From fa6f6545987799e075158bc45655c5a3646aafa1 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 18 Jun 2024 10:48:07 +0200 Subject: [PATCH] copy the unsupportedFeatures from the Certificate conformance tests to the CertificateSigningRequest conformance tests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .../certificatesigningrequests/acme/acme.go | 8 +++ .../vault/approle.go | 50 ++++++++----------- .../vault/kubernetes.go | 28 +++++------ 3 files changed, 44 insertions(+), 42 deletions(-) diff --git a/test/e2e/suite/conformance/certificatesigningrequests/acme/acme.go b/test/e2e/suite/conformance/certificatesigningrequests/acme/acme.go index e9a7e0e79..12c79801c 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/acme/acme.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/acme/acme.go @@ -53,6 +53,10 @@ func runACMEIssuerTests(eab *cmacme.ACMEExternalAccountBinding) { featureset.CommonNameFeature, featureset.KeyUsagesFeature, featureset.EmailSANsFeature, + featureset.SaveCAToSecret, + featureset.IssueCAFeature, + featureset.LiteralSubjectFeature, + featureset.OtherNamesFeature, ) // unsupportedDNS01Features is a list of features that are not supported by the ACME @@ -64,6 +68,10 @@ func runACMEIssuerTests(eab *cmacme.ACMEExternalAccountBinding) { featureset.CommonNameFeature, featureset.KeyUsagesFeature, featureset.EmailSANsFeature, + featureset.SaveCAToSecret, + featureset.IssueCAFeature, + featureset.LiteralSubjectFeature, + featureset.OtherNamesFeature, ) http01 := &acme{ diff --git a/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go b/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go index 256c9c992..c14514479 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go @@ -53,56 +53,50 @@ type secrets struct { } var _ = framework.ConformanceDescribe("CertificateSigningRequests", func() { + var unsupportedFeatures = featureset.NewFeatureSet( + featureset.KeyUsagesFeature, + featureset.Ed25519FeatureSet, + featureset.IssueCAFeature, + ) + issuer := &approle{ testWithRootCA: true, } (&certificatesigningrequests.Suite{ - Name: "Vault AppRole Issuer With Root CA", - CreateIssuerFunc: issuer.createIssuer, - DeleteIssuerFunc: issuer.delete, - UnsupportedFeatures: featureset.NewFeatureSet( - featureset.KeyUsagesFeature, - featureset.Ed25519FeatureSet, - ), + Name: "Vault AppRole Issuer With Root CA", + CreateIssuerFunc: issuer.createIssuer, + DeleteIssuerFunc: issuer.delete, + UnsupportedFeatures: unsupportedFeatures, }).Define() issuerNoRoot := &approle{ testWithRootCA: false, } (&certificatesigningrequests.Suite{ - Name: "Vault AppRole Issuer Without Root CA", - CreateIssuerFunc: issuerNoRoot.createIssuer, - DeleteIssuerFunc: issuerNoRoot.delete, - UnsupportedFeatures: featureset.NewFeatureSet( - featureset.KeyUsagesFeature, - featureset.Ed25519FeatureSet, - ), + Name: "Vault AppRole Issuer Without Root CA", + CreateIssuerFunc: issuerNoRoot.createIssuer, + DeleteIssuerFunc: issuerNoRoot.delete, + UnsupportedFeatures: unsupportedFeatures, }).Define() clusterIssuer := &approle{ testWithRootCA: true, } (&certificatesigningrequests.Suite{ - Name: "Vault AppRole ClusterIssuer With Root CA", - CreateIssuerFunc: clusterIssuer.createClusterIssuer, - DeleteIssuerFunc: clusterIssuer.delete, - UnsupportedFeatures: featureset.NewFeatureSet( - featureset.KeyUsagesFeature, - featureset.Ed25519FeatureSet, - ), + Name: "Vault AppRole ClusterIssuer With Root CA", + CreateIssuerFunc: clusterIssuer.createClusterIssuer, + DeleteIssuerFunc: clusterIssuer.delete, + UnsupportedFeatures: unsupportedFeatures, }).Define() clusterIssuerNoRoot := &approle{ testWithRootCA: false, } (&certificatesigningrequests.Suite{ - Name: "Vault AppRole ClusterIssuer Without Root CA", - CreateIssuerFunc: clusterIssuerNoRoot.createClusterIssuer, - DeleteIssuerFunc: clusterIssuerNoRoot.delete, - UnsupportedFeatures: featureset.NewFeatureSet( - featureset.KeyUsagesFeature, - featureset.Ed25519FeatureSet, - ), + Name: "Vault AppRole ClusterIssuer Without Root CA", + CreateIssuerFunc: clusterIssuerNoRoot.createClusterIssuer, + DeleteIssuerFunc: clusterIssuerNoRoot.delete, + UnsupportedFeatures: unsupportedFeatures, }).Define() }) diff --git a/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go b/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go index 6fd8ed86f..438bfa067 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go @@ -38,30 +38,30 @@ import ( ) var _ = framework.ConformanceDescribe("CertificateSigningRequests", func() { + var unsupportedFeatures = featureset.NewFeatureSet( + featureset.KeyUsagesFeature, + featureset.Ed25519FeatureSet, + featureset.IssueCAFeature, + ) + issuer := &kubernetes{ testWithRootCA: true, } (&certificatesigningrequests.Suite{ - Name: "Vault Kubernetes Auth Issuer With Root CA", - CreateIssuerFunc: issuer.createIssuer, - DeleteIssuerFunc: issuer.delete, - UnsupportedFeatures: featureset.NewFeatureSet( - featureset.KeyUsagesFeature, - featureset.Ed25519FeatureSet, - ), + Name: "Vault Kubernetes Auth Issuer With Root CA", + CreateIssuerFunc: issuer.createIssuer, + DeleteIssuerFunc: issuer.delete, + UnsupportedFeatures: unsupportedFeatures, }).Define() clusterIssuer := &kubernetes{ testWithRootCA: true, } (&certificatesigningrequests.Suite{ - Name: "Vault Kubernetes Auth ClusterIssuer With Root CA", - CreateIssuerFunc: clusterIssuer.createClusterIssuer, - DeleteIssuerFunc: clusterIssuer.delete, - UnsupportedFeatures: featureset.NewFeatureSet( - featureset.KeyUsagesFeature, - featureset.Ed25519FeatureSet, - ), + Name: "Vault Kubernetes Auth ClusterIssuer With Root CA", + CreateIssuerFunc: clusterIssuer.createClusterIssuer, + DeleteIssuerFunc: clusterIssuer.delete, + UnsupportedFeatures: unsupportedFeatures, }).Define() })