* ============LICENSE_START=======================================================
* oom-certservice-k8s-external-provider
* ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
+ * Copyright (C) 2020-2021 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
package cmpv2provisioner
import (
- "bytes"
- "context"
- "io/ioutil"
- "log"
"testing"
"time"
cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
"github.com/stretchr/testify/assert"
+ apiv1 "k8s.io/api/core/v1"
apimach "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/types"
+ "onap.org/oom-certservice/k8s-external-provider/src/certserviceclient"
"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
+ "onap.org/oom-certservice/k8s-external-provider/src/model"
+ "onap.org/oom-certservice/k8s-external-provider/src/testdata"
)
const ISSUER_NAME = "cmpv2-issuer"
const ISSUER_URL = "issuer/url"
-const KEY = "onapwro-key"
-const CERT = "onapwro-cert"
-const CACERT = "onapwro-cacert"
+const ISSUER_UPDATE_URL = "update-url"
const ISSUER_NAMESPACE = "onap"
func Test_shouldCreateCorrectCertServiceCA(t *testing.T) {
- issuer, key, cert, cacert := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL, KEY, CERT, CACERT)
- provisioner, err := New(&issuer, key, cert, cacert)
+ issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
+ provisioner, err := New(&issuer, &certserviceclient.CertServiceClientMock{})
assert.Nil(t, err)
- assert.Equal(t, string(provisioner.key), string(key), "Unexpected provisioner key.")
- assert.Equal(t, string(provisioner.cert), string(cert), "Unexpected provisioner cert.")
- assert.Equal(t, string(provisioner.cacert), string(cacert), "Unexpected provisioner cacert.")
assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
}
func Test_shouldSuccessfullyLoadPreviouslyStoredProvisioner(t *testing.T) {
- issuer, key, cert, cacert := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL, KEY, CERT, CACERT)
- provisioner, err := New(&issuer, key, cert, cacert)
+ issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
+ provisioner, err := New(&issuer, &certserviceclient.CertServiceClientMock{})
assert.Nil(t, err)
- issuerNamespaceName := createIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
+ issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
Store(issuerNamespaceName, provisioner)
provisioner, ok := Load(issuerNamespaceName)
- verifyThatConditionIsTrue(ok, "Provisioner could not be loaded.", t)
- assert.Equal(t, string(provisioner.key), string(key), "Unexpected provisioner key.")
- assert.Equal(t, string(provisioner.cert), string(cert), "Unexpected provisioner cert.")
- assert.Equal(t, string(provisioner.cacert), string(cacert), "Unexpected provisioner cacert.")
+ testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded.", t)
assert.Equal(t, provisioner.name, issuer.Name, "Unexpected provisioner name.")
assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.")
}
-func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrect(t *testing.T) {
- const EXPECTED_SIGNED_FILENAME = "test_resources/expected_signed.pem"
- const EXPECTED_TRUSTED_FILENAME = "test_resources/expected_trusted.pem"
+func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForCertificateRequest(t *testing.T) {
+ issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
+ provisionerFactory := ProvisionerFactoryMock{}
+ provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{})
- issuer, key, cert, cacert := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL, KEY, CERT, CACERT)
- provisioner, err := New(&issuer, key, cert, cacert)
-
- issuerNamespaceName := createIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
+ issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
Store(issuerNamespaceName, provisioner)
provisioner, ok := Load(issuerNamespaceName)
- verifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
+ testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
- ctx := context.Background()
request := createCertificateRequest()
+ privateKeyBytes := getPrivateKeyBytes()
+
+ signCertificateModel := model.SignCertificateModel{
+ CertificateRequest: request,
+ PrivateKeyBytes: privateKeyBytes,
+ OldCertificateBytes: []byte{},
+ OldPrivateKeyBytes: []byte{},
+ }
- signedPEM, trustedCAs, err := provisioner.Sign(ctx, request)
+ signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
assert.Nil(t, err)
- verifyThatConditionIsTrue(areSlicesEqual(signedPEM, readFile(EXPECTED_SIGNED_FILENAME)), "Signed pem is different than expected.", t)
- verifyThatConditionIsTrue(areSlicesEqual(trustedCAs, readFile(EXPECTED_TRUSTED_FILENAME)), "Trusted CAs pem is different than expected.", t)
+ testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
}
-func verifyThatConditionIsTrue(cond bool, message string, t *testing.T) {
- if !cond {
- t.Fatal(message)
+func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForUpdateCertificateRequest(t *testing.T) {
+ issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
+ provisionerFactory := ProvisionerFactoryMock{}
+ provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{})
+
+ issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
+ Store(issuerNamespaceName, provisioner)
+
+ provisioner, ok := Load(issuerNamespaceName)
+
+ testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
+
+ request := createCertificateRequest()
+ privateKeyBytes := getPrivateKeyBytes()
+
+ signCertificateModel := model.SignCertificateModel{
+ CertificateRequest: request,
+ PrivateKeyBytes: privateKeyBytes,
+ OldCertificateBytes: testdata.OldCertificateBytes,
+ OldPrivateKeyBytes: testdata.OldPrivateKeyBytes,
}
+
+ signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
+
+ assert.Nil(t, err)
+
+ testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
}
-func createIssuerNamespaceName(namespace string, name string) types.NamespacedName {
- return types.NamespacedName{
- Namespace: namespace,
- Name: name,
+func Test_shouldReturnCorrectSignedPemForCertificateRequestWhenUpdateEndpointConfigurationIsMissing(t *testing.T) {
+ issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL)
+ issuer.Spec.UpdateEndpoint = ""
+ provisionerFactory := ProvisionerFactoryMock{}
+ provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{})
+
+ issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME)
+ Store(issuerNamespaceName, provisioner)
+
+ provisioner, ok := Load(issuerNamespaceName)
+
+ testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
+
+ request := createCertificateRequest()
+ privateKeyBytes := getPrivateKeyBytes()
+
+ signCertificateModel := model.SignCertificateModel{
+ CertificateRequest: request,
+ PrivateKeyBytes: privateKeyBytes,
+ OldCertificateBytes: testdata.OldCertificateBytes,
+ OldPrivateKeyBytes: testdata.OldPrivateKeyBytes,
}
+
+ signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
+
+ assert.Nil(t, err)
+
+ testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs)
}
-func createIssuerAndCerts(name string, url string, key string, cert string, cacert string) (cmpv2api.CMPv2Issuer, []byte, []byte, []byte) {
+func createIssuerAndCerts(name string, url string) cmpv2api.CMPv2Issuer {
issuer := cmpv2api.CMPv2Issuer{}
issuer.Name = name
issuer.Spec.URL = url
- return issuer, []byte(key), []byte(cert), []byte(cacert)
-}
-
-func readFile(filename string) []byte {
- certRequest, err := ioutil.ReadFile(filename)
- if err != nil {
- log.Fatal(err)
- }
- return certRequest
+ issuer.Spec.UpdateEndpoint = ISSUER_UPDATE_URL
+ return issuer
}
func createCertificateRequest() *cmapi.CertificateRequest {
const ISSUER_GROUP = "certmanager.onap.org"
const CONDITION_TYPE = "Ready"
- const SPEC_REQUEST_FILENAME = "test_resources/test_certificate_request.pem"
- const STATUS_CERTIFICATE_FILENAME = "test_resources/test_certificate.pem"
+ const SPEC_REQUEST_FILENAME = "testdata/test_certificate_request.pem"
+ const STATUS_CERTIFICATE_FILENAME = "testdata/test_certificate.pem"
duration := new(apimach.Duration)
d, _ := time.ParseDuration(CERTIFICATE_DURATION)
request.Spec.IssuerRef.Name = ISSUER_NAME
request.Spec.IssuerRef.Kind = ISSUER_KIND
request.Spec.IssuerRef.Group = ISSUER_GROUP
- request.Spec.Request = readFile(SPEC_REQUEST_FILENAME)
+ request.Spec.Request = testdata.ReadFile(SPEC_REQUEST_FILENAME)
request.Spec.IsCA = true
cond := new(cmapi.CertificateRequestCondition)
cond.Type = CONDITION_TYPE
request.Status.Conditions = []cmapi.CertificateRequestCondition{*cond}
- request.Status.Certificate = readFile(STATUS_CERTIFICATE_FILENAME)
+ request.Status.Certificate = testdata.ReadFile(STATUS_CERTIFICATE_FILENAME)
return request
}
-func areSlicesEqual(slice1 []byte, slice2 []byte) bool {
- return bytes.Compare(slice1, slice2) == 0
+func getPrivateKeyBytes() []byte {
+ return testdata.ReadFile("testdata/test_private_key.pem")
}