weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Add new unsupported feature to exclude root CA assert in Vault issuer e2e-tests

Browse Source 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
This commit is contained in:
Erik Godding Boye 2021-04-15 10:14:17 +02:00
parent 1919e4cb3f
commit 5d21410156
6 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
test/e2e/framework/helper/featureset/featureset.go
View File

@ -128,6 +128,10 @@ const (
OnlySAN = "OnlySAN"
// SaveCAToSecret denotes whether the target issuer returns a CA
// certificate which can be stored in the CA.crt field of the Secret.
// certificate which can be stored in the ca.crt field of the Secret.
SaveCAToSecret = "SaveCAToSecret"
// SaveRootCAToSecret denotes whether the CA certificate is expected to
// represent a root CA (sub-feature of SaveCAToSecret)
SaveRootCAToSecret = "SaveRootCAToSecret"
)

4
test/e2e/framework/helper/validate.go
View File

@ -72,7 +72,9 @@ func (h *Helper) ValidationSetForUnsupportedFeatureSet(fs featureset.FeatureSet)
if !fs.Contains(featureset.SaveCAToSecret) {
out = append(out, validations.ExpectCorrectTrustChain)
out = append(out, validations.ExpectCARootCertificate)
if !fs.Contains(featureset.SaveRootCAToSecret) {
out = append(out, validations.ExpectCARootCertificate)
}
}
return out

1
test/e2e/suite/conformance/certificates/vault/vault_approle.go
View File

@ -43,6 +43,7 @@ const (
var _ = framework.ConformanceDescribe("Certificates", func() {
var unsupportedFeatures = featureset.NewFeatureSet(
featureset.KeyUsagesFeature,
featureset.SaveRootCAToSecret,
)
provisioner := new(vaultAppRoleProvisioner)

1
test/e2e/suite/issuers/vault/certificate/BUILD.bazel
View File

@ -15,6 +15,7 @@ go_library(
"//test/e2e/framework:go_default_library",
"//test/e2e/framework/addon:go_default_library",
"//test/e2e/framework/addon/vault:go_default_library",
"//test/e2e/framework/helper/featureset:go_default_library",
"//test/e2e/util:go_default_library",
"//test/unit/gen:go_default_library",
"@com_github_onsi_ginkgo//:go_default_library",

7
test/e2e/suite/issuers/vault/certificate/approle.go
View File

@ -31,6 +31,7 @@ import (
"github.com/jetstack/cert-manager/test/e2e/framework"
"github.com/jetstack/cert-manager/test/e2e/framework/addon"
vaultaddon "github.com/jetstack/cert-manager/test/e2e/framework/addon/vault"
"github.com/jetstack/cert-manager/test/e2e/framework/helper/featureset"
"github.com/jetstack/cert-manager/test/e2e/util"
"github.com/jetstack/cert-manager/test/unit/gen"
)
@ -171,7 +172,8 @@ func runVaultAppRoleTests(issuerKind string) {
Expect(err).NotTo(HaveOccurred())
By("Validating the issued Certificate...")
err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName)
unsupportedFeatures := featureset.NewFeatureSet(featureset.SaveRootCAToSecret)
err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName, f.Helper().ValidationSetForUnsupportedFeatureSet(unsupportedFeatures)...)
Expect(err).NotTo(HaveOccurred())
})
@ -266,7 +268,8 @@ func runVaultAppRoleTests(issuerKind string) {
Expect(err).NotTo(HaveOccurred())
By("Validating the issued Certificate...")
err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName)
unsupportedFeatures := featureset.NewFeatureSet(featureset.SaveRootCAToSecret)
err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName, f.Helper().ValidationSetForUnsupportedFeatureSet(unsupportedFeatures)...)
Expect(err).NotTo(HaveOccurred())
// Vault subtract 30 seconds to the NotBefore date.

4
test/e2e/suite/issuers/vault/certificate/approle_custom_mount.go
View File

@ -30,6 +30,7 @@ import (
"github.com/jetstack/cert-manager/test/e2e/framework"
"github.com/jetstack/cert-manager/test/e2e/framework/addon"
vaultaddon "github.com/jetstack/cert-manager/test/e2e/framework/addon/vault"
"github.com/jetstack/cert-manager/test/e2e/framework/helper/featureset"
"github.com/jetstack/cert-manager/test/e2e/util"
"github.com/jetstack/cert-manager/test/unit/gen"
)
@ -169,7 +170,8 @@ func runVaultCustomAppRoleTests(issuerKind string) {
Expect(err).NotTo(HaveOccurred())
By("Validating the issued Certificate...")
err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName)
unsupportedFeatures := featureset.NewFeatureSet(featureset.SaveRootCAToSecret)
err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName, f.Helper().ValidationSetForUnsupportedFeatureSet(unsupportedFeatures)...)
Expect(err).NotTo(HaveOccurred())
})
}