certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go

   1 /*
   2  * ============LICENSE_START=======================================================
   3  * oom-certservice-k8s-external-provider
   4  * ================================================================================
   5  * Copyright (C) 2020-2021 Nokia. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21 package cmpv2provisioner
  22
  23 import (
  24         "context"
  25         "testing"
  26         "time"
  27
  28         cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
  29         "github.com/stretchr/testify/assert"
  30         apiv1 "k8s.io/api/core/v1"
  31         apimach "k8s.io/apimachinery/pkg/apis/meta/v1"
  32
  33         "onap.org/oom-certservice/k8s-external-provider/src/certserviceclient"
  34         "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
  35         "onap.org/oom-certservice/k8s-external-provider/src/model"
  36         "onap.org/oom-certservice/k8s-external-provider/src/testdata"
  37 )
  38
  39 const ISSUER_NAME = "cmpv2-issuer"
  40 const ISSUER_URL = "issuer/url"
  41 const ISSUER_NAMESPACE = "onap"
  42
  43 func Test_shouldCreateCorrectCertServiceCA(t *testing.T) {
  44         issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
  45         provisioner, err := New(&issuer, &certserviceclient.CertServiceClientMock{})
  46
  47         assert.Nil(t, err)
  48         assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
  49         assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
  50 }
  51
  52 func Test_shouldSuccessfullyLoadPreviouslyStoredProvisioner(t *testing.T) {
  53         issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
  54         provisioner, err := New(&issuer, &certserviceclient.CertServiceClientMock{})
  55
  56         assert.Nil(t, err)
  57
  58         issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
  59
  60         Store(issuerNamespaceName, provisioner)
  61         provisioner, ok := Load(issuerNamespaceName)
  62
  63         testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded.", t)
  64         assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
  65         assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
  66 }
  67
  68 func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForCertificateRequest(t *testing.T) {
  69         issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
  70         provisionerFactory := ProvisionerFactoryMock{}
  71         provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{})
  72
  73         issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
  74         Store(issuerNamespaceName, provisioner)
  75
  76         provisioner, ok := Load(issuerNamespaceName)
  77
  78         testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
  79
  80         ctx := context.Background()
  81         request := createCertificateRequest()
  82         privateKeyBytes := getPrivateKeyBytes()
  83
  84         signCertificateModel := model.SignCertificateModel{
  85                 CertificateRequest: request,
  86                 PrivateKeyBytes:    privateKeyBytes,
  87                 IsUpdateRevision:   false,
  88                 OldCertificate:     "",
  89                 OldPrivateKey:      "",
  90         }
  91
  92         signedPEM, trustedCAs, err := provisioner.Sign(ctx, signCertificateModel)
  93
  94         assert.Nil(t, err)
  95
  96         testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
  97 }
  98
  99 func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForUpdateCertificateRequest(t *testing.T) {
 100         issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
 101         provisionerFactory := ProvisionerFactoryMock{}
 102         provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{})
 103
 104         issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
 105         Store(issuerNamespaceName, provisioner)
 106
 107         provisioner, ok := Load(issuerNamespaceName)
 108
 109         testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
 110
 111         ctx := context.Background()
 112         request := createCertificateRequest()
 113         privateKeyBytes := getPrivateKeyBytes()
 114
 115         signCertificateModel := model.SignCertificateModel{
 116                 CertificateRequest: request,
 117                 PrivateKeyBytes:    privateKeyBytes,
 118                 IsUpdateRevision:   true,
 119                 OldCertificate:     testdata.OldCertificateEncoded,
 120                 OldPrivateKey:      testdata.OldPrivateKeyEncoded,
 121         }
 122
 123         signedPEM, trustedCAs, err := provisioner.Sign(ctx, signCertificateModel)
 124
 125         assert.Nil(t, err)
 126
 127         testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
 128 }
 129
 130 func createIssuerAndCerts(name string, url string) cmpv2api.CMPv2Issuer {
 131         issuer := cmpv2api.CMPv2Issuer{}
 132         issuer.Name = name
 133         issuer.Spec.URL = url
 134         return issuer
 135 }
 136
 137 func createCertificateRequest() *cmapi.CertificateRequest {
 138         const CERTIFICATE_DURATION = "1h"
 139         const ISSUER_KIND = "CMPv2Issuer"
 140         const ISSUER_GROUP = "certmanager.onap.org"
 141         const CONDITION_TYPE = "Ready"
 142
 143         const SPEC_REQUEST_FILENAME = "testdata/test_certificate_request.pem"
 144         const STATUS_CERTIFICATE_FILENAME = "testdata/test_certificate.pem"
 145
 146         duration := new(apimach.Duration)
 147         d, _ := time.ParseDuration(CERTIFICATE_DURATION)
 148         duration.Duration = d
 149
 150         request := new(cmapi.CertificateRequest)
 151         request.Spec.Duration = duration
 152         request.Spec.IssuerRef.Name = ISSUER_NAME
 153         request.Spec.IssuerRef.Kind = ISSUER_KIND
 154         request.Spec.IssuerRef.Group = ISSUER_GROUP
 155         request.Spec.Request = testdata.ReadFile(SPEC_REQUEST_FILENAME)
 156         request.Spec.IsCA = true
 157
 158         cond := new(cmapi.CertificateRequestCondition)
 159         cond.Type = CONDITION_TYPE
 160         request.Status.Conditions = []cmapi.CertificateRequestCondition{*cond}
 161         request.Status.Certificate = testdata.ReadFile(STATUS_CERTIFICATE_FILENAME)
 162
 163         return request
 164 }
 165
 166 func getPrivateKeyBytes() []byte {
 167         return testdata.ReadFile("testdata/test_private_key.pem")
 168 }