certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go

   1 /*
   2  * ============LICENSE_START=======================================================
   3  * oom-certservice-k8s-external-provider
   4  * ================================================================================
   5  * Copyright (C) 2020 Nokia. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21 package cmpv2provisioner
  22
  23 import (
  24         "bytes"
  25         "context"
  26         "log"
  27         "testing"
  28         "time"
  29         "io/ioutil"
  30
  31         "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
  32
  33         "github.com/stretchr/testify/assert"
  34         "k8s.io/apimachinery/pkg/types"
  35         cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
  36         apimach "k8s.io/apimachinery/pkg/apis/meta/v1"
  37 )
  38
  39 const ISSUER_NAME = "cmpv2-issuer"
  40 const ISSUER_URL = "issuer/url"
  41 const KEY_NAME ="onapwro"
  42 const ISSUER_NAMESPACE = "onap"
  43
  44 func Test_shouldCreateCorrectCertServiceCA(t *testing.T){
  45         issuer, key := createIssuerAndKey(ISSUER_NAME, ISSUER_URL, KEY_NAME)
  46         provisioner, err := New(&issuer, key)
  47
  48         assert.Nil(t, err)
  49         assert.Equal(t, string(provisioner.key), string(key), "Unexpected provisioner key.")
  50         assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
  51         assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
  52 }
  53
  54 func Test_shouldSuccessfullyLoadPreviouslyStoredProvisioner(t *testing.T){
  55         issuer, key := createIssuerAndKey(ISSUER_NAME, ISSUER_URL, KEY_NAME)
  56         provisioner, err := New(&issuer, key)
  57
  58         assert.Nil(t, err)
  59
  60         issuerNamespaceName := createIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
  61
  62         Store(issuerNamespaceName, provisioner)
  63         provisioner, ok := Load(issuerNamespaceName)
  64
  65         verifyThatConditionIsTrue(ok, "Provisioner could not be loaded.", t)
  66         assert.Equal(t, string(provisioner.key), string(key), "Unexpected provisioner key.")
  67         assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
  68         assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
  69 }
  70
  71 func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrect(t *testing.T) {
  72         const EXPECTED_SIGNED_FILENAME = "test_resources/expected_signed.pem"
  73         const EXPECTED_TRUSTED_FILENAME = "test_resources/expected_trusted.pem"
  74
  75         issuer, key := createIssuerAndKey(ISSUER_NAME, ISSUER_URL, KEY_NAME)
  76
  77         provisioner, err := New(&issuer, key)
  78         issuerNamespaceName := createIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
  79         Store(issuerNamespaceName, provisioner)
  80
  81         provisioner, ok := Load(issuerNamespaceName)
  82
  83         verifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
  84
  85         ctx := context.Background()
  86         request := createCertificateRequest()
  87
  88         signedPEM, trustedCAs, err := provisioner.Sign(ctx, request)
  89
  90         assert.Nil(t, err)
  91
  92         verifyThatConditionIsTrue(areSlicesEqual(signedPEM, readFile(EXPECTED_SIGNED_FILENAME)), "Signed pem is different than expected.", t)
  93         verifyThatConditionIsTrue(areSlicesEqual(trustedCAs, readFile(EXPECTED_TRUSTED_FILENAME)), "Trusted CAs pem is different than expected.", t)
  94 }
  95
  96 func verifyThatConditionIsTrue(cond bool, message string, t *testing.T)  {
  97         if(!cond){
  98                 t.Fatal(message)
  99         }
 100 }
 101
 102 func createIssuerNamespaceName(namespace string, name string) types.NamespacedName{
 103         return types.NamespacedName{
 104                 Namespace: namespace,
 105                 Name:      name,
 106         }
 107 }
 108
 109 func createIssuerAndKey(name string, url string, key string) (cmpv2api.CMPv2Issuer, []byte) {
 110         issuer := cmpv2api.CMPv2Issuer{}
 111         issuer.Name = name
 112         issuer.Spec.URL = url
 113         return issuer, []byte(key)
 114 }
 115
 116 func readFile(filename string) []byte{
 117         certRequest, err := ioutil.ReadFile(filename)
 118         if err != nil {
 119                 log.Fatal(err)
 120         }
 121         return certRequest
 122 }
 123
 124 func createCertificateRequest() *cmapi.CertificateRequest {
 125         const CERTIFICATE_DURATION = "1h"
 126         const ISSUER_KIND = "CMPv2Issuer"
 127         const ISSUER_GROUP = "certmanager.onap.org"
 128         const CONDITION_TYPE = "Ready"
 129
 130         const SPEC_REQUEST_FILENAME = "test_resources/test_certificate_request.pem"
 131         const STATUS_CERTIFICATE_FILENAME = "test_resources/test_certificate.pem"
 132
 133         duration := new(apimach.Duration)
 134         d, _ := time.ParseDuration(CERTIFICATE_DURATION)
 135         duration.Duration = d
 136
 137         request := new(cmapi.CertificateRequest)
 138         request.Spec.Duration = duration
 139         request.Spec.IssuerRef.Name = ISSUER_NAME
 140         request.Spec.IssuerRef.Kind = ISSUER_KIND
 141         request.Spec.IssuerRef.Group = ISSUER_GROUP
 142         request.Spec.Request = readFile(SPEC_REQUEST_FILENAME)
 143         request.Spec.IsCA = true
 144
 145         cond := new(cmapi.CertificateRequestCondition)
 146         cond.Type = CONDITION_TYPE
 147         request.Status.Conditions = []cmapi.CertificateRequestCondition{*cond}
 148         request.Status.Certificate = readFile(STATUS_CERTIFICATE_FILENAME)
 149
 150         return request
 151 }
 152
 153 func areSlicesEqual(slice1 []byte, slice2 []byte) bool{
 154         return bytes.Compare(slice1, slice2) == 0
 155 }