github.com/IBM-Blockchain/fabric-operator@v1.0.4/integration/ca/ca_suite_test.go

github.com/IBM-Blockchain/fabric-operator@v1.0.4/integration/ca/ca_suite_test.go (about)

     1  /*
     2   * Copyright contributors to the Hyperledger Fabric Operator project
     3   *
     4   * SPDX-License-Identifier: Apache-2.0
     5   *
     6   * Licensed under the Apache License, Version 2.0 (the "License");
     7   * you may not use this file except in compliance with the License.
     8   * You may obtain a copy of the License at:
     9   *
    10   * 	  http://www.apache.org/licenses/LICENSE-2.0
    11   *
    12   * Unless required by applicable law or agreed to in writing, software
    13   * distributed under the License is distributed on an "AS IS" BASIS,
    14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15   * See the License for the specific language governing permissions and
    16   * limitations under the License.
    17   */
    18  
    19  package ca_test
    20  
    21  import (
    22  	"context"
    23  	"os"
    24  	"strings"
    25  	"testing"
    26  	"time"
    27  
    28  	"github.com/IBM-Blockchain/fabric-operator/integration"
    29  	"github.com/IBM-Blockchain/fabric-operator/integration/helper"
    30  	ibpclient "github.com/IBM-Blockchain/fabric-operator/pkg/client"
    31  	. "github.com/onsi/ginkgo/v2"
    32  	. "github.com/onsi/gomega"
    33  	corev1 "k8s.io/api/core/v1"
    34  	"k8s.io/apimachinery/pkg/api/resource"
    35  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    36  	"k8s.io/client-go/kubernetes"
    37  )
    38  
    39  func TestCa(t *testing.T) {
    40  	RegisterFailHandler(Fail)
    41  	RunSpecs(t, "Ca Suite")
    42  }
    43  
    44  const (
    45  	// This TLS certificate is encoded for the DNS domain aliases 127.0.0.1, localhost, and *.vcap.me and is good for 5 years:
    46  	//
    47  	//   notAfter:    "2027-05-24T03:14:42Z"
    48  	//   notBefore:   "2022-05-25T03:14:42Z"
    49  	//   renewalTime: "2025-09-22T19:14:42Z"
    50  	//
    51  	// This certificate was generated with cert-manager.io using a self-signed issuer for the root CA.
    52  	// If tests start to fail for TLS handshake errors, the certificate will need to be renewed or reissued.
    53  	tlsCert            = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJqakNDQVRTZ0F3SUJBZ0lRVXRIS2NUTWNZS21KblVtbEJNZW94REFLQmdncWhrak9QUVFEQWpBbE1TTXcKSVFZRFZRUURFeHBtWVdKeWFXTXRZMkV0YVc1MFpXZHlZWFJwYjI0dGRHVnpkREFlRncweU1qQTFNalV3TXpFMApORGRhRncweU56QTFNalF3TXpFME5EZGFNQUF3V1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVRwCjN2d3RMZFlyUzFTNVFSUmFqRjJReHFIYWllMUo2dzlHM2RwQklLYWwwTTlYaUttR0Q4eFBvRkpkcENNZTZWdDIKeml1UjZrU2FNL3lXQmU4TGd5eExvMnN3YVRBT0JnTlZIUThCQWY4RUJBTUNCYUF3REFZRFZSMFRBUUgvQkFJdwpBREFmQmdOVkhTTUVHREFXZ0JRdkVBWWdjZEwwa0ljWEtDaGVmVzg3NW8vYnd6QW9CZ05WSFJFQkFmOEVIakFjCmdnbHNiMk5oYkdodmMzU0NDU291ZG1OaGNDNXRaWWNFZndBQUFUQUtCZ2dxaGtqT1BRUURBZ05JQURCRkFpQXUKMEpLY29lQmhYajJnbmQ1cjE5THUxeEVwdG1kelFoazh5OXFTRkZ2dkF3SWhBSWp5Z1VLY2tzQkk4a1dBeVNlbQp0VzJ4cVE3RVZkTmR6WDZYbWwrNVBQengKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="
    54  	tlsKey             = "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUhoWWFRbDViYXZVR3FJd2prK3YrODNmYzNIamZuRVdueEFQbjJ5OFRTUWRvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNmQ3OExTM1dLMHRVdVVFVVdveGRrTWFoMm9udFNlc1BSdDNhUVNDbXBkRFBWNGlwaGcvTQpUNkJTWGFRakh1bGJkczRya2VwRW1qUDhsZ1h2QzRNc1N3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo="
    55  	trustedRootTLSCert = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpekNDQVRDZ0F3SUJBZ0lRZXZWM2VUZmh3WlNHYVI4aXhTR1hRakFLQmdncWhrak9QUVFEQWpBbE1TTXcKSVFZRFZRUURFeHBtWVdKeWFXTXRZMkV0YVc1MFpXZHlZWFJwYjI0dGRHVnpkREFlRncweU1qQTFNalV3TXpFMApOREphRncweU56QTFNalF3TXpFME5ESmFNQ1V4SXpBaEJnTlZCQU1UR21aaFluSnBZeTFqWVMxcGJuUmxaM0poCmRHbHZiaTEwWlhOME1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRXlzc2d3dFo2dlI3a2svbUsKYUFUZE45TEhmTWsrYXMxcm8rM24za1N2QTFuVEFCa1V6bVdGNlhCS1I5eUh6V3dwZTlHL0o3L3MrenZsME5GOApRZGdzenFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdLa01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPCkJCWUVGQzhRQmlCeDB2U1FoeGNvS0Y1OWJ6dm1qOXZETUFvR0NDcUdTTTQ5QkFNQ0Ewa0FNRVlDSVFEaXo1SnoKeGhKcjQ4SlpRRkpzd1dteTRCU21FWXp0NXFmUmsyMFhyRzI4M3dJaEFLaDBXMmkxcFpiY0lPODBXSmhlVkxzSQpDM0JGMk5McTBsVlhXanNGQVVndQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
    56  )
    57  
    58  var (
    59  	namespace       string
    60  	domain          string
    61  	kclient         *kubernetes.Clientset
    62  	ibpCRClient     *ibpclient.IBPClient
    63  	namespaceSuffix = "ca"
    64  	testFailed      bool
    65  )
    66  
    67  var (
    68  	defaultRequests = corev1.ResourceList{
    69  		corev1.ResourceCPU:              resource.MustParse("50m"),
    70  		corev1.ResourceMemory:           resource.MustParse("100M"),
    71  		corev1.ResourceEphemeralStorage: resource.MustParse("100M"),
    72  	}
    73  
    74  	defaultLimits = corev1.ResourceList{
    75  		corev1.ResourceCPU:              resource.MustParse("50m"),
    76  		corev1.ResourceMemory:           resource.MustParse("100M"),
    77  		corev1.ResourceEphemeralStorage: resource.MustParse("1G"),
    78  	}
    79  )
    80  
    81  var _ = BeforeSuite(func() {
    82  	SetDefaultEventuallyTimeout(240 * time.Second)
    83  	SetDefaultEventuallyPollingInterval(time.Second)
    84  
    85  	var err error
    86  	domain = os.Getenv("DOMAIN")
    87  	if domain == "" {
    88  		domain = integration.TestAutomation1IngressDomain
    89  	}
    90  
    91  	cfg := &integration.Config{
    92  		OperatorServiceAccount: "../../config/rbac/service_account.yaml",
    93  		OperatorRole:           "../../config/rbac/role.yaml",
    94  		OperatorRoleBinding:    "../../config/rbac/role_binding.yaml",
    95  		OperatorDeployment:     "../../testdata/deploy/operator.yaml",
    96  		OrdererSecret:          "../../testdata/deploy/orderer/secret.yaml",
    97  		PeerSecret:             "../../testdata/deploy/peer/secret.yaml",
    98  		ConsoleTLSSecret:       "../../testdata/deploy/console/tlssecret.yaml",
    99  	}
   100  
   101  	namespace, kclient, ibpCRClient, err = integration.Setup(GinkgoWriter, cfg, namespaceSuffix, "")
   102  	Expect(err).NotTo(HaveOccurred())
   103  })
   104  
   105  var _ = AfterSuite(func() {
   106  
   107  	if strings.ToLower(os.Getenv("SAVE_TEST")) == "true" {
   108  		return
   109  	}
   110  
   111  	err := integration.Cleanup(GinkgoWriter, kclient, namespace)
   112  	Expect(err).NotTo(HaveOccurred())
   113  })
   114  
   115  type CA struct {
   116  	helper.CA
   117  
   118  	expectedRequests corev1.ResourceList
   119  	expectedLimits   corev1.ResourceList
   120  }
   121  
   122  func (ca *CA) resourcesRequestsUpdated() bool {
   123  	dep, err := kclient.AppsV1().Deployments(namespace).Get(context.TODO(), ca.Name, metav1.GetOptions{})
   124  	Expect(err).NotTo(HaveOccurred())
   125  
   126  	updatedRequests := dep.Spec.Template.Spec.Containers[0].Resources.Requests
   127  	if updatedRequests[corev1.ResourceCPU] == ca.expectedRequests[corev1.ResourceCPU] {
   128  		if updatedRequests[corev1.ResourceMemory] == ca.expectedRequests[corev1.ResourceMemory] {
   129  			return true
   130  		}
   131  	}
   132  	return false
   133  }
   134  
   135  func (ca *CA) resourcesLimitsUpdated() bool {
   136  	dep, err := kclient.AppsV1().Deployments(namespace).Get(context.TODO(), ca.Name, metav1.GetOptions{})
   137  	Expect(err).NotTo(HaveOccurred())
   138  
   139  	updatedLimits := dep.Spec.Template.Spec.Containers[0].Resources.Limits
   140  	if updatedLimits[corev1.ResourceCPU] == ca.expectedLimits[corev1.ResourceCPU] {
   141  		if updatedLimits[corev1.ResourceMemory] == ca.expectedLimits[corev1.ResourceMemory] {
   142  			return true
   143  		}
   144  	}
   145  	return false
   146  }