Merge pull request #3328 from meyskens/venafi-tpp-e2e
Remove the Venafi e2e skip
This commit is contained in:
jetstack-bot
GitHub
commit
efbd1a0095
@ -67,9 +67,7 @@ echo "Ensuring all e2e test dependencies are installed..."
|
||||
"${SCRIPT_ROOT}/setup-e2e-deps.sh"
|
||||
|
||||
echo "Running e2e test suite..."
|
||||
# Skip Venafi end-to-end tests in CI
|
||||
FLAKE_ATTEMPTS=2 "${SCRIPT_ROOT}/run-e2e.sh" \
|
||||
--ginkgo.skip=Venafi \
|
||||
"$@"
|
||||
|
||||
export_logs
|
||||
|
||||
@ -116,4 +116,8 @@ const (
|
||||
// KeyUsages denotes whether the target issuer is able to sign certificates
|
||||
// with arbitrary key usages.
|
||||
KeyUsagesFeature = "KeyUsages"
|
||||
|
||||
// OnlySAN denotes whether the target issuer is able to sign certificates
|
||||
// with only SANs set
|
||||
OnlySAN = "OnlySAN"
|
||||
)
|
||||
|
||||
@ -145,7 +145,7 @@ func (s *Suite) Define() {
|
||||
By("Waiting for the Certificate to be issued...")
|
||||
err = f.Helper().WaitCertificateIssuedValid(f.Namespace.Name, "testcert", time.Minute*5)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
})
|
||||
}, OnlySAN)
|
||||
|
||||
it("should issue an ECDSA, defaulted certificate for a single distinct dnsName", func(issuerRef cmmeta.ObjectReference) {
|
||||
testCertificate := &cmapi.Certificate{
|
||||
@ -169,9 +169,13 @@ func (s *Suite) Define() {
|
||||
By("Waiting for the Certificate to be issued...")
|
||||
err = f.Helper().WaitCertificateIssuedValid(f.Namespace.Name, "testcert", time.Minute*5)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
}, ECDSAFeature)
|
||||
}, ECDSAFeature, OnlySAN)
|
||||
|
||||
it("should issue a basic, defaulted certificate for a single Common Name", func(issuerRef cmmeta.ObjectReference) {
|
||||
// Some issuers use the CN to define the cert's "ID"
|
||||
// if one cert manages to be in an error state in the issuer it might throw an error
|
||||
// this makes the CN more unique
|
||||
cn := "test-common-name-" + util.RandStringRunes(10)
|
||||
testCertificate := &cmapi.Certificate{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "testcert",
|
||||
@ -180,7 +184,7 @@ func (s *Suite) Define() {
|
||||
Spec: cmapi.CertificateSpec{
|
||||
SecretName: "testcert-tls",
|
||||
IssuerRef: issuerRef,
|
||||
CommonName: "test-common-name",
|
||||
CommonName: cn,
|
||||
},
|
||||
}
|
||||
By("Creating a Certificate")
|
||||
@ -193,6 +197,10 @@ func (s *Suite) Define() {
|
||||
}, CommonNameFeature)
|
||||
|
||||
it("should issue an ECDSA, defaulted certificate for a single Common Name", func(issuerRef cmmeta.ObjectReference) {
|
||||
// Some issuers use the CN to define the cert's "ID"
|
||||
// if one cert manages to be in an error state in the issuer it might throw an error
|
||||
// this makes the CN more unique
|
||||
cn := "test-common-name-" + util.RandStringRunes(10)
|
||||
testCertificate := &cmapi.Certificate{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "testcert",
|
||||
@ -203,7 +211,7 @@ func (s *Suite) Define() {
|
||||
PrivateKey: &cmapi.CertificatePrivateKey{
|
||||
Algorithm: cmapi.ECDSAKeyAlgorithm,
|
||||
},
|
||||
CommonName: "test-common-name",
|
||||
CommonName: cn,
|
||||
IssuerRef: issuerRef,
|
||||
},
|
||||
}
|
||||
@ -257,7 +265,7 @@ func (s *Suite) Define() {
|
||||
By("Waiting for the Certificate to be issued...")
|
||||
err = f.Helper().WaitCertificateIssuedValid(f.Namespace.Name, "testcert", time.Minute*5)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
}, EmailSANsFeature)
|
||||
}, EmailSANsFeature, OnlySAN)
|
||||
|
||||
it("should issue a certificate that defines a CommonName and URI SAN", func(issuerRef cmmeta.ObjectReference) {
|
||||
testCertificate := &cmapi.Certificate{
|
||||
@ -358,7 +366,7 @@ func (s *Suite) Define() {
|
||||
// We set a 30 second buffer time here since Vault issues certificates
|
||||
// with an extra 30 seconds on its duration.
|
||||
f.CertificateDurationValid(testCertificate, time.Hour*896, 30*time.Second)
|
||||
}, DurationFeature)
|
||||
}, DurationFeature, OnlySAN)
|
||||
|
||||
it("should issue a certificate which has a wildcard DNS name defined", func(issuerRef cmmeta.ObjectReference) {
|
||||
testCertificate := &cmapi.Certificate{
|
||||
@ -379,7 +387,7 @@ func (s *Suite) Define() {
|
||||
By("Waiting for the Certificate to be issued...")
|
||||
err = f.Helper().WaitCertificateIssuedValid(f.Namespace.Name, "testcert", time.Minute*5)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
}, WildcardsFeature)
|
||||
}, WildcardsFeature, OnlySAN)
|
||||
|
||||
it("should issue a certificate that includes only a URIs name", func(issuerRef cmmeta.ObjectReference) {
|
||||
testCertificate := &cmapi.Certificate{
|
||||
@ -402,7 +410,7 @@ func (s *Suite) Define() {
|
||||
By("Waiting for the Certificate to be issued...")
|
||||
err = f.Helper().WaitCertificateIssuedValid(f.Namespace.Name, "testcert", time.Minute*5)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
}, URISANsFeature)
|
||||
}, URISANsFeature, OnlySAN)
|
||||
|
||||
it("should issue a certificate that includes arbitrary key usages", func(issuerRef cmmeta.ObjectReference) {
|
||||
testCertificate := &cmapi.Certificate{
|
||||
@ -427,7 +435,7 @@ func (s *Suite) Define() {
|
||||
By("Waiting for the Certificate to be issued...")
|
||||
err = f.Helper().WaitCertificateIssuedValid(f.Namespace.Name, "testcert", time.Minute*5)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
}, KeyUsagesFeature)
|
||||
}, KeyUsagesFeature, OnlySAN)
|
||||
|
||||
it("should issue another certificate with the same private key if the existing certificate and CertificateRequest are deleted", func(issuerRef cmmeta.ObjectReference) {
|
||||
testCertificate := &cmapi.Certificate{
|
||||
@ -479,9 +487,9 @@ func (s *Suite) Define() {
|
||||
if !match {
|
||||
Fail("Both signed certificates not signed by same private key")
|
||||
}
|
||||
}, ReusePrivateKeyFeature)
|
||||
}, ReusePrivateKeyFeature, OnlySAN)
|
||||
|
||||
it("should issue a basic, defaulted certificate for a single commonName and distinct dnsName defined by an ingress with annotations", func(issuerRef cmmeta.ObjectReference) {
|
||||
it("should issue a basic certificate for a single distinct dnsName defined by an ingress with annotations", func(issuerRef cmmeta.ObjectReference) {
|
||||
ingClient := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.Namespace.Name)
|
||||
|
||||
name := "testcert-ingress"
|
||||
@ -502,6 +510,34 @@ func (s *Suite) Define() {
|
||||
f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name), certName, time.Minute,
|
||||
)).NotTo(HaveOccurred())
|
||||
|
||||
By("Waiting for the Certificate to be issued...")
|
||||
err = f.Helper().WaitCertificateIssuedValid(f.Namespace.Name, certName, time.Minute*5)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
}, OnlySAN)
|
||||
|
||||
it("should issue a basic certificate for a single commonName and distinct dnsName defined by an ingress with annotations", func(issuerRef cmmeta.ObjectReference) {
|
||||
ingClient := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.Namespace.Name)
|
||||
|
||||
name := "testcert-ingress"
|
||||
secretName := "testcert-ingress-tls"
|
||||
domain := s.newDomain()
|
||||
|
||||
By("Creating an Ingress with the issuer name annotation set")
|
||||
ingress, err := ingClient.Create(context.TODO(), e2eutil.NewIngress(name, secretName, map[string]string{
|
||||
"cert-manager.io/issuer": issuerRef.Name,
|
||||
"cert-manager.io/issuer-kind": issuerRef.Kind,
|
||||
"cert-manager.io/issuer-group": issuerRef.Group,
|
||||
"cert-manager.io/common-name": domain,
|
||||
}, domain), metav1.CreateOptions{})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
certName := ingress.Spec.TLS[0].SecretName
|
||||
|
||||
By("Waiting for the Certificate to exist...")
|
||||
Expect(e2eutil.WaitForCertificateToExist(
|
||||
f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name), certName, time.Minute,
|
||||
)).NotTo(HaveOccurred())
|
||||
|
||||
By("Waiting for the Certificate to be issued...")
|
||||
err = f.Helper().WaitCertificateIssuedValid(f.Namespace.Name, certName, time.Minute*5)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
@ -10,6 +10,7 @@ go_library(
|
||||
"//pkg/apis/meta/v1:go_default_library",
|
||||
"//test/e2e/framework:go_default_library",
|
||||
"//test/e2e/framework/util/errors:go_default_library",
|
||||
"//test/e2e/suite/conformance/certificates:go_default_library",
|
||||
"//test/e2e/suite/issuers/venafi/addon:go_default_library",
|
||||
"@com_github_onsi_ginkgo//:go_default_library",
|
||||
"@com_github_onsi_gomega//:go_default_library",
|
||||
|
||||
@ -19,6 +19,8 @@ package venafi
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/jetstack/cert-manager/test/e2e/suite/conformance/certificates"
|
||||
|
||||
. "github.com/onsi/ginkgo"
|
||||
. "github.com/onsi/gomega"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
@ -31,31 +33,34 @@ import (
|
||||
)
|
||||
|
||||
var _ = framework.ConformanceDescribe("Certificates", func() {
|
||||
//// unsupportedFeatures is a list of features that are not supported by the
|
||||
//// Venafi issuer.
|
||||
//var unsupportedFeatures = certificates.NewFeatureSet(
|
||||
// certificates.DurationFeature,
|
||||
// // Due to the current configuration of the test environment, it does not
|
||||
// // support signing certificates that pair with an elliptic curve private
|
||||
// // key or using the same private key multiple times.
|
||||
// certificates.ECDSAFeature,
|
||||
// certificates.ReusePrivateKeyFeature,
|
||||
//)
|
||||
//
|
||||
//provisioner := new(venafiProvisioner)
|
||||
//(&certificates.Suite{
|
||||
// Name: "Venafi Issuer",
|
||||
// CreateIssuerFunc: provisioner.createIssuer,
|
||||
// DeleteIssuerFunc: provisioner.delete,
|
||||
// UnsupportedFeatures: unsupportedFeatures,
|
||||
//}).Define()
|
||||
// unsupportedFeatures is a list of features that are not supported by the
|
||||
// Venafi issuer.
|
||||
var unsupportedFeatures = certificates.NewFeatureSet(
|
||||
certificates.DurationFeature,
|
||||
// Due to the current configuration of the test environment, it does not
|
||||
// support signing certificates that pair with an elliptic curve private
|
||||
// key or using the same private key multiple times.
|
||||
certificates.ECDSAFeature,
|
||||
certificates.EmailSANsFeature,
|
||||
certificates.URISANsFeature,
|
||||
certificates.IPAddressFeature,
|
||||
certificates.OnlySAN,
|
||||
)
|
||||
|
||||
//(&certificates.Suite{
|
||||
// Name: "Venafi ClusterIssuer",
|
||||
// CreateIssuerFunc: provisioner.createClusterIssuer,
|
||||
// DeleteIssuerFunc: provisioner.delete,
|
||||
// UnsupportedFeatures: unsupportedFeatures,
|
||||
//}).Define()
|
||||
provisioner := new(venafiProvisioner)
|
||||
(&certificates.Suite{
|
||||
Name: "Venafi Issuer",
|
||||
CreateIssuerFunc: provisioner.createIssuer,
|
||||
DeleteIssuerFunc: provisioner.delete,
|
||||
UnsupportedFeatures: unsupportedFeatures,
|
||||
}).Define()
|
||||
|
||||
(&certificates.Suite{
|
||||
Name: "Venafi ClusterIssuer",
|
||||
CreateIssuerFunc: provisioner.createClusterIssuer,
|
||||
DeleteIssuerFunc: provisioner.delete,
|
||||
UnsupportedFeatures: unsupportedFeatures,
|
||||
}).Define()
|
||||
})
|
||||
|
||||
type venafiProvisioner struct {
|
||||
|
||||
@ -84,7 +84,7 @@ var _ = TPPDescribe("Certificate with a properly configured Issuer", func() {
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
By("Verifying the Certificate is valid")
|
||||
err = h.WaitCertificateIssuedValid(f.Namespace.Name, certificateName, time.Second*30)
|
||||
err = h.WaitCertificateIssuedValid(f.Namespace.Name, certificateName, time.Second*90)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
})
|
||||
})
|
||||
|
||||
Loading…
Reference in New Issue
Block a user