2 * ============LICENSE_START=======================================================
3 * oom-certservice-k8s-external-provider
4 * ================================================================================
5 * Copyright (C) 2020 Nokia. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package cmpv2controller
27 cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
28 cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
29 "github.com/stretchr/testify/assert"
30 v1 "k8s.io/api/core/v1"
31 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
32 "k8s.io/apimachinery/pkg/types"
33 "k8s.io/client-go/tools/record"
34 ctrl "sigs.k8s.io/controller-runtime"
35 "sigs.k8s.io/controller-runtime/pkg/client"
36 "sigs.k8s.io/controller-runtime/pkg/client/fake"
38 "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
39 provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
40 provisionersdata "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/csr/testdata"
41 "onap.org/oom-certservice/k8s-external-provider/src/testdata"
42 x509 "onap.org/oom-certservice/k8s-external-provider/src/x509/testdata"
46 group = "certmanager.onap.org"
47 certificateRequestName = "testRequest"
48 recorderBufferSize = 3
51 func Test_shouldSaveCorrectSignedPems_whenRequestReceived(t *testing.T) {
52 verifiedIssuer := getVerifiedIssuer()
53 createProvisioner(verifiedIssuer)
54 fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme(), &verifiedIssuer,
55 getValidCertificateRequest(), getValidPrivateKeySecret())
56 fakeRecorder := record.NewFakeRecorder(recorderBufferSize)
57 controller := getCertRequestController(fakeRecorder, fakeClient)
58 fakeRequest := testdata.GetFakeRequest(certificateRequestName)
60 res, err := controller.Reconcile(fakeRequest)
62 signedPEM, trustedCAs := getCertificates(controller, fakeRequest.NamespacedName)
65 assert.Equal(t, <-fakeRecorder.Events, "Normal Issued Certificate issued")
66 testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
70 func Test_shouldBeInvalidCMPv2CertificateRequest_whenEmpty(t *testing.T) {
71 request := new(cmapi.CertificateRequest)
73 assert.False(t, isCMPv2CertificateRequest(request))
76 func Test_shouldBeInvalidCMPv2CertificateRequest_whenKindIsCertificateRequest(t *testing.T) {
77 request := new(cmapi.CertificateRequest)
78 request.Spec.IssuerRef.Group = group
79 request.Spec.IssuerRef.Kind = "CertificateRequest"
81 assert.False(t, isCMPv2CertificateRequest(request))
84 func Test_shouldBeValidCMPv2CertificateRequest_whenKindIsCMPvIssuer(t *testing.T) {
85 request := new(cmapi.CertificateRequest)
86 request.Spec.IssuerRef.Group = group
87 request.Spec.IssuerRef.Kind = "CMPv2Issuer"
89 assert.True(t, isCMPv2CertificateRequest(request))
92 func getCertificates(controller CertificateRequestController, namespacedName types.NamespacedName) ([]byte, []byte) {
93 certificateRequest := new(cmapi.CertificateRequest)
94 _ = controller.Client.Get(context.Background(), namespacedName, certificateRequest)
96 signedPEM := certificateRequest.Status.Certificate
97 trustedCAs := certificateRequest.Status.CA
99 return signedPEM, trustedCAs
102 func getValidPrivateKeySecret() *v1.Secret {
103 const privateKeySecretKey = "tls.key"
106 Data: map[string][]byte{
107 privateKeySecretKey: provisionersdata.PrivateKeyBytes,
109 ObjectMeta: metav1.ObjectMeta{
110 Name: testdata.PrivateKeySecret,
111 Namespace: testdata.Namespace,
116 func getValidCertificateRequest() *cmapi.CertificateRequest {
117 return &cmapi.CertificateRequest{
118 TypeMeta: metav1.TypeMeta{
120 APIVersion: testdata.APIVersion,
122 ObjectMeta: metav1.ObjectMeta{
123 Name: certificateRequestName,
124 Namespace: testdata.Namespace,
125 Annotations: map[string]string{
126 privateKeySecretNameAnnotation: testdata.PrivateKeySecret,
130 Spec: cmapi.CertificateRequestSpec{
131 IssuerRef: cmmeta.ObjectReference{
132 Group: cmpv2api.GroupVersion.Group,
133 Kind: cmpv2api.CMPv2IssuerKind,
134 Name: testdata.IssuerObjectName,
136 Request: []byte(x509.ValidCertificateSignRequest),
141 func getCertRequestController(fakeRecorder *record.FakeRecorder, fakeClient client.Client) CertificateRequestController {
142 controller := CertificateRequestController{
144 Log: ctrl.Log.WithName("controllers").WithName("CertificateRequest"),
145 Recorder: fakeRecorder,
150 func getVerifiedIssuer() cmpv2api.CMPv2Issuer {
151 issuer, _ := testdata.GetValidIssuerWithSecret()
152 issuer.Status = cmpv2api.CMPv2IssuerStatus{
153 Conditions: []cmpv2api.CMPv2IssuerCondition{{
154 Type: cmpv2api.ConditionReady,
155 Status: cmpv2api.ConditionTrue}},
160 func createProvisioner(verifiedIssuer cmpv2api.CMPv2Issuer) {
161 provisionerFactory := provisioners.ProvisionerFactoryMock{}
162 fakeProvisioner, _ := provisionerFactory.CreateProvisioner(&verifiedIssuer, v1.Secret{})
164 provisioners.Store(testdata.GetIssuerStoreKey(), fakeProvisioner)
167 func clearProvisioner() {
168 provisioners.Store(testdata.GetIssuerStoreKey(), nil)