2 * ============LICENSE_START=======================================================
3 * oom-certservice-k8s-external-provider
4 * ================================================================================
5 * Copyright (C) 2020-2021 Nokia. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package cmpv2provisioner
27 cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
28 "github.com/stretchr/testify/assert"
29 apiv1 "k8s.io/api/core/v1"
30 apimach "k8s.io/apimachinery/pkg/apis/meta/v1"
32 "onap.org/oom-certservice/k8s-external-provider/src/certserviceclient"
33 "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
34 "onap.org/oom-certservice/k8s-external-provider/src/model"
35 "onap.org/oom-certservice/k8s-external-provider/src/testdata"
38 const ISSUER_NAME = "cmpv2-issuer"
39 const ISSUER_URL = "issuer/url"
40 const ISSUER_UPDATE_URL = "update-url"
41 const ISSUER_NAMESPACE = "onap"
43 func Test_shouldCreateCorrectCertServiceCA(t *testing.T) {
44 issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
45 provisioner, err := New(&issuer, &certserviceclient.CertServiceClientMock{})
48 assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
49 assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
52 func Test_shouldSuccessfullyLoadPreviouslyStoredProvisioner(t *testing.T) {
53 issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
54 provisioner, err := New(&issuer, &certserviceclient.CertServiceClientMock{})
58 issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
60 Store(issuerNamespaceName, provisioner)
61 provisioner, ok := Load(issuerNamespaceName)
63 testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded.", t)
64 assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
65 assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
68 func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForCertificateRequest(t *testing.T) {
69 issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
70 provisionerFactory := ProvisionerFactoryMock{}
71 provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{})
73 issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
74 Store(issuerNamespaceName, provisioner)
76 provisioner, ok := Load(issuerNamespaceName)
78 testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
80 request := createCertificateRequest()
81 privateKeyBytes := getPrivateKeyBytes()
83 signCertificateModel := model.SignCertificateModel{
84 CertificateRequest: request,
85 PrivateKeyBytes: privateKeyBytes,
86 OldCertificateBytes: []byte{},
87 OldPrivateKeyBytes: []byte{},
90 signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
94 testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
97 func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForUpdateCertificateRequest(t *testing.T) {
98 issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
99 provisionerFactory := ProvisionerFactoryMock{}
100 provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{})
102 issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
103 Store(issuerNamespaceName, provisioner)
105 provisioner, ok := Load(issuerNamespaceName)
107 testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
109 request := createCertificateRequest()
110 privateKeyBytes := getPrivateKeyBytes()
112 signCertificateModel := model.SignCertificateModel{
113 CertificateRequest: request,
114 PrivateKeyBytes: privateKeyBytes,
115 OldCertificateBytes: testdata.OldCertificateBytes,
116 OldPrivateKeyBytes: testdata.OldPrivateKeyBytes,
119 signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
123 testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
126 func Test_shouldReturnCorrectSignedPemForCertificateRequestWhenUpdateEndpointConfigurationIsMissing(t *testing.T) {
127 issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
128 issuer.Spec.UpdateEndpoint = ""
129 provisionerFactory := ProvisionerFactoryMock{}
130 provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{})
132 issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
133 Store(issuerNamespaceName, provisioner)
135 provisioner, ok := Load(issuerNamespaceName)
137 testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
139 request := createCertificateRequest()
140 privateKeyBytes := getPrivateKeyBytes()
142 signCertificateModel := model.SignCertificateModel{
143 CertificateRequest: request,
144 PrivateKeyBytes: privateKeyBytes,
145 OldCertificateBytes: testdata.OldCertificateBytes,
146 OldPrivateKeyBytes: testdata.OldPrivateKeyBytes,
149 signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
153 testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
156 func createIssuerAndCerts(name string, url string) cmpv2api.CMPv2Issuer {
157 issuer := cmpv2api.CMPv2Issuer{}
159 issuer.Spec.URL = url
160 issuer.Spec.UpdateEndpoint = ISSUER_UPDATE_URL
164 func createCertificateRequest() *cmapi.CertificateRequest {
165 const CERTIFICATE_DURATION = "1h"
166 const ISSUER_KIND = "CMPv2Issuer"
167 const ISSUER_GROUP = "certmanager.onap.org"
168 const CONDITION_TYPE = "Ready"
170 const SPEC_REQUEST_FILENAME = "testdata/test_certificate_request.pem"
171 const STATUS_CERTIFICATE_FILENAME = "testdata/test_certificate.pem"
173 duration := new(apimach.Duration)
174 d, _ := time.ParseDuration(CERTIFICATE_DURATION)
175 duration.Duration = d
177 request := new(cmapi.CertificateRequest)
178 request.Spec.Duration = duration
179 request.Spec.IssuerRef.Name = ISSUER_NAME
180 request.Spec.IssuerRef.Kind = ISSUER_KIND
181 request.Spec.IssuerRef.Group = ISSUER_GROUP
182 request.Spec.Request = testdata.ReadFile(SPEC_REQUEST_FILENAME)
183 request.Spec.IsCA = true
185 cond := new(cmapi.CertificateRequestCondition)
186 cond.Type = CONDITION_TYPE
187 request.Status.Conditions = []cmapi.CertificateRequestCondition{*cond}
188 request.Status.Certificate = testdata.ReadFile(STATUS_CERTIFICATE_FILENAME)
193 func getPrivateKeyBytes() []byte {
194 return testdata.ReadFile("testdata/test_private_key.pem")