Better test coverage
This commit is contained in:
Louis Taylor
parent
474c8ed27f
commit
791488e2ed
@ -14,7 +14,7 @@ func ValidateCertificateForIssuer(crt *v1alpha1.Certificate, issuerObj v1alpha1.
|
||||
|
||||
issuerType, err := issuer.NameForIssuer(issuerObj)
|
||||
if err != nil {
|
||||
el = append(el, field.Invalid(path, err, err.Error()))
|
||||
el = append(el, field.Invalid(path, err.Error(), err.Error()))
|
||||
return el
|
||||
}
|
||||
|
||||
|
||||
@ -5,59 +5,144 @@ import (
|
||||
"testing"
|
||||
|
||||
"github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1"
|
||||
"github.com/jetstack/cert-manager/test/util/generate"
|
||||
"k8s.io/apimachinery/pkg/util/validation/field"
|
||||
)
|
||||
|
||||
func TestValidateCertificateForACMEIssuer(t *testing.T) {
|
||||
const (
|
||||
defaultTestIssuerName = "test-issuer"
|
||||
defaultTestCrtName = "test-crt"
|
||||
defaultTestNamespace = "default"
|
||||
)
|
||||
|
||||
func TestValidateCertificateForIssuer(t *testing.T) {
|
||||
fldPath := field.NewPath("spec")
|
||||
|
||||
scenarios := map[string]struct {
|
||||
spec *v1alpha1.CertificateSpec
|
||||
issuer *v1alpha1.IssuerSpec
|
||||
crt *v1alpha1.Certificate
|
||||
issuer *v1alpha1.Issuer
|
||||
errs []*field.Error
|
||||
}{
|
||||
"valid basic certificate": {
|
||||
spec: &v1alpha1.CertificateSpec{
|
||||
CommonName: "testcn",
|
||||
SecretName: "abc",
|
||||
IssuerRef: validIssuerRef,
|
||||
crt: &v1alpha1.Certificate{
|
||||
Spec: v1alpha1.CertificateSpec{
|
||||
IssuerRef: validIssuerRef,
|
||||
ACME: &v1alpha1.ACMECertificateConfig{
|
||||
Config: []v1alpha1.ACMECertificateDomainConfig{
|
||||
{
|
||||
Domains: []string{"example.com"},
|
||||
ACMESolverConfig: v1alpha1.ACMESolverConfig{
|
||||
HTTP01: &v1alpha1.ACMECertificateHTTP01Config{},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
issuer: &v1alpha1.IssuerSpec{},
|
||||
|
||||
issuer: generate.Issuer(generate.IssuerConfig{
|
||||
Name: defaultTestIssuerName,
|
||||
Namespace: defaultTestNamespace,
|
||||
}),
|
||||
},
|
||||
"certificate with invalid keyAlgorithm": {
|
||||
spec: &v1alpha1.CertificateSpec{
|
||||
CommonName: "testcn",
|
||||
SecretName: "abc",
|
||||
IssuerRef: validIssuerRef,
|
||||
KeyAlgorithm: v1alpha1.KeyAlgorithm("blah"),
|
||||
crt: &v1alpha1.Certificate{
|
||||
Spec: v1alpha1.CertificateSpec{
|
||||
KeyAlgorithm: v1alpha1.KeyAlgorithm("blah"),
|
||||
IssuerRef: validIssuerRef,
|
||||
ACME: &v1alpha1.ACMECertificateConfig{
|
||||
Config: []v1alpha1.ACMECertificateDomainConfig{
|
||||
{
|
||||
Domains: []string{"example.com"},
|
||||
ACMESolverConfig: v1alpha1.ACMESolverConfig{
|
||||
HTTP01: &v1alpha1.ACMECertificateHTTP01Config{},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
issuer: generate.Issuer(generate.IssuerConfig{
|
||||
Name: defaultTestIssuerName,
|
||||
Namespace: defaultTestNamespace,
|
||||
}),
|
||||
errs: []*field.Error{
|
||||
field.Invalid(fldPath.Child("keyAlgorithm"), v1alpha1.KeyAlgorithm("blah"), "ACME key algorithm must be RSA"),
|
||||
},
|
||||
},
|
||||
"certificate with correct keyAlgorithm for ACME": {
|
||||
spec: &v1alpha1.CertificateSpec{
|
||||
CommonName: "testcn",
|
||||
SecretName: "abc",
|
||||
IssuerRef: validIssuerRef,
|
||||
KeyAlgorithm: v1alpha1.RSAKeyAlgorithm,
|
||||
crt: &v1alpha1.Certificate{
|
||||
Spec: v1alpha1.CertificateSpec{
|
||||
KeyAlgorithm: v1alpha1.RSAKeyAlgorithm,
|
||||
IssuerRef: validIssuerRef,
|
||||
ACME: &v1alpha1.ACMECertificateConfig{
|
||||
Config: []v1alpha1.ACMECertificateDomainConfig{
|
||||
{
|
||||
Domains: []string{"example.com"},
|
||||
ACMESolverConfig: v1alpha1.ACMESolverConfig{
|
||||
HTTP01: &v1alpha1.ACMECertificateHTTP01Config{},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
issuer: generate.Issuer(generate.IssuerConfig{
|
||||
Name: defaultTestIssuerName,
|
||||
Namespace: defaultTestNamespace,
|
||||
}),
|
||||
},
|
||||
"certificate with incorrect keyAlgorithm for ACME": {
|
||||
spec: &v1alpha1.CertificateSpec{
|
||||
CommonName: "testcn",
|
||||
SecretName: "abc",
|
||||
IssuerRef: validIssuerRef,
|
||||
KeyAlgorithm: v1alpha1.ECDSAKeyAlgorithm,
|
||||
crt: &v1alpha1.Certificate{
|
||||
Spec: v1alpha1.CertificateSpec{
|
||||
KeyAlgorithm: v1alpha1.ECDSAKeyAlgorithm,
|
||||
IssuerRef: validIssuerRef,
|
||||
ACME: &v1alpha1.ACMECertificateConfig{
|
||||
Config: []v1alpha1.ACMECertificateDomainConfig{
|
||||
{
|
||||
Domains: []string{"example.com"},
|
||||
ACMESolverConfig: v1alpha1.ACMESolverConfig{
|
||||
HTTP01: &v1alpha1.ACMECertificateHTTP01Config{},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
issuer: generate.Issuer(generate.IssuerConfig{
|
||||
Name: defaultTestIssuerName,
|
||||
Namespace: defaultTestNamespace,
|
||||
}),
|
||||
errs: []*field.Error{
|
||||
field.Invalid(fldPath.Child("keyAlgorithm"), v1alpha1.ECDSAKeyAlgorithm, "ACME key algorithm must be RSA"),
|
||||
},
|
||||
},
|
||||
"certificate with unspecified issuer type": {
|
||||
crt: &v1alpha1.Certificate{
|
||||
Spec: v1alpha1.CertificateSpec{
|
||||
KeyAlgorithm: v1alpha1.ECDSAKeyAlgorithm,
|
||||
IssuerRef: validIssuerRef,
|
||||
ACME: &v1alpha1.ACMECertificateConfig{
|
||||
Config: []v1alpha1.ACMECertificateDomainConfig{
|
||||
{
|
||||
Domains: []string{"example.com"},
|
||||
ACMESolverConfig: v1alpha1.ACMESolverConfig{
|
||||
HTTP01: &v1alpha1.ACMECertificateHTTP01Config{},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
issuer: &v1alpha1.Issuer{},
|
||||
errs: []*field.Error{
|
||||
field.Invalid(fldPath, "no issuer specified for Issuer '/'", "no issuer specified for Issuer '/'"),
|
||||
},
|
||||
},
|
||||
}
|
||||
for n, s := range scenarios {
|
||||
t.Run(n, func(t *testing.T) {
|
||||
path := field.NewPath("spec")
|
||||
errs := ValidateCertificateForACMEIssuer(s.spec, s.issuer, path)
|
||||
errs := ValidateCertificateForIssuer(s.crt, s.issuer)
|
||||
if len(errs) != len(s.errs) {
|
||||
t.Errorf("Expected %v but got %v", s.errs, errs)
|
||||
return
|
||||
|
||||
Loading…
Reference in New Issue
Block a user