[OOM-K8S-CERT-EXTERNAL-PROVIDER] Add CertificateRequest controller test

[oom/platform/cert-service.git] / certServiceK8sExternalProvider / src / cmpv2controller / certificate_request_controller_test.go

diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go
index 2c401cc..f5869ea 100644 (file)
--- a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go
@@ -21,13 +21,51 @@
 package cmpv2controller
 
 import (
+       "context"
        "testing"
 
        cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+       cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
        "github.com/stretchr/testify/assert"
+       v1 "k8s.io/api/core/v1"
+       metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+       "k8s.io/apimachinery/pkg/types"
+       "k8s.io/client-go/tools/record"
+       ctrl "sigs.k8s.io/controller-runtime"
+       "sigs.k8s.io/controller-runtime/pkg/client"
+       "sigs.k8s.io/controller-runtime/pkg/client/fake"
+
+       "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
+       provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
+       provisionersdata "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/csr/testdata"
+       "onap.org/oom-certservice/k8s-external-provider/src/testdata"
+       x509 "onap.org/oom-certservice/k8s-external-provider/src/x509/testdata"
+)
+
+const (
+       group                  = "certmanager.onap.org"
+       certificateRequestName = "testRequest"
+       recorderBufferSize     = 3
 )
 
-const group = "certmanager.onap.org"
+func Test_shouldSaveCorrectSignedPems_whenRequestReceived(t *testing.T) {
+       verifiedIssuer := getVerifiedIssuer()
+       createProvisioner(verifiedIssuer)
+       fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme(), &verifiedIssuer,
+               getValidCertificateRequest(), getValidPrivateKeySecret())
+       fakeRecorder := record.NewFakeRecorder(recorderBufferSize)
+       controller := getCertRequestController(fakeRecorder, fakeClient)
+       fakeRequest := testdata.GetFakeRequest(certificateRequestName)
+
+       res, err := controller.Reconcile(fakeRequest)
+
+       signedPEM, trustedCAs := getCertificates(controller, fakeRequest.NamespacedName)
+       assert.Nil(t, err)
+       assert.NotNil(t, res)
+       assert.Equal(t, <-fakeRecorder.Events, "Normal Issued Certificate issued")
+       testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
+       clearProvisioner()
+}
 
 func Test_shouldBeInvalidCMPv2CertificateRequest_whenEmpty(t *testing.T) {
        request := new(cmapi.CertificateRequest)
@@ -50,3 +88,82 @@ func Test_shouldBeValidCMPv2CertificateRequest_whenKindIsCMPvIssuer(t *testing.T
 
        assert.True(t, isCMPv2CertificateRequest(request))
 }
+
+func getCertificates(controller CertificateRequestController, namespacedName types.NamespacedName) ([]byte, []byte) {
+       certificateRequest := new(cmapi.CertificateRequest)
+       _ = controller.Client.Get(context.Background(), namespacedName, certificateRequest)
+
+       signedPEM := certificateRequest.Status.Certificate
+       trustedCAs := certificateRequest.Status.CA
+
+       return signedPEM, trustedCAs
+}
+
+func getValidPrivateKeySecret() *v1.Secret {
+       const privateKeySecretKey = "tls.key"
+
+       return &v1.Secret{
+               Data: map[string][]byte{
+                       privateKeySecretKey: provisionersdata.PrivateKeyBytes,
+               },
+               ObjectMeta: metav1.ObjectMeta{
+                       Name:      testdata.PrivateKeySecret,
+                       Namespace: testdata.Namespace,
+               },
+       }
+}
+
+func getValidCertificateRequest() *cmapi.CertificateRequest {
+       return &cmapi.CertificateRequest{
+               TypeMeta: metav1.TypeMeta{
+                       Kind:       "",
+                       APIVersion: testdata.APIVersion,
+               },
+               ObjectMeta: metav1.ObjectMeta{
+                       Name:      certificateRequestName,
+                       Namespace: testdata.Namespace,
+                       Annotations: map[string]string{
+                               privateKeySecretNameAnnotation: testdata.PrivateKeySecret,
+                       },
+               },
+
+               Spec: cmapi.CertificateRequestSpec{
+                       IssuerRef: cmmeta.ObjectReference{
+                               Group: cmpv2api.GroupVersion.Group,
+                               Kind:  cmpv2api.CMPv2IssuerKind,
+                               Name:  testdata.IssuerObjectName,
+                       },
+                       Request: []byte(x509.ValidCertificateSignRequest),
+               },
+       }
+}
+
+func getCertRequestController(fakeRecorder *record.FakeRecorder, fakeClient client.Client) CertificateRequestController {
+       controller := CertificateRequestController{
+               Client:   fakeClient,
+               Log:      ctrl.Log.WithName("controllers").WithName("CertificateRequest"),
+               Recorder: fakeRecorder,
+       }
+       return controller
+}
+
+func getVerifiedIssuer() cmpv2api.CMPv2Issuer {
+       issuer, _ := testdata.GetValidIssuerWithSecret()
+       issuer.Status = cmpv2api.CMPv2IssuerStatus{
+               Conditions: []cmpv2api.CMPv2IssuerCondition{{
+                       Type:   cmpv2api.ConditionReady,
+                       Status: cmpv2api.ConditionTrue}},
+       }
+       return issuer
+}
+
+func createProvisioner(verifiedIssuer cmpv2api.CMPv2Issuer) {
+       provisionerFactory := provisioners.ProvisionerFactoryMock{}
+       fakeProvisioner, _ := provisionerFactory.CreateProvisioner(&verifiedIssuer, v1.Secret{})
+
+       provisioners.Store(testdata.GetIssuerStoreKey(), fakeProvisioner)
+}
+
+func clearProvisioner() {
+       provisioners.Store(testdata.GetIssuerStoreKey(), nil)
+}