* ============LICENSE_START=======================================================
* oom-certservice-k8s-external-provider
* ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
+ * Copyright (C) 2020-2021 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
package cmpv2provisioner
import (
- "bytes"
"context"
- "io/ioutil"
- "log"
"testing"
"time"
cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
"github.com/stretchr/testify/assert"
+ apiv1 "k8s.io/api/core/v1"
apimach "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/types"
"onap.org/oom-certservice/k8s-external-provider/src/certserviceclient"
"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
+ "onap.org/oom-certservice/k8s-external-provider/src/model"
+ "onap.org/oom-certservice/k8s-external-provider/src/testdata"
)
const ISSUER_NAME = "cmpv2-issuer"
func Test_shouldCreateCorrectCertServiceCA(t *testing.T) {
issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
- provisioner, err := New(&issuer, &certServiceClientMock{})
+ provisioner, err := New(&issuer, &certserviceclient.CertServiceClientMock{})
assert.Nil(t, err)
assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
func Test_shouldSuccessfullyLoadPreviouslyStoredProvisioner(t *testing.T) {
issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
- provisioner, err := New(&issuer, &certServiceClientMock{})
+ provisioner, err := New(&issuer, &certserviceclient.CertServiceClientMock{})
assert.Nil(t, err)
- issuerNamespaceName := createIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
+ issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
Store(issuerNamespaceName, provisioner)
provisioner, ok := Load(issuerNamespaceName)
- verifyThatConditionIsTrue(ok, "Provisioner could not be loaded.", t)
+ testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded.", t)
assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
}
-func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrect(t *testing.T) {
- const EXPECTED_SIGNED_FILENAME = "testdata/expected_signed.pem"
- const EXPECTED_TRUSTED_FILENAME = "testdata/expected_trusted.pem"
-
+func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForCertificateRequest(t *testing.T) {
issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
- provisioner, err := New(&issuer, &certServiceClientMock{
- getCertificatesFunc: func(csr []byte, pk []byte) (response *certserviceclient.CertificatesResponse, e error) {
- mockResponse:= &certserviceclient.CertificatesResponse{
- CertificateChain: []string{"cert-0", "cert-1"},
- TrustedCertificates: []string{"trusted-cert-0", "trusted-cert-1"},
- } //TODO: mock real certServiceClient response
- return mockResponse, nil
- },
- })
-
- issuerNamespaceName := createIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
+ provisionerFactory := ProvisionerFactoryMock{}
+ provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{})
+
+ issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
Store(issuerNamespaceName, provisioner)
provisioner, ok := Load(issuerNamespaceName)
- verifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
+ testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
ctx := context.Background()
request := createCertificateRequest()
+ privateKeyBytes := getPrivateKeyBytes()
+
+ signCertificateModel := model.SignCertificateModel{
+ CertificateRequest: request,
+ PrivateKeyBytes: privateKeyBytes,
+ IsUpdateRevision: false,
+ OldCertificate: "",
+ OldPrivateKey: "",
+ }
- signedPEM, trustedCAs, err := provisioner.Sign(ctx, request, nil)
+ signedPEM, trustedCAs, err := provisioner.Sign(ctx, signCertificateModel)
assert.Nil(t, err)
- verifyThatConditionIsTrue(areSlicesEqual(signedPEM, readFile(EXPECTED_SIGNED_FILENAME)), "Signed pem is different than expected.", t)
- verifyThatConditionIsTrue(areSlicesEqual(trustedCAs, readFile(EXPECTED_TRUSTED_FILENAME)), "Trusted CAs pem is different than expected.", t)
+ testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
}
-func verifyThatConditionIsTrue(cond bool, message string, t *testing.T) {
- if !cond {
- t.Fatal(message)
- }
-}
+func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForUpdateCertificateRequest(t *testing.T) {
+ issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
+ provisionerFactory := ProvisionerFactoryMock{}
+ provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{})
+
+ issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
+ Store(issuerNamespaceName, provisioner)
+
+ provisioner, ok := Load(issuerNamespaceName)
+
+ testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
-func createIssuerNamespaceName(namespace string, name string) types.NamespacedName {
- return types.NamespacedName{
- Namespace: namespace,
- Name: name,
+ ctx := context.Background()
+ request := createCertificateRequest()
+ privateKeyBytes := getPrivateKeyBytes()
+
+ signCertificateModel := model.SignCertificateModel{
+ CertificateRequest: request,
+ PrivateKeyBytes: privateKeyBytes,
+ IsUpdateRevision: true,
+ OldCertificate: testdata.OldCertificateEncoded,
+ OldPrivateKey: testdata.OldPrivateKeyEncoded,
}
+
+ signedPEM, trustedCAs, err := provisioner.Sign(ctx, signCertificateModel)
+
+ assert.Nil(t, err)
+
+ testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
}
func createIssuerAndCerts(name string, url string) cmpv2api.CMPv2Issuer {
return issuer
}
-func readFile(filename string) []byte {
- certRequest, err := ioutil.ReadFile(filename)
- if err != nil {
- log.Fatal(err)
- }
- return certRequest
-}
-
func createCertificateRequest() *cmapi.CertificateRequest {
const CERTIFICATE_DURATION = "1h"
const ISSUER_KIND = "CMPv2Issuer"
request.Spec.IssuerRef.Name = ISSUER_NAME
request.Spec.IssuerRef.Kind = ISSUER_KIND
request.Spec.IssuerRef.Group = ISSUER_GROUP
- request.Spec.Request = readFile(SPEC_REQUEST_FILENAME)
+ request.Spec.Request = testdata.ReadFile(SPEC_REQUEST_FILENAME)
request.Spec.IsCA = true
cond := new(cmapi.CertificateRequestCondition)
cond.Type = CONDITION_TYPE
request.Status.Conditions = []cmapi.CertificateRequestCondition{*cond}
- request.Status.Certificate = readFile(STATUS_CERTIFICATE_FILENAME)
+ request.Status.Certificate = testdata.ReadFile(STATUS_CERTIFICATE_FILENAME)
return request
}
-func areSlicesEqual(slice1 []byte, slice2 []byte) bool {
- return bytes.Compare(slice1, slice2) == 0
+func getPrivateKeyBytes() []byte {
+ return testdata.ReadFile("testdata/test_private_key.pem")
}
-
-type certServiceClientMock struct {
- getCertificatesFunc func(csr []byte, key []byte) (*certserviceclient.CertificatesResponse, error)
-}
-
-func (client *certServiceClientMock) GetCertificates(csr []byte, key []byte) (*certserviceclient.CertificatesResponse, error) {
- return client.getCertificatesFunc(csr, key)
-}
-
-func (client *certServiceClientMock) CheckHealth() error {
- return nil
-}
-