2 * ============LICENSE_START=======================================================
3 * oom-certservice-k8s-external-provider
4 * ================================================================================
5 * Copyright (C) 2020 Nokia. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package cmpv2controller
27 cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
28 cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
29 "github.com/stretchr/testify/assert"
30 v1 "k8s.io/api/core/v1"
31 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
32 "k8s.io/apimachinery/pkg/types"
33 "k8s.io/client-go/tools/record"
34 "sigs.k8s.io/controller-runtime/pkg/client"
35 "sigs.k8s.io/controller-runtime/pkg/client/fake"
37 "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
38 provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
39 provisionersdata "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/csr/testdata"
40 "onap.org/oom-certservice/k8s-external-provider/src/leveledlogger"
41 "onap.org/oom-certservice/k8s-external-provider/src/testdata"
42 x509 "onap.org/oom-certservice/k8s-external-provider/src/x509/testdata"
46 group = "certmanager.onap.org"
47 certificateRequestName = "testRequest"
48 recorderBufferSize = 3
51 func Test_shouldSaveCorrectSignedPems_whenRequestReceived(t *testing.T) {
52 verifiedIssuer := getVerifiedIssuer()
53 createProvisioner(verifiedIssuer)
54 fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme(), &verifiedIssuer,
55 getValidCertificateRequest(), getValidPrivateKeySecret())
57 fakeRecorder := record.NewFakeRecorder(recorderBufferSize)
58 controller := getCertRequestController(fakeRecorder, fakeClient)
59 fakeRequest := testdata.GetFakeRequest(certificateRequestName)
61 res, err := controller.Reconcile(fakeRequest)
63 signedPEM, trustedCAs := getCertificates(controller, fakeRequest.NamespacedName)
66 assert.Equal(t, <-fakeRecorder.Events, "Normal Issued Certificate issued")
67 testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
71 func Test_shouldBeInvalidCMPv2CertificateRequest_whenEmpty(t *testing.T) {
72 request := new(cmapi.CertificateRequest)
74 assert.False(t, isCMPv2CertificateRequest(request))
77 func Test_shouldBeInvalidCMPv2CertificateRequest_whenKindIsCertificateRequest(t *testing.T) {
78 request := new(cmapi.CertificateRequest)
79 request.Spec.IssuerRef.Group = group
80 request.Spec.IssuerRef.Kind = "CertificateRequest"
82 assert.False(t, isCMPv2CertificateRequest(request))
85 func Test_shouldBeValidCMPv2CertificateRequest_whenKindIsCMPvIssuer(t *testing.T) {
86 request := new(cmapi.CertificateRequest)
87 request.Spec.IssuerRef.Group = group
88 request.Spec.IssuerRef.Kind = "CMPv2Issuer"
90 assert.True(t, isCMPv2CertificateRequest(request))
93 func getCertificates(controller CertificateRequestController, namespacedName types.NamespacedName) ([]byte, []byte) {
94 certificateRequest := new(cmapi.CertificateRequest)
95 _ = controller.Client.Get(context.Background(), namespacedName, certificateRequest)
97 signedPEM := certificateRequest.Status.Certificate
98 trustedCAs := certificateRequest.Status.CA
100 return signedPEM, trustedCAs
103 func getValidPrivateKeySecret() *v1.Secret {
104 const privateKeySecretKey = "tls.key"
107 Data: map[string][]byte{
108 privateKeySecretKey: provisionersdata.PrivateKeyBytes,
110 ObjectMeta: metav1.ObjectMeta{
111 Name: testdata.PrivateKeySecret,
112 Namespace: testdata.Namespace,
117 func getValidCertificateRequest() *cmapi.CertificateRequest {
118 return &cmapi.CertificateRequest{
119 TypeMeta: metav1.TypeMeta{
121 APIVersion: testdata.APIVersion,
123 ObjectMeta: metav1.ObjectMeta{
124 Name: certificateRequestName,
125 Namespace: testdata.Namespace,
126 Annotations: map[string]string{
127 privateKeySecretNameAnnotation: testdata.PrivateKeySecret,
131 Spec: cmapi.CertificateRequestSpec{
132 IssuerRef: cmmeta.ObjectReference{
133 Group: cmpv2api.GroupVersion.Group,
134 Kind: cmpv2api.CMPv2IssuerKind,
135 Name: testdata.IssuerObjectName,
137 Request: []byte(x509.ValidCertificateSignRequest),
142 func getCertRequestController(fakeRecorder *record.FakeRecorder, fakeClient client.Client) CertificateRequestController {
143 controller := CertificateRequestController{
145 Log: leveledlogger.GetLoggerWithValues("controllers", "CertificateRequest"),
146 Recorder: fakeRecorder,
151 func getVerifiedIssuer() cmpv2api.CMPv2Issuer {
152 issuer, _ := testdata.GetValidIssuerWithSecret()
153 issuer.Status = cmpv2api.CMPv2IssuerStatus{
154 Conditions: []cmpv2api.CMPv2IssuerCondition{{
155 Type: cmpv2api.ConditionReady,
156 Status: cmpv2api.ConditionTrue}},
161 func createProvisioner(verifiedIssuer cmpv2api.CMPv2Issuer) {
162 provisionerFactory := provisioners.ProvisionerFactoryMock{}
163 fakeProvisioner, _ := provisionerFactory.CreateProvisioner(&verifiedIssuer, v1.Secret{})
165 provisioners.Store(testdata.GetIssuerStoreKey(), fakeProvisioner)
168 func clearProvisioner() {
169 provisioners.Store(testdata.GetIssuerStoreKey(), nil)