github.com/IBM-Blockchain/fabric-operator@v1.0.4/integration/init/init_test.go (about) 1 /* 2 * Copyright contributors to the Hyperledger Fabric Operator project 3 * 4 * SPDX-License-Identifier: Apache-2.0 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); 7 * you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at: 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, software 13 * distributed under the License is distributed on an "AS IS" BASIS, 14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 * See the License for the specific language governing permissions and 16 * limitations under the License. 17 */ 18 19 package init 20 21 import ( 22 "context" 23 "os" 24 25 apis "github.com/IBM-Blockchain/fabric-operator/api" 26 "github.com/IBM-Blockchain/fabric-operator/pkg/global" 27 "github.com/IBM-Blockchain/fabric-operator/pkg/k8s/controllerclient" 28 cfconfig "github.com/cloudflare/cfssl/config" 29 "github.com/hyperledger/fabric-ca/lib" 30 "github.com/hyperledger/fabric-ca/lib/tls" 31 . "github.com/onsi/ginkgo/v2" 32 . "github.com/onsi/gomega" 33 corev1 "k8s.io/api/core/v1" 34 "k8s.io/apimachinery/pkg/runtime" 35 "k8s.io/client-go/kubernetes" 36 "sigs.k8s.io/controller-runtime/pkg/client/config" 37 "sigs.k8s.io/controller-runtime/pkg/manager" 38 "sigs.k8s.io/controller-runtime/pkg/manager/signals" 39 ) 40 41 const ( 42 rootDir = "root-home" 43 interDir = "inter-home" 44 45 tlsCertFile = "../../../testdata/init/peer/tls-cert.pem" 46 tlsKeyFile = "../../../testdata/init/peer/tls-key.pem" 47 ) 48 49 var ( 50 root *lib.Server 51 inter *lib.Server 52 client controllerclient.Client 53 scheme *runtime.Scheme 54 namespace string 55 56 kclient *kubernetes.Clientset 57 ) 58 59 var _ = BeforeSuite(func() { 60 cfg, err := config.GetConfig() 61 Expect(err).NotTo(HaveOccurred()) 62 63 namespace = os.Getenv("OPERATOR_NAMESPACE") 64 if namespace == "" { 65 namespace = "operator-test" 66 } 67 mgr, err := manager.New(cfg, manager.Options{ 68 Namespace: namespace, 69 }) 70 Expect(err).NotTo(HaveOccurred()) 71 72 err = apis.AddToScheme(mgr.GetScheme()) 73 Expect(err).NotTo(HaveOccurred()) 74 go mgr.Start(signals.SetupSignalHandler()) 75 76 client = controllerclient.New(mgr.GetClient(), &global.ConfigSetter{}) 77 scheme = mgr.GetScheme() 78 79 kclient, err = kubernetes.NewForConfig(cfg) 80 Expect(err).NotTo(HaveOccurred()) 81 82 ns := &corev1.Namespace{} 83 ns.Name = namespace 84 err = client.Create(context.TODO(), ns) 85 Expect(err).NotTo(HaveOccurred()) 86 87 // Setup root server 88 root = SetupServer(rootDir, "", 7054, nil) 89 err = root.Start() 90 Expect(err).NotTo(HaveOccurred()) 91 92 // Setup intermediate server 93 tlsConfig := &tls.ServerTLSConfig{ 94 Enabled: true, 95 CertFile: tlsCertFile, 96 KeyFile: tlsKeyFile, 97 } 98 inter = SetupServer(interDir, "http://admin:adminpw@localhost:7054", 7055, tlsConfig) 99 err = inter.Start() 100 Expect(err).NotTo(HaveOccurred()) 101 }) 102 103 var _ = AfterSuite(func() { 104 err := root.Stop() 105 Expect(err).NotTo(HaveOccurred()) 106 107 err = inter.Stop() 108 Expect(err).NotTo(HaveOccurred()) 109 110 err = os.RemoveAll(rootDir) 111 Expect(err).NotTo(HaveOccurred()) 112 113 err = os.RemoveAll(interDir) 114 Expect(err).NotTo(HaveOccurred()) 115 116 ns := &corev1.Namespace{} 117 ns.Name = namespace 118 err = client.Delete(context.TODO(), ns) 119 Expect(err).NotTo(HaveOccurred()) 120 }) 121 122 func SetupServer(homeDir string, parentURL string, port int, tlsConfig *tls.ServerTLSConfig) *lib.Server { 123 affiliations := map[string]interface{}{ 124 "hyperledger": map[string]interface{}{ 125 "fabric": []string{"ledger", "orderer", "security"}, 126 "fabric-ca": nil, 127 "sdk": nil, 128 }, 129 "org2": []string{"dept1"}, 130 "org1": nil, 131 "org2dept1": nil, 132 } 133 profiles := map[string]*cfconfig.SigningProfile{ 134 "tls": &cfconfig.SigningProfile{ 135 Usage: []string{"signing", "key encipherment", "server auth", "client auth", "key agreement"}, 136 ExpiryString: "8760h", 137 }, 138 "ca": &cfconfig.SigningProfile{ 139 Usage: []string{"cert sign", "crl sign"}, 140 ExpiryString: "8760h", 141 CAConstraint: cfconfig.CAConstraint{ 142 IsCA: true, 143 MaxPathLen: 0, 144 }, 145 }, 146 } 147 defaultProfile := &cfconfig.SigningProfile{ 148 Usage: []string{"cert sign"}, 149 ExpiryString: "8760h", 150 } 151 srv := &lib.Server{ 152 Config: &lib.ServerConfig{ 153 Port: port, 154 Debug: true, 155 }, 156 CA: lib.CA{ 157 Config: &lib.CAConfig{ 158 Intermediate: lib.IntermediateCA{ 159 ParentServer: lib.ParentServer{ 160 URL: parentURL, 161 }, 162 }, 163 Affiliations: affiliations, 164 Registry: lib.CAConfigRegistry{ 165 MaxEnrollments: -1, 166 }, 167 Signing: &cfconfig.Signing{ 168 Profiles: profiles, 169 Default: defaultProfile, 170 }, 171 Version: "1.1.0", // The default test server/ca should use the latest version 172 }, 173 }, 174 HomeDir: homeDir, 175 } 176 177 if tlsConfig != nil { 178 srv.Config.TLS = *tlsConfig 179 } 180 // The bootstrap user's affiliation is the empty string, which 181 // means the user is at the affiliation root 182 err := srv.RegisterBootstrapUser("admin", "adminpw", "") 183 Expect(err).NotTo(HaveOccurred()) 184 185 return srv 186 }