Search in sources :

Example 1 with ClusterCa

use of io.strimzi.operator.cluster.model.ClusterCa in project strimzi by strimzi.

the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesDelayedRenewalOutsideOfMaintenanceWindow.

@Test
public void testRenewalOfDeploymentCertificatesDelayedRenewalOutsideOfMaintenanceWindow() throws IOException {
    Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
    CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
    ClusterCa clusterCaMock = mock(ClusterCa.class);
    when(clusterCaMock.certRenewed()).thenReturn(false);
    when(clusterCaMock.isExpiring(any(), any())).thenReturn(true);
    when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
    String namespace = "my-namespace";
    String secretName = "my-secret";
    String commonName = "deployment";
    String keyCertName = "deployment";
    Labels labels = Labels.forStrimziCluster("my-cluster");
    OwnerReference ownerReference = new OwnerReference();
    Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, initialSecret, namespace, secretName, commonName, keyCertName, labels, ownerReference, false);
    assertThat(newSecret.getData(), hasEntry("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())));
    assertThat(newSecret.getData(), hasEntry("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())));
    assertThat(newSecret.getData(), hasEntry("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())));
    assertThat(newSecret.getData(), hasEntry("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())));
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) CertAndKey(io.strimzi.certs.CertAndKey) ClusterCa(io.strimzi.operator.cluster.model.ClusterCa) Labels(io.strimzi.operator.common.model.Labels) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.junit.jupiter.api.Test)

Example 2 with ClusterCa

use of io.strimzi.operator.cluster.model.ClusterCa in project strimzi-kafka-operator by strimzi.

the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesDelayedRenewal.

@Test
public void testRenewalOfDeploymentCertificatesDelayedRenewal() throws IOException {
    Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
    CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
    ClusterCa clusterCaMock = mock(ClusterCa.class);
    when(clusterCaMock.certRenewed()).thenReturn(false);
    when(clusterCaMock.isExpiring(any(), any())).thenReturn(true);
    when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
    String namespace = "my-namespace";
    String secretName = "my-secret";
    String commonName = "deployment";
    String keyCertName = "deployment";
    Labels labels = Labels.forStrimziCluster("my-cluster");
    OwnerReference ownerReference = new OwnerReference();
    Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, initialSecret, namespace, secretName, commonName, keyCertName, labels, ownerReference, true);
    assertThat(newSecret.getData(), hasEntry("deployment.crt", newCertAndKey.certAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.key", newCertAndKey.keyAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.p12", newCertAndKey.keyStoreAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.password", newCertAndKey.storePasswordAsBase64String()));
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) CertAndKey(io.strimzi.certs.CertAndKey) ClusterCa(io.strimzi.operator.cluster.model.ClusterCa) Labels(io.strimzi.operator.common.model.Labels) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.junit.jupiter.api.Test)

Example 3 with ClusterCa

use of io.strimzi.operator.cluster.model.ClusterCa in project strimzi-kafka-operator by strimzi.

the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesWithRenewingCa.

@Test
public void testRenewalOfDeploymentCertificatesWithRenewingCa() throws IOException {
    Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
    CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
    ClusterCa clusterCaMock = mock(ClusterCa.class);
    when(clusterCaMock.certRenewed()).thenReturn(true);
    when(clusterCaMock.isExpiring(any(), any())).thenReturn(false);
    when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
    String namespace = "my-namespace";
    String secretName = "my-secret";
    String commonName = "deployment";
    String keyCertName = "deployment";
    Labels labels = Labels.forStrimziCluster("my-cluster");
    OwnerReference ownerReference = new OwnerReference();
    Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, initialSecret, namespace, secretName, commonName, keyCertName, labels, ownerReference, true);
    assertThat(newSecret.getData(), hasEntry("deployment.crt", newCertAndKey.certAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.key", newCertAndKey.keyAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.p12", newCertAndKey.keyStoreAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.password", newCertAndKey.storePasswordAsBase64String()));
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) CertAndKey(io.strimzi.certs.CertAndKey) ClusterCa(io.strimzi.operator.cluster.model.ClusterCa) Labels(io.strimzi.operator.common.model.Labels) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.junit.jupiter.api.Test)

Example 4 with ClusterCa

use of io.strimzi.operator.cluster.model.ClusterCa in project strimzi-kafka-operator by strimzi.

the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesWithNullSecret.

@Test
public void testRenewalOfDeploymentCertificatesWithNullSecret() throws IOException {
    CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
    ClusterCa clusterCaMock = mock(ClusterCa.class);
    when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
    String namespace = "my-namespace";
    String secretName = "my-secret";
    String commonName = "deployment";
    String keyCertName = "deployment";
    Labels labels = Labels.forStrimziCluster("my-cluster");
    OwnerReference ownerReference = new OwnerReference();
    Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, null, namespace, secretName, commonName, keyCertName, labels, ownerReference, true);
    assertThat(newSecret.getData(), hasEntry("deployment.crt", newCertAndKey.certAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.key", newCertAndKey.keyAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.p12", newCertAndKey.keyStoreAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.password", newCertAndKey.storePasswordAsBase64String()));
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) CertAndKey(io.strimzi.certs.CertAndKey) ClusterCa(io.strimzi.operator.cluster.model.ClusterCa) Labels(io.strimzi.operator.common.model.Labels) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.junit.jupiter.api.Test)

Example 5 with ClusterCa

use of io.strimzi.operator.cluster.model.ClusterCa in project strimzi-kafka-operator by strimzi.

the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesDelayedRenewalOutsideOfMaintenanceWindow.

@Test
public void testRenewalOfDeploymentCertificatesDelayedRenewalOutsideOfMaintenanceWindow() throws IOException {
    Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
    CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
    ClusterCa clusterCaMock = mock(ClusterCa.class);
    when(clusterCaMock.certRenewed()).thenReturn(false);
    when(clusterCaMock.isExpiring(any(), any())).thenReturn(true);
    when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
    String namespace = "my-namespace";
    String secretName = "my-secret";
    String commonName = "deployment";
    String keyCertName = "deployment";
    Labels labels = Labels.forStrimziCluster("my-cluster");
    OwnerReference ownerReference = new OwnerReference();
    Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, initialSecret, namespace, secretName, commonName, keyCertName, labels, ownerReference, false);
    assertThat(newSecret.getData(), hasEntry("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())));
    assertThat(newSecret.getData(), hasEntry("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())));
    assertThat(newSecret.getData(), hasEntry("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())));
    assertThat(newSecret.getData(), hasEntry("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())));
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) CertAndKey(io.strimzi.certs.CertAndKey) ClusterCa(io.strimzi.operator.cluster.model.ClusterCa) Labels(io.strimzi.operator.common.model.Labels) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.junit.jupiter.api.Test)

Aggregations

Secret (io.fabric8.kubernetes.api.model.Secret)12 ClusterCa (io.strimzi.operator.cluster.model.ClusterCa)12 Labels (io.strimzi.operator.common.model.Labels)12 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)12 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)10 OwnerReference (io.fabric8.kubernetes.api.model.OwnerReference)8 CertAndKey (io.strimzi.certs.CertAndKey)5 Test (org.junit.jupiter.api.Test)5 ConfigMap (io.fabric8.kubernetes.api.model.ConfigMap)4 ConfigMapBuilder (io.fabric8.kubernetes.api.model.ConfigMapBuilder)4 PersistentVolumeClaim (io.fabric8.kubernetes.api.model.PersistentVolumeClaim)4 PersistentVolumeClaimBuilder (io.fabric8.kubernetes.api.model.PersistentVolumeClaimBuilder)4 Service (io.fabric8.kubernetes.api.model.Service)4 Deployment (io.fabric8.kubernetes.api.model.apps.Deployment)4 StatefulSet (io.fabric8.kubernetes.api.model.apps.StatefulSet)4 StatefulSetBuilder (io.fabric8.kubernetes.api.model.apps.StatefulSetBuilder)4 NetworkPolicy (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy)4 PodDisruptionBudget (io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget)4 KubernetesClient (io.fabric8.kubernetes.client.KubernetesClient)4 Route (io.fabric8.openshift.api.model.Route)4