aboutsummaryrefslogtreecommitdiffstats
path: root/certServiceK8sExternalProvider/src/model
diff options
context:
space:
mode:
Diffstat (limited to 'certServiceK8sExternalProvider/src/model')
-rw-r--r--certServiceK8sExternalProvider/src/model/sign_certificate_model.go10
-rw-r--r--certServiceK8sExternalProvider/src/model/sign_certificate_model_factory.go56
-rw-r--r--certServiceK8sExternalProvider/src/model/sign_certificate_model_factory_test.go59
3 files changed, 120 insertions, 5 deletions
diff --git a/certServiceK8sExternalProvider/src/model/sign_certificate_model.go b/certServiceK8sExternalProvider/src/model/sign_certificate_model.go
index 40dca1ae..6fcf0cff 100644
--- a/certServiceK8sExternalProvider/src/model/sign_certificate_model.go
+++ b/certServiceK8sExternalProvider/src/model/sign_certificate_model.go
@@ -23,9 +23,9 @@ package model
import cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
type SignCertificateModel struct {
- CertificateRequest *cmapi.CertificateRequest
- PrivateKeyBytes []byte
- IsUpdateRevision bool
- OldCertificate string
- OldPrivateKey string
+ CertificateRequest *cmapi.CertificateRequest
+ FilteredCsr []byte
+ PrivateKeyBytes []byte
+ OldCertificateBytes []byte
+ OldPrivateKeyBytes []byte
}
diff --git a/certServiceK8sExternalProvider/src/model/sign_certificate_model_factory.go b/certServiceK8sExternalProvider/src/model/sign_certificate_model_factory.go
new file mode 100644
index 00000000..297201be
--- /dev/null
+++ b/certServiceK8sExternalProvider/src/model/sign_certificate_model_factory.go
@@ -0,0 +1,56 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2021 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package model
+
+import (
+ "context"
+
+ "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+
+ "onap.org/oom-certservice/k8s-external-provider/src/cmpv2controller/util"
+ "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/csr"
+ "onap.org/oom-certservice/k8s-external-provider/src/leveledlogger"
+)
+
+func CreateSignCertificateModel(client client.Client, certificateRequest *v1.CertificateRequest, ctx context.Context, privateKeyBytes []byte) (SignCertificateModel, error) {
+ log := leveledlogger.GetLoggerWithName("certservice-certificate-model")
+ oldCertificateBytes, oldPrivateKeyBytes := util.RetrieveOldCertificateAndPkForCertificateUpdate(
+ client, certificateRequest, ctx)
+
+ csrBytes := certificateRequest.Spec.Request
+ log.Debug("Original CSR PEM: ", "bytes", csrBytes)
+
+ filteredCsrBytes, err := csr.FilterFieldsFromCSR(csrBytes, privateKeyBytes)
+ if err != nil {
+ return SignCertificateModel{}, err
+ }
+ log.Debug("Filtered out CSR PEM: ", "bytes", filteredCsrBytes)
+
+ signCertificateModel := SignCertificateModel{
+ CertificateRequest: certificateRequest,
+ FilteredCsr: filteredCsrBytes,
+ PrivateKeyBytes: privateKeyBytes,
+ OldCertificateBytes: oldCertificateBytes,
+ OldPrivateKeyBytes: oldPrivateKeyBytes,
+ }
+ return signCertificateModel, nil
+}
diff --git a/certServiceK8sExternalProvider/src/model/sign_certificate_model_factory_test.go b/certServiceK8sExternalProvider/src/model/sign_certificate_model_factory_test.go
new file mode 100644
index 00000000..def9a377
--- /dev/null
+++ b/certServiceK8sExternalProvider/src/model/sign_certificate_model_factory_test.go
@@ -0,0 +1,59 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2021 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package model
+
+import (
+ "context"
+ "testing"
+
+ cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+ "github.com/stretchr/testify/assert"
+ "sigs.k8s.io/controller-runtime/pkg/client/fake"
+
+ "onap.org/oom-certservice/k8s-external-provider/src/testdata"
+)
+
+const (
+ revisionAnnotation = "cert-manager.io/certificate-revision"
+ certificateConfigurationAnnotation = "kubectl.kubernetes.io/last-applied-configuration"
+ testPrivateKeyData = "test-private-key"
+ testCertificateData = "test-certificate"
+)
+
+func Test_shouldCreateCertificateModelWithCorrectParameters(t *testing.T) {
+ request := new(cmapi.CertificateRequest)
+ request.ObjectMeta.Annotations = map[string]string{
+ revisionAnnotation: "2",
+ certificateConfigurationAnnotation: testdata.OldCertificateConfig,
+ }
+ request.Spec.Request = testdata.CsrBytes
+ fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme(), testdata.GetValidCertificateSecret())
+
+ signCertModel, err := CreateSignCertificateModel(fakeClient, request, *new(context.Context), testdata.PkBytes)
+
+ assert.Nil(t, err)
+ assert.NotNil(t, signCertModel)
+ assert.NotNil(t, signCertModel.FilteredCsr)
+ assert.Equal(t, testdata.PkBytes, signCertModel.PrivateKeyBytes)
+ assert.Equal(t, request, signCertModel.CertificateRequest)
+ assert.Equal(t, []byte(testCertificateData), signCertModel.OldCertificateBytes)
+ assert.Equal(t, []byte(testPrivateKeyData), signCertModel.OldPrivateKeyBytes)
+}