certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go

   1 /*
   2  * ============LICENSE_START=======================================================
   3  * oom-certservice-k8s-external-provider
   4  * ================================================================================
   5  * Copyright (C) 2020 Nokia. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21 package cmpv2controller
  22
  23 import (
  24         "context"
  25         "testing"
  26
  27         cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
  28         cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
  29         "github.com/stretchr/testify/assert"
  30         v1 "k8s.io/api/core/v1"
  31         metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
  32         "k8s.io/apimachinery/pkg/types"
  33         "k8s.io/client-go/tools/record"
  34         "sigs.k8s.io/controller-runtime/pkg/client"
  35         "sigs.k8s.io/controller-runtime/pkg/client/fake"
  36
  37         "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
  38         provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
  39         provisionersdata "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/csr/testdata"
  40         "onap.org/oom-certservice/k8s-external-provider/src/leveledlogger"
  41         "onap.org/oom-certservice/k8s-external-provider/src/testdata"
  42         x509 "onap.org/oom-certservice/k8s-external-provider/src/x509/testdata"
  43 )
  44
  45 const (
  46         group                  = "certmanager.onap.org"
  47         certificateRequestName = "testRequest"
  48         recorderBufferSize     = 3
  49 )
  50
  51 func Test_shouldSaveCorrectSignedPems_whenRequestReceived(t *testing.T) {
  52         verifiedIssuer := getVerifiedIssuer()
  53         createProvisioner(verifiedIssuer)
  54         fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme(), &verifiedIssuer,
  55                 getValidCertificateRequest(), getValidPrivateKeySecret())
  56
  57         fakeRecorder := record.NewFakeRecorder(recorderBufferSize)
  58         controller := getCertRequestController(fakeRecorder, fakeClient)
  59         fakeRequest := testdata.GetFakeRequest(certificateRequestName)
  60
  61         res, err := controller.Reconcile(fakeRequest)
  62
  63         signedPEM, trustedCAs := getCertificates(controller, fakeRequest.NamespacedName)
  64         assert.Nil(t, err)
  65         assert.NotNil(t, res)
  66         assert.Equal(t, <-fakeRecorder.Events, "Normal Issued Certificate issued")
  67         testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
  68         clearProvisioner()
  69 }
  70
  71 func Test_shouldBeInvalidCMPv2CertificateRequest_whenEmpty(t *testing.T) {
  72         request := new(cmapi.CertificateRequest)
  73
  74         assert.False(t, isCMPv2CertificateRequest(request))
  75 }
  76
  77 func Test_shouldBeInvalidCMPv2CertificateRequest_whenKindIsCertificateRequest(t *testing.T) {
  78         request := new(cmapi.CertificateRequest)
  79         request.Spec.IssuerRef.Group = group
  80         request.Spec.IssuerRef.Kind = "CertificateRequest"
  81
  82         assert.False(t, isCMPv2CertificateRequest(request))
  83 }
  84
  85 func Test_shouldBeValidCMPv2CertificateRequest_whenKindIsCMPvIssuer(t *testing.T) {
  86         request := new(cmapi.CertificateRequest)
  87         request.Spec.IssuerRef.Group = group
  88         request.Spec.IssuerRef.Kind = "CMPv2Issuer"
  89
  90         assert.True(t, isCMPv2CertificateRequest(request))
  91 }
  92
  93 func getCertificates(controller CertificateRequestController, namespacedName types.NamespacedName) ([]byte, []byte) {
  94         certificateRequest := new(cmapi.CertificateRequest)
  95         _ = controller.Client.Get(context.Background(), namespacedName, certificateRequest)
  96
  97         signedPEM := certificateRequest.Status.Certificate
  98         trustedCAs := certificateRequest.Status.CA
  99
 100         return signedPEM, trustedCAs
 101 }
 102
 103 func getValidPrivateKeySecret() *v1.Secret {
 104         const privateKeySecretKey = "tls.key"
 105
 106         return &v1.Secret{
 107                 Data: map[string][]byte{
 108                         privateKeySecretKey: provisionersdata.PrivateKeyBytes,
 109                 },
 110                 ObjectMeta: metav1.ObjectMeta{
 111                         Name:      testdata.PrivateKeySecret,
 112                         Namespace: testdata.Namespace,
 113                 },
 114         }
 115 }
 116
 117 func getValidCertificateRequest() *cmapi.CertificateRequest {
 118         return &cmapi.CertificateRequest{
 119                 TypeMeta: metav1.TypeMeta{
 120                         Kind:       "",
 121                         APIVersion: testdata.APIVersion,
 122                 },
 123                 ObjectMeta: metav1.ObjectMeta{
 124                         Name:      certificateRequestName,
 125                         Namespace: testdata.Namespace,
 126                         Annotations: map[string]string{
 127                                 privateKeySecretNameAnnotation: testdata.PrivateKeySecret,
 128                         },
 129                 },
 130
 131                 Spec: cmapi.CertificateRequestSpec{
 132                         IssuerRef: cmmeta.ObjectReference{
 133                                 Group: cmpv2api.GroupVersion.Group,
 134                                 Kind:  cmpv2api.CMPv2IssuerKind,
 135                                 Name:  testdata.IssuerObjectName,
 136                         },
 137                         Request: []byte(x509.ValidCertificateSignRequest),
 138                 },
 139         }
 140 }
 141
 142 func getCertRequestController(fakeRecorder *record.FakeRecorder, fakeClient client.Client) CertificateRequestController {
 143         controller := CertificateRequestController{
 144                 Client:   fakeClient,
 145                 Log:      leveledlogger.GetLoggerWithValues("controllers", "CertificateRequest"),
 146                 Recorder: fakeRecorder,
 147         }
 148         return controller
 149 }
 150
 151 func getVerifiedIssuer() cmpv2api.CMPv2Issuer {
 152         issuer, _ := testdata.GetValidIssuerWithSecret()
 153         issuer.Status = cmpv2api.CMPv2IssuerStatus{
 154                 Conditions: []cmpv2api.CMPv2IssuerCondition{{
 155                         Type:   cmpv2api.ConditionReady,
 156                         Status: cmpv2api.ConditionTrue}},
 157         }
 158         return issuer
 159 }
 160
 161 func createProvisioner(verifiedIssuer cmpv2api.CMPv2Issuer) {
 162         provisionerFactory := provisioners.ProvisionerFactoryMock{}
 163         fakeProvisioner, _ := provisionerFactory.CreateProvisioner(&verifiedIssuer, v1.Secret{})
 164
 165         provisioners.Store(testdata.GetIssuerStoreKey(), fakeProvisioner)
 166 }
 167
 168 func clearProvisioner() {
 169         provisioners.Store(testdata.GetIssuerStoreKey(), nil)
 170 }