Skip to content
This repository has been archived by the owner on Jul 11, 2023. It is now read-only.

Commit

Permalink
Merge pull request #3617 from shalier/testsForCertManager
Browse files Browse the repository at this point in the history 
test(*): Adds test to certificate_manager.go
  • Loading branch information
@shalier
shalier authored Jun 24, 2021
2 parents 477ee77 + 4aca35d commit 660aef4
Show file tree
Hide file tree
Showing 5 changed files with 161 additions and 23 deletions.
6 changes: 3 additions & 3 deletions pkg/certificate/encode.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ func DecodePEMCertificate(certPEM []byte) (*x509.Certificate, error) {
var block *pemEnc.Block
block, certPEM = pemEnc.Decode(certPEM)
if block == nil {
return nil, errNoCertificateInPEM
return nil, ErrNoCertificateInPEM
}
if block.Type != TypeCertificate || len(block.Headers) != 0 {
continue
Expand All @@ -62,7 +62,7 @@ func DecodePEMCertificate(certPEM []byte) (*x509.Certificate, error) {
return cert, nil
}

return nil, errNoCertificateInPEM
return nil, ErrNoCertificateInPEM
}

// DecodePEMPrivateKey converts a certificate from PEM to x509 encoding
Expand All @@ -84,7 +84,7 @@ func DecodePEMPrivateKey(keyPEM []byte) (*rsa.PrivateKey, error) {
return caKeyInterface.(*rsa.PrivateKey), nil
}

return nil, errNoCertificateInPEM
return nil, ErrNoCertificateInPEM
}

// EncodeCertReqDERtoPEM encodes the certificate request provided in DER format
Expand Down
4 changes: 3 additions & 1 deletion pkg/certificate/errors.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,7 @@ import (
var errEncodeKey = errors.New("encode key")
var errEncodeCert = errors.New("encode cert")
var errMarshalPrivateKey = errors.New("marshal private key")
var errNoCertificateInPEM = errors.New("no certificate in PEM")
var errNoPrivateKeyInPEM = errors.New("no private Key in PEM")

// ErrNoCertificateInPEM is the errror for no certificate in PEM
var ErrNoCertificateInPEM = errors.New("no certificate in PEM")
2 changes: 1 addition & 1 deletion pkg/certificate/providers/certmanager/certificate_manager.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ func (cm *CertManager) GetCertificate(cn certificate.CommonName) (certificate.Ce
if cert := cm.getFromCache(cn); cert != nil {
return cert, nil
}
return nil, fmt.Errorf("failed to find certificate with CN=%s", cn)
return nil, errCertNotFound
}

func (cm *CertManager) deleteFromCache(cn certificate.CommonName) {
Expand Down
165 changes: 147 additions & 18 deletions pkg/certificate/providers/certmanager/certificate_manager_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,11 @@ package certmanager
import (
"crypto/rand"
"crypto/x509"
"testing"
"time"

tassert "github.com/stretchr/testify/assert"

. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"

Expand All @@ -15,29 +18,31 @@ import (
cmfakeapi "github.com/jetstack/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/client-go/testing"
test "k8s.io/client-go/testing"

"github.com/openservicemesh/osm/pkg/certificate"
"github.com/openservicemesh/osm/pkg/configurator"
"github.com/openservicemesh/osm/pkg/tests"
)

var (
mockCtrl = gomock.NewController(GinkgoT())
mockConfigurator = configurator.NewMockConfigurator(mockCtrl)
cn = certificate.CommonName("bookbuyer.azure.mesh")
crNotReady = &cmapi.CertificateRequest{
ObjectMeta: metav1.ObjectMeta{
Name: "osm-123",
Namespace: "osm-system",
},
}
)

var _ = Describe("Test cert-manager Certificate Manager", func() {
defer GinkgoRecover()

var (
mockCtrl *gomock.Controller
mockConfigurator *configurator.MockConfigurator
)

mockCtrl = gomock.NewController(GinkgoT())
mockConfigurator = configurator.NewMockConfigurator(mockCtrl)

Context("Test Getting a certificate from the cache", func() {
validity := 1 * time.Hour

cn := certificate.CommonName("bookbuyer.azure.mesh")

rootCertPEM, err := tests.GetPEMCert()
if err != nil {
GinkgoT().Fatalf("Error loading sample test certificate: %s", err.Error())
Expand Down Expand Up @@ -75,12 +80,6 @@ var _ = Describe("Test cert-manager Certificate Manager", func() {
GinkgoT().Fatalf("Error loading ca %s: %s", rootCertPEM, err.Error())
}

crNotReady := &cmapi.CertificateRequest{
ObjectMeta: metav1.ObjectMeta{
Name: "osm-123",
Namespace: "osm-system",
},
}
crReady := crNotReady.DeepCopy()
crReady.Status = cmapi.CertificateRequestStatus{
Certificate: signedCertPEM,
Expand All @@ -94,7 +93,7 @@ var _ = Describe("Test cert-manager Certificate Manager", func() {
}

fakeClient := cmfakeclient.NewSimpleClientset()
fakeClient.CertmanagerV1().(*cmfakeapi.FakeCertmanagerV1).Fake.PrependReactor("*", "*", func(action testing.Action) (bool, runtime.Object, error) {
fakeClient.CertmanagerV1().(*cmfakeapi.FakeCertmanagerV1).Fake.PrependReactor("*", "*", func(action test.Action) (bool, runtime.Object, error) {
switch action.GetVerb() {
case "create":
return true, crNotReady, nil
Expand All @@ -120,5 +119,135 @@ var _ = Describe("Test cert-manager Certificate Manager", func() {
Expect(getCertificateError).ToNot(HaveOccurred())
Expect(cachedCert).To(Equal(cert))
})

It("should rotate the certificate", func() {
mockConfigurator.EXPECT().GetServiceCertValidityPeriod().Return(validity).AnyTimes()

cert, err := cm.RotateCertificate(cn)
Expect(err).Should(BeNil())
cachedCert, err := cm.GetCertificate(cn)
Expect(cachedCert).To(Equal(cert))
Expect(err).Should(BeNil())
})
})
})

func TestReleaseCertificate(t *testing.T) {
cert := &Certificate{
commonName: cn,
expiration: time.Now().Add(1 * time.Hour),
}
manager := &CertManager{cache: map[certificate.CommonName]certificate.Certificater{cn: cert}}

testCases := []struct {
name string
commonName certificate.CommonName
}{
{
name: "release existing certificate",
commonName: cn,
},
{
name: "release non-existing certificate",
commonName: cn,
},
}

for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
assert := tassert.New(t)

manager.ReleaseCertificate(tc.commonName)
_, err := manager.GetCertificate(tc.commonName)
assert.ErrorIs(err, errCertNotFound)
})
}
}

func TestGetRootCertificate(t *testing.T) {
assert := tassert.New(t)

manager := &CertManager{
ca: &Certificate{
commonName: cn,
expiration: time.Now().Add(1 * time.Hour),
},
}
cert, err := manager.GetRootCertificate()

assert.Nil(err)
assert.Equal(manager.ca, cert)
}

func TestCertificaterFromCertificateRequest(t *testing.T) {
assert := tassert.New(t)
fakeClient := cmfakeclient.NewSimpleClientset()

rootCertPEM, err := tests.GetPEMCert()
assert.Nil(err)

rootCert, err := certificate.DecodePEMCertificate(rootCertPEM)
assert.Nil(err)

rootKeyPEM, err := tests.GetPEMPrivateKey()
assert.Nil(err)

rootKey, err := certificate.DecodePEMPrivateKey(rootKeyPEM)
assert.Nil(err)

rootCertificator, err := NewRootCertificateFromPEM(rootCertPEM)
assert.Nil(err)

cm, err := NewCertManager(rootCertificator, fakeClient, "osm-system", cmmeta.ObjectReference{Name: "osm-ca"}, mockConfigurator)
assert.Nil(err)

signedCertDER, err := x509.CreateCertificate(rand.Reader, rootCert, rootCert, rootKey.Public(), rootKey)
assert.Nil(err)

signedCertPEM, err := certificate.EncodeCertDERtoPEM(signedCertDER)
assert.Nil(err)

crReady := crNotReady.DeepCopy()
crReady.Status = cmapi.CertificateRequestStatus{
Certificate: signedCertPEM,
CA: signedCertPEM,
Conditions: []cmapi.CertificateRequestCondition{
{
Type: cmapi.CertificateRequestConditionReady,
Status: cmmeta.ConditionTrue,
},
},
}
emptyArr := []byte{}
testCases := []struct {
name string
cr cmapi.CertificateRequest
expectedCertIsNil bool
expectedError error
}{
{
name: "Could not decode PEM Cert",
cr: *crNotReady,
expectedCertIsNil: true,
expectedError: certificate.ErrNoCertificateInPEM,
},
{
name: "default",
cr: *crReady,
expectedCertIsNil: false,
expectedError: nil,
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
cert, err := cm.certificaterFromCertificateRequest(&tc.cr, emptyArr)

assert.Equal(tc.expectedCertIsNil, cert == nil)
assert.Equal(tc.expectedError, err)
})
}
// Tests if cmapi.CertificateRequest is nil
cert, err := cm.certificaterFromCertificateRequest(nil, emptyArr)
assert.Nil(cert)
assert.Nil(err)
}
7 changes: 7 additions & 0 deletions pkg/certificate/providers/certmanager/errors.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
package certmanager

import (
"errors"
)

var errCertNotFound = errors.New("failed to find cert")

0 comments on commit 660aef4

Please sign in to comment.