github.com/verrazzano/verrazzano@v1.7.0/pkg/k8s/ready/certificates_test.go

github.com/verrazzano/verrazzano@v1.7.0/pkg/k8s/ready/certificates_test.go (about)

     1  // Copyright (c) 2022, 2023, Oracle and/or its affiliates.
     2  // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  package ready
     4  
     5  import (
     6  	"testing"
     7  	"time"
     8  
     9  	clustersv1alpha1 "github.com/verrazzano/verrazzano/application-operator/apis/clusters/v1alpha1"
    10  	vzapi "github.com/verrazzano/verrazzano/application-operator/apis/oam/v1alpha1"
    11  	"github.com/verrazzano/verrazzano/pkg/log/vzlog"
    12  	"k8s.io/apimachinery/pkg/runtime"
    13  	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
    14  
    15  	certv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
    16  	cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
    17  	"github.com/stretchr/testify/assert"
    18  	"github.com/verrazzano/verrazzano/platform-operator/apis/verrazzano/v1alpha1"
    19  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    20  	"k8s.io/apimachinery/pkg/types"
    21  	"sigs.k8s.io/controller-runtime/pkg/client/fake"
    22  )
    23  
    24  func getScheme() *runtime.Scheme {
    25  	var testScheme = runtime.NewScheme()
    26  	_ = clientgoscheme.AddToScheme(testScheme)
    27  
    28  	_ = vzapi.AddToScheme(testScheme)
    29  	_ = clustersv1alpha1.AddToScheme(testScheme)
    30  
    31  	_ = certv1.AddToScheme(testScheme)
    32  	return testScheme
    33  }
    34  
    35  // TestCheckCertificatesReady Tests the CertificatesAreReady func
    36  // GIVEN a Verrazzano instance with CertManager enabled
    37  // WHEN I call CertificatesAreReady with a list of cert names where both are ready
    38  // THEN false and an empty list of names is returned
    39  func TestCheckCertificatesReady(t *testing.T) {
    40  
    41  	certNames := []types.NamespacedName{
    42  		{Name: "mycert", Namespace: "verrazzano-system"},
    43  		{Name: "mycert2", Namespace: "verrazzano-system"},
    44  	}
    45  	cmDisabled := false // Validate this for the customer-managed-CM case to ensure we
    46  	issuerEnabled := true
    47  	vz := &v1alpha1.Verrazzano{
    48  		ObjectMeta: metav1.ObjectMeta{Namespace: "foo"},
    49  		Spec: v1alpha1.VerrazzanoSpec{
    50  			Components: v1alpha1.ComponentSpec{
    51  				CertManager:   &v1alpha1.CertManagerComponent{Enabled: &cmDisabled},
    52  				ClusterIssuer: &v1alpha1.ClusterIssuerComponent{Enabled: &issuerEnabled},
    53  			},
    54  		},
    55  	}
    56  
    57  	now := time.Now()
    58  	time1 := metav1.NewTime(now.Add(-300 * time.Second))
    59  	time2 := metav1.NewTime(now.Add(-180 * time.Second))
    60  	time3 := metav1.NewTime(now)
    61  
    62  	client := fake.NewClientBuilder().WithScheme(getScheme()).WithObjects(
    63  		&certv1.Certificate{
    64  			ObjectMeta: metav1.ObjectMeta{Name: certNames[0].Name, Namespace: certNames[0].Namespace},
    65  			Spec:       certv1.CertificateSpec{},
    66  			Status: certv1.CertificateStatus{
    67  				Conditions: []certv1.CertificateCondition{
    68  					{Type: certv1.CertificateConditionIssuing, Status: cmmeta.ConditionUnknown, LastTransitionTime: &time1},
    69  					{Type: certv1.CertificateConditionIssuing, Status: cmmeta.ConditionFalse, LastTransitionTime: &time2},
    70  					{Type: certv1.CertificateConditionReady, Status: cmmeta.ConditionTrue, LastTransitionTime: &time3},
    71  				},
    72  			},
    73  		},
    74  		&certv1.Certificate{
    75  			ObjectMeta: metav1.ObjectMeta{Name: certNames[1].Name, Namespace: certNames[1].Namespace},
    76  			Spec:       certv1.CertificateSpec{},
    77  			Status: certv1.CertificateStatus{
    78  				Conditions: []certv1.CertificateCondition{
    79  					{Type: certv1.CertificateConditionReady, Status: cmmeta.ConditionTrue, LastTransitionTime: &time3},
    80  				},
    81  			},
    82  		},
    83  	).Build()
    84  	allReady, notReadyCerts := CertificatesAreReady(client, vzlog.DefaultLogger(), vz, certNames)
    85  	assert.True(t, allReady)
    86  	assert.Len(t, notReadyCerts, 0)
    87  }
    88  
    89  // TestCheckCertificatesNotReady Tests the CertificatesAreReady func
    90  // GIVEN a Verrazzano instance with CertManager enabled
    91  // WHEN I call CertificatesAreReady with a list of cert names where one is ready and one isn't
    92  // THEN false and the returned list of names has the name of the cert that isn't ready
    93  func TestCheckCertificatesNotReady(t *testing.T) {
    94  
    95  	certNames := []types.NamespacedName{
    96  		{Name: "mycert", Namespace: "verrazzano-system"},
    97  		{Name: "mycert2", Namespace: "verrazzano-system"},
    98  	}
    99  	notReadyExpected := []types.NamespacedName{
   100  		certNames[1],
   101  	}
   102  	cmDisabled := false // Validate this for the customer-managed-CM case to ensure we
   103  	issuerEnabled := true
   104  	vz := &v1alpha1.Verrazzano{
   105  		ObjectMeta: metav1.ObjectMeta{Namespace: "foo"},
   106  		Spec: v1alpha1.VerrazzanoSpec{
   107  			Components: v1alpha1.ComponentSpec{
   108  				CertManager:   &v1alpha1.CertManagerComponent{Enabled: &cmDisabled},
   109  				ClusterIssuer: &v1alpha1.ClusterIssuerComponent{Enabled: &issuerEnabled},
   110  			},
   111  		},
   112  	}
   113  
   114  	now := time.Now()
   115  	time1 := metav1.NewTime(now.Add(-300 * time.Second))
   116  	time3 := metav1.NewTime(now)
   117  
   118  	client := fake.NewClientBuilder().WithScheme(getScheme()).WithObjects(
   119  		&certv1.Certificate{
   120  			ObjectMeta: metav1.ObjectMeta{Name: certNames[0].Name, Namespace: certNames[0].Namespace},
   121  			Spec:       certv1.CertificateSpec{},
   122  			Status: certv1.CertificateStatus{
   123  				Conditions: []certv1.CertificateCondition{
   124  					{Type: certv1.CertificateConditionIssuing, Status: cmmeta.ConditionUnknown, LastTransitionTime: &time1},
   125  					{Type: certv1.CertificateConditionReady, Status: cmmeta.ConditionTrue, LastTransitionTime: &time3},
   126  				},
   127  			},
   128  		},
   129  		&certv1.Certificate{
   130  			ObjectMeta: metav1.ObjectMeta{Name: certNames[1].Name, Namespace: certNames[1].Namespace},
   131  			Spec:       certv1.CertificateSpec{},
   132  			Status: certv1.CertificateStatus{
   133  				Conditions: []certv1.CertificateCondition{
   134  					{Type: certv1.CertificateConditionIssuing, Status: cmmeta.ConditionFalse, LastTransitionTime: &time3},
   135  				},
   136  			},
   137  		},
   138  	).Build()
   139  	allReady, notReadyActual := CertificatesAreReady(client, vzlog.DefaultLogger(), vz, certNames)
   140  	assert.False(t, allReady)
   141  	assert.Equal(t, notReadyExpected, notReadyActual)
   142  }
   143  
   144  // TestCheckCertificatesNotReadyCertManagerDisabled Tests the CertificatesAreReady func
   145  // GIVEN a Verrazzano instance with CertManager disabled
   146  // WHEN I call CertificatesAreReady with a non-empty certs list
   147  // THEN true and an empty list of names is returned
   148  func TestCheckCertificatesNotReadyCertManagerDisabled(t *testing.T) {
   149  	certNames := []types.NamespacedName{
   150  		{Name: "mycert", Namespace: "verrazzano-system"},
   151  		{Name: "mycert2", Namespace: "verrazzano-system"},
   152  	}
   153  
   154  	disabled := false // Validate this for the customer-managed-CM case to ensure we
   155  	vz := &v1alpha1.Verrazzano{
   156  		ObjectMeta: metav1.ObjectMeta{Namespace: "foo"},
   157  		Spec: v1alpha1.VerrazzanoSpec{
   158  			Components: v1alpha1.ComponentSpec{
   159  				CertManager:   &v1alpha1.CertManagerComponent{Enabled: &disabled},
   160  				ClusterIssuer: &v1alpha1.ClusterIssuerComponent{Enabled: &disabled},
   161  			},
   162  		},
   163  	}
   164  
   165  	//cmEnabled := false
   166  	//vz := &v1alpha1.Verrazzano{
   167  	//	ObjectMeta: metav1.ObjectMeta{Namespace: "foo"},
   168  	//	Spec: v1alpha1.VerrazzanoSpec{
   169  	//		Components: v1alpha1.ComponentSpec{
   170  	//			CertManager: &v1alpha1.CertManagerComponent{Enabled: &cmEnabled},
   171  	//		},
   172  	//	},
   173  	//}
   174  
   175  	client := fake.NewClientBuilder().WithScheme(getScheme()).Build()
   176  	allReady, notReadyActual := CertificatesAreReady(client, vzlog.DefaultLogger(), vz, certNames)
   177  	assert.True(t, allReady)
   178  	assert.Len(t, notReadyActual, 0)
   179  }
   180  
   181  // TestCheckCertificatesNotReadyNoCertsPassed Tests the CertificatesAreReady func
   182  // GIVEN a Verrazzano instance with CertManager enabled
   183  // WHEN I call CertificatesAreReady with an empty certs list
   184  // THEN true and an empty list of names is returned
   185  func TestCheckCertificatesNotReadyNoCertsPassed(t *testing.T) {
   186  	cmDisabled := false // Validate this for the customer-managed-CM case to ensure we
   187  	issuerEnabled := true
   188  	vz := &v1alpha1.Verrazzano{
   189  		ObjectMeta: metav1.ObjectMeta{Namespace: "foo"},
   190  		Spec: v1alpha1.VerrazzanoSpec{
   191  			Components: v1alpha1.ComponentSpec{
   192  				CertManager:   &v1alpha1.CertManagerComponent{Enabled: &cmDisabled},
   193  				ClusterIssuer: &v1alpha1.ClusterIssuerComponent{Enabled: &issuerEnabled},
   194  			},
   195  		},
   196  	}
   197  
   198  	client := fake.NewClientBuilder().WithScheme(getScheme()).Build()
   199  	allReady, notReady := CertificatesAreReady(client, vzlog.DefaultLogger(), vz, []types.NamespacedName{})
   200  	assert.Len(t, notReady, 0)
   201  	assert.True(t, allReady)
   202  }