summaryrefslogtreecommitdiffstats
path: root/certServiceK8sExternalProvider/src/cmpv2controller
diff options
context:
space:
mode:
Diffstat (limited to 'certServiceK8sExternalProvider/src/cmpv2controller')
-rw-r--r--certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go119
-rw-r--r--certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller_test.go47
2 files changed, 126 insertions, 40 deletions
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go
index 2c401cce..f5869ea2 100644
--- a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go
@@ -21,13 +21,51 @@
package cmpv2controller
import (
+ "context"
"testing"
cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+ cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
"github.com/stretchr/testify/assert"
+ v1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/types"
+ "k8s.io/client-go/tools/record"
+ ctrl "sigs.k8s.io/controller-runtime"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/client/fake"
+
+ "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
+ provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
+ provisionersdata "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/csr/testdata"
+ "onap.org/oom-certservice/k8s-external-provider/src/testdata"
+ x509 "onap.org/oom-certservice/k8s-external-provider/src/x509/testdata"
+)
+
+const (
+ group = "certmanager.onap.org"
+ certificateRequestName = "testRequest"
+ recorderBufferSize = 3
)
-const group = "certmanager.onap.org"
+func Test_shouldSaveCorrectSignedPems_whenRequestReceived(t *testing.T) {
+ verifiedIssuer := getVerifiedIssuer()
+ createProvisioner(verifiedIssuer)
+ fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme(), &verifiedIssuer,
+ getValidCertificateRequest(), getValidPrivateKeySecret())
+ fakeRecorder := record.NewFakeRecorder(recorderBufferSize)
+ controller := getCertRequestController(fakeRecorder, fakeClient)
+ fakeRequest := testdata.GetFakeRequest(certificateRequestName)
+
+ res, err := controller.Reconcile(fakeRequest)
+
+ signedPEM, trustedCAs := getCertificates(controller, fakeRequest.NamespacedName)
+ assert.Nil(t, err)
+ assert.NotNil(t, res)
+ assert.Equal(t, <-fakeRecorder.Events, "Normal Issued Certificate issued")
+ testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
+ clearProvisioner()
+}
func Test_shouldBeInvalidCMPv2CertificateRequest_whenEmpty(t *testing.T) {
request := new(cmapi.CertificateRequest)
@@ -50,3 +88,82 @@ func Test_shouldBeValidCMPv2CertificateRequest_whenKindIsCMPvIssuer(t *testing.T
assert.True(t, isCMPv2CertificateRequest(request))
}
+
+func getCertificates(controller CertificateRequestController, namespacedName types.NamespacedName) ([]byte, []byte) {
+ certificateRequest := new(cmapi.CertificateRequest)
+ _ = controller.Client.Get(context.Background(), namespacedName, certificateRequest)
+
+ signedPEM := certificateRequest.Status.Certificate
+ trustedCAs := certificateRequest.Status.CA
+
+ return signedPEM, trustedCAs
+}
+
+func getValidPrivateKeySecret() *v1.Secret {
+ const privateKeySecretKey = "tls.key"
+
+ return &v1.Secret{
+ Data: map[string][]byte{
+ privateKeySecretKey: provisionersdata.PrivateKeyBytes,
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Name: testdata.PrivateKeySecret,
+ Namespace: testdata.Namespace,
+ },
+ }
+}
+
+func getValidCertificateRequest() *cmapi.CertificateRequest {
+ return &cmapi.CertificateRequest{
+ TypeMeta: metav1.TypeMeta{
+ Kind: "",
+ APIVersion: testdata.APIVersion,
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Name: certificateRequestName,
+ Namespace: testdata.Namespace,
+ Annotations: map[string]string{
+ privateKeySecretNameAnnotation: testdata.PrivateKeySecret,
+ },
+ },
+
+ Spec: cmapi.CertificateRequestSpec{
+ IssuerRef: cmmeta.ObjectReference{
+ Group: cmpv2api.GroupVersion.Group,
+ Kind: cmpv2api.CMPv2IssuerKind,
+ Name: testdata.IssuerObjectName,
+ },
+ Request: []byte(x509.ValidCertificateSignRequest),
+ },
+ }
+}
+
+func getCertRequestController(fakeRecorder *record.FakeRecorder, fakeClient client.Client) CertificateRequestController {
+ controller := CertificateRequestController{
+ Client: fakeClient,
+ Log: ctrl.Log.WithName("controllers").WithName("CertificateRequest"),
+ Recorder: fakeRecorder,
+ }
+ return controller
+}
+
+func getVerifiedIssuer() cmpv2api.CMPv2Issuer {
+ issuer, _ := testdata.GetValidIssuerWithSecret()
+ issuer.Status = cmpv2api.CMPv2IssuerStatus{
+ Conditions: []cmpv2api.CMPv2IssuerCondition{{
+ Type: cmpv2api.ConditionReady,
+ Status: cmpv2api.ConditionTrue}},
+ }
+ return issuer
+}
+
+func createProvisioner(verifiedIssuer cmpv2api.CMPv2Issuer) {
+ provisionerFactory := provisioners.ProvisionerFactoryMock{}
+ fakeProvisioner, _ := provisionerFactory.CreateProvisioner(&verifiedIssuer, v1.Secret{})
+
+ provisioners.Store(testdata.GetIssuerStoreKey(), fakeProvisioner)
+}
+
+func clearProvisioner() {
+ provisioners.Store(testdata.GetIssuerStoreKey(), nil)
+}
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller_test.go b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller_test.go
index 88aaf5ec..f4cb6944 100644
--- a/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller_test.go
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller_test.go
@@ -24,43 +24,37 @@ import (
"testing"
"github.com/go-logr/logr"
- certmanager "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
- apiv1 "k8s.io/api/core/v1"
- "k8s.io/apimachinery/pkg/runtime"
- "k8s.io/apimachinery/pkg/types"
- clientgoscheme "k8s.io/client-go/kubernetes/scheme"
"k8s.io/client-go/tools/record"
"k8s.io/utils/clock"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/client/fake"
- "sigs.k8s.io/controller-runtime/pkg/reconcile"
"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
- certserviceapi "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
"onap.org/oom-certservice/k8s-external-provider/src/testdata"
)
func Test_shouldPrepareAndVerifyCMPv2Issuer_whenRequestReceived(t *testing.T) {
- scheme := initScheme()
+ scheme := testdata.GetScheme()
issuer, secret := testdata.GetValidIssuerWithSecret()
- fakeClient := getFakeClient(scheme, issuer, secret)
- fakeRequest := getFakeRequest()
- fakeRecorder := record.NewFakeRecorder(3)
- controller := getController(fakeRecorder, fakeClient)
+ fakeClient := fake.NewFakeClientWithScheme(scheme, &issuer, &secret)
+ fakeRequest := testdata.GetFakeRequest(testdata.IssuerObjectName)
+ fakeRecorder := record.NewFakeRecorder(recorderBufferSize)
+ controller := getCMPv2IssuerController(fakeRecorder, fakeClient)
res, err := controller.Reconcile(fakeRequest)
expectedProvisioner, _ := controller.ProvisionerFactory.CreateProvisioner(&issuer, secret)
- actualProvisioner, _ := provisioners.Load(types.NamespacedName{Name: testdata.IssuerObjectName, Namespace: testdata.Namespace})
+ actualProvisioner, _ := provisioners.Load(testdata.GetIssuerStoreKey())
assert.Nil(t, err)
assert.NotNil(t, res)
assert.Equal(t, <-fakeRecorder.Events, "Normal Verified CMPv2Issuer verified and ready to sign certificates")
assert.NotNil(t, actualProvisioner)
assert.ObjectsAreEqual(expectedProvisioner, actualProvisioner)
+ clearProvisioner()
}
func Test_shouldBeValidCMPv2IssuerSpec_whenAllFieldsAreSet(t *testing.T) {
@@ -100,7 +94,7 @@ func test_shouldBeInvalidCMPv2IssuerSpec_whenFunctionApplied(t *testing.T, trans
assert.NotNil(t, err)
}
-func getController(fakeRecorder *record.FakeRecorder, mockClient client.Client) CMPv2IssuerController {
+func getCMPv2IssuerController(fakeRecorder *record.FakeRecorder, mockClient client.Client) CMPv2IssuerController {
controller := CMPv2IssuerController{
Log: ctrl.Log.WithName("controllers").WithName("CertificateRequest"),
Clock: clock.RealClock{},
@@ -111,31 +105,6 @@ func getController(fakeRecorder *record.FakeRecorder, mockClient client.Client)
return controller
}
-func getFakeRequest() reconcile.Request {
- fakeRequest := reconcile.Request{
- NamespacedName: types.NamespacedName{
- Namespace: testdata.Namespace,
- Name: testdata.IssuerObjectName,
- },
- }
- return fakeRequest
-}
-
-func getFakeClient(scheme *runtime.Scheme, issuer cmpv2api.CMPv2Issuer, secret apiv1.Secret) client.Client {
- fakeClient := func() client.Client {
- return fake.NewFakeClientWithScheme(scheme, &issuer, &secret)
- }()
- return fakeClient
-}
-
-func initScheme() *runtime.Scheme {
- scheme := runtime.NewScheme()
- _ = clientgoscheme.AddToScheme(scheme)
- _ = certmanager.AddToScheme(scheme)
- _ = certserviceapi.AddToScheme(scheme)
- return scheme
-}
-
type MockLogger struct {
mock.Mock
}