Update CertificateRequest controller unit tests

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
2019-11-19 22:09:01 +00:00 · 2019-11-19 22:09:01 +00:00 · de7aaa84d3
commit de7aaa84d3
parent 3bcc038c09
5 changed files with 177 additions and 8 deletions
--- a/pkg/controller/certificaterequests/acme/acme_test.go
+++ b/pkg/controller/certificaterequests/acme/acme_test.go
@ -75,6 +75,10 @@ func generateCSR(t *testing.T, secretKey crypto.Signer, commonName string, dnsNa
 func TestSign(t *testing.T) {
 	baseIssuer := gen.Issuer("test-issuer",
 		gen.SetIssuerACME(cmacme.ACMEIssuer{}),
+		gen.AddIssuerCondition(cmapi.IssuerCondition{
+			Type:   cmapi.IssuerConditionReady,
+			Status: cmmeta.ConditionTrue,
+		}),
 	)

 	sk, err := pki.GenerateRSAPrivateKey(2048)
@ -216,6 +220,35 @@ func TestSign(t *testing.T) {
 			},
 		},

+		"should exit nil and set status pending if referenced issuer is not ready": {
+			certificateRequest: baseCR.DeepCopy(),
+			builder: &testpkg.Builder{
+				CertManagerObjects: []runtime.Object{baseCR.DeepCopy(),
+					gen.Issuer(baseIssuer.DeepCopy().Name,
+						gen.SetIssuerACME(cmacme.ACMEIssuer{}),
+					)},
+				ExpectedEvents: []string{
+					"Normal IssuerNotReady Referenced issuer does not have a Ready status condition",
+				},
+				ExpectedActions: []testpkg.Action{
+					testpkg.NewAction(coretesting.NewUpdateSubresourceAction(
+						cmapi.SchemeGroupVersion.WithResource("certificaterequests"),
+						"status",
+						gen.DefaultTestNamespace,
+						gen.CertificateRequestFrom(baseCR,
+							gen.SetCertificateRequestStatusCondition(cmapi.CertificateRequestCondition{
+								Type:               cmapi.CertificateRequestConditionReady,
+								Status:             cmmeta.ConditionFalse,
+								Reason:             "Pending",
+								Message:            "Referenced issuer does not have a Ready status condition",
+								LastTransitionTime: &metaFixedClockStart,
+							}),
+						),
+					)),
+				},
+			},
+		},
+
 		"if we fail to get the order resource due to a transient error then we should report pending and return error to re-sync": {
 			certificateRequest: baseCR.DeepCopy(),
 			builder: &testpkg.Builder{
--- a/pkg/controller/certificaterequests/ca/ca_test.go
+++ b/pkg/controller/certificaterequests/ca/ca_test.go
@ -98,6 +98,10 @@ func generateSelfSignedCertFromCR(t *testing.T, cr *cmapi.CertificateRequest, ke
 func TestSign(t *testing.T) {
 	baseIssuer := gen.Issuer("test-issuer",
 		gen.SetIssuerCA(cmapi.CAIssuer{SecretName: "root-ca-secret"}),
+		gen.AddIssuerCondition(cmapi.IssuerCondition{
+			Type:   cmapi.IssuerConditionReady,
+			Status: cmmeta.ConditionTrue,
+		}),
 	)

 	// Build root RSA CA
@ -114,7 +118,7 @@ func TestSign(t *testing.T) {
 		gen.SetCertificateRequestIsCA(true),
 		gen.SetCertificateRequestCSR(rsaCSR),
 		gen.SetCertificateRequestIssuer(cmmeta.ObjectReference{
-			Name:  baseIssuer.Name,
+			Name:  baseIssuer.DeepCopy().Name,
 			Group: certmanager.GroupName,
 			Kind:  "Issuer",
 		}),
@ -154,7 +158,7 @@ func TestSign(t *testing.T) {
 			certificateRequest: baseCR.DeepCopy(),
 			builder: &testpkg.Builder{
 				KubeObjects:        []runtime.Object{},
-				CertManagerObjects: []runtime.Object{baseCR.DeepCopy(), baseIssuer},
+				CertManagerObjects: []runtime.Object{baseCR.DeepCopy(), baseIssuer.DeepCopy()},
 				ExpectedEvents: []string{
 					`Normal SecretMissing Referenced secret default-unit-test-ns/root-ca-secret not found: secret "root-ca-secret" not found`,
 				},
@ -176,11 +180,15 @@ func TestSign(t *testing.T) {
 				},
 			},
 		},
-		"a secret with invlaid datashould set condition to pending and wait for re-sync": {
+		"a secret with invlaid data should set condition to pending and wait for re-sync": {
 			certificateRequest: baseCR.DeepCopy(),
 			builder: &testpkg.Builder{
-				KubeObjects:        []runtime.Object{badDataSecret},
-				CertManagerObjects: []runtime.Object{baseCR.DeepCopy(), baseIssuer},
+				KubeObjects: []runtime.Object{badDataSecret},
+				CertManagerObjects: []runtime.Object{baseCR.DeepCopy(),
+					gen.IssuerFrom(baseIssuer.DeepCopy(),
+						gen.SetIssuerCA(cmapi.CAIssuer{SecretName: badDataSecret.Name}),
+					),
+				},
 				ExpectedEvents: []string{
 					"Normal SecretInvalidData Failed to parse signing CA keypair from secret default-unit-test-ns/root-ca-secret: error decoding private key PEM block",
 				},
@ -206,7 +214,7 @@ func TestSign(t *testing.T) {
 			certificateRequest: baseCR.DeepCopy(),
 			builder: &testpkg.Builder{
 				KubeObjects:        []runtime.Object{rsaCASecret},
-				CertManagerObjects: []runtime.Object{baseCR.DeepCopy(), baseIssuer},
+				CertManagerObjects: []runtime.Object{baseCR.DeepCopy(), baseIssuer.DeepCopy()},
 				ExpectedEvents: []string{
 					`Normal SecretGetError Failed to get certificate key pair from secret default-unit-test-ns/root-ca-secret: this is a network error`,
 				},
@ -238,6 +246,35 @@ func TestSign(t *testing.T) {
 			},
 			expectedErr: true,
 		},
+		"should exit nil and set status pending if referenced issuer is not ready": {
+			certificateRequest: baseCR.DeepCopy(),
+			builder: &testpkg.Builder{
+				KubeObjects: []runtime.Object{rsaCASecret},
+				CertManagerObjects: []runtime.Object{baseCR.DeepCopy(),
+					gen.Issuer(baseIssuer.DeepCopy().Name,
+						gen.SetIssuerCA(cmapi.CAIssuer{}),
+					)},
+				ExpectedEvents: []string{
+					"Normal IssuerNotReady Referenced issuer does not have a Ready status condition",
+				},
+				ExpectedActions: []testpkg.Action{
+					testpkg.NewAction(coretesting.NewUpdateSubresourceAction(
+						cmapi.SchemeGroupVersion.WithResource("certificaterequests"),
+						"status",
+						gen.DefaultTestNamespace,
+						gen.CertificateRequestFrom(baseCR,
+							gen.SetCertificateRequestStatusCondition(cmapi.CertificateRequestCondition{
+								Type:               cmapi.CertificateRequestConditionReady,
+								Status:             cmmeta.ConditionFalse,
+								Reason:             "Pending",
+								Message:            "Referenced issuer does not have a Ready status condition",
+								LastTransitionTime: &metaFixedClockStart,
+							}),
+						),
+					)),
+				},
+			},
+		},
 		"a secret that fails to sign should set condition to failed": {
 			certificateRequest: baseCR.DeepCopy(),
 			templateGenerator: func(*cmapi.CertificateRequest) (*x509.Certificate, error) {
@ -245,7 +282,7 @@ func TestSign(t *testing.T) {
 			},
 			builder: &testpkg.Builder{
 				KubeObjects:        []runtime.Object{rsaCASecret},
-				CertManagerObjects: []runtime.Object{baseCR.DeepCopy(), baseIssuer},
+				CertManagerObjects: []runtime.Object{baseCR.DeepCopy(), baseIssuer.DeepCopy()},
 				ExpectedEvents: []string{
 					"Warning SigningError Error generating certificate template: this is a sign error",
 				},
@ -280,7 +317,7 @@ func TestSign(t *testing.T) {
 			},
 			builder: &testpkg.Builder{
 				KubeObjects:        []runtime.Object{rsaCASecret},
-				CertManagerObjects: []runtime.Object{baseCR.DeepCopy(), baseIssuer},
+				CertManagerObjects: []runtime.Object{baseCR.DeepCopy(), baseIssuer.DeepCopy()},
 				ExpectedEvents: []string{
 					"Normal CertificateIssued Certificate fetched from issuer successfully",
 				},
--- a/pkg/controller/certificaterequests/selfsigned/selfsigned_test.go
+++ b/pkg/controller/certificaterequests/selfsigned/selfsigned_test.go
@ -76,6 +76,10 @@ func TestSign(t *testing.T) {

 	baseIssuer := gen.Issuer("test-issuer",
 		gen.SetIssuerSelfSigned(cmapi.SelfSignedIssuer{}),
+		gen.AddIssuerCondition(cmapi.IssuerCondition{
+			Type:   cmapi.IssuerConditionReady,
+			Status: cmmeta.ConditionTrue,
+		}),
 	)

 	skRSA, err := pki.GenerateRSAPrivateKey(2048)
@ -285,6 +289,35 @@ func TestSign(t *testing.T) {
 				},
 			},
 		},
+		"should exit nil and set status pending if referenced issuer is not ready": {
+			certificateRequest: baseCR.DeepCopy(),
+			builder: &testpkg.Builder{
+				KubeObjects: []runtime.Object{},
+				CertManagerObjects: []runtime.Object{baseCR.DeepCopy(),
+					gen.Issuer(baseIssuer.DeepCopy().Name,
+						gen.SetIssuerSelfSigned(cmapi.SelfSignedIssuer{}),
+					)},
+				ExpectedEvents: []string{
+					"Normal IssuerNotReady Referenced issuer does not have a Ready status condition",
+				},
+				ExpectedActions: []testpkg.Action{
+					testpkg.NewAction(coretesting.NewUpdateSubresourceAction(
+						cmapi.SchemeGroupVersion.WithResource("certificaterequests"),
+						"status",
+						gen.DefaultTestNamespace,
+						gen.CertificateRequestFrom(baseCR,
+							gen.SetCertificateRequestStatusCondition(cmapi.CertificateRequestCondition{
+								Type:               cmapi.CertificateRequestConditionReady,
+								Status:             cmmeta.ConditionFalse,
+								Reason:             "Pending",
+								Message:            "Referenced issuer does not have a Ready status condition",
+								LastTransitionTime: &metaFixedClockStart,
+							}),
+						),
+					)),
+				},
+			},
+		},
 		"a CertificateRequest that transiently fails a secret lookup should backoff error to retry": {
 			certificateRequest: baseCR.DeepCopy(),
 			builder: &testpkg.Builder{
--- a/pkg/controller/certificaterequests/vault/vault_test.go
+++ b/pkg/controller/certificaterequests/vault/vault_test.go
@ -99,6 +99,10 @@ func TestSign(t *testing.T) {
 	metaFixedClockStart := metav1.NewTime(fixedClockStart)
 	baseIssuer := gen.Issuer("vault-issuer",
 		gen.SetIssuerVault(cmapi.VaultIssuer{}),
+		gen.AddIssuerCondition(cmapi.IssuerCondition{
+			Type:   cmapi.IssuerConditionReady,
+			Status: cmmeta.ConditionTrue,
+		}),
 	)

 	rsaSK, err := pki.GenerateRSAPrivateKey(2048)
@ -250,6 +254,35 @@ func TestSign(t *testing.T) {
 				},
 			},
 		},
+		"should exit nil and set status pending if referenced issuer is not ready": {
+			certificateRequest: baseCR.DeepCopy(),
+			builder: &testpkg.Builder{
+				KubeObjects: []runtime.Object{},
+				CertManagerObjects: []runtime.Object{baseCR.DeepCopy(),
+					gen.Issuer(baseIssuer.DeepCopy().Name,
+						gen.SetIssuerVault(cmapi.VaultIssuer{}),
+					)},
+				ExpectedEvents: []string{
+					"Normal IssuerNotReady Referenced issuer does not have a Ready status condition",
+				},
+				ExpectedActions: []testpkg.Action{
+					testpkg.NewAction(coretesting.NewUpdateSubresourceAction(
+						cmapi.SchemeGroupVersion.WithResource("certificaterequests"),
+						"status",
+						gen.DefaultTestNamespace,
+						gen.CertificateRequestFrom(baseCR,
+							gen.SetCertificateRequestStatusCondition(cmapi.CertificateRequestCondition{
+								Type:               cmapi.CertificateRequestConditionReady,
+								Status:             cmmeta.ConditionFalse,
+								Reason:             "Pending",
+								Message:            "Referenced issuer does not have a Ready status condition",
+								LastTransitionTime: &metaFixedClockStart,
+							}),
+						),
+					)),
+				},
+			},
+		},
 		"a client with a token secret referenced with token but failed to sign should report fail": {
 			certificateRequest: baseCR.DeepCopy(),
 			builder: &testpkg.Builder{
--- a/pkg/controller/certificaterequests/venafi/venafi_test.go
+++ b/pkg/controller/certificaterequests/venafi/venafi_test.go
@ -106,6 +106,10 @@ func TestSign(t *testing.T) {

 	baseIssuer := gen.Issuer("test-issuer",
 		gen.SetIssuerVenafi(cmapi.VenafiIssuer{}),
+		gen.AddIssuerCondition(cmapi.IssuerCondition{
+			Type:   cmapi.IssuerConditionReady,
+			Status: cmmeta.ConditionTrue,
+		}),
 	)

 	tppIssuer := gen.IssuerFrom(baseIssuer,
@ -306,6 +310,35 @@ func TestSign(t *testing.T) {
 			fakeSecretLister: failGetSecretLister,
 			expectedErr:      true,
 		},
+		"should exit nil and set status pending if referenced issuer is not ready": {
+			certificateRequest: cloudCR.DeepCopy(),
+			builder: &testpkg.Builder{
+				KubeObjects: []runtime.Object{},
+				CertManagerObjects: []runtime.Object{cloudCR.DeepCopy(),
+					gen.Issuer(cloudIssuer.DeepCopy().Name,
+						gen.SetIssuerVenafi(cmapi.VenafiIssuer{}),
+					)},
+				ExpectedEvents: []string{
+					"Normal IssuerNotReady Referenced issuer does not have a Ready status condition",
+				},
+				ExpectedActions: []testpkg.Action{
+					testpkg.NewAction(coretesting.NewUpdateSubresourceAction(
+						cmapi.SchemeGroupVersion.WithResource("certificaterequests"),
+						"status",
+						gen.DefaultTestNamespace,
+						gen.CertificateRequestFrom(cloudCR,
+							gen.SetCertificateRequestStatusCondition(cmapi.CertificateRequestCondition{
+								Type:               cmapi.CertificateRequestConditionReady,
+								Status:             cmmeta.ConditionFalse,
+								Reason:             "Pending",
+								Message:            "Referenced issuer does not have a Ready status condition",
+								LastTransitionTime: &metaFixedClockStart,
+							}),
+						),
+					)),
+				},
+			},
+		},
 		"tpp: if sign returns pending error then set pending and return err": {
 			certificateRequest: tppCR.DeepCopy(),
 			builder: &controllertest.Builder{