1
16
17 package create
18
19 import (
20 "os"
21 "path"
22 "testing"
23
24 corev1 "k8s.io/api/core/v1"
25 apiequality "k8s.io/apimachinery/pkg/api/equality"
26 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
27 )
28
29 var rsaCertPEM = `-----BEGIN CERTIFICATE-----
30 MIIB0zCCAX2gAwIBAgIJAI/M7BYjwB+uMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
31 BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
32 aWRnaXRzIFB0eSBMdGQwHhcNMTIwOTEyMjE1MjAyWhcNMTUwOTEyMjE1MjAyWjBF
33 MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
34 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANLJ
35 hPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wok/4xIA+ui35/MmNa
36 rtNuC+BdZ1tMuVCPFZcCAwEAAaNQME4wHQYDVR0OBBYEFJvKs8RfJaXTH08W+SGv
37 zQyKn0H8MB8GA1UdIwQYMBaAFJvKs8RfJaXTH08W+SGvzQyKn0H8MAwGA1UdEwQF
38 MAMBAf8wDQYJKoZIhvcNAQEFBQADQQBJlffJHybjDGxRMqaRmDhX0+6v02TUKZsW
39 r5QuVbpQhH6u+0UgcW0jp9QwpxoPTLTWGXEWBBBurxFwiCBhkQ+V
40 -----END CERTIFICATE-----
41 `
42
43 var rsaKeyPEM = `-----BEGIN RSA PRIVATE KEY-----
44 MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo
45 k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G
46 6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N
47 MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW
48 SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T
49 xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi
50 D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g==
51 -----END RSA PRIVATE KEY-----
52 `
53
54 const mismatchRSAKeyPEM = `-----BEGIN PRIVATE KEY-----
55 MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC/665h55hWD4V2
56 kiQ+B/G9NNfBw69eBibEhI9vWkPUyn36GO2r3HPtRE63wBfFpV486ns9DoZnnAYE
57 JaGjVNCCqS5tQyMBWp843o66KBrEgBpuddChigvyul33FhD1ImFnN+Vy0ajOJ+1/
58 Zai28zBXWbxCWEbqz7s8e2UsPlBd0Caj4gcd32yD2BwiHqzB8odToWRUT7l+pS8R
59 qA1BruQvtjEIrcoWVlE170ZYe7+Apm96A+WvtVRkozPynxHF8SuEiw4hAh0lXR6b
60 4zZz4tZVV8ev2HpffveV/68GiCyeFDbglqd4sZ/Iga/rwu7bVY/BzFApHwu2hmmV
61 XLnaa3uVAgMBAAECggEAG+kvnCdtPR7Wvw6z3J2VJ3oW4qQNzfPBEZVhssUC1mB4
62 f7W+Yt8VsOzdMdXq3yCUmvFS6OdC3rCPI21Bm5pLFKV8DgHUhm7idwfO4/3PHsKu
63 lV/m7odAA5Xc8oEwCCZu2e8EHHWnQgwGex+SsMCfSCTRvyhNb/qz9TDQ3uVVFL9e
64 9a4OKqZl/GlRspJSuXhy+RSVulw9NjeX1VRjIbhqpdXAmQNXgShA+gZSQh8T/tgv
65 XQYsMtg+FUDvcunJQf4OW5BY7IenYBV/GvsnJU8L7oD0wjNSAwe/iLKqV/NpYhre
66 QR4DsGnmoRYlUlHdHFTTJpReDjWm+vH3T756yDdFAQKBgQD2/sP5dM/aEW7Z1TgS
67 TG4ts1t8Rhe9escHxKZQR81dfOxBeCJMBDm6ySfR8rvyUM4VsogxBL/RhRQXsjJM
68 7wN08MhdiXG0J5yy/oNo8W6euD8m8Mk1UmqcZjSgV4vA7zQkvkr6DRJdybKsT9mE
69 jouEwev8sceS6iBpPw/+Ws8z1QKBgQDG6uYHMfMcS844xKQQWhargdN2XBzeG6TV
70 YXfNFstNpD84d9zIbpG/AKJF8fKrseUhXkJhkDjFGJTriD3QQsntOFaDOrHMnveV
71 zGzvC4OTFUUFHe0SVJ0HuLf8YCHoZ+DXEeCKCN6zBXnUue+bt3NvLOf2yN5o9kYx
72 SIa8O1vIwQKBgEdONXWG65qg/ceVbqKZvhUjen3eHmxtTZhIhVsX34nlzq73567a
73 aXArMnvB/9Bs05IgAIFmRZpPOQW+RBdByVWxTabzTwgbh3mFUJqzWKQpvNGZIf1q
74 1axhNUA1BfulEwCojyyxKWQ6HoLwanOCU3T4JxDEokEfpku8EPn1bWwhAoGAAN8A
75 eOGYHfSbB5ac3VF3rfKYmXkXy0U1uJV/r888vq9Mc5PazKnnS33WOBYyKNxTk4zV
76 H5ZBGWPdKxbipmnUdox7nIGCS9IaZXaKt5VGUzuRnM8fvafPNDxz2dAV9e2Wh3qV
77 kCUvzHrmqK7TxMvN3pvEvEju6GjDr+2QYXylD0ECgYAGK5r+y+EhtKkYFLeYReUt
78 znvSsWq+JCQH/cmtZLaVOldCaMRL625hSl3XPPcMIHE14xi3d4njoXWzvzPcg8L6
79 vNXk3GiNldACS+vwk4CwEqe5YlZRm5doD07wIdsg2zRlnKsnXNM152OwgmcchDul
80 rLTt0TTazzwBCgCD0Jkoqg==
81 -----END PRIVATE KEY-----`
82
83 func TestCreateSecretTLS(t *testing.T) {
84
85 validCertTmpDir := t.TempDir()
86 validKeyPath, validCertPath := writeKeyPair(validCertTmpDir, rsaKeyPEM, rsaCertPEM, t)
87
88 invalidCertTmpDir := t.TempDir()
89 invalidKeyPath, invalidCertPath := writeKeyPair(invalidCertTmpDir, "test", "test", t)
90
91 mismatchCertTmpDir := t.TempDir()
92 mismatchKeyPath, mismatchCertPath := writeKeyPair(mismatchCertTmpDir, rsaKeyPEM, mismatchRSAKeyPEM, t)
93
94 tests := map[string]struct {
95 tlsSecretName string
96 tlsKey string
97 tlsCert string
98 appendHash bool
99 expected *corev1.Secret
100 expectErr bool
101 }{
102 "create_secret_tls": {
103 tlsSecretName: "foo",
104 tlsKey: validKeyPath,
105 tlsCert: validCertPath,
106 expected: &corev1.Secret{
107 TypeMeta: metav1.TypeMeta{
108 APIVersion: corev1.SchemeGroupVersion.String(),
109 Kind: "Secret",
110 },
111 ObjectMeta: metav1.ObjectMeta{
112 Name: "foo",
113 },
114 Type: corev1.SecretTypeTLS,
115 Data: map[string][]byte{
116 corev1.TLSPrivateKeyKey: []byte(rsaKeyPEM),
117 corev1.TLSCertKey: []byte(rsaCertPEM),
118 },
119 },
120 expectErr: false,
121 },
122 "create_secret_tls_hash": {
123 tlsSecretName: "foo",
124 tlsKey: validKeyPath,
125 tlsCert: validCertPath,
126 appendHash: true,
127 expected: &corev1.Secret{
128 TypeMeta: metav1.TypeMeta{
129 APIVersion: corev1.SchemeGroupVersion.String(),
130 Kind: "Secret",
131 },
132 ObjectMeta: metav1.ObjectMeta{
133 Name: "foo-272h6tt825",
134 },
135 Type: corev1.SecretTypeTLS,
136 Data: map[string][]byte{
137 corev1.TLSPrivateKeyKey: []byte(rsaKeyPEM),
138 corev1.TLSCertKey: []byte(rsaCertPEM),
139 },
140 },
141 expectErr: false,
142 },
143 "create_secret_invalid_tls": {
144 tlsSecretName: "foo",
145 tlsKey: invalidKeyPath,
146 tlsCert: invalidCertPath,
147 expectErr: true,
148 },
149 "create_secret_mismatch_tls": {
150 tlsSecretName: "foo",
151 tlsKey: mismatchKeyPath,
152 tlsCert: mismatchCertPath,
153 expectErr: true,
154 },
155 "create_invalid_filepath_and_certpath_secret_tls": {
156 tlsSecretName: "foo",
157 tlsKey: "testKeyPath",
158 tlsCert: "testCertPath",
159 expectErr: true,
160 },
161 }
162
163
164 for name, test := range tests {
165 t.Run(name, func(t *testing.T) {
166 secretTLSOptions := CreateSecretTLSOptions{
167 Name: test.tlsSecretName,
168 Key: test.tlsKey,
169 Cert: test.tlsCert,
170 AppendHash: test.appendHash,
171 }
172 secretTLS, err := secretTLSOptions.createSecretTLS()
173
174 if !test.expectErr && err != nil {
175 t.Errorf("test %s, unexpected error: %v", name, err)
176 }
177 if test.expectErr && err == nil {
178 t.Errorf("test %s was expecting an error but no error occurred", name)
179 }
180 if !apiequality.Semantic.DeepEqual(secretTLS, test.expected) {
181 t.Errorf("test %s\n expected:\n%#v\ngot:\n%#v", name, test.expected, secretTLS)
182 }
183 })
184 }
185 }
186
187 func write(path, contents string, t *testing.T) {
188 f, err := os.Create(path)
189 if err != nil {
190 t.Fatalf("Failed to create %v.", path)
191 }
192 defer f.Close()
193 _, err = f.WriteString(contents)
194 if err != nil {
195 t.Fatalf("Failed to write to %v.", path)
196 }
197 }
198
199 func writeKeyPair(tmpDirPath, key, cert string, t *testing.T) (keyPath, certPath string) {
200 keyPath = path.Join(tmpDirPath, "tls.key")
201 certPath = path.Join(tmpDirPath, "tls.cert")
202 write(keyPath, key, t)
203 write(certPath, cert, t)
204 return
205 }
206
View as plain text