2 * ============LICENSE_START=======================================================
3 * oom-certservice-k8s-external-provider
4 * ================================================================================
5 * Copyright (C) 2020-2021 Nokia. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package cmpv2provisioner
28 cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
29 "github.com/stretchr/testify/assert"
30 apiv1 "k8s.io/api/core/v1"
31 apimach "k8s.io/apimachinery/pkg/apis/meta/v1"
33 "onap.org/oom-certservice/k8s-external-provider/src/certserviceclient"
34 "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
35 "onap.org/oom-certservice/k8s-external-provider/src/model"
36 "onap.org/oom-certservice/k8s-external-provider/src/testdata"
39 const ISSUER_NAME = "cmpv2-issuer"
40 const ISSUER_URL = "issuer/url"
41 const ISSUER_NAMESPACE = "onap"
43 func Test_shouldCreateCorrectCertServiceCA(t *testing.T) {
44 issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
45 provisioner, err := New(&issuer, &certserviceclient.CertServiceClientMock{})
48 assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
49 assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
52 func Test_shouldSuccessfullyLoadPreviouslyStoredProvisioner(t *testing.T) {
53 issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
54 provisioner, err := New(&issuer, &certserviceclient.CertServiceClientMock{})
58 issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
60 Store(issuerNamespaceName, provisioner)
61 provisioner, ok := Load(issuerNamespaceName)
63 testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded.", t)
64 assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
65 assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
68 func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForCertificateRequest(t *testing.T) {
69 issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
70 provisionerFactory := ProvisionerFactoryMock{}
71 provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{})
73 issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
74 Store(issuerNamespaceName, provisioner)
76 provisioner, ok := Load(issuerNamespaceName)
78 testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
80 ctx := context.Background()
81 request := createCertificateRequest()
82 privateKeyBytes := getPrivateKeyBytes()
84 signCertificateModel := model.SignCertificateModel{
85 CertificateRequest: request,
86 PrivateKeyBytes: privateKeyBytes,
87 IsUpdateRevision: false,
92 signedPEM, trustedCAs, err := provisioner.Sign(ctx, signCertificateModel)
96 testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
99 func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForUpdateCertificateRequest(t *testing.T) {
100 issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
101 provisionerFactory := ProvisionerFactoryMock{}
102 provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{})
104 issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
105 Store(issuerNamespaceName, provisioner)
107 provisioner, ok := Load(issuerNamespaceName)
109 testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
111 ctx := context.Background()
112 request := createCertificateRequest()
113 privateKeyBytes := getPrivateKeyBytes()
115 signCertificateModel := model.SignCertificateModel{
116 CertificateRequest: request,
117 PrivateKeyBytes: privateKeyBytes,
118 IsUpdateRevision: true,
119 OldCertificate: testdata.OldCertificateEncoded,
120 OldPrivateKey: testdata.OldPrivateKeyEncoded,
123 signedPEM, trustedCAs, err := provisioner.Sign(ctx, signCertificateModel)
127 testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
130 func createIssuerAndCerts(name string, url string) cmpv2api.CMPv2Issuer {
131 issuer := cmpv2api.CMPv2Issuer{}
133 issuer.Spec.URL = url
137 func createCertificateRequest() *cmapi.CertificateRequest {
138 const CERTIFICATE_DURATION = "1h"
139 const ISSUER_KIND = "CMPv2Issuer"
140 const ISSUER_GROUP = "certmanager.onap.org"
141 const CONDITION_TYPE = "Ready"
143 const SPEC_REQUEST_FILENAME = "testdata/test_certificate_request.pem"
144 const STATUS_CERTIFICATE_FILENAME = "testdata/test_certificate.pem"
146 duration := new(apimach.Duration)
147 d, _ := time.ParseDuration(CERTIFICATE_DURATION)
148 duration.Duration = d
150 request := new(cmapi.CertificateRequest)
151 request.Spec.Duration = duration
152 request.Spec.IssuerRef.Name = ISSUER_NAME
153 request.Spec.IssuerRef.Kind = ISSUER_KIND
154 request.Spec.IssuerRef.Group = ISSUER_GROUP
155 request.Spec.Request = testdata.ReadFile(SPEC_REQUEST_FILENAME)
156 request.Spec.IsCA = true
158 cond := new(cmapi.CertificateRequestCondition)
159 cond.Type = CONDITION_TYPE
160 request.Status.Conditions = []cmapi.CertificateRequestCondition{*cond}
161 request.Status.Certificate = testdata.ReadFile(STATUS_CERTIFICATE_FILENAME)
166 func getPrivateKeyBytes() []byte {
167 return testdata.ReadFile("testdata/test_private_key.pem")