certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go

   1 /*
   2  * ============LICENSE_START=======================================================
   3  * oom-certservice-k8s-external-provider
   4  * ================================================================================
   5  * Copyright (C) 2020 Nokia. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21 package cmpv2provisioner
  22
  23 import (
  24         "bytes"
  25         "context"
  26         "io/ioutil"
  27         "log"
  28         "testing"
  29         "time"
  30
  31         cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
  32         "github.com/stretchr/testify/assert"
  33         apimach "k8s.io/apimachinery/pkg/apis/meta/v1"
  34         "k8s.io/apimachinery/pkg/types"
  35
  36         "onap.org/oom-certservice/k8s-external-provider/src/certserviceclient"
  37         "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
  38         "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/testdata"
  39 )
  40
  41 const ISSUER_NAME = "cmpv2-issuer"
  42 const ISSUER_URL = "issuer/url"
  43 const ISSUER_NAMESPACE = "onap"
  44
  45 func Test_shouldCreateCorrectCertServiceCA(t *testing.T) {
  46         issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
  47         provisioner, err := New(&issuer, &certServiceClientMock{})
  48
  49         assert.Nil(t, err)
  50         assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
  51         assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
  52 }
  53
  54 func Test_shouldSuccessfullyLoadPreviouslyStoredProvisioner(t *testing.T) {
  55         issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
  56         provisioner, err := New(&issuer, &certServiceClientMock{})
  57
  58         assert.Nil(t, err)
  59
  60         issuerNamespaceName := createIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
  61
  62         Store(issuerNamespaceName, provisioner)
  63         provisioner, ok := Load(issuerNamespaceName)
  64
  65         verifyThatConditionIsTrue(ok, "Provisioner could not be loaded.", t)
  66         assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
  67         assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
  68 }
  69
  70 func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrect(t *testing.T) {
  71         const EXPECTED_SIGNED_FILENAME = "testdata/expected_signed.pem"
  72         const EXPECTED_TRUSTED_FILENAME = "testdata/expected_trusted.pem"
  73
  74         issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
  75         provisioner, err := New(&issuer, &certServiceClientMock{
  76                 getCertificatesFunc: func(csr []byte, pk []byte) (response *certserviceclient.CertificatesResponse, e error) {
  77                         return &testdata.SampleCertServiceResponse, nil
  78                 },
  79         })
  80
  81         issuerNamespaceName := createIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
  82         Store(issuerNamespaceName, provisioner)
  83
  84         provisioner, ok := Load(issuerNamespaceName)
  85
  86         verifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
  87
  88         ctx := context.Background()
  89         request := createCertificateRequest()
  90         privateKeyBytes := getPrivateKeyBytes()
  91
  92         signedPEM, trustedCAs, err := provisioner.Sign(ctx, request, privateKeyBytes)
  93
  94         assert.Nil(t, err)
  95
  96         verifyThatConditionIsTrue(areSlicesEqual(signedPEM, readFile(EXPECTED_SIGNED_FILENAME)), "Signed pem is different than expected.", t)
  97         verifyThatConditionIsTrue(areSlicesEqual(trustedCAs, readFile(EXPECTED_TRUSTED_FILENAME)), "Trusted CAs pem is different than expected.", t)
  98 }
  99
 100 func verifyThatConditionIsTrue(cond bool, message string, t *testing.T) {
 101         if !cond {
 102                 t.Fatal(message)
 103         }
 104 }
 105
 106 func createIssuerNamespaceName(namespace string, name string) types.NamespacedName {
 107         return types.NamespacedName{
 108                 Namespace: namespace,
 109                 Name:      name,
 110         }
 111 }
 112
 113 func createIssuerAndCerts(name string, url string) cmpv2api.CMPv2Issuer {
 114         issuer := cmpv2api.CMPv2Issuer{}
 115         issuer.Name = name
 116         issuer.Spec.URL = url
 117         return issuer
 118 }
 119
 120 func readFile(filename string) []byte {
 121         certRequest, err := ioutil.ReadFile(filename)
 122         if err != nil {
 123                 log.Fatal(err)
 124         }
 125         return certRequest
 126 }
 127
 128 func createCertificateRequest() *cmapi.CertificateRequest {
 129         const CERTIFICATE_DURATION = "1h"
 130         const ISSUER_KIND = "CMPv2Issuer"
 131         const ISSUER_GROUP = "certmanager.onap.org"
 132         const CONDITION_TYPE = "Ready"
 133
 134         const SPEC_REQUEST_FILENAME = "testdata/test_certificate_request.pem"
 135         const STATUS_CERTIFICATE_FILENAME = "testdata/test_certificate.pem"
 136
 137         duration := new(apimach.Duration)
 138         d, _ := time.ParseDuration(CERTIFICATE_DURATION)
 139         duration.Duration = d
 140
 141         request := new(cmapi.CertificateRequest)
 142         request.Spec.Duration = duration
 143         request.Spec.IssuerRef.Name = ISSUER_NAME
 144         request.Spec.IssuerRef.Kind = ISSUER_KIND
 145         request.Spec.IssuerRef.Group = ISSUER_GROUP
 146         request.Spec.Request = readFile(SPEC_REQUEST_FILENAME)
 147         request.Spec.IsCA = true
 148
 149         cond := new(cmapi.CertificateRequestCondition)
 150         cond.Type = CONDITION_TYPE
 151         request.Status.Conditions = []cmapi.CertificateRequestCondition{*cond}
 152         request.Status.Certificate = readFile(STATUS_CERTIFICATE_FILENAME)
 153
 154         return request
 155 }
 156
 157 func getPrivateKeyBytes() []byte {
 158         return readFile("testdata/test_private_key.pem")
 159 }
 160
 161 func areSlicesEqual(slice1 []byte, slice2 []byte) bool {
 162         return bytes.Compare(slice1, slice2) == 0
 163 }
 164
 165 type certServiceClientMock struct {
 166         getCertificatesFunc func(csr []byte, key []byte) (*certserviceclient.CertificatesResponse, error)
 167 }
 168
 169 func (client *certServiceClientMock) GetCertificates(csr []byte, key []byte) (*certserviceclient.CertificatesResponse, error) {
 170         return client.getCertificatesFunc(csr, key)
 171 }
 172
 173 func (client *certServiceClientMock) CheckHealth() error {
 174         return nil
 175 }