weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

update tests to work with StableCertificateRequestName featuregate being enabled by default

Browse Source 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
This commit is contained in:
Tim Ramlot 2023-08-25 21:31:59 +02:00
parent 882b771f55
commit 68cbbf8c42
No known key found for this signature in database
GPG Key ID: 47428728E0C2878D
3 changed files with 62 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
pkg/controller/certificates/requestmanager/requestmanager_controller_test.go
View File

@ -111,7 +111,7 @@ func TestProcessItem(t *testing.T) {
key string
// Featuregates to set for a particular test.
featuresToEnable []featuregate.Feature
featuresFlags map[featuregate.Feature]bool
// Certificate to be synced for the test.
// if not set, the 'key' will be passed to ProcessItem instead.
@ -178,7 +178,10 @@ func TestProcessItem(t *testing.T) {
gen.SetCertificateStatusCondition(cmapi.CertificateCondition{Type: cmapi.CertificateConditionIssuing, Status: cmmeta.ConditionTrue}),
),
},
"create a CertificateRequest if none exists": {
"create a CertificateRequest if none exists and StableCertificateRequestName disabled": {
featuresFlags: map[featuregate.Feature]bool{
feature.StableCertificateRequestName: false,
},
secrets: []runtime.Object{
&corev1.Secret{
ObjectMeta: metav1.ObjectMeta{Namespace: bundle1.certificate.Namespace, Name: "exists"},
@ -193,6 +196,8 @@ func TestProcessItem(t *testing.T) {
expectedActions: []testpkg.Action{
testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns",
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName(""),
gen.SetCertificateRequestGenerateName("test-"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "1",
@ -200,8 +205,7 @@ func TestProcessItem(t *testing.T) {
)), relaxedCertificateRequestMatcher),
},
},
"create a CertificateRequest if none exists and StableCertificateRequestName enabled": {
featuresToEnable: []featuregate.Feature{feature.StableCertificateRequestName},
"create a CertificateRequest if none exists": {
secrets: []runtime.Object{
&corev1.Secret{
ObjectMeta: metav1.ObjectMeta{Namespace: bundle3.certificate.Namespace, Name: "exists"},
@ -217,7 +221,6 @@ func TestProcessItem(t *testing.T) {
testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns",
gen.CertificateRequestFrom(bundle3.certificateRequest,
gen.SetCertificateRequestName("test-1"),
gen.SetCertificateRequestGenerateName(""),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "1",
@ -238,17 +241,19 @@ func TestProcessItem(t *testing.T) {
),
requests: []runtime.Object{
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("random-value"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "",
}),
),
},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-1"`},
expectedActions: []testpkg.Action{
testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test")),
testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "random-value")),
testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns",
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("test-1"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "1",
@ -269,17 +274,19 @@ func TestProcessItem(t *testing.T) {
),
requests: []runtime.Object{
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("random-value"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "invalid",
}),
),
},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-1"`},
expectedActions: []testpkg.Action{
testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test")),
testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "random-value")),
testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns",
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("test-1"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "1",
@ -300,6 +307,7 @@ func TestProcessItem(t *testing.T) {
),
requests: []runtime.Object{
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("random-value"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "1",
@ -320,6 +328,7 @@ func TestProcessItem(t *testing.T) {
),
requests: []runtime.Object{
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("random-value"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "1",
@ -327,11 +336,12 @@ func TestProcessItem(t *testing.T) {
gen.SetCertificateRequestCSR([]byte("invalid")),
),
},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-1"`},
expectedActions: []testpkg.Action{
testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test")),
testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "random-value")),
testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns",
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("test-1"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "1",
@ -352,23 +362,25 @@ func TestProcessItem(t *testing.T) {
),
requests: []runtime.Object{
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("test-3"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "3",
}),
),
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("testing-number-2"),
gen.SetCertificateRequestName("test-4"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "4",
}),
),
},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-1"`},
expectedActions: []testpkg.Action{
testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns",
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("test-1"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "1",
@ -389,6 +401,7 @@ func TestProcessItem(t *testing.T) {
),
requests: []runtime.Object{
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("test-1"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "1",
@ -397,18 +410,19 @@ func TestProcessItem(t *testing.T) {
// included here just to ensure it does not get deleted as it is not for the
// 'next' revision that is being requested
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("testing-number-2"),
gen.SetCertificateRequestName("test-4"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "4",
}),
),
},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-1"`},
expectedActions: []testpkg.Action{
testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test")),
testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns",
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("test-1"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "1",
@ -430,6 +444,7 @@ func TestProcessItem(t *testing.T) {
),
requests: []runtime.Object{
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("test-6"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "6",
@ -438,18 +453,19 @@ func TestProcessItem(t *testing.T) {
// included here just to ensure it does not get deleted as it is not for the
// 'next' revision that is being requested
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("testing-number-2"),
gen.SetCertificateRequestName("test-5"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "5",
}),
),
},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-6"`},
expectedActions: []testpkg.Action{
testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test")),
testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test-6")),
testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns",
gen.CertificateRequestFrom(bundle2.certificateRequest,
gen.SetCertificateRequestName("test-6"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "6",
@ -471,17 +487,19 @@ func TestProcessItem(t *testing.T) {
),
requests: []runtime.Object{
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("test-6"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "6",
}),
),
},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-6"`},
expectedActions: []testpkg.Action{
testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test")),
testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test-6")),
testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns",
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("test-6"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "6",
@ -504,17 +522,19 @@ func TestProcessItem(t *testing.T) {
),
requests: []runtime.Object{
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("test-6"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "6",
}),
),
},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-6"`},
expectedActions: []testpkg.Action{
testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test")),
testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test-6")),
testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns",
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("test-6"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "6",
@ -536,6 +556,7 @@ func TestProcessItem(t *testing.T) {
),
requests: []runtime.Object{
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("random-value"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "6",
@ -557,13 +578,14 @@ func TestProcessItem(t *testing.T) {
),
requests: []runtime.Object{
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("random-value-1"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "6",
}),
),
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("another-name-2"),
gen.SetCertificateRequestName("random-value-2"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "6",
@ -585,6 +607,7 @@ func TestProcessItem(t *testing.T) {
),
requests: []runtime.Object{
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("test-6"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "6",
@ -593,11 +616,12 @@ func TestProcessItem(t *testing.T) {
gen.SetCertificateRequestFailureTime(metav1.Time{Time: fixedNow.Time.Add(time.Hour * -1)}),
),
},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`},
expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-6"`},
expectedActions: []testpkg.Action{
testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test")),
testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test-6")),
testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns",
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("test-6"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "6",
@ -619,6 +643,7 @@ func TestProcessItem(t *testing.T) {
),
requests: []runtime.Object{
gen.CertificateRequestFrom(bundle1.certificateRequest,
gen.SetCertificateRequestName("random-value"),
gen.SetCertificateRequestAnnotations(map[string]string{
cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists",
cmapi.CertificateRequestRevisionAnnotationKey: "6",
@ -656,8 +681,8 @@ func TestProcessItem(t *testing.T) {
}
// Enable any features for a particular test
for _, feature := range test.featuresToEnable {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, feature, true)()
for feature, value := range test.featuresFlags {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, feature, value)()
}
// Start the informers and begin processing updates

9
pkg/controller/certificates/requestmanager/util_test.go
View File

@ -20,7 +20,6 @@ import (
"crypto"
"crypto/x509"
"encoding/pem"
"fmt"
"testing"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -102,12 +101,8 @@ func createCryptoBundle(originalCert *cmapi.Certificate) (*cryptoBundle, error)
for k, v := range crt.Annotations {
annotations[k] = v
}
if crt.Status.Revision != nil {
annotations[cmapi.CertificateRequestRevisionAnnotationKey] = fmt.Sprintf("%d", crt.Status.Revision)
} else {
annotations[cmapi.CertificateRequestRevisionAnnotationKey] = "1"
}
annotations[cmapi.CertificateRequestRevisionAnnotationKey] = "NOT SET"
annotations[cmapi.CertificateRequestPrivateKeyAnnotationKey] = crt.Spec.SecretName
annotations[cmapi.CertificateNameKey] = crt.Name
if crt.Status.NextPrivateKeySecretName != nil {
@ -115,7 +110,7 @@ func createCryptoBundle(originalCert *cmapi.Certificate) (*cryptoBundle, error)
}
certificateRequest := &cmapi.CertificateRequest{
ObjectMeta: metav1.ObjectMeta{
GenerateName: crt.Name + "-",
Name: "NOT SET",
Namespace: crt.Namespace,
OwnerReferences: []metav1.OwnerReference{*metav1.NewControllerRef(crt, certificateGvk)},
Annotations: annotations,

10
test/integration/certificates/generates_new_private_key_per_request_test.go
View File

@ -144,7 +144,10 @@ func TestGeneratesNewPrivateKeyIfMarkedInvalidRequest(t *testing.T) {
}
for _, req := range reqs.Items {
if req.Name == firstReq.Name {
// We expect a new request to be created (with the same name as the first request)
// and the old request to be deleted. We can check this by comparing the UID of the
// first request with the UID of the second request.
if req.UID == firstReq.UID {
continue
}
@ -278,7 +281,10 @@ func TestGeneratesNewPrivateKeyPerRequest(t *testing.T) {
}
for _, req := range reqs.Items {
if req.Name == firstReq.Name {
// We expect a new request to be created (with the same name as the first request)
// and the old request to be deleted. We can check this by comparing the UID of the
// first request with the UID of the second request.
if req.UID == firstReq.UID {
continue
}