github.com/IBM-Blockchain/fabric-operator@v1.0.4/integration/init/orderer_test.go (about) 1 /* 2 * Copyright contributors to the Hyperledger Fabric Operator project 3 * 4 * SPDX-License-Identifier: Apache-2.0 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); 7 * you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at: 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, software 13 * distributed under the License is distributed on an "AS IS" BASIS, 14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 * See the License for the specific language governing permissions and 16 * limitations under the License. 17 */ 18 19 package init 20 21 import ( 22 "context" 23 "os" 24 "path/filepath" 25 26 current "github.com/IBM-Blockchain/fabric-operator/api/v1beta1" 27 "github.com/IBM-Blockchain/fabric-operator/pkg/initializer/common/secretmanager" 28 initializer "github.com/IBM-Blockchain/fabric-operator/pkg/initializer/orderer" 29 ordererconfig "github.com/IBM-Blockchain/fabric-operator/pkg/initializer/orderer/config/v1" 30 baseorderer "github.com/IBM-Blockchain/fabric-operator/pkg/offering/base/orderer" 31 "github.com/IBM-Blockchain/fabric-operator/pkg/offering/base/peer/mocks" 32 . "github.com/onsi/ginkgo/v2" 33 . "github.com/onsi/gomega" 34 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 35 "k8s.io/utils/pointer" 36 ) 37 38 const ( 39 testDirOrderer = "orderer-init-test" 40 ) 41 42 var _ = Describe("Orderer init", func() { 43 var ( 44 err error 45 ordererInit *initializer.Initializer 46 instance *current.IBPOrderer 47 orderer *baseorderer.Node 48 ) 49 50 BeforeEach(func() { 51 ordererInit = &initializer.Initializer{ 52 Config: &initializer.Config{ 53 OUFile: filepath.Join(defaultConfigs, "orderer/ouconfig.yaml"), 54 }, 55 Client: client, 56 Scheme: scheme, 57 } 58 ordererInit.SecretManager = secretmanager.New(client, scheme, ordererInit.GetLabels) 59 60 orderer = &baseorderer.Node{ 61 Client: client, 62 Initializer: ordererInit, 63 DeploymentManager: &mocks.DeploymentManager{}, 64 } 65 66 }) 67 68 Context("msp spec", func() { 69 var ( 70 msp *current.MSP 71 ) 72 73 BeforeEach(func() { 74 msp = ¤t.MSP{ 75 KeyStore: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ3hRUXdSVFFpVUcwREo1UHoKQTJSclhIUEtCelkxMkxRa0MvbVlveWo1bEhDaFJBTkNBQVN5bE1YLzFqdDlmUGt1RTZ0anpvSTlQbGt4LzZuVQpCMHIvMU56TTdrYnBjUk8zQ3RIeXQ2TXlQR21FOUZUN29pYXphU3J1TW9JTDM0VGdBdUpIOU9ZWQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==", 76 SignCerts: testcert, 77 AdminCerts: []string{testcert}, 78 CACerts: []string{testcert}, 79 IntermediateCerts: []string{testcert}, 80 } 81 82 instance = ¤t.IBPOrderer{ 83 Spec: current.IBPOrdererSpec{ 84 Secret: ¤t.SecretSpec{ 85 MSP: ¤t.MSPSpec{ 86 Component: msp, 87 TLS: msp, 88 }, 89 }, 90 DisableNodeOU: pointer.Bool(true), 91 }, 92 } 93 instance.Namespace = namespace 94 instance.Name = "testorderer2node0" 95 96 err := client.Create(context.TODO(), instance) 97 Expect(err).NotTo(HaveOccurred()) 98 }) 99 100 Context("parses orderer msp", func() { 101 BeforeEach(func() { 102 ordererinit, err := ordererInit.GetInitOrderer(instance, "") 103 Expect(err).NotTo(HaveOccurred()) 104 105 oconfig, err := ordererconfig.ReadOrdererFile("../../defaultconfig/orderer/orderer.yaml") 106 Expect(err).NotTo(HaveOccurred()) 107 108 ordererinit.Config = oconfig 109 110 err = orderer.InitializeCreate(instance, ordererinit) 111 Expect(err).NotTo(HaveOccurred()) 112 }) 113 114 It("gets ecert crypto", func() { 115 By("creating a secret containing admin certs", func() { 116 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testorderer2node0-admincerts", metav1.GetOptions{}) 117 Expect(err).NotTo(HaveOccurred()) 118 Expect(len(secret.Data)).To(Equal(1)) 119 certBytes := secret.Data["admincert-0.pem"] 120 VerifyCertData(certBytes) 121 }) 122 123 By("creating a secret containing ca root certs", func() { 124 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testorderer2node0-cacerts", metav1.GetOptions{}) 125 Expect(err).NotTo(HaveOccurred()) 126 Expect(len(secret.Data)).To(Equal(1)) 127 certBytes := secret.Data["cacert-0.pem"] 128 VerifyCertData(certBytes) 129 }) 130 131 By("creating a secret containing ca intermediate certs", func() { 132 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testorderer2node0-intercerts", metav1.GetOptions{}) 133 Expect(err).NotTo(HaveOccurred()) 134 Expect(len(secret.Data)).To(Equal(1)) 135 certBytes := secret.Data["intercert-0.pem"] 136 VerifyCertData(certBytes) 137 }) 138 139 By("creating a secret containing signed cert", func() { 140 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testorderer2node0-signcert", metav1.GetOptions{}) 141 Expect(err).NotTo(HaveOccurred()) 142 Expect(len(secret.Data)).To(Equal(1)) 143 certBytes := secret.Data["cert.pem"] 144 VerifyCertData(certBytes) 145 }) 146 147 By("creating a secret containing private key", func() { 148 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testorderer2node0-keystore", metav1.GetOptions{}) 149 Expect(err).NotTo(HaveOccurred()) 150 Expect(len(secret.Data)).To(Equal(1)) 151 keyBytes := secret.Data["key.pem"] 152 VerifyKeyData(keyBytes) 153 }) 154 155 By("creating a secret containing TLS ca root certs", func() { 156 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "tls-testorderer2node0-cacerts", metav1.GetOptions{}) 157 Expect(err).NotTo(HaveOccurred()) 158 Expect(len(secret.Data)).To(Equal(1)) 159 certBytes := secret.Data["cacert-0.pem"] 160 VerifyCertData(certBytes) 161 }) 162 163 By("creating a secret containing TLS ca intermediate certs", func() { 164 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "tls-testorderer2node0-intercerts", metav1.GetOptions{}) 165 Expect(err).NotTo(HaveOccurred()) 166 Expect(len(secret.Data)).To(Equal(1)) 167 certBytes := secret.Data["intercert-0.pem"] 168 VerifyCertData(certBytes) 169 }) 170 171 By("creating a secret containing TLS signed cert", func() { 172 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "tls-testorderer2node0-signcert", metav1.GetOptions{}) 173 Expect(err).NotTo(HaveOccurred()) 174 Expect(len(secret.Data)).To(Equal(1)) 175 certBytes := secret.Data["cert.pem"] 176 VerifyCertData(certBytes) 177 }) 178 179 By("creating a secret containing TLS private key", func() { 180 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "tls-testorderer2node0-keystore", metav1.GetOptions{}) 181 Expect(err).NotTo(HaveOccurred()) 182 Expect(len(secret.Data)).To(Equal(1)) 183 keyBytes := secret.Data["key.pem"] 184 VerifyKeyData(keyBytes) 185 }) 186 }) 187 }) 188 }) 189 190 Context("enrollment spec", func() { 191 var ( 192 enrollment *current.Enrollment 193 ) 194 195 BeforeEach(func() { 196 enrollment = ¤t.Enrollment{ 197 CAHost: "localhost", 198 CAPort: "7055", 199 EnrollID: "admin", 200 EnrollSecret: "adminpw", 201 AdminCerts: []string{testcert}, 202 CATLS: ¤t.CATLS{ 203 CACert: testcert, 204 }, 205 } 206 207 instance = ¤t.IBPOrderer{ 208 Spec: current.IBPOrdererSpec{ 209 Secret: ¤t.SecretSpec{ 210 Enrollment: ¤t.EnrollmentSpec{ 211 Component: enrollment, 212 TLS: enrollment, 213 }, 214 }, 215 DisableNodeOU: pointer.Bool(true), 216 }, 217 } 218 instance.Namespace = namespace 219 instance.Name = "testorderer1node0" 220 221 err := client.Create(context.TODO(), instance) 222 Expect(err).NotTo(HaveOccurred()) 223 }) 224 225 AfterEach(func() { 226 err = os.RemoveAll(testDirOrderer) 227 Expect(err).NotTo(HaveOccurred()) 228 }) 229 230 Context("enrolls orderer with fabric ca server", func() { 231 BeforeEach(func() { 232 ordererinit, err := ordererInit.GetInitOrderer(instance, testDirOrderer) 233 Expect(err).NotTo(HaveOccurred()) 234 235 oconfig, err := ordererconfig.ReadOrdererFile("../../defaultconfig/orderer/orderer.yaml") 236 Expect(err).NotTo(HaveOccurred()) 237 238 ordererinit.Config = oconfig 239 240 err = orderer.InitializeCreate(instance, ordererinit) 241 Expect(err).NotTo(HaveOccurred()) 242 }) 243 244 It("gets enrollment crypto", func() { 245 By("creating a secret containing ca root certs", func() { 246 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testorderer1node0-cacerts", metav1.GetOptions{}) 247 Expect(err).NotTo(HaveOccurred()) 248 Expect(len(secret.Data)).To(Equal(1)) 249 certBytes := secret.Data["cacert-0.pem"] 250 VerifyCertData(certBytes) 251 }) 252 253 By("creating a secret containing ca intermediate certs", func() { 254 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testorderer1node0-intercerts", metav1.GetOptions{}) 255 Expect(err).NotTo(HaveOccurred()) 256 Expect(len(secret.Data)).To(Equal(1)) 257 certBytes := secret.Data["intercert-0.pem"] 258 VerifyCertData(certBytes) 259 }) 260 261 By("creating a secret containing signed cert", func() { 262 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testorderer1node0-signcert", metav1.GetOptions{}) 263 Expect(err).NotTo(HaveOccurred()) 264 Expect(len(secret.Data)).To(Equal(1)) 265 certBytes := secret.Data["cert.pem"] 266 VerifyCertData(certBytes) 267 }) 268 269 By("creating a secret containing private key", func() { 270 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testorderer1node0-keystore", metav1.GetOptions{}) 271 Expect(err).NotTo(HaveOccurred()) 272 Expect(len(secret.Data)).To(Equal(1)) 273 keyBytes := secret.Data["key.pem"] 274 VerifyKeyData(keyBytes) 275 }) 276 277 By("creating a secret containing TLS ca root certs", func() { 278 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "tls-testorderer1node0-cacerts", metav1.GetOptions{}) 279 Expect(err).NotTo(HaveOccurred()) 280 Expect(len(secret.Data)).To(Equal(1)) 281 certBytes := secret.Data["cacert-0.pem"] 282 VerifyCertData(certBytes) 283 }) 284 285 By("creating a secret containing TLS ca intermediate certs", func() { 286 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "tls-testorderer1node0-intercerts", metav1.GetOptions{}) 287 Expect(err).NotTo(HaveOccurred()) 288 Expect(len(secret.Data)).To(Equal(1)) 289 certBytes := secret.Data["intercert-0.pem"] 290 VerifyCertData(certBytes) 291 }) 292 293 By("creating a secret containing TLS signed cert", func() { 294 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "tls-testorderer1node0-signcert", metav1.GetOptions{}) 295 Expect(err).NotTo(HaveOccurred()) 296 Expect(len(secret.Data)).To(Equal(1)) 297 certBytes := secret.Data["cert.pem"] 298 VerifyCertData(certBytes) 299 }) 300 301 By("creating a secret containing TLS private key", func() { 302 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "tls-testorderer1node0-keystore", metav1.GetOptions{}) 303 Expect(err).NotTo(HaveOccurred()) 304 Expect(len(secret.Data)).To(Equal(1)) 305 keyBytes := secret.Data["key.pem"] 306 VerifyKeyData(keyBytes) 307 }) 308 }) 309 }) 310 }) 311 })