), certificate)
+ assert.Equal(t, base64.StdEncoding.EncodeToString([]byte(testPrivateKeyData)), privateKey)
+}
+
+func Test_CheckIfCertificateUpdateAndRetrieveOldCertificateAndPk_revisionTwoSecretNotPresent(t *testing.T) {
+ request := new(cmapi.CertificateRequest)
+ request.ObjectMeta.Annotations = map[string]string{
+ revisionAnnotation: "2",
+ certificateConfigurationAnnotation: oldCertificateConfig,
+ }
+ fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme())
+ isUpdate, certificate, privateKey := CheckIfCertificateUpdateAndRetrieveOldCertificateAndPk(fakeClient, request, nil)
+ assert.False(t, isUpdate)
+ assert.Equal(t, "", certificate)
+ assert.Equal(t, "", privateKey)
+}
+
+func Test_IsUpdateCertificateRevision(t *testing.T) {
+ parameters := []struct {
+ revision string
+ expected bool
+ }{
+ {"1", false},
+ {"2", true},
+ {"invalid", false},
+ }
+
+ for _, parameter := range parameters {
+ testName := fmt.Sprintf("Expected:%v for revision=%v", parameter.expected, parameter.revision)
+ t.Run(testName, func(t *testing.T) {
+ testIsUpdateCertificateRevision(t, parameter.revision, parameter.expected)
+ })
+ }
+}
+
+func testIsUpdateCertificateRevision(t *testing.T, revision string, expected bool) {
+ request := new(cmapi.CertificateRequest)
+ request.ObjectMeta.Annotations = map[string]string{
+ revisionAnnotation: revision,
+ }
+ assert.Equal(t, expected, IsUpdateCertificateRevision(request))
+}
+
+func Test_RetrieveOldCertificateAndPk_shouldSucceedWhenSecretPresent(t *testing.T) {
+ request := new(cmapi.CertificateRequest)
+ request.ObjectMeta.Annotations = map[string]string{
+ certificateConfigurationAnnotation: oldCertificateConfig,
+ }
+ fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme(), getValidCertificateSecret())
+ certificate, privateKey := RetrieveOldCertificateAndPk(fakeClient, request, nil)
+ assert.Equal(t, base64.StdEncoding.EncodeToString([]byte(testCertificateData)), certificate)
+ assert.Equal(t, base64.StdEncoding.EncodeToString([]byte(testPrivateKeyData)), privateKey)
+}
+
+func Test_RetrieveOldCertificateAndPk_shouldReturnEmptyStringsWhenSecretNotPresent(t *testing.T) {
+ request := new(cmapi.CertificateRequest)
+ request.ObjectMeta.Annotations = map[string]string{
+ certificateConfigurationAnnotation: oldCertificateConfig,
+ }
+ fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme())
+ certificate, privateKey := RetrieveOldCertificateAndPk(fakeClient, request, nil)
+ assert.Equal(t, "", certificate)
+ assert.Equal(t, "", privateKey)
+}
+
+func Test_RetrieveOldCertificateAndPk_shouldReturnEmptyStringsWhenOldCertificateCannotBeUnmarshalled(t *testing.T) {
+ request := new(cmapi.CertificateRequest)
+ fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme())
+ certificate, privateKey := RetrieveOldCertificateAndPk(fakeClient, request, nil)
+ assert.Equal(t, "", certificate)
+ assert.Equal(t, "", privateKey)
+}
+
+func getValidCertificateSecret() *v1.Secret {
+ const privateKeySecretKey = "tls.key"
+ const certificateSecretKey = "tls.crt"
+
+ return &v1.Secret{
+ Data: map[string][]byte{
+ privateKeySecretKey: []byte("test-private-key"),
+ certificateSecretKey: []byte("test-certificate"),
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "cert-test-secret-name",
+ Namespace: "onap",
+ },
+ }
+}