2 * ============LICENSE_START=======================================================
3 * oom-certservice-k8s-external-provider
4 * ================================================================================
5 * Copyright (C) 2020 Nokia. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package cmpv2provisioner
31 cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
32 "github.com/stretchr/testify/assert"
33 apimach "k8s.io/apimachinery/pkg/apis/meta/v1"
34 "k8s.io/apimachinery/pkg/types"
36 "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
39 const ISSUER_NAME = "cmpv2-issuer"
40 const ISSUER_URL = "issuer/url"
41 const KEY = "onapwro-key"
42 const CERT = "onapwro-cert"
43 const CACERT = "onapwro-cacert"
44 const ISSUER_NAMESPACE = "onap"
46 func Test_shouldCreateCorrectCertServiceCA(t *testing.T) {
47 issuer, key, cert, cacert := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL, KEY, CERT, CACERT)
48 provisioner, err := New(&issuer, key, cert, cacert)
51 assert.Equal(t, string(provisioner.key), string(key), "Unexpected provisioner key.")
52 assert.Equal(t, string(provisioner.cert), string(cert), "Unexpected provisioner cert.")
53 assert.Equal(t, string(provisioner.cacert), string(cacert), "Unexpected provisioner cacert.")
54 assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
55 assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
58 func Test_shouldSuccessfullyLoadPreviouslyStoredProvisioner(t *testing.T) {
59 issuer, key, cert, cacert := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL, KEY, CERT, CACERT)
60 provisioner, err := New(&issuer, key, cert, cacert)
64 issuerNamespaceName := createIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
66 Store(issuerNamespaceName, provisioner)
67 provisioner, ok := Load(issuerNamespaceName)
69 verifyThatConditionIsTrue(ok, "Provisioner could not be loaded.", t)
70 assert.Equal(t, string(provisioner.key), string(key), "Unexpected provisioner key.")
71 assert.Equal(t, string(provisioner.cert), string(cert), "Unexpected provisioner cert.")
72 assert.Equal(t, string(provisioner.cacert), string(cacert), "Unexpected provisioner cacert.")
73 assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
74 assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
77 func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrect(t *testing.T) {
78 const EXPECTED_SIGNED_FILENAME = "test_resources/expected_signed.pem"
79 const EXPECTED_TRUSTED_FILENAME = "test_resources/expected_trusted.pem"
81 issuer, key, cert, cacert := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL, KEY, CERT, CACERT)
82 provisioner, err := New(&issuer, key, cert, cacert)
84 issuerNamespaceName := createIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
85 Store(issuerNamespaceName, provisioner)
87 provisioner, ok := Load(issuerNamespaceName)
89 verifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
91 ctx := context.Background()
92 request := createCertificateRequest()
94 signedPEM, trustedCAs, err := provisioner.Sign(ctx, request)
98 verifyThatConditionIsTrue(areSlicesEqual(signedPEM, readFile(EXPECTED_SIGNED_FILENAME)), "Signed pem is different than expected.", t)
99 verifyThatConditionIsTrue(areSlicesEqual(trustedCAs, readFile(EXPECTED_TRUSTED_FILENAME)), "Trusted CAs pem is different than expected.", t)
102 func verifyThatConditionIsTrue(cond bool, message string, t *testing.T) {
108 func createIssuerNamespaceName(namespace string, name string) types.NamespacedName {
109 return types.NamespacedName{
110 Namespace: namespace,
115 func createIssuerAndCerts(name string, url string, key string, cert string, cacert string) (cmpv2api.CMPv2Issuer, []byte, []byte, []byte) {
116 issuer := cmpv2api.CMPv2Issuer{}
118 issuer.Spec.URL = url
119 return issuer, []byte(key), []byte(cert), []byte(cacert)
122 func readFile(filename string) []byte {
123 certRequest, err := ioutil.ReadFile(filename)
130 func createCertificateRequest() *cmapi.CertificateRequest {
131 const CERTIFICATE_DURATION = "1h"
132 const ISSUER_KIND = "CMPv2Issuer"
133 const ISSUER_GROUP = "certmanager.onap.org"
134 const CONDITION_TYPE = "Ready"
136 const SPEC_REQUEST_FILENAME = "test_resources/test_certificate_request.pem"
137 const STATUS_CERTIFICATE_FILENAME = "test_resources/test_certificate.pem"
139 duration := new(apimach.Duration)
140 d, _ := time.ParseDuration(CERTIFICATE_DURATION)
141 duration.Duration = d
143 request := new(cmapi.CertificateRequest)
144 request.Spec.Duration = duration
145 request.Spec.IssuerRef.Name = ISSUER_NAME
146 request.Spec.IssuerRef.Kind = ISSUER_KIND
147 request.Spec.IssuerRef.Group = ISSUER_GROUP
148 request.Spec.Request = readFile(SPEC_REQUEST_FILENAME)
149 request.Spec.IsCA = true
151 cond := new(cmapi.CertificateRequestCondition)
152 cond.Type = CONDITION_TYPE
153 request.Status.Conditions = []cmapi.CertificateRequestCondition{*cond}
154 request.Status.Certificate = readFile(STATUS_CERTIFICATE_FILENAME)
159 func areSlicesEqual(slice1 []byte, slice2 []byte) bool {
160 return bytes.Compare(slice1, slice2) == 0