From 791488e2ed4b2bb00766261f3822500c4ceb6fb9 Mon Sep 17 00:00:00 2001 From: Louis Taylor Date: Thu, 26 Jul 2018 10:50:28 +0100 Subject: [PATCH] Better test coverage --- .../validation/certificate_for_issuer.go | 2 +- .../validation/certificate_for_issuer_test.go | 135 ++++++++++++++---- 2 files changed, 111 insertions(+), 26 deletions(-) diff --git a/pkg/apis/certmanager/validation/certificate_for_issuer.go b/pkg/apis/certmanager/validation/certificate_for_issuer.go index 178c4481d..792b54466 100644 --- a/pkg/apis/certmanager/validation/certificate_for_issuer.go +++ b/pkg/apis/certmanager/validation/certificate_for_issuer.go @@ -14,7 +14,7 @@ func ValidateCertificateForIssuer(crt *v1alpha1.Certificate, issuerObj v1alpha1. issuerType, err := issuer.NameForIssuer(issuerObj) if err != nil { - el = append(el, field.Invalid(path, err, err.Error())) + el = append(el, field.Invalid(path, err.Error(), err.Error())) return el } diff --git a/pkg/apis/certmanager/validation/certificate_for_issuer_test.go b/pkg/apis/certmanager/validation/certificate_for_issuer_test.go index d64adc0be..cc7c6e9df 100644 --- a/pkg/apis/certmanager/validation/certificate_for_issuer_test.go +++ b/pkg/apis/certmanager/validation/certificate_for_issuer_test.go @@ -5,59 +5,144 @@ import ( "testing" "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1" + "github.com/jetstack/cert-manager/test/util/generate" "k8s.io/apimachinery/pkg/util/validation/field" ) -func TestValidateCertificateForACMEIssuer(t *testing.T) { +const ( + defaultTestIssuerName = "test-issuer" + defaultTestCrtName = "test-crt" + defaultTestNamespace = "default" +) + +func TestValidateCertificateForIssuer(t *testing.T) { fldPath := field.NewPath("spec") + scenarios := map[string]struct { - spec *v1alpha1.CertificateSpec - issuer *v1alpha1.IssuerSpec + crt *v1alpha1.Certificate + issuer *v1alpha1.Issuer errs []*field.Error }{ "valid basic certificate": { - spec: &v1alpha1.CertificateSpec{ - CommonName: "testcn", - SecretName: "abc", - IssuerRef: validIssuerRef, + crt: &v1alpha1.Certificate{ + Spec: v1alpha1.CertificateSpec{ + IssuerRef: validIssuerRef, + ACME: &v1alpha1.ACMECertificateConfig{ + Config: []v1alpha1.ACMECertificateDomainConfig{ + { + Domains: []string{"example.com"}, + ACMESolverConfig: v1alpha1.ACMESolverConfig{ + HTTP01: &v1alpha1.ACMECertificateHTTP01Config{}, + }, + }, + }, + }, + }, }, - issuer: &v1alpha1.IssuerSpec{}, + + issuer: generate.Issuer(generate.IssuerConfig{ + Name: defaultTestIssuerName, + Namespace: defaultTestNamespace, + }), }, "certificate with invalid keyAlgorithm": { - spec: &v1alpha1.CertificateSpec{ - CommonName: "testcn", - SecretName: "abc", - IssuerRef: validIssuerRef, - KeyAlgorithm: v1alpha1.KeyAlgorithm("blah"), + crt: &v1alpha1.Certificate{ + Spec: v1alpha1.CertificateSpec{ + KeyAlgorithm: v1alpha1.KeyAlgorithm("blah"), + IssuerRef: validIssuerRef, + ACME: &v1alpha1.ACMECertificateConfig{ + Config: []v1alpha1.ACMECertificateDomainConfig{ + { + Domains: []string{"example.com"}, + ACMESolverConfig: v1alpha1.ACMESolverConfig{ + HTTP01: &v1alpha1.ACMECertificateHTTP01Config{}, + }, + }, + }, + }, + }, }, + issuer: generate.Issuer(generate.IssuerConfig{ + Name: defaultTestIssuerName, + Namespace: defaultTestNamespace, + }), errs: []*field.Error{ field.Invalid(fldPath.Child("keyAlgorithm"), v1alpha1.KeyAlgorithm("blah"), "ACME key algorithm must be RSA"), }, }, "certificate with correct keyAlgorithm for ACME": { - spec: &v1alpha1.CertificateSpec{ - CommonName: "testcn", - SecretName: "abc", - IssuerRef: validIssuerRef, - KeyAlgorithm: v1alpha1.RSAKeyAlgorithm, + crt: &v1alpha1.Certificate{ + Spec: v1alpha1.CertificateSpec{ + KeyAlgorithm: v1alpha1.RSAKeyAlgorithm, + IssuerRef: validIssuerRef, + ACME: &v1alpha1.ACMECertificateConfig{ + Config: []v1alpha1.ACMECertificateDomainConfig{ + { + Domains: []string{"example.com"}, + ACMESolverConfig: v1alpha1.ACMESolverConfig{ + HTTP01: &v1alpha1.ACMECertificateHTTP01Config{}, + }, + }, + }, + }, + }, }, + issuer: generate.Issuer(generate.IssuerConfig{ + Name: defaultTestIssuerName, + Namespace: defaultTestNamespace, + }), }, "certificate with incorrect keyAlgorithm for ACME": { - spec: &v1alpha1.CertificateSpec{ - CommonName: "testcn", - SecretName: "abc", - IssuerRef: validIssuerRef, - KeyAlgorithm: v1alpha1.ECDSAKeyAlgorithm, + crt: &v1alpha1.Certificate{ + Spec: v1alpha1.CertificateSpec{ + KeyAlgorithm: v1alpha1.ECDSAKeyAlgorithm, + IssuerRef: validIssuerRef, + ACME: &v1alpha1.ACMECertificateConfig{ + Config: []v1alpha1.ACMECertificateDomainConfig{ + { + Domains: []string{"example.com"}, + ACMESolverConfig: v1alpha1.ACMESolverConfig{ + HTTP01: &v1alpha1.ACMECertificateHTTP01Config{}, + }, + }, + }, + }, + }, }, + issuer: generate.Issuer(generate.IssuerConfig{ + Name: defaultTestIssuerName, + Namespace: defaultTestNamespace, + }), errs: []*field.Error{ field.Invalid(fldPath.Child("keyAlgorithm"), v1alpha1.ECDSAKeyAlgorithm, "ACME key algorithm must be RSA"), }, }, + "certificate with unspecified issuer type": { + crt: &v1alpha1.Certificate{ + Spec: v1alpha1.CertificateSpec{ + KeyAlgorithm: v1alpha1.ECDSAKeyAlgorithm, + IssuerRef: validIssuerRef, + ACME: &v1alpha1.ACMECertificateConfig{ + Config: []v1alpha1.ACMECertificateDomainConfig{ + { + Domains: []string{"example.com"}, + ACMESolverConfig: v1alpha1.ACMESolverConfig{ + HTTP01: &v1alpha1.ACMECertificateHTTP01Config{}, + }, + }, + }, + }, + }, + }, + issuer: &v1alpha1.Issuer{}, + errs: []*field.Error{ + field.Invalid(fldPath, "no issuer specified for Issuer '/'", "no issuer specified for Issuer '/'"), + }, + }, } for n, s := range scenarios { t.Run(n, func(t *testing.T) { - path := field.NewPath("spec") - errs := ValidateCertificateForACMEIssuer(s.spec, s.issuer, path) + errs := ValidateCertificateForIssuer(s.crt, s.issuer) if len(errs) != len(s.errs) { t.Errorf("Expected %v but got %v", s.errs, errs) return