From 5a2e510430cfdc8ce05f6a771ba8787c8e85b5e1 Mon Sep 17 00:00:00 2001 From: Joanna Jeremicz Date: Fri, 16 Oct 2020 16:06:04 +0200 Subject: [OOM-K8S-CERT-EXTERNAL-PROVIDER] Add unit tests to cmpv2_provisioner Add tests with input and output .pem files Tests should be adjusted to future implementation when possible Issue-ID: OOM-2559 Signed-off-by: Joanna Jeremicz Change-Id: I39952c2cb0bd35bfd8337b22ca6e95c86509b4f7 --- .../src/cmpv2provisioner/cmpv2_provisioner_test.go | 129 ++++++++++++++++++++- .../test_resources/expected_signed.pem | 12 ++ .../test_resources/expected_trusted.pem | 12 ++ .../test_resources/test_certificate.pem | 18 +++ .../test_resources/test_certificate_request.pem | 12 ++ 5 files changed, 181 insertions(+), 2 deletions(-) create mode 100644 certServiceK8sExternalProvider/src/cmpv2provisioner/test_resources/expected_signed.pem create mode 100644 certServiceK8sExternalProvider/src/cmpv2provisioner/test_resources/expected_trusted.pem create mode 100644 certServiceK8sExternalProvider/src/cmpv2provisioner/test_resources/test_certificate.pem create mode 100644 certServiceK8sExternalProvider/src/cmpv2provisioner/test_resources/test_certificate_request.pem (limited to 'certServiceK8sExternalProvider') diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go index 92d09b3c..d2141abe 100644 --- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go +++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go @@ -21,10 +21,135 @@ package cmpv2provisioner import ( + "bytes" + "context" + "log" "testing" + "time" + "io/ioutil" + + "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" + + "github.com/stretchr/testify/assert" + "k8s.io/apimachinery/pkg/types" + cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" + apimach "k8s.io/apimachinery/pkg/apis/meta/v1" ) -func TestSignCertificate(t *testing.T) { +const ISSUER_NAME = "cmpv2-issuer" +const ISSUER_URL = "issuer/url" +const KEY_NAME ="onapwro" +const ISSUER_NAMESPACE = "onap" + +func Test_shouldCreateCorrectCertServiceCA(t *testing.T){ + issuer, key := createIssuerAndKey(ISSUER_NAME, ISSUER_URL, KEY_NAME) + provisioner, err := New(&issuer, key) + + assert.Nil(t, err) + assert.Equal(t, string(provisioner.key), string(key), "Unexpected provisioner key.") + assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.") + assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.") +} + +func Test_shouldSuccessfullyLoadPreviouslyStoredProvisioner(t *testing.T){ + issuer, key := createIssuerAndKey(ISSUER_NAME, ISSUER_URL, KEY_NAME) + provisioner, err := New(&issuer, key) + + assert.Nil(t, err) + + issuerNamespaceName := createIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME) + + Store(issuerNamespaceName, provisioner) + provisioner, ok := Load(issuerNamespaceName) + + verifyThatConditionIsTrue(ok, "Provisioner could not be loaded.", t) + assert.Equal(t, string(provisioner.key), string(key), "Unexpected provisioner key.") + assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.") + assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.") +} + +func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrect(t *testing.T) { + const EXPECTED_SIGNED_FILENAME = "test_resources/expected_signed.pem" + const EXPECTED_TRUSTED_FILENAME = "test_resources/expected_trusted.pem" + + issuer, key := createIssuerAndKey(ISSUER_NAME, ISSUER_URL, KEY_NAME) + + provisioner, err := New(&issuer, key) + issuerNamespaceName := createIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME) + Store(issuerNamespaceName, provisioner) + + provisioner, ok := Load(issuerNamespaceName) + + verifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t) + + ctx := context.Background() + request := createCertificateRequest() + + signedPEM, trustedCAs, err := provisioner.Sign(ctx, request) + + assert.Nil(t, err) + + verifyThatConditionIsTrue(areSlicesEqual(signedPEM, readFile(EXPECTED_SIGNED_FILENAME)), "Signed pem is different than expected.", t) + verifyThatConditionIsTrue(areSlicesEqual(trustedCAs, readFile(EXPECTED_TRUSTED_FILENAME)), "Trusted CAs pem is different than expected.", t) +} + +func verifyThatConditionIsTrue(cond bool, message string, t *testing.T) { + if(!cond){ + t.Fatal(message) + } +} + +func createIssuerNamespaceName(namespace string, name string) types.NamespacedName{ + return types.NamespacedName{ + Namespace: namespace, + Name: name, + } +} + +func createIssuerAndKey(name string, url string, key string) (cmpv2api.CMPv2Issuer, []byte) { + issuer := cmpv2api.CMPv2Issuer{} + issuer.Name = name + issuer.Spec.URL = url + return issuer, []byte(key) +} + +func readFile(filename string) []byte{ + certRequest, err := ioutil.ReadFile(filename) + if err != nil { + log.Fatal(err) + } + return certRequest +} + +func createCertificateRequest() *cmapi.CertificateRequest { + const CERTIFICATE_DURATION = "1h" + const ISSUER_KIND = "CMPv2Issuer" + const ISSUER_GROUP = "certmanager.onap.org" + const CONDITION_TYPE = "Ready" + + const SPEC_REQUEST_FILENAME = "test_resources/test_certificate_request.pem" + const STATUS_CERTIFICATE_FILENAME = "test_resources/test_certificate.pem" + + duration := new(apimach.Duration) + d, _ := time.ParseDuration(CERTIFICATE_DURATION) + duration.Duration = d + + request := new(cmapi.CertificateRequest) + request.Spec.Duration = duration + request.Spec.IssuerRef.Name = ISSUER_NAME + request.Spec.IssuerRef.Kind = ISSUER_KIND + request.Spec.IssuerRef.Group = ISSUER_GROUP + request.Spec.Request = readFile(SPEC_REQUEST_FILENAME) + request.Spec.IsCA = true + + cond := new(cmapi.CertificateRequestCondition) + cond.Type = CONDITION_TYPE + request.Status.Conditions = []cmapi.CertificateRequestCondition{*cond} + request.Status.Certificate = readFile(STATUS_CERTIFICATE_FILENAME) + + return request +} - t.Logf("Dummy GO test --> Everything is OK <--.") +func areSlicesEqual(slice1 []byte, slice2 []byte) bool{ + return bytes.Compare(slice1, slice2) == 0 } diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/test_resources/expected_signed.pem b/certServiceK8sExternalProvider/src/cmpv2provisioner/test_resources/expected_signed.pem new file mode 100644 index 00000000..2d0e84d4 --- /dev/null +++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/test_resources/expected_signed.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh +MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w +HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v +Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV +IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr +WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J +cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl +4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH +Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D +6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn +-----END CERTIFICATE----- diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/test_resources/expected_trusted.pem b/certServiceK8sExternalProvider/src/cmpv2provisioner/test_resources/expected_trusted.pem new file mode 100644 index 00000000..2d0e84d4 --- /dev/null +++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/test_resources/expected_trusted.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh +MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w +HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v +Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV +IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr +WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J +cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl +4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH +Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D +6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn +-----END CERTIFICATE----- diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/test_resources/test_certificate.pem b/certServiceK8sExternalProvider/src/cmpv2provisioner/test_resources/test_certificate.pem new file mode 100644 index 00000000..7f306269 --- /dev/null +++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/test_resources/test_certificate.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC+TCCAeGgAwIBAgIJAKPGwKDl/5HnMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNV +BAMMCGpvc2h2YW5sMB4XDTE5MDgyMjE2MDU1OFoXDTI5MDgxOTE2MDU1OFowEzER +MA8GA1UEAwwIam9zaHZhbmwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCwhSB/qW6/kLb2zpu+EJvD9wHFaq+QA/0JH/Lllyo7zAFx+HHq+COAbk+C8B4t +/HUEsns5RL09CZ+X4j6pbJFdKduPxXu5ZVYnkxYpUDU7yg7OSKSZzTnIZ723sMs0 +R6jYn/Drj4xXMJEfHUDqYeSWlZr3qi1EFa0c7fVDxH+4xtZtNNFOjH7c6D/vWkIg +WQUxiwusse6KMOWjDnv/4Vrjel2QgUYUbHCyeZHmcti+K0LWCfo/Rg6PulwrbDkh +jmOgYt30pdhX0OZkAuklfUDHfp8bjbCoI2taYABA6AKjKsO35LAEU79CL1mLVHuZ +ACI5Ujija3VPWVHSwmJPJyuxAgMBAAGjUDBOMB0GA1UdDgQWBBQml5dTAZixFKhj +93wucRWhao/tQjAfBgNVHSMEGDAWgBQml5dTAZixFKhj93wucRWhao/tQjAMBgNV +HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB+klkRNJUKBLX8yYkyuU2RHcBv +GhmmDjJIsOJHZsoYXdLlG1pZNFjjPaOL8vh44Vl98RhEZBHsLT1KMbp1su6Cqj0r +UG1kpRBef+IOMT4MU7vRICi7UOlRLp1Wp0F8la3hPOcRb2yOfFqXXyZWXf4t0B45 +tHi+ZCNHB9FxjSRycbGYVk+TKpvhJaSYNMGJ3dxDKaP7+Dx3XcK6sAnIAkhyI8aj +NU+mw8/tmRkP4In/kXAR+Ri0qUmHj/vwvnk4Km7ZUy1FYH8DMeS5Nksn+/uHlRxR +V7Dnn039TRmgKbAqN72gKNLo5cZ+y/YqDAYHYrn98SQT9JDgtI/K/ATpW8dX +-----END CERTIFICATE----- diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/test_resources/test_certificate_request.pem b/certServiceK8sExternalProvider/src/cmpv2provisioner/test_resources/test_certificate_request.pem new file mode 100644 index 00000000..3becbf10 --- /dev/null +++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/test_resources/test_certificate_request.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh +MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w +HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v +Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV +IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr +WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J +cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl +4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH +Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D +6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn +-----END CERTIFICATE REQUEST----- -- cgit 1.2.3-korg