-
Notifications
You must be signed in to change notification settings - Fork 45
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
228 additions
and
42 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
@post @local @ci @cert | ||
Feature: CertManager | ||
Scenario: Create a self-signed ClusterIssuer | ||
Given the Kubernetes API is available | ||
When we create the following ClusterIssuer: | ||
apiVersion: cert-manager.io/v1 | ||
kind: ClusterIssuer | ||
metadata: | ||
name: test-selfsigned-issuer | ||
labels: | ||
app.kubernetes.io/name: cert-manager | ||
app.kubernetes.io/managed-by: metalk8s | ||
spec: | ||
selfSigned: {} | ||
Then the 'test-selfsigned-issuer' ClusterIssuer is 'Available' | ||
|
||
Scenario: Create a Certificate Authority | ||
Given the Kubernetes API is available | ||
And a 'test-selfsigned-issuer' self-signed ClusterIssuer exists | ||
When we create the following Certificate: | ||
apiVersion: cert-manager.io/v1 | ||
kind: Certificate | ||
metadata: | ||
name: test-root-ca | ||
labels: | ||
app.kubernetes.io/name: cert-manager | ||
app.kubernetes.io/managed-by: metalk8s | ||
namespace: metalk8s-certs | ||
spec: | ||
isCA: true | ||
commonName: Metalk8s-CA | ||
secretName: test-root-ca | ||
duration: 86400h | ||
renewBefore: 2160h | ||
issuerRef: | ||
name: test-selfsigned-issuer | ||
kind: ClusterIssuer | ||
group: cert-manager.io | ||
Then the 'test-root-ca' Certificate is 'Available' | ||
And the 'test-root-ca' Secret has the correct fields |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
import pytest | ||
from pytest_bdd import given, when, then, scenario, parsers | ||
|
||
from tests import kube_utils | ||
|
||
# Fixture {{{ | ||
|
||
|
||
@pytest.fixture(scope="function") | ||
def context(): | ||
return {} | ||
|
||
|
||
@pytest.fixture | ||
def teardown(cert_client, secret_client, clusterissuer_client): | ||
yield | ||
cert_client.delete_all(sync=True, prefix="test-") | ||
secret_client.delete_all(sync=True, prefix="test-") | ||
clusterissuer_client.delete_all(sync=True, prefix="test-") | ||
|
||
|
||
# }}} | ||
# Scenarios {{{ | ||
|
||
|
||
@scenario("../features/cert_manager.feature", "Create a self-signed ClusterIssuer") | ||
def test_create_self_signed_issuer(host): | ||
pass | ||
|
||
|
||
@scenario("../features/cert_manager.feature", "Create a Certificate Authority") | ||
def test_create_certificate_authority(host, teardown): | ||
pass | ||
|
||
|
||
# }}} | ||
# Given {{{ | ||
|
||
|
||
@given(parsers.parse("a '{name}' self-signed ClusterIssuer exists")) | ||
def ss_clusterissuer_exists(name, clusterissuer_client): | ||
if clusterissuer_client.get(name) is None: | ||
clusterissuer_client.create_from_yaml( | ||
kube_utils.DEFAULT_SS_CLUSTERISSUER.format(name=name) | ||
) | ||
clusterissuer_client.wait_for_status(name, "Ready") | ||
|
||
|
||
# }}} | ||
# When {{{ | ||
|
||
|
||
@when(parsers.parse("we create the following ClusterIssuer:\n{body}")) | ||
def create_clusterissuer(body, clusterissuer_client): | ||
clusterissuer_client.create_from_yaml(body) | ||
|
||
|
||
@when(parsers.parse("we create the following Certificate:\n{body}")) | ||
def create_certificate(body, cert_client): | ||
cert_client.create_from_yaml(body) | ||
|
||
|
||
# }}} | ||
# Then {{{ | ||
|
||
|
||
@then(parsers.parse("the '{name}' ClusterIssuer is '{state}'")) | ||
def check_clusterissuer_state(name, state, clusterissuer_client): | ||
clusterissuer_client.wait_for_state(name, state) | ||
|
||
|
||
@then(parsers.parse("the '{name}' Certificate is '{state}'")) | ||
def check_certificate_state(name, state, cert_client): | ||
cert_client.wait_for_state(name, state) | ||
|
||
|
||
@then(parsers.parse("the '{name}' Secret has the correct fields")) | ||
def check_secret_fields(name, secret_client): | ||
secret = secret_client.get(name) | ||
assert secret is not None, "secret {} not found".format(name) | ||
for field in ["ca.crt", "tls.crt", "tls.key"]: | ||
assert field in secret["data"].keys(), "missing {} field in secret data".format( | ||
field | ||
) | ||
|
||
|
||
# }}} | ||
# Helpers | ||
# }}} |