certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go

   1 /*
   2  * ============LICENSE_START=======================================================
   3  * oom-certservice-k8s-external-provider
   4  * ================================================================================
   5  * Copyright (C) 2020-2021 Nokia. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21 package cmpv2provisioner
  22
  23 import (
  24         "testing"
  25         "time"
  26
  27         cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
  28         "github.com/stretchr/testify/assert"
  29         apiv1 "k8s.io/api/core/v1"
  30         apimach "k8s.io/apimachinery/pkg/apis/meta/v1"
  31
  32         "onap.org/oom-certservice/k8s-external-provider/src/certserviceclient"
  33         "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
  34         "onap.org/oom-certservice/k8s-external-provider/src/model"
  35         "onap.org/oom-certservice/k8s-external-provider/src/testdata"
  36 )
  37
  38 const ISSUER_NAME = "cmpv2-issuer"
  39 const ISSUER_URL = "issuer/url"
  40 const ISSUER_NAMESPACE = "onap"
  41
  42 func Test_shouldCreateCorrectCertServiceCA(t *testing.T) {
  43         issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
  44         provisioner, err := New(&issuer, &certserviceclient.CertServiceClientMock{})
  45
  46         assert.Nil(t, err)
  47         assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
  48         assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
  49 }
  50
  51 func Test_shouldSuccessfullyLoadPreviouslyStoredProvisioner(t *testing.T) {
  52         issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
  53         provisioner, err := New(&issuer, &certserviceclient.CertServiceClientMock{})
  54
  55         assert.Nil(t, err)
  56
  57         issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
  58
  59         Store(issuerNamespaceName, provisioner)
  60         provisioner, ok := Load(issuerNamespaceName)
  61
  62         testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded.", t)
  63         assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
  64         assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
  65 }
  66
  67 func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForCertificateRequest(t *testing.T) {
  68         issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
  69         provisionerFactory := ProvisionerFactoryMock{}
  70         provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{})
  71
  72         issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
  73         Store(issuerNamespaceName, provisioner)
  74
  75         provisioner, ok := Load(issuerNamespaceName)
  76
  77         testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
  78
  79         request := createCertificateRequest()
  80         privateKeyBytes := getPrivateKeyBytes()
  81
  82         signCertificateModel := model.SignCertificateModel{
  83                 CertificateRequest:  request,
  84                 PrivateKeyBytes:     privateKeyBytes,
  85                 OldCertificateBytes: []byte{},
  86                 OldPrivateKeyBytes:  []byte{},
  87         }
  88
  89         signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
  90
  91         assert.Nil(t, err)
  92
  93         testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
  94 }
  95
  96 func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForUpdateCertificateRequest(t *testing.T) {
  97         issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
  98         provisionerFactory := ProvisionerFactoryMock{}
  99         provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{})
 100
 101         issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
 102         Store(issuerNamespaceName, provisioner)
 103
 104         provisioner, ok := Load(issuerNamespaceName)
 105
 106         testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
 107
 108         request := createCertificateRequest()
 109         privateKeyBytes := getPrivateKeyBytes()
 110
 111         signCertificateModel := model.SignCertificateModel{
 112                 CertificateRequest:  request,
 113                 PrivateKeyBytes:     privateKeyBytes,
 114                 OldCertificateBytes: testdata.OldCertificateBytes,
 115                 OldPrivateKeyBytes:  testdata.OldPrivateKeyBytes,
 116         }
 117
 118         signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
 119
 120         assert.Nil(t, err)
 121
 122         testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
 123 }
 124
 125 func createIssuerAndCerts(name string, url string) cmpv2api.CMPv2Issuer {
 126         issuer := cmpv2api.CMPv2Issuer{}
 127         issuer.Name = name
 128         issuer.Spec.URL = url
 129         return issuer
 130 }
 131
 132 func createCertificateRequest() *cmapi.CertificateRequest {
 133         const CERTIFICATE_DURATION = "1h"
 134         const ISSUER_KIND = "CMPv2Issuer"
 135         const ISSUER_GROUP = "certmanager.onap.org"
 136         const CONDITION_TYPE = "Ready"
 137
 138         const SPEC_REQUEST_FILENAME = "testdata/test_certificate_request.pem"
 139         const STATUS_CERTIFICATE_FILENAME = "testdata/test_certificate.pem"
 140
 141         duration := new(apimach.Duration)
 142         d, _ := time.ParseDuration(CERTIFICATE_DURATION)
 143         duration.Duration = d
 144
 145         request := new(cmapi.CertificateRequest)
 146         request.Spec.Duration = duration
 147         request.Spec.IssuerRef.Name = ISSUER_NAME
 148         request.Spec.IssuerRef.Kind = ISSUER_KIND
 149         request.Spec.IssuerRef.Group = ISSUER_GROUP
 150         request.Spec.Request = testdata.ReadFile(SPEC_REQUEST_FILENAME)
 151         request.Spec.IsCA = true
 152
 153         cond := new(cmapi.CertificateRequestCondition)
 154         cond.Type = CONDITION_TYPE
 155         request.Status.Conditions = []cmapi.CertificateRequestCondition{*cond}
 156         request.Status.Certificate = testdata.ReadFile(STATUS_CERTIFICATE_FILENAME)
 157
 158         return request
 159 }
 160
 161 func getPrivateKeyBytes() []byte {
 162         return testdata.ReadFile("testdata/test_private_key.pem")
 163 }