certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go

   1 /*
   2  * ============LICENSE_START=======================================================
   3  * oom-certservice-k8s-external-provider
   4  * ================================================================================
   5  * Copyright (C) 2020 Nokia. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21 package cmpv2controller
  22
  23 import (
  24         "context"
  25         "testing"
  26
  27         cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
  28         cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
  29         "github.com/stretchr/testify/assert"
  30         v1 "k8s.io/api/core/v1"
  31         metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
  32         "k8s.io/apimachinery/pkg/types"
  33         "k8s.io/client-go/tools/record"
  34         "sigs.k8s.io/controller-runtime/pkg/client"
  35         "sigs.k8s.io/controller-runtime/pkg/client/fake"
  36
  37         "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
  38         provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
  39         provisionersdata "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/csr/testdata"
  40         "onap.org/oom-certservice/k8s-external-provider/src/leveledlogger"
  41         "onap.org/oom-certservice/k8s-external-provider/src/testdata"
  42         x509 "onap.org/oom-certservice/k8s-external-provider/src/x509/testdata"
  43 )
  44
  45 const (
  46         group                  = "certmanager.onap.org"
  47         certificateRequestName = "testRequest"
  48         recorderBufferSize     = 3
  49 )
  50
  51 func Test_shouldSaveCorrectSignedPems_whenRequestReceived(t *testing.T) {
  52         verifiedIssuer := getVerifiedIssuer()
  53         createProvisioner(verifiedIssuer)
  54         fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme(), &verifiedIssuer,
  55                 getValidCertificateRequest(), getValidPrivateKeySecret())
  56         fakeRecorder := record.NewFakeRecorder(recorderBufferSize)
  57         controller := getCertRequestController(fakeRecorder, fakeClient)
  58         fakeRequest := testdata.GetFakeRequest(certificateRequestName)
  59
  60         res, err := controller.Reconcile(fakeRequest)
  61
  62         signedPEM, trustedCAs := getCertificates(controller, fakeRequest.NamespacedName)
  63         assert.Nil(t, err)
  64         assert.NotNil(t, res)
  65         assert.Equal(t, <-fakeRecorder.Events, "Normal Issued Certificate issued")
  66         testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
  67         clearProvisioner()
  68 }
  69
  70 func Test_shouldBeInvalidCMPv2CertificateRequest_whenEmpty(t *testing.T) {
  71         request := new(cmapi.CertificateRequest)
  72
  73         assert.False(t, isCMPv2CertificateRequest(request))
  74 }
  75
  76 func Test_shouldBeInvalidCMPv2CertificateRequest_whenKindIsCertificateRequest(t *testing.T) {
  77         request := new(cmapi.CertificateRequest)
  78         request.Spec.IssuerRef.Group = group
  79         request.Spec.IssuerRef.Kind = "CertificateRequest"
  80
  81         assert.False(t, isCMPv2CertificateRequest(request))
  82 }
  83
  84 func Test_shouldBeValidCMPv2CertificateRequest_whenKindIsCMPvIssuer(t *testing.T) {
  85         request := new(cmapi.CertificateRequest)
  86         request.Spec.IssuerRef.Group = group
  87         request.Spec.IssuerRef.Kind = "CMPv2Issuer"
  88
  89         assert.True(t, isCMPv2CertificateRequest(request))
  90 }
  91
  92 func getCertificates(controller CertificateRequestController, namespacedName types.NamespacedName) ([]byte, []byte) {
  93         certificateRequest := new(cmapi.CertificateRequest)
  94         _ = controller.Client.Get(context.Background(), namespacedName, certificateRequest)
  95
  96         signedPEM := certificateRequest.Status.Certificate
  97         trustedCAs := certificateRequest.Status.CA
  98
  99         return signedPEM, trustedCAs
 100 }
 101
 102 func getValidPrivateKeySecret() *v1.Secret {
 103         const privateKeySecretKey = "tls.key"
 104
 105         return &v1.Secret{
 106                 Data: map[string][]byte{
 107                         privateKeySecretKey: provisionersdata.PrivateKeyBytes,
 108                 },
 109                 ObjectMeta: metav1.ObjectMeta{
 110                         Name:      testdata.PrivateKeySecret,
 111                         Namespace: testdata.Namespace,
 112                 },
 113         }
 114 }
 115
 116 func getValidCertificateRequest() *cmapi.CertificateRequest {
 117         return &cmapi.CertificateRequest{
 118                 TypeMeta: metav1.TypeMeta{
 119                         Kind:       "",
 120                         APIVersion: testdata.APIVersion,
 121                 },
 122                 ObjectMeta: metav1.ObjectMeta{
 123                         Name:      certificateRequestName,
 124                         Namespace: testdata.Namespace,
 125                         Annotations: map[string]string{
 126                                 privateKeySecretNameAnnotation: testdata.PrivateKeySecret,
 127                         },
 128                 },
 129
 130                 Spec: cmapi.CertificateRequestSpec{
 131                         IssuerRef: cmmeta.ObjectReference{
 132                                 Group: cmpv2api.GroupVersion.Group,
 133                                 Kind:  cmpv2api.CMPv2IssuerKind,
 134                                 Name:  testdata.IssuerObjectName,
 135                         },
 136                         Request: []byte(x509.ValidCertificateSignRequest),
 137                 },
 138         }
 139 }
 140
 141 func getCertRequestController(fakeRecorder *record.FakeRecorder, fakeClient client.Client) CertificateRequestController {
 142         controller := CertificateRequestController{
 143                 Client:   fakeClient,
 144                 Log:      leveledlogger.GetLoggerWithValues("controllers", "CertificateRequest"),
 145                 Recorder: fakeRecorder,
 146         }
 147         return controller
 148 }
 149
 150 func getVerifiedIssuer() cmpv2api.CMPv2Issuer {
 151         issuer, _ := testdata.GetValidIssuerWithSecret()
 152         issuer.Status = cmpv2api.CMPv2IssuerStatus{
 153                 Conditions: []cmpv2api.CMPv2IssuerCondition{{
 154                         Type:   cmpv2api.ConditionReady,
 155                         Status: cmpv2api.ConditionTrue}},
 156         }
 157         return issuer
 158 }
 159
 160 func createProvisioner(verifiedIssuer cmpv2api.CMPv2Issuer) {
 161         provisionerFactory := provisioners.ProvisionerFactoryMock{}
 162         fakeProvisioner, _ := provisionerFactory.CreateProvisioner(&verifiedIssuer, v1.Secret{})
 163
 164         provisioners.Store(testdata.GetIssuerStoreKey(), fakeProvisioner)
 165 }
 166
 167 func clearProvisioner() {
 168         provisioners.Store(testdata.GetIssuerStoreKey(), nil)
 169 }