github.com/IBM-Blockchain/fabric-operator@v1.0.4/integration/init/peer_test.go (about) 1 /* 2 * Copyright contributors to the Hyperledger Fabric Operator project 3 * 4 * SPDX-License-Identifier: Apache-2.0 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); 7 * you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at: 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, software 13 * distributed under the License is distributed on an "AS IS" BASIS, 14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 * See the License for the specific language governing permissions and 16 * limitations under the License. 17 */ 18 19 package init 20 21 import ( 22 "context" 23 "crypto/x509" 24 "encoding/pem" 25 "os" 26 "path/filepath" 27 28 current "github.com/IBM-Blockchain/fabric-operator/api/v1beta1" 29 "github.com/IBM-Blockchain/fabric-operator/operatorconfig" 30 "github.com/IBM-Blockchain/fabric-operator/pkg/initializer/common/enroller" 31 initializer "github.com/IBM-Blockchain/fabric-operator/pkg/initializer/peer" 32 peerinit "github.com/IBM-Blockchain/fabric-operator/pkg/initializer/peer" 33 config "github.com/IBM-Blockchain/fabric-operator/pkg/initializer/peer/config/v1" 34 "github.com/IBM-Blockchain/fabric-operator/pkg/initializer/validator" 35 basepeer "github.com/IBM-Blockchain/fabric-operator/pkg/offering/base/peer" 36 "github.com/IBM-Blockchain/fabric-operator/pkg/offering/base/peer/mocks" 37 . "github.com/onsi/ginkgo/v2" 38 . "github.com/onsi/gomega" 39 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 40 "k8s.io/utils/pointer" 41 ) 42 43 const ( 44 testDir = "peer-init-test" 45 testcert = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNiekNDQWhhZ0F3SUJBZ0lVUE1MTUZ3cmMwZUV2ZlhWV3FEN0pCVnNrdVQ4d0NnWUlLb1pJemowRUF3SXcKYURFTE1Ba0dBMVVFQmhNQ1ZWTXhGekFWQmdOVkJBZ1REazV2Y25Sb0lFTmhjbTlzYVc1aE1SUXdFZ1lEVlFRSwpFd3RJZVhCbGNteGxaR2RsY2pFUE1BMEdBMVVFQ3hNR1JtRmljbWxqTVJrd0Z3WURWUVFERXhCbVlXSnlhV010ClkyRXRjMlZ5ZG1WeU1CNFhEVEl3TVRBd09ERTNNelF3TUZvWERUSTFNVEF3TnpFM016UXdNRm93YnpFTE1Ba0cKQTFVRUJoTUNWVk14RnpBVkJnTlZCQWdURGs1dmNuUm9JRU5oY205c2FXNWhNUlF3RWdZRFZRUUtFd3RJZVhCbApjbXhsWkdkbGNqRVBNQTBHQTFVRUN4TUdSbUZpY21sak1TQXdIZ1lEVlFRREV4ZFRZV0ZrY3kxTllXTkNiMjlyCkxWQnlieTVzYjJOaGJEQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJLcHdXMTNsY2hBbXBuVlUKbWZXUi9TYXR5b3hSYkpZL1ZtZDQ3RlZtVFRRelA2b3phczlrdzdZZFU4cHV1U0JSWlV5c2paS29nNlpJaFAxaQpwcmt0VmlHamdaWXdnWk13RGdZRFZSMFBBUUgvQkFRREFnT29NQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CCkJnZ3JCZ0VGQlFjREFqQU1CZ05WSFJNQkFmOEVBakFBTUIwR0ExVWREZ1FXQkJRQVJWTlVRU0dCVEJvbmhTa3gKSDNVK3VtYlg5akFmQmdOVkhTTUVHREFXZ0JSWkdVRktPNk9qL2NXY29vUFVxM1p1blBUeWpqQVVCZ05WSFJFRQpEVEFMZ2dsc2IyTmhiR2h2YzNRd0NnWUlLb1pJemowRUF3SURSd0F3UkFJZ2ExZk9Od3VicWFlVWlPNGdhVjZICld1QW9TQ1haU2NTNWNkWEo1WUJER2djQ0lGNUNPQVNzekZJbEJBSTJ1VnltaHVhWnlyVFJIVEZHUzJ5OHBPMWcKSG5VNgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" 46 defaultConfigs = "../../defaultconfig" 47 ) 48 49 var _ = Describe("Peer init", func() { 50 var ( 51 err error 52 peerInit *initializer.Initializer 53 instance *current.IBPPeer 54 peer *basepeer.Peer 55 ) 56 57 BeforeEach(func() { 58 peer = &basepeer.Peer{ 59 Client: client, 60 Initializer: peerInit, 61 DeploymentManager: &mocks.DeploymentManager{}, 62 Config: &operatorconfig.Config{ 63 PeerInitConfig: &peerinit.Config{}, 64 }, 65 } 66 67 config := &initializer.Config{ 68 OUFile: filepath.Join(defaultConfigs, "peer/ouconfig.yaml"), 69 CorePeerFile: filepath.Join(defaultConfigs, "peer/core.yaml"), 70 CorePeerV2File: filepath.Join(defaultConfigs, "peer/v2/core.yaml"), 71 } 72 validator := &validator.Validator{ 73 Client: client, 74 } 75 76 peerInit = initializer.New(config, scheme, client, peer.GetLabels, validator, enroller.HSMEnrollJobTimeouts{}) 77 peer.Initializer = peerInit 78 }) 79 80 Context("msp spec", func() { 81 var ( 82 msp *current.MSP 83 ) 84 85 BeforeEach(func() { 86 msp = ¤t.MSP{ 87 KeyStore: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ3hRUXdSVFFpVUcwREo1UHoKQTJSclhIUEtCelkxMkxRa0MvbVlveWo1bEhDaFJBTkNBQVN5bE1YLzFqdDlmUGt1RTZ0anpvSTlQbGt4LzZuVQpCMHIvMU56TTdrYnBjUk8zQ3RIeXQ2TXlQR21FOUZUN29pYXphU3J1TW9JTDM0VGdBdUpIOU9ZWQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==", 88 SignCerts: testcert, 89 AdminCerts: []string{testcert}, 90 CACerts: []string{testcert}, 91 IntermediateCerts: []string{testcert}, 92 } 93 94 instance = ¤t.IBPPeer{ 95 Spec: current.IBPPeerSpec{ 96 Secret: ¤t.SecretSpec{ 97 MSP: ¤t.MSPSpec{ 98 Component: msp, 99 TLS: msp, 100 }, 101 }, 102 DisableNodeOU: pointer.Bool(true), 103 }, 104 } 105 instance.Namespace = namespace 106 instance.Name = "testpeer2" 107 108 err := client.Create(context.TODO(), instance) 109 Expect(err).NotTo(HaveOccurred()) 110 111 }) 112 113 Context("parses peer msp", func() { 114 BeforeEach(func() { 115 peerinit, err := peerInit.GetInitPeer(instance, "") 116 Expect(err).NotTo(HaveOccurred()) 117 peerinit.Config = &config.Core{} 118 119 err = peer.InitializeCreate(instance, peerinit) 120 Expect(err).NotTo(HaveOccurred()) 121 }) 122 123 It("gets ecert crypto", func() { 124 By("creating a secret containing admin certs", func() { 125 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testpeer2-admincerts", metav1.GetOptions{}) 126 Expect(err).NotTo(HaveOccurred()) 127 Expect(len(secret.Data)).To(Equal(1)) 128 certBytes := secret.Data["admincert-0.pem"] 129 VerifyCertData(certBytes) 130 }) 131 132 By("creating a secret containing ca root certs", func() { 133 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testpeer2-cacerts", metav1.GetOptions{}) 134 Expect(err).NotTo(HaveOccurred()) 135 Expect(len(secret.Data)).To(Equal(1)) 136 certBytes := secret.Data["cacert-0.pem"] 137 VerifyCertData(certBytes) 138 }) 139 140 By("creating a secret containing ca intermediate certs", func() { 141 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testpeer2-intercerts", metav1.GetOptions{}) 142 Expect(err).NotTo(HaveOccurred()) 143 Expect(len(secret.Data)).To(Equal(1)) 144 certBytes := secret.Data["intercert-0.pem"] 145 VerifyCertData(certBytes) 146 }) 147 148 By("creating a secret containing signed cert", func() { 149 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testpeer2-signcert", metav1.GetOptions{}) 150 Expect(err).NotTo(HaveOccurred()) 151 Expect(len(secret.Data)).To(Equal(1)) 152 certBytes := secret.Data["cert.pem"] 153 VerifyCertData(certBytes) 154 }) 155 156 By("creating a secret containing private key", func() { 157 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testpeer2-keystore", metav1.GetOptions{}) 158 Expect(err).NotTo(HaveOccurred()) 159 Expect(len(secret.Data)).To(Equal(1)) 160 keyBytes := secret.Data["key.pem"] 161 VerifyKeyData(keyBytes) 162 }) 163 164 By("creating a secret containing TLS ca root certs", func() { 165 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "tls-testpeer2-cacerts", metav1.GetOptions{}) 166 Expect(err).NotTo(HaveOccurred()) 167 Expect(len(secret.Data)).To(Equal(1)) 168 certBytes := secret.Data["cacert-0.pem"] 169 VerifyCertData(certBytes) 170 }) 171 172 By("creating a secret containing TLS ca intermediate certs", func() { 173 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "tls-testpeer2-intercerts", metav1.GetOptions{}) 174 Expect(err).NotTo(HaveOccurred()) 175 Expect(len(secret.Data)).To(Equal(1)) 176 certBytes := secret.Data["intercert-0.pem"] 177 VerifyCertData(certBytes) 178 }) 179 180 By("creating a secret containing TLS signed cert", func() { 181 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "tls-testpeer2-signcert", metav1.GetOptions{}) 182 Expect(err).NotTo(HaveOccurred()) 183 Expect(len(secret.Data)).To(Equal(1)) 184 certBytes := secret.Data["cert.pem"] 185 VerifyCertData(certBytes) 186 }) 187 188 By("creating a secret containing TLS private key", func() { 189 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "tls-testpeer2-keystore", metav1.GetOptions{}) 190 Expect(err).NotTo(HaveOccurred()) 191 Expect(len(secret.Data)).To(Equal(1)) 192 keyBytes := secret.Data["key.pem"] 193 VerifyKeyData(keyBytes) 194 }) 195 }) 196 }) 197 }) 198 199 Context("enrollment spec", func() { 200 var ( 201 enrollment *current.Enrollment 202 ) 203 204 BeforeEach(func() { 205 enrollment = ¤t.Enrollment{ 206 CAHost: "localhost", 207 CAPort: "7055", 208 EnrollID: "admin", 209 EnrollSecret: "adminpw", 210 AdminCerts: []string{testcert}, 211 CATLS: ¤t.CATLS{ 212 CACert: testcert, 213 }, 214 } 215 216 instance = ¤t.IBPPeer{ 217 Spec: current.IBPPeerSpec{ 218 Secret: ¤t.SecretSpec{ 219 Enrollment: ¤t.EnrollmentSpec{ 220 Component: enrollment, 221 TLS: enrollment, 222 }, 223 }, 224 DisableNodeOU: pointer.Bool(true), 225 }, 226 } 227 instance.Namespace = namespace 228 instance.Name = "testpeer1" 229 230 err := client.Create(context.TODO(), instance) 231 Expect(err).NotTo(HaveOccurred()) 232 }) 233 234 AfterEach(func() { 235 err = os.RemoveAll(testDir) 236 Expect(err).NotTo(HaveOccurred()) 237 }) 238 239 Context("enrolls peer with fabric ca server", func() { 240 BeforeEach(func() { 241 peerinit, err := peerInit.GetInitPeer(instance, testDir) 242 Expect(err).NotTo(HaveOccurred()) 243 peerinit.Config = &config.Core{} 244 245 err = peer.InitializeCreate(instance, peerinit) 246 Expect(err).NotTo(HaveOccurred()) 247 }) 248 249 It("gets enrollment crypto", func() { 250 By("creating a secret containing admin certs", func() { 251 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testpeer1-admincerts", metav1.GetOptions{}) 252 Expect(err).NotTo(HaveOccurred()) 253 Expect(len(secret.Data)).To(Equal(1)) 254 certBytes := secret.Data["admincert-0.pem"] 255 VerifyCertData(certBytes) 256 }) 257 258 By("creating a secret containing ca root certs", func() { 259 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testpeer1-cacerts", metav1.GetOptions{}) 260 Expect(err).NotTo(HaveOccurred()) 261 Expect(len(secret.Data)).To(Equal(1)) 262 certBytes := secret.Data["cacert-0.pem"] 263 VerifyCertData(certBytes) 264 }) 265 266 By("creating a secret containing ca intermediate certs", func() { 267 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testpeer1-intercerts", metav1.GetOptions{}) 268 Expect(err).NotTo(HaveOccurred()) 269 Expect(len(secret.Data)).To(Equal(1)) 270 certBytes := secret.Data["intercert-0.pem"] 271 VerifyCertData(certBytes) 272 }) 273 274 By("creating a secret containing signed cert", func() { 275 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testpeer1-signcert", metav1.GetOptions{}) 276 Expect(err).NotTo(HaveOccurred()) 277 Expect(len(secret.Data)).To(Equal(1)) 278 certBytes := secret.Data["cert.pem"] 279 VerifyCertData(certBytes) 280 }) 281 282 By("creating a secret containing private key", func() { 283 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "ecert-testpeer1-keystore", metav1.GetOptions{}) 284 Expect(err).NotTo(HaveOccurred()) 285 Expect(len(secret.Data)).To(Equal(1)) 286 keyBytes := secret.Data["key.pem"] 287 VerifyKeyData(keyBytes) 288 }) 289 290 By("creating a secret containing TLS ca root certs", func() { 291 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "tls-testpeer1-cacerts", metav1.GetOptions{}) 292 Expect(err).NotTo(HaveOccurred()) 293 Expect(len(secret.Data)).To(Equal(1)) 294 certBytes := secret.Data["cacert-0.pem"] 295 VerifyCertData(certBytes) 296 }) 297 298 By("creating a secret containing TLS ca intermediate certs", func() { 299 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "tls-testpeer1-intercerts", metav1.GetOptions{}) 300 Expect(err).NotTo(HaveOccurred()) 301 Expect(len(secret.Data)).To(Equal(1)) 302 certBytes := secret.Data["intercert-0.pem"] 303 VerifyCertData(certBytes) 304 }) 305 306 By("creating a secret containing TLS signed cert", func() { 307 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "tls-testpeer1-signcert", metav1.GetOptions{}) 308 Expect(err).NotTo(HaveOccurred()) 309 Expect(len(secret.Data)).To(Equal(1)) 310 certBytes := secret.Data["cert.pem"] 311 VerifyCertData(certBytes) 312 }) 313 314 By("creating a secret containing TLS private key", func() { 315 secret, err := kclient.CoreV1().Secrets(namespace).Get(context.TODO(), "tls-testpeer1-keystore", metav1.GetOptions{}) 316 Expect(err).NotTo(HaveOccurred()) 317 Expect(len(secret.Data)).To(Equal(1)) 318 keyBytes := secret.Data["key.pem"] 319 VerifyKeyData(keyBytes) 320 }) 321 }) 322 }) 323 }) 324 }) 325 326 func VerifyKeyData(data []byte) { 327 block, _ := pem.Decode(data) 328 Expect(block).NotTo(BeNil()) 329 _, err := x509.ParsePKCS8PrivateKey(block.Bytes) 330 Expect(err).NotTo(HaveOccurred()) 331 } 332 333 func VerifyCertData(data []byte) { 334 block, _ := pem.Decode(data) 335 Expect(block).NotTo(BeNil()) 336 _, err := x509.ParseCertificate(block.Bytes) 337 Expect(err).NotTo(HaveOccurred()) 338 }