From f85be7d76bf73d59dd4d70ffd07f1e34dfd1a2ef Mon Sep 17 00:00:00 2001
From: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Date: Fri, 16 Oct 2020 11:08:09 +0200
Subject: [OOM-K8S-CERT-EXTERNAL-PROVIDER] Provide certs to CMPv2 Issuer

Format code

Issue-ID: OOM-2559
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I88346b96657606b010aa8d7da0f8b86d1844f9d7
---
 .../src/cmpv2provisioner/cmpv2_provisioner.go      |  23 ++--
 .../cmpv2provisioner/cmpv2_provisioner_factory.go  |  55 ++++++++++
 .../cmpv2_provisioner_factory_test.go              | 120 +++++++++++++++++++++
 3 files changed, 191 insertions(+), 7 deletions(-)
 create mode 100644 certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory.go
 create mode 100644 certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_test.go

(limited to 'certServiceK8sExternalProvider/src/cmpv2provisioner')

diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
index a51b8425..e48b527d 100644
--- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
+++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
@@ -32,30 +32,39 @@ import (
 	"encoding/base64"
 	"encoding/pem"
 	"fmt"
+	"sync"
+
 	certmanager "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
 	"k8s.io/apimachinery/pkg/types"
-	"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
 	ctrl "sigs.k8s.io/controller-runtime"
-	"sync"
+
+	"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
 )
 
 var collection = new(sync.Map)
 
 type CertServiceCA struct {
-	name string
-	url  string
-	key  []byte
+	name   string
+	url    string
+	caName string
+	key    []byte
+	cert   []byte
+	cacert []byte
 }
 
-func New(cmpv2Issuer *cmpv2api.CMPv2Issuer, key []byte) (*CertServiceCA, error) {
+func New(cmpv2Issuer *cmpv2api.CMPv2Issuer, key []byte, cert []byte, cacert []byte) (*CertServiceCA, error) {
 
 	ca := CertServiceCA{}
 	ca.name = cmpv2Issuer.Name
 	ca.url = cmpv2Issuer.Spec.URL
+	ca.caName = cmpv2Issuer.Spec.CaName
 	ca.key = key
+	ca.cert = cert
+	ca.cacert = cacert
 
 	log := ctrl.Log.WithName("cmpv2-provisioner")
-	log.Info("Configuring CA: ", "name", ca.name, "url", ca.url, "key", ca.key)
+	log.Info("Configuring CA: ", "name", ca.name, "url", ca.url, "caName", ca.caName, "key", ca.key,
+		"cert", ca.cert, "cacert", ca.cacert)
 
 	return &ca, nil
 }
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory.go
new file mode 100644
index 00000000..4a3898e7
--- /dev/null
+++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory.go
@@ -0,0 +1,55 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package cmpv2provisioner
+
+import (
+	"fmt"
+
+	v1 "k8s.io/api/core/v1"
+
+	"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
+)
+
+func CreateProvisioner(issuer *cmpv2api.CMPv2Issuer, secret v1.Secret) (*CertServiceCA, error) {
+	secretKeys := issuer.Spec.CertSecretRef
+	key, err := readValueFromSecret(secret, secretKeys.KeyRef)
+	if err != nil {
+		return nil, err
+	}
+	cert, err := readValueFromSecret(secret, secretKeys.CertRef)
+	if err != nil {
+		return nil, err
+	}
+	cacert, err := readValueFromSecret(secret, secretKeys.CacertRef)
+	if err != nil {
+		return nil, err
+	}
+	return New(issuer, key, cert, cacert)
+}
+
+func readValueFromSecret(secret v1.Secret, secretKey string) ([]byte, error) {
+	value, ok := secret.Data[secretKey]
+	if !ok {
+		err := fmt.Errorf("secret %s does not contain key %s", secret.Name, secretKey)
+		return nil, err
+	}
+	return value, nil
+}
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_test.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_test.go
new file mode 100644
index 00000000..6ef33098
--- /dev/null
+++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_test.go
@@ -0,0 +1,120 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package cmpv2provisioner
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	v1 "k8s.io/api/core/v1"
+
+	"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
+)
+
+const (
+	secretName      = "issuer-cert-secret"
+	url             = "https://oom-cert-service:8443/v1/certificate/"
+	caName          = "RA"
+	keySecretKey    = "cmpv2Issuer-key.pem"
+	certSecretKey   = "cmpv2Issuer-cert.pem"
+	cacertSecretKey = "cacert.pem"
+)
+
+var (
+	keySecretValue    = []byte("keyData")
+	certSecretValue   = []byte("certData")
+	cacertSecretValue = []byte("cacertData")
+)
+
+func Test_shouldCreateProvisioner(t *testing.T) {
+	issuer, secret := getValidIssuerAndSecret()
+
+	provisioner, _ := CreateProvisioner(&issuer, secret)
+
+	assert.NotNil(t, provisioner)
+	assert.Equal(t, url, provisioner.url)
+	assert.Equal(t, caName, provisioner.caName)
+	assert.Equal(t, keySecretValue, provisioner.key)
+	assert.Equal(t, certSecretValue, provisioner.cert)
+	assert.Equal(t, cacertSecretValue, provisioner.cacert)
+}
+
+func Test_shouldReturnError_whenSecretMissingKeyRef(t *testing.T) {
+	issuer, secret := getValidIssuerAndSecret()
+	delete(secret.Data, keySecretKey)
+
+	provisioner, err := CreateProvisioner(&issuer, secret)
+
+	assert.Nil(t, provisioner)
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Errorf("secret %s does not contain key %s", secretName, keySecretKey), err)
+	}
+}
+
+func Test_shouldReturnError_whenSecretMissingCertRef(t *testing.T) {
+	issuer, secret := getValidIssuerAndSecret()
+	delete(secret.Data, certSecretKey)
+
+	provisioner, err := CreateProvisioner(&issuer, secret)
+
+	assert.Nil(t, provisioner)
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Errorf("secret %s does not contain key %s", secretName, certSecretKey), err)
+	}
+}
+
+func Test_shouldReturnError_whenSecretMissingCacertRef(t *testing.T) {
+	issuer, secret := getValidIssuerAndSecret()
+	delete(secret.Data, cacertSecretKey)
+
+	provisioner, err := CreateProvisioner(&issuer, secret)
+
+	assert.Nil(t, provisioner)
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Errorf("secret %s does not contain key %s", secretName, cacertSecretKey), err)
+	}
+}
+
+func getValidIssuerAndSecret() (cmpv2api.CMPv2Issuer, v1.Secret) {
+	issuer := cmpv2api.CMPv2Issuer{
+		Spec: cmpv2api.CMPv2IssuerSpec{
+			URL:    url,
+			CaName: caName,
+			CertSecretRef: cmpv2api.SecretKeySelector{
+				Name:      secretName,
+				KeyRef:    keySecretKey,
+				CertRef:   certSecretKey,
+				CacertRef: cacertSecretKey,
+			},
+		},
+	}
+	secret := v1.Secret{
+
+		Data: map[string][]byte{
+			keySecretKey:    keySecretValue,
+			certSecretKey:   certSecretValue,
+			cacertSecretKey: cacertSecretValue,
+		},
+	}
+	secret.Name = secretName
+	return issuer, secret
+}
-- 
cgit 1.2.3-korg