github.com/IBM-Blockchain/fabric-operator@v1.0.4/pkg/initializer/common/secretmanager/secretmanager_test.go (about) 1 /* 2 * Copyright contributors to the Hyperledger Fabric Operator project 3 * 4 * SPDX-License-Identifier: Apache-2.0 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); 7 * you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at: 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, software 13 * distributed under the License is distributed on an "AS IS" BASIS, 14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 * See the License for the specific language governing permissions and 16 * limitations under the License. 17 */ 18 19 package secretmanager_test 20 21 import ( 22 "context" 23 "errors" 24 25 . "github.com/onsi/ginkgo/v2" 26 . "github.com/onsi/gomega" 27 corev1 "k8s.io/api/core/v1" 28 v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 29 "k8s.io/apimachinery/pkg/runtime" 30 "k8s.io/apimachinery/pkg/types" 31 "sigs.k8s.io/controller-runtime/pkg/client" 32 33 current "github.com/IBM-Blockchain/fabric-operator/api/v1beta1" 34 controllermocks "github.com/IBM-Blockchain/fabric-operator/controllers/mocks" 35 "github.com/IBM-Blockchain/fabric-operator/pkg/initializer/common/config" 36 "github.com/IBM-Blockchain/fabric-operator/pkg/initializer/common/secretmanager" 37 ) 38 39 var _ = Describe("Secretmanager", func() { 40 Context("generate secrets", func() { 41 var ( 42 resp *config.Response 43 mockClient *controllermocks.Client 44 instance v1.Object 45 secretManager *secretmanager.SecretManager 46 ) 47 48 BeforeEach(func() { 49 mockClient = &controllermocks.Client{} 50 instance = ¤t.IBPPeer{} 51 52 getLabels := func(instance v1.Object) map[string]string { 53 return map[string]string{} 54 } 55 secretManager = secretmanager.New(mockClient, runtime.NewScheme(), getLabels) 56 57 resp = &config.Response{ 58 CACerts: [][]byte{[]byte("cacert")}, 59 IntermediateCerts: [][]byte{[]byte("intercert")}, 60 AdminCerts: [][]byte{[]byte("admincert")}, 61 SignCert: []byte("signcert"), 62 Keystore: []byte("key"), 63 } 64 65 mockClient.GetStub = func(ctx context.Context, types types.NamespacedName, obj client.Object) error { 66 o := obj.(*corev1.Secret) 67 switch types.Name { 68 case "ecert-" + instance.GetName() + "-signcert": 69 o.Name = "ecert-" + instance.GetName() + "-signcert" 70 o.Namespace = instance.GetNamespace() 71 o.Data = map[string][]byte{"cert.pem": []byte("signcert")} 72 case "ecert-" + instance.GetName() + "-keystore": 73 o.Name = "ecert-" + instance.GetName() + "-keystore" 74 o.Namespace = instance.GetNamespace() 75 o.Data = map[string][]byte{"key.pem": []byte("key")} 76 case "ecert-" + instance.GetName() + "-admincerts": 77 o.Name = "ecert-" + instance.GetName() + "-admincerts" 78 o.Namespace = instance.GetNamespace() 79 o.Data = map[string][]byte{ 80 "admincert-0.pem": []byte("admincert"), 81 "admincert-1.pem": []byte("admincert"), 82 } 83 } 84 return nil 85 } 86 }) 87 88 Context("admin certs secret", func() { 89 It("returns an error on failure", func() { 90 msg := "admin certs error" 91 mockClient.CreateOrUpdateReturnsOnCall(0, errors.New(msg)) 92 93 err := secretManager.GenerateSecrets("ecert", instance, resp) 94 Expect(err).To(HaveOccurred()) 95 Expect(err.Error()).To(ContainSubstring("failed to create admin certs secret: " + msg)) 96 }) 97 98 It("generates ecert admin cert secret", func() { 99 err := secretManager.GenerateSecrets("ecert", instance, resp) 100 Expect(err).NotTo(HaveOccurred()) 101 Expect(mockClient.CreateOrUpdateCallCount()).To(Equal(5)) 102 }) 103 104 It("does not generate tls admin cert secret", func() { 105 err := secretManager.GenerateSecrets("tls", instance, resp) 106 Expect(err).NotTo(HaveOccurred()) 107 Expect(mockClient.CreateOrUpdateCallCount()).To(Equal(4)) 108 }) 109 }) 110 111 Context("ca certs secret", func() { 112 It("returns an error on failure", func() { 113 msg := "ca certs error" 114 mockClient.CreateOrUpdateReturnsOnCall(1, errors.New(msg)) 115 116 err := secretManager.GenerateSecrets("ecert", instance, resp) 117 Expect(err).To(HaveOccurred()) 118 Expect(err.Error()).To(ContainSubstring("failed to create ca certs secret: " + msg)) 119 }) 120 121 It("generates", func() { 122 err := secretManager.GenerateSecrets("ecert", instance, resp) 123 Expect(err).NotTo(HaveOccurred()) 124 }) 125 }) 126 127 Context("intermediate certs secret", func() { 128 It("returns an error on failure", func() { 129 msg := "intermediate certs error" 130 mockClient.CreateOrUpdateReturnsOnCall(2, errors.New(msg)) 131 132 err := secretManager.GenerateSecrets("ecert", instance, resp) 133 Expect(err).To(HaveOccurred()) 134 Expect(err.Error()).To(ContainSubstring("failed to create intermediate ca certs secret: " + msg)) 135 }) 136 137 It("generates", func() { 138 err := secretManager.GenerateSecrets("ecert", instance, resp) 139 Expect(err).NotTo(HaveOccurred()) 140 }) 141 }) 142 143 Context("sign certs secret", func() { 144 It("returns an error on failure", func() { 145 msg := "sign certs error" 146 mockClient.CreateOrUpdateReturnsOnCall(3, errors.New(msg)) 147 148 err := secretManager.GenerateSecrets("ecert", instance, resp) 149 Expect(err).To(HaveOccurred()) 150 Expect(err.Error()).To(ContainSubstring("failed to create signing cert secret: " + msg)) 151 }) 152 153 It("generates", func() { 154 err := secretManager.GenerateSecrets("ecert", instance, resp) 155 Expect(err).NotTo(HaveOccurred()) 156 }) 157 }) 158 159 Context("key secret", func() { 160 It("returns an error on failure", func() { 161 msg := "key error" 162 mockClient.CreateOrUpdateReturnsOnCall(4, errors.New(msg)) 163 164 err := secretManager.GenerateSecrets("ecert", instance, resp) 165 Expect(err).To(HaveOccurred()) 166 Expect(err.Error()).To(ContainSubstring("failed to create key secret: " + msg)) 167 }) 168 169 It("generates", func() { 170 err := secretManager.GenerateSecrets("ecert", instance, resp) 171 Expect(err).NotTo(HaveOccurred()) 172 }) 173 }) 174 175 Context("get crypto from secret", func() { 176 It("returns an error if failed to get secret", func() { 177 mockClient.GetReturns(errors.New("get error")) 178 _, err := secretManager.GetCryptoFromSecrets("ecert", instance) 179 Expect(err).To(HaveOccurred()) 180 }) 181 182 It("returns crypto response from tls cert secrets", func() { 183 tlscrypto, err := secretManager.GetCryptoFromSecrets("ecert", instance) 184 Expect(err).NotTo(HaveOccurred()) 185 Expect(tlscrypto).NotTo(BeNil()) 186 187 Expect(tlscrypto.AdminCerts).To(Equal([][]byte{[]byte("admincert"), []byte("admincert")})) 188 Expect(tlscrypto.SignCert).To(Equal([]byte("signcert"))) 189 Expect(tlscrypto.Keystore).To(Equal([]byte("key"))) 190 }) 191 }) 192 }) 193 194 })