From 401fb2dc3416fe7ca15b7fb0790e32854051eb4b Mon Sep 17 00:00:00 2001 From: Sathyanarayanan Saravanamuthu Date: Tue, 4 Oct 2022 16:59:40 +0530 Subject: [PATCH] Improving unit test coverage of pkg/issuer/acme/setup.go Signed-off-by: Sathyanarayanan Saravanamuthu --- pkg/issuer/acme/setup_test.go | 127 ++++++++++++++++++++++++++++++++++ 1 file changed, 127 insertions(+) diff --git a/pkg/issuer/acme/setup_test.go b/pkg/issuer/acme/setup_test.go index faa7db2f3..050596e54 100644 --- a/pkg/issuer/acme/setup_test.go +++ b/pkg/issuer/acme/setup_test.go @@ -122,6 +122,9 @@ func TestAcme_Setup(t *testing.T) { // Error returned by cl.GetReg getRegErr error + // Error return by cl.UpdateRegistration + updateRegError error + // Error returned when creating ACME account key. acmePrivKeySecretCreateErr error // ACME account key created by createAccountPrivateKey. @@ -382,6 +385,127 @@ func TestAcme_Setup(t *testing.T) { gen.SetIssuerConditionMessage(messageAccountRegistered)), }, }, + "ACME account with legacy EAB key algorithm set, spec email different from registered email and registered successfully": { + issuer: gen.IssuerFrom(baseIssuer, + gen.SetIssuerACMEEmail(someEmail), + gen.SetIssuerACMEEABWithKeyAlgorithm(someString, someString, cmacme.HS256)), + kfsKey: rsaPrivKey, + removeClientShouldBeCalled: true, + addClientShouldBeCalled: true, + eabSecret: eabSecret, + registerErr: acmeapi.ErrAccountAlreadyExists, + getRegAcc: &acmeapi.Account{ExternalAccountBinding: &acmeapi.ExternalAccountBinding{ + KID: someString, + Key: []byte(eabKey), + }, + Contact: []string{"some@test.com"}, + }, + expectedRegisteredAcc: &acmeapi.Account{ExternalAccountBinding: &acmeapi.ExternalAccountBinding{ + KID: someString, + Key: []byte(eabKey), + }, + Contact: []string{someEmailURL}, + }, + expectedConditions: []cmapi.IssuerCondition{ + *gen.IssuerConditionFrom(readyTrueCondition, + gen.SetIssuerConditionStatus(cmmeta.ConditionTrue), + gen.SetIssuerConditionReason(successAccountRegistered), + gen.SetIssuerConditionMessage(messageAccountRegistered)), + }, + }, + "ACME account with legacy EAB key algorithm set, spec email different from registered email and registered failed": { + issuer: gen.IssuerFrom(baseIssuer, + gen.SetIssuerACMEEmail(someEmail), + gen.SetIssuerACMEEABWithKeyAlgorithm(someString, someString, cmacme.HS256)), + kfsKey: rsaPrivKey, + removeClientShouldBeCalled: true, + eabSecret: eabSecret, + registerErr: acmeapi.ErrAccountAlreadyExists, + getRegAcc: &acmeapi.Account{ExternalAccountBinding: &acmeapi.ExternalAccountBinding{ + KID: someString, + Key: []byte(eabKey), + }, + Contact: []string{"some@test.com"}, + }, + expectedRegisteredAcc: &acmeapi.Account{ExternalAccountBinding: &acmeapi.ExternalAccountBinding{ + KID: someString, + Key: []byte(eabKey), + }, + Contact: []string{someEmailURL}, + }, + updateRegError: someErr, + wantsErr: true, + expectedConditions: []cmapi.IssuerCondition{ + *gen.IssuerConditionFrom(readyTrueCondition, + gen.SetIssuerConditionStatus(cmmeta.ConditionFalse), + gen.SetIssuerConditionReason(errorAccountUpdateFailed), + gen.SetIssuerConditionMessage(fmt.Sprintf("%s%s", messageAccountUpdateFailed, someString))), + }, + expectedEvents: []string{ + fmt.Sprintf("%s %s %s", corev1.EventTypeWarning, errorAccountUpdateFailed, fmt.Sprintf("%s%s", messageAccountUpdateFailed, someString))}, + }, + "ACME account with legacy EAB key algorithm set, spec email different from registered email and registered failed with non-retryable ACME Error": { + issuer: gen.IssuerFrom(baseIssuer, + gen.SetIssuerACMEEmail(someEmail), + gen.SetIssuerACMEEABWithKeyAlgorithm(someString, someString, cmacme.HS256)), + kfsKey: rsaPrivKey, + removeClientShouldBeCalled: true, + eabSecret: eabSecret, + registerErr: acmeapi.ErrAccountAlreadyExists, + getRegAcc: &acmeapi.Account{ExternalAccountBinding: &acmeapi.ExternalAccountBinding{ + KID: someString, + Key: []byte(eabKey), + }, + Contact: []string{"some@test.com"}, + }, + expectedRegisteredAcc: &acmeapi.Account{ExternalAccountBinding: &acmeapi.ExternalAccountBinding{ + KID: someString, + Key: []byte(eabKey), + }, + Contact: []string{someEmailURL}, + }, + updateRegError: acmeErr450, + wantsErr: false, + expectedConditions: []cmapi.IssuerCondition{ + *gen.IssuerConditionFrom(readyTrueCondition, + gen.SetIssuerConditionStatus(cmmeta.ConditionFalse), + gen.SetIssuerConditionReason(errorAccountUpdateFailed), + gen.SetIssuerConditionMessage(fmt.Sprintf("%s%s", messageAccountUpdateFailed, acmeErr450.Error()))), + }, + expectedEvents: []string{ + fmt.Sprintf("%s %s %s", corev1.EventTypeWarning, errorAccountUpdateFailed, fmt.Sprintf("%s%s", messageAccountUpdateFailed, acmeErr450.Error()))}, + }, + "ACME account with legacy EAB key algorithm set, spec email different from registered email and registered failed with retryable ACME Error": { + issuer: gen.IssuerFrom(baseIssuer, + gen.SetIssuerACMEEmail(someEmail), + gen.SetIssuerACMEEABWithKeyAlgorithm(someString, someString, cmacme.HS256)), + kfsKey: rsaPrivKey, + removeClientShouldBeCalled: true, + eabSecret: eabSecret, + registerErr: acmeapi.ErrAccountAlreadyExists, + getRegAcc: &acmeapi.Account{ExternalAccountBinding: &acmeapi.ExternalAccountBinding{ + KID: someString, + Key: []byte(eabKey), + }, + Contact: []string{"some@test.com"}, + }, + expectedRegisteredAcc: &acmeapi.Account{ExternalAccountBinding: &acmeapi.ExternalAccountBinding{ + KID: someString, + Key: []byte(eabKey), + }, + Contact: []string{someEmailURL}, + }, + updateRegError: acmeErr500, + wantsErr: true, + expectedConditions: []cmapi.IssuerCondition{ + *gen.IssuerConditionFrom(readyTrueCondition, + gen.SetIssuerConditionStatus(cmmeta.ConditionFalse), + gen.SetIssuerConditionReason(errorAccountUpdateFailed), + gen.SetIssuerConditionMessage(fmt.Sprintf("%s%s", messageAccountUpdateFailed, acmeErr500.Error()))), + }, + expectedEvents: []string{ + fmt.Sprintf("%s %s %s", corev1.EventTypeWarning, errorAccountUpdateFailed, fmt.Sprintf("%s%s", messageAccountUpdateFailed, acmeErr500.Error()))}, + }, } for name, test := range tests { t.Run(name, func(t *testing.T) { @@ -426,6 +550,9 @@ func TestAcme_Setup(t *testing.T) { FakeGetReg: func(context.Context, string) (*acmeapi.Account, error) { return test.getRegAcc, test.getRegErr }, + FakeUpdateReg: func(ctx context.Context, a *acmeapi.Account) (*acmeapi.Account, error) { + return a, test.updateRegError + }, } // Mock events recorder.