2 * ============LICENSE_START=======================================================
3 * oom-certservice-k8s-external-provider
4 * ================================================================================
5 * Copyright (C) 2020 Nokia. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package cmpv2provisioner
31 cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
32 "github.com/stretchr/testify/assert"
33 apimach "k8s.io/apimachinery/pkg/apis/meta/v1"
34 "k8s.io/apimachinery/pkg/types"
36 "onap.org/oom-certservice/k8s-external-provider/src/certserviceclient"
37 "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
38 "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/testdata"
41 const ISSUER_NAME = "cmpv2-issuer"
42 const ISSUER_URL = "issuer/url"
43 const ISSUER_NAMESPACE = "onap"
45 func Test_shouldCreateCorrectCertServiceCA(t *testing.T) {
46 issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
47 provisioner, err := New(&issuer, &certServiceClientMock{})
50 assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
51 assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
54 func Test_shouldSuccessfullyLoadPreviouslyStoredProvisioner(t *testing.T) {
55 issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
56 provisioner, err := New(&issuer, &certServiceClientMock{})
60 issuerNamespaceName := createIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
62 Store(issuerNamespaceName, provisioner)
63 provisioner, ok := Load(issuerNamespaceName)
65 verifyThatConditionIsTrue(ok, "Provisioner could not be loaded.", t)
66 assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
67 assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
70 func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrect(t *testing.T) {
71 const EXPECTED_SIGNED_FILENAME = "testdata/expected_signed.pem"
72 const EXPECTED_TRUSTED_FILENAME = "testdata/expected_trusted.pem"
74 issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
75 provisioner, err := New(&issuer, &certServiceClientMock{
76 getCertificatesFunc: func(csr []byte, pk []byte) (response *certserviceclient.CertificatesResponse, e error) {
77 return &testdata.SampleCertServiceResponse, nil
81 issuerNamespaceName := createIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
82 Store(issuerNamespaceName, provisioner)
84 provisioner, ok := Load(issuerNamespaceName)
86 verifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
88 ctx := context.Background()
89 request := createCertificateRequest()
90 privateKeyBytes := getPrivateKeyBytes()
92 signedPEM, trustedCAs, err := provisioner.Sign(ctx, request, privateKeyBytes)
96 verifyThatConditionIsTrue(areSlicesEqual(signedPEM, readFile(EXPECTED_SIGNED_FILENAME)), "Signed pem is different than expected.", t)
97 verifyThatConditionIsTrue(areSlicesEqual(trustedCAs, readFile(EXPECTED_TRUSTED_FILENAME)), "Trusted CAs pem is different than expected.", t)
100 func verifyThatConditionIsTrue(cond bool, message string, t *testing.T) {
106 func createIssuerNamespaceName(namespace string, name string) types.NamespacedName {
107 return types.NamespacedName{
108 Namespace: namespace,
113 func createIssuerAndCerts(name string, url string) cmpv2api.CMPv2Issuer {
114 issuer := cmpv2api.CMPv2Issuer{}
116 issuer.Spec.URL = url
120 func readFile(filename string) []byte {
121 certRequest, err := ioutil.ReadFile(filename)
128 func createCertificateRequest() *cmapi.CertificateRequest {
129 const CERTIFICATE_DURATION = "1h"
130 const ISSUER_KIND = "CMPv2Issuer"
131 const ISSUER_GROUP = "certmanager.onap.org"
132 const CONDITION_TYPE = "Ready"
134 const SPEC_REQUEST_FILENAME = "testdata/test_certificate_request.pem"
135 const STATUS_CERTIFICATE_FILENAME = "testdata/test_certificate.pem"
137 duration := new(apimach.Duration)
138 d, _ := time.ParseDuration(CERTIFICATE_DURATION)
139 duration.Duration = d
141 request := new(cmapi.CertificateRequest)
142 request.Spec.Duration = duration
143 request.Spec.IssuerRef.Name = ISSUER_NAME
144 request.Spec.IssuerRef.Kind = ISSUER_KIND
145 request.Spec.IssuerRef.Group = ISSUER_GROUP
146 request.Spec.Request = readFile(SPEC_REQUEST_FILENAME)
147 request.Spec.IsCA = true
149 cond := new(cmapi.CertificateRequestCondition)
150 cond.Type = CONDITION_TYPE
151 request.Status.Conditions = []cmapi.CertificateRequestCondition{*cond}
152 request.Status.Certificate = readFile(STATUS_CERTIFICATE_FILENAME)
157 func getPrivateKeyBytes() []byte {
158 return readFile("testdata/test_private_key.pem")
161 func areSlicesEqual(slice1 []byte, slice2 []byte) bool {
162 return bytes.Compare(slice1, slice2) == 0
165 type certServiceClientMock struct {
166 getCertificatesFunc func(csr []byte, key []byte) (*certserviceclient.CertificatesResponse, error)
169 func (client *certServiceClientMock) GetCertificates(csr []byte, key []byte) (*certserviceclient.CertificatesResponse, error) {
170 return client.getCertificatesFunc(csr, key)
173 func (client *certServiceClientMock) CheckHealth() error {