)
type CertServiceClient interface {
- GetCertificates(csr []byte, key []byte) (*CertificatesResponse, error)
+ GetCertificates(signCertificateModel model.SignCertificateModel) (*CertificatesResponse, error)
+ UpdateCertificate(signCertificateModel model.SignCertificateModel) (*CertificatesResponse, error)
CheckHealth() error
- UpdateCertificate(csr []byte, key []byte, signCertificateModel model.SignCertificateModel) (*CertificatesResponse, error)
}
type CertServiceClientImpl struct {
return nil
}
-func (client *CertServiceClientImpl) GetCertificates(csr []byte, key []byte) (*CertificatesResponse, error) {
-
+func (client *CertServiceClientImpl) GetCertificates(signCertificateModel model.SignCertificateModel) (*CertificatesResponse, error) {
request, err := http.NewRequest("GET", client.certificationUrl, nil)
if err != nil {
return nil, err
}
- request.Header.Add(CsrHeaderName, base64.StdEncoding.EncodeToString(csr))
- request.Header.Add(PkHeaderName, base64.StdEncoding.EncodeToString(key))
+ request.Header.Add(CsrHeaderName, base64.StdEncoding.EncodeToString(signCertificateModel.FilteredCsr))
+ request.Header.Add(PkHeaderName, base64.StdEncoding.EncodeToString(signCertificateModel.PrivateKeyBytes))
return client.executeRequest(request)
}
-func (client *CertServiceClientImpl) UpdateCertificate(csr []byte, key []byte, signCertificateModel model.SignCertificateModel) (*CertificatesResponse, error) {
+func (client *CertServiceClientImpl) UpdateCertificate(signCertificateModel model.SignCertificateModel) (*CertificatesResponse, error) {
request, err := http.NewRequest("GET", client.updateUrl, nil)
if err != nil {
return nil, err
}
- request.Header.Add(CsrHeaderName, base64.StdEncoding.EncodeToString(csr))
- request.Header.Add(PkHeaderName, base64.StdEncoding.EncodeToString(key))
- request.Header.Add(OldPkHeaderName, signCertificateModel.OldPrivateKey)
- request.Header.Add(OldCertificateHeaderName, signCertificateModel.OldCertificate)
+ request.Header.Add(CsrHeaderName, base64.StdEncoding.EncodeToString(signCertificateModel.FilteredCsr))
+ request.Header.Add(PkHeaderName, base64.StdEncoding.EncodeToString(signCertificateModel.PrivateKeyBytes))
+ request.Header.Add(OldPkHeaderName, base64.StdEncoding.EncodeToString(signCertificateModel.OldPrivateKeyBytes))
+ request.Header.Add(OldCertificateHeaderName, base64.StdEncoding.EncodeToString(signCertificateModel.OldCertificateBytes))
return client.executeRequest(request)
}
import "onap.org/oom-certservice/k8s-external-provider/src/model"
type CertServiceClientMock struct {
- GetCertificatesFunc func(csr []byte, key []byte) (*CertificatesResponse, error)
- UpdateCertificateFunc func(csr []byte, key []byte, signCertificateModel model.SignCertificateModel) (*CertificatesResponse, error)
+ GetCertificatesFunc func(signCertificateModel model.SignCertificateModel) (*CertificatesResponse, error)
+ UpdateCertificateFunc func(signCertificateModel model.SignCertificateModel) (*CertificatesResponse, error)
}
-func (client *CertServiceClientMock) UpdateCertificate(csr []byte, key []byte, signCertificateModel model.SignCertificateModel) (*CertificatesResponse, error) {
- return client.UpdateCertificateFunc(csr, key, signCertificateModel)
+func (client *CertServiceClientMock) UpdateCertificate(signCertificateModel model.SignCertificateModel) (*CertificatesResponse, error) {
+ return client.UpdateCertificateFunc(signCertificateModel)
}
-func (client *CertServiceClientMock) GetCertificates(csr []byte, key []byte) (*CertificatesResponse, error) {
- return client.GetCertificatesFunc(csr, key)
+func (client *CertServiceClientMock) GetCertificates(signCertificateModel model.SignCertificateModel) (*CertificatesResponse, error) {
+ return client.GetCertificatesFunc(signCertificateModel)
}
func (client *CertServiceClientMock) CheckHealth() error {
certificationUrl: certificationUrl,
httpClient: getMockedClient(responseJsonReader, http.StatusOK),
}
- response, _ := client.GetCertificates(testdata.CsrBytes, testdata.PkBytes)
+ response, _ := client.GetCertificates(getTestSignCertificateModel())
assert.ElementsMatch(t, []string{"cert-0", "cert-1"}, response.CertificateChain)
assert.ElementsMatch(t, []string{"trusted-cert-0", "trusted-cert-1"}, response.TrustedCertificates)
}
},
},
}
- response, err := client.GetCertificates(testdata.CsrBytes, testdata.PkBytes)
+ response, err := client.GetCertificates(getTestSignCertificateModel())
assert.Nil(t, response)
assert.Error(t, err)
},
},
}
- response, err := client.GetCertificates(testdata.CsrBytes, testdata.PkBytes)
+ response, err := client.GetCertificates(getTestSignCertificateModel())
assert.Nil(t, response)
assert.Error(t, err)
certificationUrl: certificationUrl,
httpClient: getMockedClient(responseJsonReader, http.StatusNotFound),
}
- response, err := client.GetCertificates(testdata.CsrBytes, testdata.PkBytes)
+ response, err := client.GetCertificates(getTestSignCertificateModel())
assert.Nil(t, response)
assert.Error(t, err)
httpClient: getMockedClient(responseJsonReader, http.StatusOK),
}
- response, _ := client.UpdateCertificate(testdata.CsrBytes, testdata.PkBytes, getTestSignCertificateModel())
+ response, _ := client.UpdateCertificate(getTestSignCertificateModel())
assert.ElementsMatch(t, []string{"cert-0", "cert-1"}, response.CertificateChain)
assert.ElementsMatch(t, []string{"trusted-cert-0", "trusted-cert-1"}, response.TrustedCertificates)
}
-
func Test_UpdateCertificates_shouldReturnError_whenHttpClientReturnsError(t *testing.T) {
client := CertServiceClientImpl{
updateUrl: certificateUpdateUrl,
},
},
}
- response, err := client.UpdateCertificate(testdata.CsrBytes, testdata.PkBytes, getTestSignCertificateModel())
+ response, err := client.UpdateCertificate(getTestSignCertificateModel())
assert.Nil(t, response)
assert.Error(t, err)
updateUrl: updateEndpoint,
httpClient: getMockedClient(responseJsonReader, http.StatusNotFound),
}
- response, err := client.UpdateCertificate(testdata.CsrBytes, testdata.PkBytes, getTestSignCertificateModel())
+ response, err := client.UpdateCertificate(getTestSignCertificateModel())
assert.Nil(t, response)
assert.Error(t, err)
func getTestSignCertificateModel() model.SignCertificateModel {
testSignCertificateModel := model.SignCertificateModel{
- OldCertificate: testdata.OldCertificateEncoded,
- OldPrivateKey: testdata.OldPrivateKeyEncoded,
+ FilteredCsr: testdata.CsrBytes,
+ PrivateKeyBytes: testdata.PkBytes,
+ OldCertificateBytes: testdata.OldCertificateBytes,
+ OldPrivateKeyBytes: testdata.OldPrivateKeyBytes,
}
return testSignCertificateModel
}
"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
"onap.org/oom-certservice/k8s-external-provider/src/cmpv2controller/logger"
"onap.org/oom-certservice/k8s-external-provider/src/cmpv2controller/updater"
- "onap.org/oom-certservice/k8s-external-provider/src/cmpv2controller/util"
provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
"onap.org/oom-certservice/k8s-external-provider/src/leveledlogger"
"onap.org/oom-certservice/k8s-external-provider/src/model"
// 9. Log Certificate Request properties not supported or overridden by CertService API
logger.LogCertRequestProperties(leveledlogger.GetLoggerWithName("CSR details:"), certificateRequest, csr)
- // 10. Check if CertificateRequest is an update request
- isUpdateRevision, oldCertificate, oldPrivateKey := util.CheckIfCertificateUpdateAndRetrieveOldCertificateAndPk(
- controller.Client, certificateRequest, ctx)
- if isUpdateRevision {
- log.Info("Update revision detected")
- }
- signCertificateModel := model.SignCertificateModel{
- CertificateRequest: certificateRequest,
- PrivateKeyBytes: privateKeyBytes,
- IsUpdateRevision: isUpdateRevision,
- OldCertificate: oldCertificate,
- OldPrivateKey: oldPrivateKey,
+ //10. Create sign certificate object with filtered CSR
+ signCertificateModel, err := model.CreateSignCertificateModel(controller.Client, certificateRequest, ctx, privateKeyBytes)
+ if err != nil {
+ controller.handleErrorFailedToFilterCSR(certUpdater, log, err)
+ return ctrl.Result{}, err
}
// 11. Sign CertificateRequest
- signedPEM, trustedCAs, err := provisioner.Sign(ctx, signCertificateModel)
+ signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
if err != nil {
controller.handleErrorFailedToSignCertificate(certUpdater, log, err)
- return ctrl.Result{}, nil
+ return ctrl.Result{}, err
}
// 12. Store signed certificates in CertificateRequest
_ = updater.UpdateStatusWithEventTypeWarning(cmapi.CertificateRequestReasonFailed, "Failed to decode CSR: %v", err)
}
+func (controller *CertificateRequestController) handleErrorFailedToFilterCSR(updater *updater.CertificateRequestStatusUpdater, log leveledlogger.Logger, err error) {
+ log.Error(err, "Failed to filter certificate sign request fields")
+ _ = updater.UpdateStatusWithEventTypeWarning(cmapi.CertificateRequestReasonFailed, "Failed to filter CSR: %v", err)
+}
+
func handleErrorResourceNotFound(log leveledlogger.Logger, err error) error {
if apierrors.IsNotFound(err) {
log.Error(err, "CertificateRequest resource not found")
import (
"context"
- "encoding/base64"
"encoding/json"
"strconv"
oldPrivateKeySecretKey = "tls.key"
)
-func CheckIfCertificateUpdateAndRetrieveOldCertificateAndPk(
+func RetrieveOldCertificateAndPkForCertificateUpdate(
k8sClient client.Client,
certificateRequest *cmapi.CertificateRequest,
ctx context.Context,
-) (bool, string, string) {
+) ([]byte, []byte) {
if !IsUpdateCertificateRevision(certificateRequest) {
- return false, "", ""
+ return []byte{}, []byte{}
}
- certificate, privateKey := RetrieveOldCertificateAndPk(k8sClient, certificateRequest, ctx)
- areCertAndPkPresent := certificate != "" && privateKey != ""
- return areCertAndPkPresent, certificate, privateKey
+ return RetrieveOldCertificateAndPk(k8sClient, certificateRequest, ctx)
}
func IsUpdateCertificateRevision(certificateRequest *cmapi.CertificateRequest) bool {
k8sClient client.Client,
certificateRequest *cmapi.CertificateRequest,
ctx context.Context,
-) (string, string) {
+) ([]byte, []byte) {
certificateConfigString := certificateRequest.ObjectMeta.Annotations[certificateConfigurationAnnotation]
var certificateConfig cmapi.Certificate
if err := json.Unmarshal([]byte(certificateConfigString), &certificateConfig); err != nil {
- return "", ""
+ return []byte{}, []byte{}
}
oldCertificateSecretName := certificateConfig.Spec.SecretName
oldCertificateSecretNamespacedName := types.NamespacedName{
}
var oldCertificateSecret core.Secret
if err := k8sClient.Get(ctx, oldCertificateSecretNamespacedName, &oldCertificateSecret); err != nil {
- return "", ""
+ return []byte{}, []byte{}
}
- oldCertificateString := base64.StdEncoding.EncodeToString(oldCertificateSecret.Data[oldCertificateSecretKey])
- oldPrivateKeyString := base64.StdEncoding.EncodeToString(oldCertificateSecret.Data[oldPrivateKeySecretKey])
- return oldCertificateString, oldPrivateKeyString
+ return oldCertificateSecret.Data[oldCertificateSecretKey], oldCertificateSecret.Data[oldPrivateKeySecretKey]
}
package util
import (
- "encoding/base64"
"fmt"
"testing"
cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
"github.com/stretchr/testify/assert"
- v1 "k8s.io/api/core/v1"
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"onap.org/oom-certservice/k8s-external-provider/src/testdata"
"sigs.k8s.io/controller-runtime/pkg/client/fake"
)
const (
- oldCertificateConfig = "{\"apiVersion\":\"cert-manager.io/v1\",\"kind\":\"Certificate\",\"metadata\":{\"annotations\":{},\"name\":\"cert-test\",\"namespace\":\"onap\"},\"spec\":{\"commonName\":\"certissuer.onap.org\",\"dnsNames\":[\"localhost\",\"certissuer.onap.org\"],\"emailAddresses\":[\"onap@onap.org\"],\"ipAddresses\":[\"127.0.0.1\"],\"issuerRef\":{\"group\":\"certmanager.onap.org\",\"kind\":\"CMPv2Issuer\",\"name\":\"cmpv2-issuer-onap\"},\"secretName\":\"cert-test-secret-name\",\"subject\":{\"countries\":[\"US\"],\"localities\":[\"San-Francisco\"],\"organizationalUnits\":[\"ONAP\"],\"organizations\":[\"Linux-Foundation\"],\"provinces\":[\"California\"]},\"uris\":[\"onap://cluster.local/\"]}}\n"
testPrivateKeyData = "test-private-key"
testCertificateData = "test-certificate"
)
request.ObjectMeta.Annotations = map[string]string{
revisionAnnotation: "2",
}
- isUpdate, certificate, privateKey := CheckIfCertificateUpdateAndRetrieveOldCertificateAndPk(nil, request, nil)
- assert.False(t, isUpdate)
- assert.Equal(t, "", certificate)
- assert.Equal(t, "", privateKey)
+ certificate, privateKey := RetrieveOldCertificateAndPkForCertificateUpdate(nil, request, nil)
+ assert.Equal(t, []byte{}, certificate)
+ assert.Equal(t, []byte{}, privateKey)
}
func Test_CheckIfCertificateUpdateAndRetrieveOldCertificateAndPk_revisionTwoSecretPresent(t *testing.T) {
request := new(cmapi.CertificateRequest)
request.ObjectMeta.Annotations = map[string]string{
revisionAnnotation: "2",
- certificateConfigurationAnnotation: oldCertificateConfig,
+ certificateConfigurationAnnotation: testdata.OldCertificateConfig,
}
- fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme(), getValidCertificateSecret())
- isUpdate, certificate, privateKey := CheckIfCertificateUpdateAndRetrieveOldCertificateAndPk(fakeClient, request, nil)
- assert.True(t, isUpdate)
- assert.Equal(t, base64.StdEncoding.EncodeToString([]byte(testCertificateData)), certificate)
- assert.Equal(t, base64.StdEncoding.EncodeToString([]byte(testPrivateKeyData)), privateKey)
+ fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme(), testdata.GetValidCertificateSecret())
+ certificate, privateKey := RetrieveOldCertificateAndPkForCertificateUpdate(fakeClient, request, nil)
+ assert.Equal(t, []byte(testCertificateData), certificate)
+ assert.Equal(t, []byte(testPrivateKeyData), privateKey)
}
func Test_CheckIfCertificateUpdateAndRetrieveOldCertificateAndPk_revisionTwoSecretNotPresent(t *testing.T) {
request := new(cmapi.CertificateRequest)
request.ObjectMeta.Annotations = map[string]string{
revisionAnnotation: "2",
- certificateConfigurationAnnotation: oldCertificateConfig,
+ certificateConfigurationAnnotation: testdata.OldCertificateConfig,
}
fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme())
- isUpdate, certificate, privateKey := CheckIfCertificateUpdateAndRetrieveOldCertificateAndPk(fakeClient, request, nil)
- assert.False(t, isUpdate)
- assert.Equal(t, "", certificate)
- assert.Equal(t, "", privateKey)
+ certificate, privateKey := RetrieveOldCertificateAndPkForCertificateUpdate(fakeClient, request, nil)
+ assert.Equal(t, []byte{}, certificate)
+ assert.Equal(t, []byte{}, privateKey)
}
func Test_IsUpdateCertificateRevision(t *testing.T) {
func Test_RetrieveOldCertificateAndPk_shouldSucceedWhenSecretPresent(t *testing.T) {
request := new(cmapi.CertificateRequest)
request.ObjectMeta.Annotations = map[string]string{
- certificateConfigurationAnnotation: oldCertificateConfig,
+ certificateConfigurationAnnotation: testdata.OldCertificateConfig,
}
- fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme(), getValidCertificateSecret())
+ fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme(), testdata.GetValidCertificateSecret())
certificate, privateKey := RetrieveOldCertificateAndPk(fakeClient, request, nil)
- assert.Equal(t, base64.StdEncoding.EncodeToString([]byte(testCertificateData)), certificate)
- assert.Equal(t, base64.StdEncoding.EncodeToString([]byte(testPrivateKeyData)), privateKey)
+ assert.Equal(t, []byte(testCertificateData), certificate)
+ assert.Equal(t, []byte(testPrivateKeyData), privateKey)
}
-func Test_RetrieveOldCertificateAndPk_shouldReturnEmptyStringsWhenSecretNotPresent(t *testing.T) {
+func Test_RetrieveOldCertificateAndPk_shouldBeEmptyWhenSecretNotPresent(t *testing.T) {
request := new(cmapi.CertificateRequest)
request.ObjectMeta.Annotations = map[string]string{
- certificateConfigurationAnnotation: oldCertificateConfig,
+ certificateConfigurationAnnotation: testdata.OldCertificateConfig,
}
fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme())
certificate, privateKey := RetrieveOldCertificateAndPk(fakeClient, request, nil)
- assert.Equal(t, "", certificate)
- assert.Equal(t, "", privateKey)
+ assert.Equal(t, []byte{}, certificate)
+ assert.Equal(t, []byte{}, privateKey)
}
-func Test_RetrieveOldCertificateAndPk_shouldReturnEmptyStringsWhenOldCertificateCannotBeUnmarshalled(t *testing.T) {
+func Test_RetrieveOldCertificateAndPk_shouldBeEmptyWhenOldCertificateCannotBeUnmarshalled(t *testing.T) {
request := new(cmapi.CertificateRequest)
fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme())
certificate, privateKey := RetrieveOldCertificateAndPk(fakeClient, request, nil)
- assert.Equal(t, "", certificate)
- assert.Equal(t, "", privateKey)
+ assert.Equal(t, []byte{}, certificate)
+ assert.Equal(t, []byte{}, privateKey)
}
-func getValidCertificateSecret() *v1.Secret {
- const privateKeySecretKey = "tls.key"
- const certificateSecretKey = "tls.crt"
-
- return &v1.Secret{
- Data: map[string][]byte{
- privateKeySecretKey: []byte("test-private-key"),
- certificateSecretKey: []byte("test-certificate"),
- },
- ObjectMeta: metav1.ObjectMeta{
- Name: "cert-test-secret-name",
- Namespace: "onap",
- },
- }
-}
package cmpv2provisioner
import (
- "context"
"sync"
"k8s.io/apimachinery/pkg/types"
"onap.org/oom-certservice/k8s-external-provider/src/certserviceclient"
"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
- "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/csr"
"onap.org/oom-certservice/k8s-external-provider/src/leveledlogger"
"onap.org/oom-certservice/k8s-external-provider/src/model"
)
}
func (ca *CertServiceCA) Sign(
- ctx context.Context,
signCertificateModel model.SignCertificateModel,
) (signedCertificateChain []byte, trustedCertificates []byte, err error) {
log := leveledlogger.GetLoggerWithName("certservice-provisioner")
- if signCertificateModel.IsUpdateRevision {
- log.Debug("Certificate will be updated.", "old-certificate", signCertificateModel.OldCertificate,
- "old-private-key", signCertificateModel.OldPrivateKey)
- }
-
certificateRequest := signCertificateModel.CertificateRequest
- privateKeyBytes := signCertificateModel.PrivateKeyBytes
log.Info("Signing certificate: ", "cert-name", certificateRequest.Name)
-
log.Info("CA: ", "name", ca.name, "url", ca.url)
- csrBytes := certificateRequest.Spec.Request
- log.Debug("Original CSR PEM: ", "bytes", csrBytes)
-
- filteredCsrBytes, err := csr.FilterFieldsFromCSR(csrBytes, privateKeyBytes)
- if err != nil {
- return nil, nil, err
- }
- log.Debug("Filtered out CSR PEM: ", "bytes", filteredCsrBytes)
-
var response *certserviceclient.CertificatesResponse
var errAPI error
- if signCertificateModel.IsUpdateRevision {
+ if ca.isCertificateUpdate(signCertificateModel) {
+ log.Debug("Certificate will be updated.", "old-certificate", signCertificateModel.OldCertificateBytes)
log.Info("Attempt to send certificate update request")
- response, errAPI = ca.certServiceClient.UpdateCertificate(filteredCsrBytes, privateKeyBytes, signCertificateModel)
+ response, errAPI = ca.certServiceClient.UpdateCertificate(signCertificateModel)
} else {
log.Info("Attempt to send certificate request")
- response, errAPI = ca.certServiceClient.GetCertificates(filteredCsrBytes, privateKeyBytes)
+ response, errAPI = ca.certServiceClient.GetCertificates(signCertificateModel)
}
if errAPI != nil {
log.Error(signErr, "Cannot parse response from CertService API")
return nil, nil, signErr
}
-
log.Info("Successfully signed: ", "cert-name", certificateRequest.Name)
-
log.Debug("Signed cert PEM: ", "bytes", signedCertificateChain)
log.Debug("Trusted CA PEM: ", "bytes", trustedCertificates)
return signedCertificateChain, trustedCertificates, nil
}
+
+
+func (ca *CertServiceCA) isCertificateUpdate(signCertificateModel model.SignCertificateModel) bool {
+ return len(signCertificateModel.OldCertificateBytes) > 0 && len(signCertificateModel.OldPrivateKeyBytes) > 0
+}
func (f *ProvisionerFactoryMock) CreateProvisioner(issuer *cmpv2api.CMPv2Issuer, secret v1.Secret) (*CertServiceCA, error) {
provisioner, err := New(issuer, &certserviceclient.CertServiceClientMock{
- GetCertificatesFunc: func(csr []byte, pk []byte) (response *certserviceclient.CertificatesResponse, e error) {
+ GetCertificatesFunc: func(signCertificateModel model.SignCertificateModel) (response *certserviceclient.CertificatesResponse, e error) {
return &testdata.SampleCertServiceResponse, nil
},
- UpdateCertificateFunc: func(csr []byte, key []byte, signCertificateModel model.SignCertificateModel) (*certserviceclient.CertificatesResponse, error) {
+ UpdateCertificateFunc: func(signCertificateModel model.SignCertificateModel) (*certserviceclient.CertificatesResponse, error) {
return &testdata.SampleCertServiceResponse, nil
},
})
package cmpv2provisioner
import (
- "context"
"testing"
"time"
testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
- ctx := context.Background()
request := createCertificateRequest()
privateKeyBytes := getPrivateKeyBytes()
signCertificateModel := model.SignCertificateModel{
- CertificateRequest: request,
- PrivateKeyBytes: privateKeyBytes,
- IsUpdateRevision: false,
- OldCertificate: "",
- OldPrivateKey: "",
+ CertificateRequest: request,
+ PrivateKeyBytes: privateKeyBytes,
+ OldCertificateBytes: []byte{},
+ OldPrivateKeyBytes: []byte{},
}
- signedPEM, trustedCAs, err := provisioner.Sign(ctx, signCertificateModel)
+ signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
assert.Nil(t, err)
testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
- ctx := context.Background()
request := createCertificateRequest()
privateKeyBytes := getPrivateKeyBytes()
signCertificateModel := model.SignCertificateModel{
- CertificateRequest: request,
- PrivateKeyBytes: privateKeyBytes,
- IsUpdateRevision: true,
- OldCertificate: testdata.OldCertificateEncoded,
- OldPrivateKey: testdata.OldPrivateKeyEncoded,
+ CertificateRequest: request,
+ PrivateKeyBytes: privateKeyBytes,
+ OldCertificateBytes: testdata.OldCertificateBytes,
+ OldPrivateKeyBytes: testdata.OldPrivateKeyBytes,
}
- signedPEM, trustedCAs, err := provisioner.Sign(ctx, signCertificateModel)
+ signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
assert.Nil(t, err)
import cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
type SignCertificateModel struct {
- CertificateRequest *cmapi.CertificateRequest
- PrivateKeyBytes []byte
- IsUpdateRevision bool
- OldCertificate string
- OldPrivateKey string
+ CertificateRequest *cmapi.CertificateRequest
+ FilteredCsr []byte
+ PrivateKeyBytes []byte
+ OldCertificateBytes []byte
+ OldPrivateKeyBytes []byte
}
--- /dev/null
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2021 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package model
+
+import (
+ "context"
+
+ "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+
+ "onap.org/oom-certservice/k8s-external-provider/src/cmpv2controller/util"
+ "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/csr"
+ "onap.org/oom-certservice/k8s-external-provider/src/leveledlogger"
+)
+
+func CreateSignCertificateModel(client client.Client, certificateRequest *v1.CertificateRequest, ctx context.Context, privateKeyBytes []byte) (SignCertificateModel, error) {
+ log := leveledlogger.GetLoggerWithName("certservice-certificate-model")
+ oldCertificateBytes, oldPrivateKeyBytes := util.RetrieveOldCertificateAndPkForCertificateUpdate(
+ client, certificateRequest, ctx)
+
+ csrBytes := certificateRequest.Spec.Request
+ log.Debug("Original CSR PEM: ", "bytes", csrBytes)
+
+ filteredCsrBytes, err := csr.FilterFieldsFromCSR(csrBytes, privateKeyBytes)
+ if err != nil {
+ return SignCertificateModel{}, err
+ }
+ log.Debug("Filtered out CSR PEM: ", "bytes", filteredCsrBytes)
+
+ signCertificateModel := SignCertificateModel{
+ CertificateRequest: certificateRequest,
+ FilteredCsr: filteredCsrBytes,
+ PrivateKeyBytes: privateKeyBytes,
+ OldCertificateBytes: oldCertificateBytes,
+ OldPrivateKeyBytes: oldPrivateKeyBytes,
+ }
+ return signCertificateModel, nil
+}
--- /dev/null
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2021 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package model
+
+import (
+ "context"
+ "testing"
+
+ cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+ "github.com/stretchr/testify/assert"
+ "sigs.k8s.io/controller-runtime/pkg/client/fake"
+
+ "onap.org/oom-certservice/k8s-external-provider/src/testdata"
+)
+
+const (
+ revisionAnnotation = "cert-manager.io/certificate-revision"
+ certificateConfigurationAnnotation = "kubectl.kubernetes.io/last-applied-configuration"
+ testPrivateKeyData = "test-private-key"
+ testCertificateData = "test-certificate"
+)
+
+func Test_shouldCreateCertificateModelWithCorrectParameters(t *testing.T) {
+ request := new(cmapi.CertificateRequest)
+ request.ObjectMeta.Annotations = map[string]string{
+ revisionAnnotation: "2",
+ certificateConfigurationAnnotation: testdata.OldCertificateConfig,
+ }
+ request.Spec.Request = testdata.CsrBytes
+ fakeClient := fake.NewFakeClientWithScheme(testdata.GetScheme(), testdata.GetValidCertificateSecret())
+
+ signCertModel, err := CreateSignCertificateModel(fakeClient, request, *new(context.Context), testdata.PkBytes)
+
+ assert.Nil(t, err)
+ assert.NotNil(t, signCertModel)
+ assert.NotNil(t, signCertModel.FilteredCsr)
+ assert.Equal(t, testdata.PkBytes, signCertModel.PrivateKeyBytes)
+ assert.Equal(t, request, signCertModel.CertificateRequest)
+ assert.Equal(t, []byte(testCertificateData), signCertModel.OldCertificateBytes)
+ assert.Equal(t, []byte(testPrivateKeyData), signCertModel.OldPrivateKeyBytes)
+}
CacertBytes, _ = base64.StdEncoding.DecodeString("QmFnIEF0dHJpYnV0ZXMKICAgIGZyaWVuZGx5TmFtZTogcm9vdAogICAgMi4xNi44NDAuMS4xMTM4OTQuNzQ2ODc1LjEuMTogPFVuc3VwcG9ydGVkIHRhZyA2PgpzdWJqZWN0PUMgPSBVUywgU1QgPSBDYWxpZm9ybmlhLCBMID0gU2FuLUZyYW5jaXNjbywgTyA9IExpbnV4LUZvdW5kYXRpb24sIE9VID0gT05BUCwgQ04gPSBvbmFwLm9yZwoKaXNzdWVyPUMgPSBVUywgU1QgPSBDYWxpZm9ybmlhLCBMID0gU2FuLUZyYW5jaXNjbywgTyA9IExpbnV4LUZvdW5kYXRpb24sIE9VID0gT05BUCwgQ04gPSBvbmFwLm9yZwoKLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZuakNDQTRhZ0F3SUJBZ0lFR0hCYjZEQU5CZ2txaGtpRzl3MEJBUXdGQURCM01Rc3dDUVlEVlFRR0V3SlYKVXpFVE1CRUdBMVVFQ0JNS1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ4TU5VMkZ1TFVaeVlXNWphWE5qYnpFWgpNQmNHQTFVRUNoTVFUR2x1ZFhndFJtOTFibVJoZEdsdmJqRU5NQXNHQTFVRUN4TUVUMDVCVURFUk1BOEdBMVVFCkF4TUliMjVoY0M1dmNtY3dIaGNOTWpBeE1ERTJNRGt3TmpVeVdoY05NekF4TURFME1Ea3dOalV5V2pCM01Rc3cKQ1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0JNS1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ4TU5VMkZ1TFVaeQpZVzVqYVhOamJ6RVpNQmNHQTFVRUNoTVFUR2x1ZFhndFJtOTFibVJoZEdsdmJqRU5NQXNHQTFVRUN4TUVUMDVCClVERVJNQThHQTFVRUF4TUliMjVoY0M1dmNtY3dnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUsKQW9JQ0FRQ0RCUjA2U1NQbXhVaXVnNTQvWGtaYlRTdmUxODNlRGIrck9iQU9XdTFjM3lRSEJqQkFBRUNhNEl1cQpUWkd3Tm9LL3ZZWHIyaXJ5UTAyTHBwNzd6QkN5cFZDRHJIR2wxNXdIcGtDWWpOTm91a29ZSGhhK3ZDRXN0bmxoClRMQlB5ZXJRcGRjZXJIc1VUYUhwaGpka3BmTGtsRnJmRno2U0NvMWt2SW5naEZBRVJsak9hTjMvaXEyNzFJQVQKZXB5QVZEZFR6USt4ek1CTlFGZ0YzUVVPUmgxNjVJSjRRZDlaVmNYY2pHd0lMR1Y5bHc0QWFJU2pWcUlwa2JMaApwd2puQTRQbUxkWnZIcjd5elQ1R014UFk3UVY5LzdOUWZrbk9UT1NacUZYMmRwc3FYZDdtTnYvRzA4MXpEYkpaCmJkeVVIeUFxUG00STdyWis2ZnJINzhQb0NId0FwMW1PUDVBelRLRVlVZW4xUEIrODhsVHFsbWp4bjhWWHo4dk4KNTVmSTRZQ1FINnRsUnV3UWpsMUhReUlQRFhqaDhPSklJbjRJZzlheTlGTTlDUy9KdzdIa09iakltaEFNMk1uUQpKbkNBc092WHluNGpkYnNHaWhab1hGMzg3T2dMdFdDanp3WlpNTUJPOEZuYm5jWWdXZWNibllwRXJyN05aeHIxCkUzcUIzSlRzWTVUQUltTjNOdnJGSXl1b3ZmNTRkeXJEV1FodGxlMGN1bmVCQlM1N0hTZ1hTZURqdlZKOFdyNTEKcGZSa2RNQm5BNFpZeEpkWmpraVcxb2NUSWV4d1drMXVQbTAvd0RVbFcrcHB5c0tIVDVwMjkwTmt0UlVjQjBieApQNGM5MzhJdW1DTmVOWU9XaVBDQXBlQ1JpZjg2MExuaDFkM1RxRy9XUDBiVGNYMkhBUUlEQVFBQm96SXdNREFkCkJnTlZIUTRFRmdRVVpBME4yK0tOQWVoTHFZNytDTWw2QmUzVDl5d3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU4KQmdrcWhraUc5dzBCQVF3RkFBT0NBZ0VBTTFRRGhDNmRKendFZTBzZjh4NmlwK2MvTEhBRWxPT1dYNytOL1FSdQppWmFjY2Znb3g2YWR1NEJFK2w5bVVycUt4RkJucG9tenZvTGZTcnNPa2poajFHNXVPakl1eEFSWm5LcmN3STRqCmMrV3VjU3FCQm5EcXl6TDcrN0cxVW5tNSt5aWZsNUFFczJ4KzdmdEZ6b2dVS1dhOTN4c1EyMmFOZ0RPejArQjYKRkwrVlBDMEpTTEgyUUdUdEhKVk1LaUxLQWoxTTFyQXNpdUlTSzVLS21rOUNHRkpsMkhBZ1dLNExUNGNiWlBUOAoyQk9ETEthVzJxRlZSSlJDUkpVQjlIWkdEeitGbjlNeE5YbVFmMG94KytIeWNKbGdRTXNJRE9VSmo2QjhieWdJCmVVMHBENTBSTUtOQyt0bmFlSExSS0xyR0ExS2FXOWtrdTBVTy9kSU5NZG1JZmk5RktHYlVBb0xoLzJjUjFiVUYKWFF0aUtlS3NILzBIV1EvTTJpVXBIYVNTZ3greHpOeC80d2FPTDhXZFphdGplcVZjYlJIbHkvbGs2bXErV0U4MQozOGk5ck1aTWlId1ZLaGJ6dXdZbVE0R0x1QWRRL1J0dHJVTE0xLzRGb2hNaFVwbHZ1Z3Z4K2ZhanFZZjg1a05SCm9rZHVGeE9YdDNNYzJyR2R0am8vY0N1cjFzeUtjalhuQitzWW16QWJQMlpTa0QwTG0rRjdkcFAyRzQ2ZkwvYUsKVFRMSFJLcVZTR3pDaXpDdWtQTU9kby9MakJ4ck9NVWR1QnVuZ1NFbnBxR09DR3c4bi83ZGpWSWxsN2VEbWk4ZApjNG9uZDhjemJxTGhjTWdhVWtqNmhVMklEeEdUTi9Ic3h4eDhxNU1TdzU3cElBdnVUNm9IeEVDdUdKSDR0aVU5ClFTND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=")
CsrBytes, _ = base64.StdEncoding.DecodeString("LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQy9EQ0NBZVFDQVFBd2JqRUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdUQ2tOaGJHbG1iM0p1YVdFeApDekFKQmdOVkJBY1RBbFZUTVEwd0N3WURWUVFLRXdSdmJtRndNUkF3RGdZRFZRUUxFd2R2Ym1Gd0xXOTFNUnd3CkdnWURWUVFERXhOalpYSjBhWE56ZFdWeUxtOXVZWEF1YjNKbk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0MKQVE4QU1JSUJDZ0tDQVFFQTJSZDFCV3JIRm5wUGdkdy9VaFBOYWZPWjB1S3lGZytuWHNNQUJEbFB6YzBxaWRWWQp4RTVmU0E0dUFXUmpvV1FLQ1dxQWxGZS9LYjBSL3ZlTTN6K0hUMUQrRXBsNjNZWUF5dVYyNFdaa2JEeDhGdGV6CjBqd2l1R21Zb0lld1JXMmZXY25RcTV6WDZ4LzEyalJ3eThtQVpJaFRtUXloTjRQWGpjd09ZcVJrVTBQeGsrQnAKMmt4RWpTQi9SSlJGKzE5YWh6K2IreStLQ0dJRVdiSStXb0RpMzFNYmh0aVVrMnd2MXdzUk8vbmRnM1RxT2Y0Twp5QjNtVGlYMkIyL0t1ZXpLbFlseENobUdjS1UxdTUwU0pYT3JZYU9KNTZJemdDTU1FVk1YaEpzYlgweFlnMkZMCjZsSkxXcjlma3pxeFRmenMxYUdVWXdDcG9rWHROa1UybXBPT1lRSURBUUFCb0Vrd1J3WUpLb1pJaHZjTkFRa08KTVRvd09EQXBCZ05WSFJFRUlqQWdnZ2xzYjJOaGJHaHZjM1NDRTJObGNuUnBjM04xWlhJdWIyNWhjQzV2Y21jdwpDd1lEVlIwUEJBUURBZ1dnTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDNThJWkt5dlFwdUFuVHR3NUd1eVh2ClQralNML240Kzg1b1dwamwxYVZnQTVRcWVHWU8wRzVQbzNMbGVLeTlCaEJIclBmY201eEFudFUvM0VKWmJBSFQKai9WWkRzdmVaR3JEc2hqRWI4dmNuSTRROXVpY0dNYnlUbktFcVpzSm5EMlpqN1RiWFBocXQrV1Z5S0RJc0ZLdAprNHVSWGpaRTI0VVh6ZFhiWnNUeWlscFl0RzJkR3RTTXVSdll6NlR1eUlWRVZMNVBXRWRGak5VUVJSK2czTVpDCmtrc2pKSzkvSC9OZVl1TS9QN1BUWjZkRWFUY3c5UmtSdEVGazBPQlRxWUlyaUhmczJUMUlIdzdMaVl6NFhyUEQKVFBncHppM1IyZVFINDhzSDVMS1UvblQxUWtNbHZiS3RpcWdoZkx6eGQ0MXEzRTZxNkRZdGJybHN6eTVpeTFqOAotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K")
PkBytes, _ = base64.StdEncoding.DecodeString("LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRFpGM1VGYXNjV2VrK0IKM0Q5U0U4MXA4NW5TNHJJV0Q2ZGV3d0FFT1UvTnpTcUoxVmpFVGw5SURpNEJaR09oWkFvSmFvQ1VWNzhwdlJIKwo5NHpmUDRkUFVQNFNtWHJkaGdESzVYYmhabVJzUEh3VzE3UFNQQ0s0YVppZ2g3QkZiWjlaeWRDcm5OZnJIL1hhCk5IREx5WUJraUZPWkRLRTNnOWVOekE1aXBHUlRRL0dUNEduYVRFU05JSDlFbEVYN1gxcUhQNXY3TDRvSVlnUloKc2o1YWdPTGZVeHVHMkpTVGJDL1hDeEU3K2QyRGRPbzUvZzdJSGVaT0pmWUhiOHE1N01xVmlYRUtHWVp3cFRXNwpuUklsYzZ0aG80bm5vak9BSXd3UlV4ZUVteHRmVEZpRFlVdnFVa3RhdjErVE9yRk4vT3pWb1pSakFLbWlSZTAyClJUYWFrNDVoQWdNQkFBRUNnZ0VBWk04NHZ5QTdmUnVsQ2hlZHE5NllOOGd3T1RhZUhoSjgxVXRXR2FBSGgvanEKOVFDR2JQbzcwcmtLOGdpTkgyZldKVk00akNwSEVmbkRmcE96N2dPUk1PcmFZUWEyZ0dIMndrRldPQXNWUFJIRgpTZEkycGJ6WkhxdWlmWUVsQU1pTUErVHNxcFIxeTdDV3VSSTdBdGI2Y1RUQkpVUXhKUmRySkdTS2xaSGpLS3A4Clo4V0xkNllqTnVzSlY0c1ZNb0pTR3RPc0tkcUx0RytlYnhPK2RCdWNnbm95S01KMi9LREl2bmxHWE1CME5IOUYKaXVOSVFYNnlReHI0VlNGSVZndldwZ0dPYTI0QWtxSlFGRm80UVdlc1JVa01EaFU5aTJPYWc4ekNxL1U4VmFpMQo2eTBTa2FucTBxbVFoN1c5UFV5RXlKdGhhbk5RczYzNDZXWkZmNWY0bFFLQmdRRHc1MzRLZFNiYkJjQTBZVmpaCjI1NDRLbE1MMzBSc04vN2JIdEt0djVVKzIyYjBXekRycHVVbFpVUmVFZGducGlBQVg3RUpLdFRDUVVCektuTmQKU1g4WTE4WTB6cEkyZnhJb2pjN0YwVy9aMzB0bkM1NjNKLzV0WTk4eVJzQ3lISXpRTXQvOTMzUVRLU2pGaktBcwp1ZCtKbDR6Q25yWUpnVitrTGV6V1R4c1ptd0tCZ1FEbXNmaGZPOUF6V3diQS9IS09aL01ZaTRjcWE5disyN2xSCktmYStZQ3ZMRUE0UWhJRTZXVFA2ZGFtTnpwZytQMW9QcmdmSVBpNVJOelRmdlFoSzlMaW56dDdxVTJYbWJYVXUKNDJpR2p3UklwY1hLaGxYeFNCTTFQVGZ5dW5GaXlORW1qVlR2SWdudW9vNmdJNUp0RVNLQ2hGZy95YWIwRm9ONQpVRnV1MGp2bHN3S0JnRUpKWUZ3ZVNqZkFDRmdoWlNKbEZNOGRqa1paQStuSEtxQStoZmY3SEdUMFdBcnF3TFpHCjhReHVKZmJBY0RyUXNrT0lFUjJWcEg5akZ3blpaMjhHMXlzTnpHTWhhQWdJeFFWVnA4eTB5Vk1vNXdXT28vaC8KejdsbjNyVmwxSVh0NXkwdW9vV25vN2ZWL25zRks5bkN0MmlUdzg2VmZ6OTBVczNKT1Q3cSsyajdBb0dBUVFpTQp0dlFhcGsrVDROV0p5Y0ZlRTE1S0ZWaGdwVUQxeGY2cGMxT1RKT1I2d29kSUV0WFF4RnRsRi9mVWpUKzR1TkRiCm1zU0V0QnAzQ2xlMHZjU3RSWWtZNkQvb2F3UVNVOHlCeStVSFZSOStXYkJ6QzlqQXFYSi9raXFqQ2pFSVhQRGMKcjZrTjJicnpzQXMzSFE0R2gzcWRraVhicmRXbTdJME51NFBDcE9jQ2dZRUFzNUh1aFZ3Q0lrL0IrY0I0Um5RbwpXWTJOQjVPd1FpbmVmd3RVVlJJTWxGTkhWeWljTmhyME5wQkJ0TGF0RFRZOTlYRmx3eHh3LzMrM0hBbUdxTjVvCmNvVTVkQ3dNRWo0RmZ6V3ZIUTBWa0VsRVRkZ3ZnVFluejFYU015alJXZjZweTRaTXpBZ0xJL2pDQXlGMnQvMVMKZ1ZIR01LRFV0YjdNRHIzamg3ZmxoUG89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K")
+ OldPrivateKeyBytes, _ = base64.StdEncoding.DecodeString("LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRHBTaUdjSGdxaEJPYUgKVzZ4NFBZaWdnVUhBYW5nVXVNNEkxWlFFZkZleDZCMXMvYWVzUUdVckJMNGNlRnBBd0JMWTY4d2IwR1JsQTFCZgo2eVVpc2FhRXAxL0J4OVR2VUVhd2E1TlprV0pvVVV5TTM2MXBlMXF5bExJcVd0aEdGa3Q1dStGRGJjVFFHcjV1CjBQYzVDMEN4V28rSCsxVU5IdW9sZEo4Zk5adHZLMEpFcm4zWmFsRjgwVVRzbjdpVW1SeWFlQVplTGpiOHZWcWwKSlU2NVpnVzZldThKWk1yUnA4T283T0drZnFrR2lLdWtSVWtValZNNG91eUNERkprYVRJUzB1RnJ6N1JYSlRUbQo0eXBaQnNKeXp5OHhsRHZtbFMwZ3phSHdqOHVPK2pLa3d0bjd1TDk2am1JaVFtbFhkK3h1M0NoeFpJWEpmaTgzCjZpdFc1VjdaQWdNQkFBRUNnZ0VCQUpNcXg3OFRtSUx4YzNnS1ZlZlljWnRIVHpKU09BUmlmTjlIMU1OcnFXcTYKMGUxU3F2YlgvTHBCbUtpZko5aFhFc3l6RzZTa051RWVVUkxoWlNEWXp3STZFQWRQeDcxY2QrdU5RWHdzWWRjTApDbTZJSUg0OWFmN2tIT3pwT0N3bW5tQmlMSDM3L2orRno0SmE0c3FpbGFJTVRpVnJZTUVSTW9hRVpta3F5UzQ3CitHb2FhcDFGMkFoTjVaVTRKeFlMV0ZqejhBWVJSSGRnWDZJTk1paWxmTDJNT0Rld3V5TEpaaXFScTByMFVGcUIKdElia25JcE02azgrczd2VkVXVXY1cVlibkU3TjQzSWIxd2lYbnZQY2orMzR5ZEhadkpWcVprWXdsQ2xWWEVOQgpyeVpkMjBySTc2aTgxTk9Wd1RGaUNRazNZcjNJTWhWTmtRSTF4Nzdvc0lFQ2dZRUEvRVFyZXh4emh5QTVlbkRRCmVIaEh2T042WU54Y1h6VHFhVk16dHRxa0JwbEZ3aENIdzA2c3hZSmJUN3g5UnB3MzZYWS9FaFBwdG9lSVhUWU0Kc1ZaMkljUVorQXN6ejYzK2JYVmJ2VXJjUGRpb0U3bEJadGpTVHlUMnVlYm1Zck52N3ZNNEJOb0tzOUczd2U1bAo2d1BHR0tkdmJuWDhUcVdDNE54LzFUM2w2VEVDZ1lFQTdMNFBKdTA4Ry9FUzROTHlTaVdVSGJsSHRkcXVSQmE3CkhZcWIwejJ3NnBpei8xNHNNOTVmWGZSODZmai92RVVjNndUb2FuRFplc1UvSDg0SEZ0VTFuSGpLTW9qVFQ1ckMKWDQvblJTZ2FBdGwrVmpLNGphb0Jyb1NFeEJsdUI2VGJwUW9LTG0rdUtxakJQYkNjSllORitIMkxUYWdMRVliUwpkNTNPOGlKaDVpa0NnWUJJZ2Z1UmJqTVNrc09TbXR5QTArbWl0Q3VYclo3clNwVlo0cTFKa0h4MjNSVTgyMjE2ClNLSEdQMXFwaDM3bWpiNVFYMGx2azhPb1VEcDB1RFZidjROQzMwK3JpT1RDZTd0V2tOWG1pWjdXTS9EVGducjIKNmJsQlFGbWVRMnpTejhxTGZ1TUtHZlhiaTVycXBmQXJaYkZKb3M2WGpGZ1I3dWE0WlFobExWNW84UUtCZ1FEUgpMRWlVKzAxOTNxM3dhVkhjZzRGd0ZkR3ZjeTFBU2RsQUM4VU1pdGh6SDBNQ29nRnFQdE9DWDArekp1ZEdRTWFCClBNL2hwQjN6NUsyV2UySTJJV0lDQTVPYnZOci8zZHhadFBzQlZxSk0zRUJOQnZtYmFaZWN5OGZHd0RWQW1iL2IKL1pmcldZL0liMXgyRmtLUXZvRW5RajIvK25iMUlHdDdkcnB2cEVOZHFRS0JnUUNLSUFweVRLTXVWNjlPc3U2NAoranRXNG51RkYreDRlQjU1Wk1CYUxGY3ZpWElIUjVWUzlnOUlTTEROZHdJT2V5THlhcDE4UkZWY0xVT1IzOUFICmZodWJXSjhBSjJ4cUFJajBiNmYzeUVBRklHdWE2UnRKcXpUeElFVlFPMFdBS1VuUElBR1UxdkhNSDFGRDZsc3MKRkU4Q1o4enN1dlBRaXRqd0Z2NFJNV0JCMnc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==")
+ OldCertificateBytes, _ = base64.StdEncoding.DecodeString("LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVyRENDQXhTZ0F3SUJBZ0lVUFdUaGxyU1IyRXFwemRpVjZJUU1sOEo1ZVpBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1V6RVZNQk1HQ2dtU0pvbVQ4aXhrQVFFTUJURXlNelExTVJVd0V3WURWUVFEREF4TllXNWhaMlZ0Wlc1MApRMEV4SXpBaEJnTlZCQW9NR2tWS1FrTkJJRU52Ym5SaGFXNWxjaUJSZFdsamEzTjBZWEowTUI0WERUSXhNRGN3Ck56RXlNRGMxTVZvWERUSXpNRGN3TnpFeU1EYzFNRm93ZHpFUk1BOEdBMVVFQXd3SWIyNWhjQzV2Y21jeERUQUwKQmdOVkJBc01CRTlPUVZBeEdUQVhCZ05WQkFvTUVFeHBiblY0TFVadmRXNWtZWFJwYjI0eEZqQVVCZ05WQkFjTQpEVk5oYmkxR2NtRnVZMmx6WTI4eEV6QVJCZ05WQkFnTUNrTmhiR2xtYjNKdWFXRXhDekFKQmdOVkJBWVRBbFZUCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBNDJ2QmZpeCtCb3NwblRXVTN0REQKY0FHSjZGU010YVJyS3pPTllQWGhyTE9TNU9BZmpNYkNLbGxrcmErWVlMSGZPTzdTajcwNWVEUi8zVVlPWEtiSQo3eERLL0JvamZwVG1YbWVrcmVONXFmazNmV2hOdUEvS054anJybHpIbDdza0t3UW55QVBWVG03ekh2a01sZEFlCjIrTVp1RHNDcXA0NVpEa3RER241NTBpNFQyRlAwdnVoRDVzWFZ5dUkzQVZxbVkySGJYMmE3MVgxT1lZSEthcE4KWE50RVpIYXN2K0w1ZWw2NUM3Qk5BMEpiNGdRK2kzRnJuMFJoNXFuWVZ3QS85MkIxa2FwMC9FQS95dEl1aGdwMAo5R29rNlhGQkc0TGNzbmlHR29WU2dxUHpmd0w0Tm90Mk5FSDlmWC9vSC9LbnEyRjMxTGpodGI0T0p2VG5KTENYCnB3SURBUUFCbzRIVE1JSFFNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVUveDhMN2tXWGhDcG8KOVZrSGVaYnlna04wbzJ3d1J3WURWUjBSQkVBd1BvRU5kR1Z6ZEVCdmJtRndMbTl5WjRJSWIyNWhjQzV2Y21lQwpEWFJsYzNRdWIyNWhjQzV2Y21lR0RtWjBjRG92TDNSbGMzUXViM0puaHdSL0FBQUJNQ2NHQTFVZEpRUWdNQjRHCkNDc0dBUVVGQndNQ0JnZ3JCZ0VGQlFjREJBWUlLd1lCQlFVSEF3RXdIUVlEVlIwT0JCWUVGS3ZUR2Rtc3JCUmUKSTlzcFIrYlExWGdVVlBSSE1BNEdBMVVkRHdFQi93UUVBd0lGNERBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVlFQQpoWE9HWU1OUjJzcTNreUVhWG9KL3BYWlJiRW1jWlNYZ2p1dXVES0U4bjh3WlArY2Izd0FDZWU3MmFtZ2dJODR6CmtJeGlkU2ZNZWgvdURZTVBGR2pBQUFyQ1kydTdxcnZsMzBmaVU1OG9qZmhsbUwzbHYyalZBSnRyWksvVnVrWnUKajB6ZG5TU2d6ZyszN0NhL1BHeE1nY3pDaHdhZVEvU0ZpZHhuYWczdHhmUFZjYUdXa25pTkljVER5ZlRUQ3J0YQpjU0JPQ3B1S1doOWRCZk15dTg3VjhNc2N2dGh0WDNIWFhEQStVSXN4VzJlekxOS25UYmM1SURHL3NqOGVteXNmCnA1aDE3alQxblZ1eEY3QWluWC96Um84YzBBK20zVUdLQVdxM1NKU3k1RDdDRkVzTWtRRUhiNWQ3WGtZR3pRNWkKNmZPZURuZlpZZjV0R2tYSTdaZmZXZjduRkprVEhmU25xNkxUaE9SbDAyRWliMXJoZXFCR2xSR0hhTFNIWTh4OApZb0trK2dZbkI3a2MzSzRuV3NMNGpTWW5oUlBaMmpJMTM1RWxwckFtaGlBQ2E3Zk5wMThLbitsQzZvWGZ6b1FqCmJPMlFhUENCdU1NMFFhLzZzb2NwN1lnZkRXZjdUR3llYi9rV2pIWEpXaUUzSk5FcjBhN28ycGVFUHQvSEY4WTAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQoK")
)
-const OldPrivateKeyEncoded = "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRHBTaUdjSGdxaEJPYUgKVzZ4NFBZaWdnVUhBYW5nVXVNNEkxWlFFZkZleDZCMXMvYWVzUUdVckJMNGNlRnBBd0JMWTY4d2IwR1JsQTFCZgo2eVVpc2FhRXAxL0J4OVR2VUVhd2E1TlprV0pvVVV5TTM2MXBlMXF5bExJcVd0aEdGa3Q1dStGRGJjVFFHcjV1CjBQYzVDMEN4V28rSCsxVU5IdW9sZEo4Zk5adHZLMEpFcm4zWmFsRjgwVVRzbjdpVW1SeWFlQVplTGpiOHZWcWwKSlU2NVpnVzZldThKWk1yUnA4T283T0drZnFrR2lLdWtSVWtValZNNG91eUNERkprYVRJUzB1RnJ6N1JYSlRUbQo0eXBaQnNKeXp5OHhsRHZtbFMwZ3phSHdqOHVPK2pLa3d0bjd1TDk2am1JaVFtbFhkK3h1M0NoeFpJWEpmaTgzCjZpdFc1VjdaQWdNQkFBRUNnZ0VCQUpNcXg3OFRtSUx4YzNnS1ZlZlljWnRIVHpKU09BUmlmTjlIMU1OcnFXcTYKMGUxU3F2YlgvTHBCbUtpZko5aFhFc3l6RzZTa051RWVVUkxoWlNEWXp3STZFQWRQeDcxY2QrdU5RWHdzWWRjTApDbTZJSUg0OWFmN2tIT3pwT0N3bW5tQmlMSDM3L2orRno0SmE0c3FpbGFJTVRpVnJZTUVSTW9hRVpta3F5UzQ3CitHb2FhcDFGMkFoTjVaVTRKeFlMV0ZqejhBWVJSSGRnWDZJTk1paWxmTDJNT0Rld3V5TEpaaXFScTByMFVGcUIKdElia25JcE02azgrczd2VkVXVXY1cVlibkU3TjQzSWIxd2lYbnZQY2orMzR5ZEhadkpWcVprWXdsQ2xWWEVOQgpyeVpkMjBySTc2aTgxTk9Wd1RGaUNRazNZcjNJTWhWTmtRSTF4Nzdvc0lFQ2dZRUEvRVFyZXh4emh5QTVlbkRRCmVIaEh2T042WU54Y1h6VHFhVk16dHRxa0JwbEZ3aENIdzA2c3hZSmJUN3g5UnB3MzZYWS9FaFBwdG9lSVhUWU0Kc1ZaMkljUVorQXN6ejYzK2JYVmJ2VXJjUGRpb0U3bEJadGpTVHlUMnVlYm1Zck52N3ZNNEJOb0tzOUczd2U1bAo2d1BHR0tkdmJuWDhUcVdDNE54LzFUM2w2VEVDZ1lFQTdMNFBKdTA4Ry9FUzROTHlTaVdVSGJsSHRkcXVSQmE3CkhZcWIwejJ3NnBpei8xNHNNOTVmWGZSODZmai92RVVjNndUb2FuRFplc1UvSDg0SEZ0VTFuSGpLTW9qVFQ1ckMKWDQvblJTZ2FBdGwrVmpLNGphb0Jyb1NFeEJsdUI2VGJwUW9LTG0rdUtxakJQYkNjSllORitIMkxUYWdMRVliUwpkNTNPOGlKaDVpa0NnWUJJZ2Z1UmJqTVNrc09TbXR5QTArbWl0Q3VYclo3clNwVlo0cTFKa0h4MjNSVTgyMjE2ClNLSEdQMXFwaDM3bWpiNVFYMGx2azhPb1VEcDB1RFZidjROQzMwK3JpT1RDZTd0V2tOWG1pWjdXTS9EVGducjIKNmJsQlFGbWVRMnpTejhxTGZ1TUtHZlhiaTVycXBmQXJaYkZKb3M2WGpGZ1I3dWE0WlFobExWNW84UUtCZ1FEUgpMRWlVKzAxOTNxM3dhVkhjZzRGd0ZkR3ZjeTFBU2RsQUM4VU1pdGh6SDBNQ29nRnFQdE9DWDArekp1ZEdRTWFCClBNL2hwQjN6NUsyV2UySTJJV0lDQTVPYnZOci8zZHhadFBzQlZxSk0zRUJOQnZtYmFaZWN5OGZHd0RWQW1iL2IKL1pmcldZL0liMXgyRmtLUXZvRW5RajIvK25iMUlHdDdkcnB2cEVOZHFRS0JnUUNLSUFweVRLTXVWNjlPc3U2NAoranRXNG51RkYreDRlQjU1Wk1CYUxGY3ZpWElIUjVWUzlnOUlTTEROZHdJT2V5THlhcDE4UkZWY0xVT1IzOUFICmZodWJXSjhBSjJ4cUFJajBiNmYzeUVBRklHdWE2UnRKcXpUeElFVlFPMFdBS1VuUElBR1UxdkhNSDFGRDZsc3MKRkU4Q1o4enN1dlBRaXRqd0Z2NFJNV0JCMnc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg=="
-const OldCertificateEncoded = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVyRENDQXhTZ0F3SUJBZ0lVUFdUaGxyU1IyRXFwemRpVjZJUU1sOEo1ZVpBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1V6RVZNQk1HQ2dtU0pvbVQ4aXhrQVFFTUJURXlNelExTVJVd0V3WURWUVFEREF4TllXNWhaMlZ0Wlc1MApRMEV4SXpBaEJnTlZCQW9NR2tWS1FrTkJJRU52Ym5SaGFXNWxjaUJSZFdsamEzTjBZWEowTUI0WERUSXhNRGN3Ck56RXlNRGMxTVZvWERUSXpNRGN3TnpFeU1EYzFNRm93ZHpFUk1BOEdBMVVFQXd3SWIyNWhjQzV2Y21jeERUQUwKQmdOVkJBc01CRTlPUVZBeEdUQVhCZ05WQkFvTUVFeHBiblY0TFVadmRXNWtZWFJwYjI0eEZqQVVCZ05WQkFjTQpEVk5oYmkxR2NtRnVZMmx6WTI4eEV6QVJCZ05WQkFnTUNrTmhiR2xtYjNKdWFXRXhDekFKQmdOVkJBWVRBbFZUCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBNDJ2QmZpeCtCb3NwblRXVTN0REQKY0FHSjZGU010YVJyS3pPTllQWGhyTE9TNU9BZmpNYkNLbGxrcmErWVlMSGZPTzdTajcwNWVEUi8zVVlPWEtiSQo3eERLL0JvamZwVG1YbWVrcmVONXFmazNmV2hOdUEvS054anJybHpIbDdza0t3UW55QVBWVG03ekh2a01sZEFlCjIrTVp1RHNDcXA0NVpEa3RER241NTBpNFQyRlAwdnVoRDVzWFZ5dUkzQVZxbVkySGJYMmE3MVgxT1lZSEthcE4KWE50RVpIYXN2K0w1ZWw2NUM3Qk5BMEpiNGdRK2kzRnJuMFJoNXFuWVZ3QS85MkIxa2FwMC9FQS95dEl1aGdwMAo5R29rNlhGQkc0TGNzbmlHR29WU2dxUHpmd0w0Tm90Mk5FSDlmWC9vSC9LbnEyRjMxTGpodGI0T0p2VG5KTENYCnB3SURBUUFCbzRIVE1JSFFNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVUveDhMN2tXWGhDcG8KOVZrSGVaYnlna04wbzJ3d1J3WURWUjBSQkVBd1BvRU5kR1Z6ZEVCdmJtRndMbTl5WjRJSWIyNWhjQzV2Y21lQwpEWFJsYzNRdWIyNWhjQzV2Y21lR0RtWjBjRG92TDNSbGMzUXViM0puaHdSL0FBQUJNQ2NHQTFVZEpRUWdNQjRHCkNDc0dBUVVGQndNQ0JnZ3JCZ0VGQlFjREJBWUlLd1lCQlFVSEF3RXdIUVlEVlIwT0JCWUVGS3ZUR2Rtc3JCUmUKSTlzcFIrYlExWGdVVlBSSE1BNEdBMVVkRHdFQi93UUVBd0lGNERBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVlFQQpoWE9HWU1OUjJzcTNreUVhWG9KL3BYWlJiRW1jWlNYZ2p1dXVES0U4bjh3WlArY2Izd0FDZWU3MmFtZ2dJODR6CmtJeGlkU2ZNZWgvdURZTVBGR2pBQUFyQ1kydTdxcnZsMzBmaVU1OG9qZmhsbUwzbHYyalZBSnRyWksvVnVrWnUKajB6ZG5TU2d6ZyszN0NhL1BHeE1nY3pDaHdhZVEvU0ZpZHhuYWczdHhmUFZjYUdXa25pTkljVER5ZlRUQ3J0YQpjU0JPQ3B1S1doOWRCZk15dTg3VjhNc2N2dGh0WDNIWFhEQStVSXN4VzJlekxOS25UYmM1SURHL3NqOGVteXNmCnA1aDE3alQxblZ1eEY3QWluWC96Um84YzBBK20zVUdLQVdxM1NKU3k1RDdDRkVzTWtRRUhiNWQ3WGtZR3pRNWkKNmZPZURuZlpZZjV0R2tYSTdaZmZXZjduRkprVEhmU25xNkxUaE9SbDAyRWliMXJoZXFCR2xSR0hhTFNIWTh4OApZb0trK2dZbkI3a2MzSzRuV3NMNGpTWW5oUlBaMmpJMTM1RWxwckFtaGlBQ2E3Zk5wMThLbitsQzZvWGZ6b1FqCmJPMlFhUENCdU1NMFFhLzZzb2NwN1lnZkRXZjdUR3llYi9rV2pIWEpXaUUzSk5FcjBhN28ycGVFUHQvSEY4WTAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQoK"
* ============LICENSE_START=======================================================
* oom-certservice-k8s-external-provider
* ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
+ * Copyright (C) 2020-2021 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
)
const (
- SecretName = "issuer-cert-secret"
- Url = "https://oom-cert-service:8443/v1/certificate/"
- HealthEndpoint = "actuator/health"
- CertEndpoint = "v1/certificate"
- CaName = "RA"
- KeySecretKey = "cmpv2Issuer-key.pem"
- CertSecretKey = "cmpv2Issuer-cert.pem"
- CacertSecretKey = "cacert.pem"
- Namespace = "onap"
- IssuerObjectName = "cmpv2-issuer"
- Kind = "CMPv2Issuer"
- APIVersion = "v1"
- PrivateKeySecret = "privateKeySecretName"
+ SecretName = "issuer-cert-secret"
+ Url = "https://oom-cert-service:8443/v1/certificate/"
+ HealthEndpoint = "actuator/health"
+ CertEndpoint = "v1/certificate"
+ CaName = "RA"
+ KeySecretKey = "cmpv2Issuer-key.pem"
+ CertSecretKey = "cmpv2Issuer-cert.pem"
+ CacertSecretKey = "cacert.pem"
+ Namespace = "onap"
+ IssuerObjectName = "cmpv2-issuer"
+ Kind = "CMPv2Issuer"
+ APIVersion = "v1"
+ PrivateKeySecret = "privateKeySecretName"
+ OldCertificateConfig = "{\"apiVersion\":\"cert-manager.io/v1\",\"kind\":\"Certificate\",\"metadata\":{\"annotations\":{},\"name\":\"cert-test\",\"namespace\":\"onap\"},\"spec\":{\"commonName\":\"certissuer.onap.org\",\"dnsNames\":[\"localhost\",\"certissuer.onap.org\"],\"emailAddresses\":[\"onap@onap.org\"],\"ipAddresses\":[\"127.0.0.1\"],\"issuerRef\":{\"group\":\"certmanager.onap.org\",\"kind\":\"CMPv2Issuer\",\"name\":\"cmpv2-issuer-onap\"},\"secretName\":\"cert-test-secret-name\",\"subject\":{\"countries\":[\"US\"],\"localities\":[\"San-Francisco\"],\"organizationalUnits\":[\"ONAP\"],\"organizations\":[\"Linux-Foundation\"],\"provinces\":[\"California\"]},\"uris\":[\"onap://cluster.local/\"]}}\n"
)
func GetValidIssuerWithSecret() (cmpv2api.CMPv2Issuer, v1.Secret) {
Name: name,
}
}
+
+func GetValidCertificateSecret() *v1.Secret {
+ const privateKeySecretKey = "tls.key"
+ const certificateSecretKey = "tls.crt"
+
+ return &v1.Secret{
+ Data: map[string][]byte{
+ privateKeySecretKey: []byte("test-private-key"),
+ certificateSecretKey: []byte("test-certificate"),
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "cert-test-secret-name",
+ Namespace: "onap",
+ },
+ }
+}
+
Code Review / oom / platform / cert-service.git / commitdiff