github.com/IBM-Blockchain/fabric-operator@v1.0.4/integration/actions/peer/reenroll_test.go (about) 1 /* 2 * Copyright contributors to the Hyperledger Fabric Operator project 3 * 4 * SPDX-License-Identifier: Apache-2.0 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); 7 * you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at: 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, software 13 * distributed under the License is distributed on an "AS IS" BASIS, 14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 * See the License for the specific language governing permissions and 16 * limitations under the License. 17 */ 18 19 package peer_test 20 21 import ( 22 "bytes" 23 "context" 24 "fmt" 25 "time" 26 27 . "github.com/onsi/ginkgo/v2" 28 . "github.com/onsi/gomega" 29 "sigs.k8s.io/controller-runtime/pkg/client" 30 31 current "github.com/IBM-Blockchain/fabric-operator/api/v1beta1" 32 "github.com/IBM-Blockchain/fabric-operator/integration" 33 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 34 ) 35 36 // This test is designed to stress-test reenroll functionality 37 // NOTE: need to set Restart.WaitTime = 0 in operator config 38 var _ = PDescribe("reenroll action", func() { 39 BeforeEach(func() { 40 Eventually(org1peer.PodIsRunning).Should((Equal(true))) 41 }) 42 43 AfterEach(func() { 44 // Set flag if a test falls 45 if CurrentGinkgoTestDescription().Failed { 46 testFailed = true 47 } 48 }) 49 50 Context("reenroll peer", func() { 51 const ( 52 // Modify to stress-test reenroll functionality 53 numReenrolls = 1 54 ) 55 56 When("spec has ecert &tlscert reenroll flag set to true", func() { 57 var ( 58 ecert []byte 59 tcert []byte 60 ) 61 62 It("reenrolls ecert & tlscert for numReenrolls amount of times", func() { 63 count := 1 64 for count <= numReenrolls { 65 fmt.Printf("REENROLL COUNT: %d\n", count) 66 67 ecertSecret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), fmt.Sprintf("ecert-%s-signcert", org1peer.Name), metav1.GetOptions{}) 68 Expect(err).NotTo(HaveOccurred()) 69 ecert = ecertSecret.Data["cert.pem"] 70 71 tlsSecret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), fmt.Sprintf("tls-%s-signcert", org1peer.Name), metav1.GetOptions{}) 72 Expect(err).NotTo(HaveOccurred()) 73 tcert = tlsSecret.Data["cert.pem"] 74 75 patch := func(o client.Object) { 76 ibppeer := o.(*current.IBPPeer) 77 ibppeer.Spec.Action.Reenroll.Ecert = true 78 ibppeer.Spec.Action.Reenroll.TLSCert = true 79 } 80 81 err = integration.ResilientPatch(ibpCRClient, org1peer.Name, namespace, IBPPEERS, 3, ¤t.IBPPeer{}, patch) 82 Expect(err).NotTo(HaveOccurred()) 83 84 fmt.Printf("APPLIED PATCH NUMBER: %d\n", count) 85 86 By("updating ecert signcert secret", func() { 87 Eventually(func() bool { 88 updatedEcertSecret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), fmt.Sprintf("ecert-%s-signcert", org1peer.Name), metav1.GetOptions{}) 89 Expect(err).NotTo(HaveOccurred()) 90 91 return bytes.Equal(ecert, updatedEcertSecret.Data["cert.pem"]) 92 }).Should(Equal(false)) 93 }) 94 95 By("updating tls signcert secret", func() { 96 Eventually(func() bool { 97 updatedTLSSecret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), fmt.Sprintf("tls-%s-signcert", org1peer.Name), metav1.GetOptions{}) 98 Expect(err).NotTo(HaveOccurred()) 99 100 return bytes.Equal(tcert, updatedTLSSecret.Data["cert.pem"]) 101 }).Should(Equal(false)) 102 }) 103 104 time.Sleep(10 * time.Second) 105 106 By("setting reenroll flag back to false after restart", func() { 107 Eventually(func() bool { 108 result := ibpCRClient.Get().Namespace(namespace).Resource(IBPPEERS).Name(org1peer.Name).Do(context.TODO()) 109 ibppeer := ¤t.IBPPeer{} 110 result.Into(ibppeer) 111 112 return ibppeer.Spec.Action.Reenroll.Ecert && 113 ibppeer.Spec.Action.Reenroll.TLSCert 114 }).Should(Equal(false)) 115 }) 116 117 count++ 118 } 119 120 }) 121 }) 122 }) 123 })