Fix csr_test.go critical SAN on tests without Subjects

* Also fixed the conformance e2e test by including a Subject and matching the values Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
2023-12-21 18:27:31 +00:00 · 2023-12-21 18:27:31 +00:00 · 1b48cb664b
commit 1b48cb664b
parent c59037a19b
3 changed files with 26 additions and 26 deletions
--- a/pkg/util/pki/csr_test.go
+++ b/pkg/util/pki/csr_test.go
@ -424,7 +424,7 @@ func TestGenerateCSR(t *testing.T) {
 						[]asn1.RawValue{
 							{Tag: nameTypeDNSName, Class: 2, Bytes: []byte("example.org")},
 						},
-						false,
+						true, // SAN is critical as the Subject is empty
 					),
 					{
 						Id:       OIDExtensionKeyUsage,
@ -552,7 +552,7 @@ func TestGenerateCSR(t *testing.T) {
 					sansGenerator(
 						t,
 						[]asn1.RawValue{asn1otherNameUpnSANRawVal},
-						false,
+						true,
 					),
 					{
 						Id:       OIDExtensionKeyUsage,
@ -591,7 +591,7 @@ func TestGenerateCSR(t *testing.T) {
 							asn1otherNameUpnSANRawVal,
 							asn1otherNamesAMAAccountNameRawVal,
 						},
-						false,
+						true,
 					),
 					{
 						Id:       OIDExtensionKeyUsage,
@ -690,7 +690,7 @@ func TestGenerateCSR(t *testing.T) {
 						[]asn1.RawValue{
 							{Tag: nameTypeDNSName, Class: 2, Bytes: []byte("example.org")},
 						},
-						false,
+						true,
 					),
 					{
 						Id:       OIDExtensionKeyUsage,
@ -720,7 +720,7 @@ func TestGenerateCSR(t *testing.T) {
 						[]asn1.RawValue{
 							{Tag: nameTypeDNSName, Class: 2, Bytes: []byte("example.org")},
 						},
-						false,
+						true,
 					),
 					{
 						Id:       OIDExtensionKeyUsage,
@ -754,7 +754,7 @@ func TestGenerateCSR(t *testing.T) {
 						[]asn1.RawValue{
 							{Tag: nameTypeDNSName, Class: 2, Bytes: []byte("example.org")},
 						},
-						false,
+						true,
 					),
 					{
 						Id:       OIDExtensionKeyUsage,
--- a/test/e2e/suite/conformance/certificates/tests.go
+++ b/test/e2e/suite/conformance/certificates/tests.go
@ -223,11 +223,11 @@ func (s *Suite) Define() {

 		s.it(f, "should issue a certificate with a couple valid otherName SAN values set as well as an emailAddress", func(issuerRef cmmeta.ObjectReference) {
 			framework.RequireFeatureGate(f, utilfeature.DefaultFeatureGate, feature.OtherNames)
-			emailAddresses := []string{"email@domain.com"}
+			emailAddresses := []string{"email@domain.test"}
 			otherNames := []cmapi.OtherName{
 				{
 					OID:       "1.3.6.1.4.1.311.20.2.3",
-					UTF8Value: "userprincipal@domain.com",
+					UTF8Value: "upn@domain.test",
 				},
 			}

@ -241,6 +241,7 @@ func (s *Suite) Define() {
 					IssuerRef:      issuerRef,
 					OtherNames:     otherNames,
 					EmailAddresses: emailAddresses,
+					CommonName:     "someCN",
 				}}

 			By("Creating a Certificate")
@ -290,7 +291,6 @@ YH0ROM05IRf2nOI6KInaiz4POk6JvdTb
 `)

 				Expect(cert.Extensions).To(ContainElement(expectedSanExtension))
-				Fail("check")
 				return nil
 			}