Add test for unknown challenge types

Signed-off-by: James Munnelly <james@munnelly.eu>
2020-07-06 16:33:25 +01:00 · 2020-07-06 16:33:25 +01:00 · 8b9ab18849
commit 8b9ab18849
parent c963eb1a61
2 changed files with 34 additions and 0 deletions
--- a/pkg/controller/acmeorders/sync_test.go
+++ b/pkg/controller/acmeorders/sync_test.go
@ -199,6 +199,37 @@ dGVzdA==
 				},
 			},
 		},
+		"should refuse to create a challenge if only an unknown challenge type is offered": {
+			order: gen.OrderFrom(testOrderPending, gen.SetOrderStatus(cmacme.OrderStatus{
+				State:       cmacme.Pending,
+				URL:         "http://testurl.com/abcde",
+				FinalizeURL: "http://testurl.com/abcde/finalize",
+				Authorizations: []cmacme.ACMEAuthorization{
+					{
+						URL:        "http://authzurl",
+						Identifier: "test.com",
+						Challenges: []cmacme.ACMEChallenge{
+							{
+								URL:   "http://chalurl",
+								Token: "token",
+								Type:  "unknown-type",
+							},
+						},
+					},
+				},
+			})),
+			builder: &testpkg.Builder{
+				CertManagerObjects: []runtime.Object{
+					testIssuerHTTP01TestCom,
+				},
+				ExpectedEvents: []string{
+					// the 'unsupported challenge type' text is not printed here as the code that 'selects'
+					// a solver to use for a challenge filters out unsupported challenge types earlier
+					// in its selection routine.
+					`Warning Solver Failed to determine a valid solver configuration for the set of domains on the Order: no configured challenge solvers can be used for this challenge`,
+				},
+			},
+		},
 		// TODO: we should improve this behaviour as this is the 'stuck order' problem described in:
 		//  https://github.com/jetstack/cert-manager/issues/2868
 		"skip creating a Challenge for an already valid authorization, and do nothing if the order is pending": {
--- a/pkg/controller/acmeorders/util.go
+++ b/pkg/controller/acmeorders/util.go
@ -276,6 +276,9 @@ func challengeSpecForAuthorization(ctx context.Context, cl acmecl.Interface, iss
 		return nil, fmt.Errorf("no configured challenge solvers can be used for this challenge")
 	}

+	// It should never be possible for this case to be hit as earlier in this
+	// method we already assert that the challenge type is one of 'http-01'
+	// or 'dns-01'.
 	chType, err := challengeType(selectedChallenge.Type)
 	if err != nil {
 		return nil, err