From ea81ed1dc1bc0fdb92ae4eb1e93b97c2db00022f Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Sat, 11 Feb 2023 18:08:23 +0200 Subject: [PATCH] finish secret creation of certificate --- .../tests/certificate/data_test.yaml | 30 ++++++++ .../tests/certificate/metadata_test.yaml | 4 + .../tests/certificate/name_test.yaml | 7 ++ .../tests/certificate/validation_test.yaml | 77 +++++++++++++++++++ .../common/1.0.0/templates/class/_secret.tpl | 3 +- .../templates/lib/certificate/_getData.tpl | 27 +++++++ .../1.0.0/templates/spawner/_certificate.tpl | 4 +- 7 files changed, 150 insertions(+), 2 deletions(-) create mode 100644 library/common-test/tests/certificate/data_test.yaml diff --git a/library/common-test/tests/certificate/data_test.yaml b/library/common-test/tests/certificate/data_test.yaml new file mode 100644 index 0000000000..050f3a415b --- /dev/null +++ b/library/common-test/tests/certificate/data_test.yaml @@ -0,0 +1,30 @@ +suite: certificate data test +templates: + - common.yaml +chart: + appVersion: &appVer v9.9.9 +tests: + - it: should pass with secret created for certificate + set: + ixCertificates: + "1": + certificate: some_cert + privatekey: some_key + scaleCertificate: + my-cert: + enabled: true + id: 1 + asserts: + - documentIndex: &secretDoc 0 + isKind: + of: Secret + - documentIndex: *secretDoc + equal: + path: data + value: + crt: c29tZV9jZXJ0 + key: c29tZV9rZXk= + - documentIndex: *secretDoc + equal: + path: type + value: kubernetes.io/tls diff --git a/library/common-test/tests/certificate/metadata_test.yaml b/library/common-test/tests/certificate/metadata_test.yaml index b7f7edbf4e..bf95e5107c 100644 --- a/library/common-test/tests/certificate/metadata_test.yaml +++ b/library/common-test/tests/certificate/metadata_test.yaml @@ -17,6 +17,10 @@ tests: annotations: g_annotation1: global_annotation1 g_annotation2: "{{ .Values.annotation2 }}" + ixCertificates: + "1": + certificate: some_cert + privatekey: some_key scaleCertificate: my-cert: enabled: true diff --git a/library/common-test/tests/certificate/name_test.yaml b/library/common-test/tests/certificate/name_test.yaml index 4023fc8977..10ef9f9592 100644 --- a/library/common-test/tests/certificate/name_test.yaml +++ b/library/common-test/tests/certificate/name_test.yaml @@ -4,6 +4,13 @@ templates: tests: - it: should generate correct name set: + ixCertificates: + "1": + certificate: some_cert + privatekey: some_key + "2": + certificate: some_cert + privatekey: some_key scaleCertificate: my-cert1: enabled: true diff --git a/library/common-test/tests/certificate/validation_test.yaml b/library/common-test/tests/certificate/validation_test.yaml index eb5fb0926c..4fec3eec04 100644 --- a/library/common-test/tests/certificate/validation_test.yaml +++ b/library/common-test/tests/certificate/validation_test.yaml @@ -64,3 +64,80 @@ tests: asserts: - failedTemplate: errorMessage: Certificate - Expected to be a [map], but got [string] + + - it: should fail with empty ixCertificates when cert is defined + set: + ixCertificates: [] + scaleCertificate: + my-cert: + enabled: true + id: 1 + asserts: + - failedTemplate: + errorMessage: Certificate - Expected non-empty + + - it: should fail with not defined id in ixCertificates when cert is defined + set: + ixCertificates: + "2": + key: value + scaleCertificate: + my-cert: + enabled: true + id: 1 + asserts: + - failedTemplate: + errorMessage: Certificate - Expected certificate with ["1"] to exist in + + - it: should fail with with revoked cert + set: + ixCertificates: + "1": + revoked: true + scaleCertificate: + my-cert: + enabled: true + id: 1 + asserts: + - failedTemplate: + errorMessage: Certificate - Expected non-revoked certificate with ["1"] + + - it: should fail with with expired cert + set: + ixCertificates: + "1": + expired: true + scaleCertificate: + my-cert: + enabled: true + id: 1 + asserts: + - failedTemplate: + errorMessage: Certificate - Expected non-expired certificate with ["1"] + + - it: should fail with with empty certificate + set: + ixCertificates: + "1": + certificate: "" + scaleCertificate: + my-cert: + enabled: true + id: 1 + asserts: + - failedTemplate: + errorMessage: Certificate - Expected non-empty [certificate] in certificate with ["1"] in + + - it: should fail with with empty privatekey + set: + ixCertificates: + "1": + certificate: some_value + privatekey: "" + scaleCertificate: + my-cert: + enabled: true + id: 1 + asserts: + - failedTemplate: + errorMessage: Certificate - Expected non-empty [privatekey] in certificate with ["1"] in diff --git a/library/common/1.0.0/templates/class/_secret.tpl b/library/common/1.0.0/templates/class/_secret.tpl index 66acc3f33e..00863e2fa0 100644 --- a/library/common/1.0.0/templates/class/_secret.tpl +++ b/library/common/1.0.0/templates/class/_secret.tpl @@ -43,7 +43,8 @@ metadata: {{- if (mustHas $objectData.type (list "certificate" "imagePullSecret")) }} data: {{- if eq $objectData.type "certificate" }} - {{/* TODO: print certificate values and test */}} + crt: {{ $objectData.data.certificate | trim | b64enc }} + key: {{ $objectData.data.privatekey | trim | b64enc }} {{- else if eq $objectData.type "imagePullSecret" }} .dockerconfigjson: {{ $objectData.data | trim | b64enc }} {{- end -}} diff --git a/library/common/1.0.0/templates/lib/certificate/_getData.tpl b/library/common/1.0.0/templates/lib/certificate/_getData.tpl index f21fc11121..da3754e47e 100644 --- a/library/common/1.0.0/templates/lib/certificate/_getData.tpl +++ b/library/common/1.0.0/templates/lib/certificate/_getData.tpl @@ -8,6 +8,33 @@ objectData: The object data of the certificate {{- $objectData := .objectData -}} {{- $rootCtx := .rootCtx -}} + {{- $certID := (toString $objectData.id) -}} + + {{/* Make sure certificate exists */}} + {{- if hasKey $rootCtx.Values "ixCertificates" -}} + {{- if not $rootCtx.Values.ixCertificates -}} + {{- fail "Certificate - Expected non-empty " -}} + {{- end -}} + + {{- if not (hasKey $rootCtx.Values.ixCertificates $certID) -}} + {{- fail (printf "Certificate - Expected certificate with [%q] to exist in " $certID) -}} + {{- end -}} + {{- end -}} + + {{- $data := get $rootCtx.Values.ixCertificates $certID -}} + + {{- range $flag := (list "revoked" "expired") -}} + {{- if (get $data $flag) -}} + {{- fail (printf "Certificate - Expected non-%s certificate with [%q]" $flag $certID) -}} + {{- end -}} + {{- end -}} + + {{- range $key := (list "certificate" "privatekey") -}} + {{- if not (get $data $key) -}} + {{- fail (printf "Certificate - Expected non-empty [%s] in certificate with [%q] in " $key $certID) -}} + {{- end -}} + {{- end -}} + {{- $data | toJson -}} {{- end -}} diff --git a/library/common/1.0.0/templates/spawner/_certificate.tpl b/library/common/1.0.0/templates/spawner/_certificate.tpl index 36bd00305c..212229fdec 100644 --- a/library/common/1.0.0/templates/spawner/_certificate.tpl +++ b/library/common/1.0.0/templates/spawner/_certificate.tpl @@ -18,7 +18,9 @@ {{- include "ix.v1.common.lib.certificate.validation" (dict "objectData" $objectData) -}} {{- include "ix.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Certificate") -}} - {{/* TODO: Prepare data */}} + {{/* Prepare data */}} + {{- $data := fromJson (include "ix.v1.common.lib.certificate.getData" (dict "rootCtx" $ "objectData" $objectData)) -}} + {{- $_ := set $objectData "data" $data -}} {{/* TODO: Create persistence if defined */}}