summaryrefslogtreecommitdiffstats
path: root/certServiceK8sExternalProvider/src/cmpv2provisioner
diff options
context:
space:
mode:
Diffstat (limited to 'certServiceK8sExternalProvider/src/cmpv2provisioner')
-rw-r--r--certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go23
-rw-r--r--certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory.go55
-rw-r--r--certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_test.go120
3 files changed, 191 insertions, 7 deletions
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
index a51b8425..e48b527d 100644
--- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
+++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
@@ -32,30 +32,39 @@ import (
"encoding/base64"
"encoding/pem"
"fmt"
+ "sync"
+
certmanager "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
"k8s.io/apimachinery/pkg/types"
- "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
ctrl "sigs.k8s.io/controller-runtime"
- "sync"
+
+ "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
)
var collection = new(sync.Map)
type CertServiceCA struct {
- name string
- url string
- key []byte
+ name string
+ url string
+ caName string
+ key []byte
+ cert []byte
+ cacert []byte
}
-func New(cmpv2Issuer *cmpv2api.CMPv2Issuer, key []byte) (*CertServiceCA, error) {
+func New(cmpv2Issuer *cmpv2api.CMPv2Issuer, key []byte, cert []byte, cacert []byte) (*CertServiceCA, error) {
ca := CertServiceCA{}
ca.name = cmpv2Issuer.Name
ca.url = cmpv2Issuer.Spec.URL
+ ca.caName = cmpv2Issuer.Spec.CaName
ca.key = key
+ ca.cert = cert
+ ca.cacert = cacert
log := ctrl.Log.WithName("cmpv2-provisioner")
- log.Info("Configuring CA: ", "name", ca.name, "url", ca.url, "key", ca.key)
+ log.Info("Configuring CA: ", "name", ca.name, "url", ca.url, "caName", ca.caName, "key", ca.key,
+ "cert", ca.cert, "cacert", ca.cacert)
return &ca, nil
}
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory.go
new file mode 100644
index 00000000..4a3898e7
--- /dev/null
+++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory.go
@@ -0,0 +1,55 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package cmpv2provisioner
+
+import (
+ "fmt"
+
+ v1 "k8s.io/api/core/v1"
+
+ "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
+)
+
+func CreateProvisioner(issuer *cmpv2api.CMPv2Issuer, secret v1.Secret) (*CertServiceCA, error) {
+ secretKeys := issuer.Spec.CertSecretRef
+ key, err := readValueFromSecret(secret, secretKeys.KeyRef)
+ if err != nil {
+ return nil, err
+ }
+ cert, err := readValueFromSecret(secret, secretKeys.CertRef)
+ if err != nil {
+ return nil, err
+ }
+ cacert, err := readValueFromSecret(secret, secretKeys.CacertRef)
+ if err != nil {
+ return nil, err
+ }
+ return New(issuer, key, cert, cacert)
+}
+
+func readValueFromSecret(secret v1.Secret, secretKey string) ([]byte, error) {
+ value, ok := secret.Data[secretKey]
+ if !ok {
+ err := fmt.Errorf("secret %s does not contain key %s", secret.Name, secretKey)
+ return nil, err
+ }
+ return value, nil
+}
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_test.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_test.go
new file mode 100644
index 00000000..6ef33098
--- /dev/null
+++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_test.go
@@ -0,0 +1,120 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package cmpv2provisioner
+
+import (
+ "fmt"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+ v1 "k8s.io/api/core/v1"
+
+ "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
+)
+
+const (
+ secretName = "issuer-cert-secret"
+ url = "https://oom-cert-service:8443/v1/certificate/"
+ caName = "RA"
+ keySecretKey = "cmpv2Issuer-key.pem"
+ certSecretKey = "cmpv2Issuer-cert.pem"
+ cacertSecretKey = "cacert.pem"
+)
+
+var (
+ keySecretValue = []byte("keyData")
+ certSecretValue = []byte("certData")
+ cacertSecretValue = []byte("cacertData")
+)
+
+func Test_shouldCreateProvisioner(t *testing.T) {
+ issuer, secret := getValidIssuerAndSecret()
+
+ provisioner, _ := CreateProvisioner(&issuer, secret)
+
+ assert.NotNil(t, provisioner)
+ assert.Equal(t, url, provisioner.url)
+ assert.Equal(t, caName, provisioner.caName)
+ assert.Equal(t, keySecretValue, provisioner.key)
+ assert.Equal(t, certSecretValue, provisioner.cert)
+ assert.Equal(t, cacertSecretValue, provisioner.cacert)
+}
+
+func Test_shouldReturnError_whenSecretMissingKeyRef(t *testing.T) {
+ issuer, secret := getValidIssuerAndSecret()
+ delete(secret.Data, keySecretKey)
+
+ provisioner, err := CreateProvisioner(&issuer, secret)
+
+ assert.Nil(t, provisioner)
+ if assert.Error(t, err) {
+ assert.Equal(t, fmt.Errorf("secret %s does not contain key %s", secretName, keySecretKey), err)
+ }
+}
+
+func Test_shouldReturnError_whenSecretMissingCertRef(t *testing.T) {
+ issuer, secret := getValidIssuerAndSecret()
+ delete(secret.Data, certSecretKey)
+
+ provisioner, err := CreateProvisioner(&issuer, secret)
+
+ assert.Nil(t, provisioner)
+ if assert.Error(t, err) {
+ assert.Equal(t, fmt.Errorf("secret %s does not contain key %s", secretName, certSecretKey), err)
+ }
+}
+
+func Test_shouldReturnError_whenSecretMissingCacertRef(t *testing.T) {
+ issuer, secret := getValidIssuerAndSecret()
+ delete(secret.Data, cacertSecretKey)
+
+ provisioner, err := CreateProvisioner(&issuer, secret)
+
+ assert.Nil(t, provisioner)
+ if assert.Error(t, err) {
+ assert.Equal(t, fmt.Errorf("secret %s does not contain key %s", secretName, cacertSecretKey), err)
+ }
+}
+
+func getValidIssuerAndSecret() (cmpv2api.CMPv2Issuer, v1.Secret) {
+ issuer := cmpv2api.CMPv2Issuer{
+ Spec: cmpv2api.CMPv2IssuerSpec{
+ URL: url,
+ CaName: caName,
+ CertSecretRef: cmpv2api.SecretKeySelector{
+ Name: secretName,
+ KeyRef: keySecretKey,
+ CertRef: certSecretKey,
+ CacertRef: cacertSecretKey,
+ },
+ },
+ }
+ secret := v1.Secret{
+
+ Data: map[string][]byte{
+ keySecretKey: keySecretValue,
+ certSecretKey: certSecretValue,
+ cacertSecretKey: cacertSecretValue,
+ },
+ }
+ secret.Name = secretName
+ return issuer, secret
+}