2 * ============LICENSE_START=======================================================
3 * oom-certservice-k8s-external-provider
4 * ================================================================================
5 * Copyright (C) 2020-2021 Nokia. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package cmpv2provisioner
27 cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
28 "github.com/stretchr/testify/assert"
29 apiv1 "k8s.io/api/core/v1"
30 apimach "k8s.io/apimachinery/pkg/apis/meta/v1"
32 "onap.org/oom-certservice/k8s-external-provider/src/certserviceclient"
33 "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
34 "onap.org/oom-certservice/k8s-external-provider/src/model"
35 "onap.org/oom-certservice/k8s-external-provider/src/testdata"
38 const ISSUER_NAME = "cmpv2-issuer"
39 const ISSUER_URL = "issuer/url"
40 const ISSUER_NAMESPACE = "onap"
42 func Test_shouldCreateCorrectCertServiceCA(t *testing.T) {
43 issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
44 provisioner, err := New(&issuer, &certserviceclient.CertServiceClientMock{})
47 assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
48 assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
51 func Test_shouldSuccessfullyLoadPreviouslyStoredProvisioner(t *testing.T) {
52 issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
53 provisioner, err := New(&issuer, &certserviceclient.CertServiceClientMock{})
57 issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
59 Store(issuerNamespaceName, provisioner)
60 provisioner, ok := Load(issuerNamespaceName)
62 testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded.", t)
63 assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
64 assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
67 func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForCertificateRequest(t *testing.T) {
68 issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
69 provisionerFactory := ProvisionerFactoryMock{}
70 provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{})
72 issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
73 Store(issuerNamespaceName, provisioner)
75 provisioner, ok := Load(issuerNamespaceName)
77 testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
79 request := createCertificateRequest()
80 privateKeyBytes := getPrivateKeyBytes()
82 signCertificateModel := model.SignCertificateModel{
83 CertificateRequest: request,
84 PrivateKeyBytes: privateKeyBytes,
85 OldCertificateBytes: []byte{},
86 OldPrivateKeyBytes: []byte{},
89 signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
93 testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
96 func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForUpdateCertificateRequest(t *testing.T) {
97 issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
98 provisionerFactory := ProvisionerFactoryMock{}
99 provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{})
101 issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
102 Store(issuerNamespaceName, provisioner)
104 provisioner, ok := Load(issuerNamespaceName)
106 testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
108 request := createCertificateRequest()
109 privateKeyBytes := getPrivateKeyBytes()
111 signCertificateModel := model.SignCertificateModel{
112 CertificateRequest: request,
113 PrivateKeyBytes: privateKeyBytes,
114 OldCertificateBytes: testdata.OldCertificateBytes,
115 OldPrivateKeyBytes: testdata.OldPrivateKeyBytes,
118 signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
122 testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
125 func createIssuerAndCerts(name string, url string) cmpv2api.CMPv2Issuer {
126 issuer := cmpv2api.CMPv2Issuer{}
128 issuer.Spec.URL = url
132 func createCertificateRequest() *cmapi.CertificateRequest {
133 const CERTIFICATE_DURATION = "1h"
134 const ISSUER_KIND = "CMPv2Issuer"
135 const ISSUER_GROUP = "certmanager.onap.org"
136 const CONDITION_TYPE = "Ready"
138 const SPEC_REQUEST_FILENAME = "testdata/test_certificate_request.pem"
139 const STATUS_CERTIFICATE_FILENAME = "testdata/test_certificate.pem"
141 duration := new(apimach.Duration)
142 d, _ := time.ParseDuration(CERTIFICATE_DURATION)
143 duration.Duration = d
145 request := new(cmapi.CertificateRequest)
146 request.Spec.Duration = duration
147 request.Spec.IssuerRef.Name = ISSUER_NAME
148 request.Spec.IssuerRef.Kind = ISSUER_KIND
149 request.Spec.IssuerRef.Group = ISSUER_GROUP
150 request.Spec.Request = testdata.ReadFile(SPEC_REQUEST_FILENAME)
151 request.Spec.IsCA = true
153 cond := new(cmapi.CertificateRequestCondition)
154 cond.Type = CONDITION_TYPE
155 request.Status.Conditions = []cmapi.CertificateRequestCondition{*cond}
156 request.Status.Certificate = testdata.ReadFile(STATUS_CERTIFICATE_FILENAME)
161 func getPrivateKeyBytes() []byte {
162 return testdata.ReadFile("testdata/test_private_key.pem")