@ -20,7 +20,7 @@ import (
"time"
lroauto "cloud.google.com/go/longrunning/autogen"
privateca "cloud.google.com/go/security/privateca/apiv1 beta1 "
privateca "cloud.google.com/go/security/privateca/apiv1 "
gomock "github.com/golang/mock/gomock"
"github.com/google/uuid"
gax "github.com/googleapis/gax-go/v2"
@ -28,19 +28,23 @@ import (
"github.com/smallstep/certificates/cas/apiv1"
kmsapi "github.com/smallstep/certificates/kms/apiv1"
"google.golang.org/api/option"
pb "google.golang.org/genproto/googleapis/cloud/security/privateca/v1 beta1 "
pb "google.golang.org/genproto/googleapis/cloud/security/privateca/v1 "
longrunningpb "google.golang.org/genproto/googleapis/longrunning"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"google.golang.org/grpc/test/bufconn"
"google.golang.org/protobuf/types/known/anypb"
)
var (
errTest = errors . New ( "test error" )
testAuthorityName = "projects/test-project/locations/us-west1/certificateAuthorities/test-ca"
testCertificateName = "projects/test-project/locations/us-west1/certificateAuthorities/test-ca/certificates/test-certificate"
testCaPoolName = "projects/test-project/locations/us-west1/caPools/test-capool"
testAuthorityName = "projects/test-project/locations/us-west1/caPools/test-capool/certificateAuthorities/test-ca"
testCertificateName = "projects/test-project/locations/us-west1/caPools/test-capool/certificateAuthorities/test-ca/certificates/test-certificate"
testProject = "test-project"
testLocation = "us-west1"
testCaPool = "test-capool"
testRootCertificate = ` -- -- - BEGIN CERTIFICATE -- -- -
MIIBeDCCAR + gAwIBAgIQcXWWjtSZ / PAyH8D1Ou4L9jAKBggqhkjOPQQDAjAbMRkw
FwYDVQQDExBDbG91ZENBUyBSb290IENBMB4XDTIwMTAyNzIyNTM1NFoXDTMwMTAy
@ -214,6 +218,18 @@ func (c *testClient) ActivateCertificateAuthority(ctx context.Context, req *pb.A
return nil , errors . New ( "use NewMockCertificateAuthorityClient" )
}
func ( c * testClient ) EnableCertificateAuthority ( ctx context . Context , req * pb . EnableCertificateAuthorityRequest , opts ... gax . CallOption ) ( * privateca . EnableCertificateAuthorityOperation , error ) {
return nil , errors . New ( "use NewMockCertificateAuthorityClient" )
}
func ( c * testClient ) GetCaPool ( ctx context . Context , req * pb . GetCaPoolRequest , opts ... gax . CallOption ) ( * pb . CaPool , error ) {
return nil , errors . New ( "use NewMockCertificateAuthorityClient" )
}
func ( c * testClient ) CreateCaPool ( ctx context . Context , req * pb . CreateCaPoolRequest , opts ... gax . CallOption ) ( * privateca . CreateCaPoolOperation , error ) {
return nil , errors . New ( "use NewMockCertificateAuthorityClient" )
}
func mustParseCertificate ( t * testing . T , pemCert string ) * x509 . Certificate {
t . Helper ( )
crt , err := parseCertificate ( pemCert )
@ -262,6 +278,18 @@ func TestNew(t *testing.T) {
certificateAuthority : testAuthorityName ,
project : testProject ,
location : testLocation ,
caPool : testCaPool ,
caPoolTier : 0 ,
} , false } ,
{ "ok authority and creator" , args { context . Background ( ) , apiv1 . Options {
CertificateAuthority : testAuthorityName , IsCreator : true ,
} } , & CloudCAS {
client : & testClient { } ,
certificateAuthority : testAuthorityName ,
project : testProject ,
location : testLocation ,
caPool : testCaPool ,
caPoolTier : 0 ,
} , false } ,
{ "ok with credentials" , args { context . Background ( ) , apiv1 . Options {
CertificateAuthority : testAuthorityName , CredentialsFile : "testdata/credentials.json" ,
@ -270,16 +298,38 @@ func TestNew(t *testing.T) {
certificateAuthority : testAuthorityName ,
project : testProject ,
location : testLocation ,
caPool : testCaPool ,
caPoolTier : 0 ,
} , false } ,
{ "ok creator" , args { context . Background ( ) , apiv1 . Options {
IsCreator : true , Project : testProject , Location : testLocation ,
IsCreator : true , Project : testProject , Location : testLocation , CaPool : testCaPool ,
} } , & CloudCAS {
client : & testClient { } ,
project : testProject ,
location : testLocation ,
caPool : testCaPool ,
caPoolTier : pb . CaPool_DEVOPS ,
} , false } ,
{ "ok creator devops" , args { context . Background ( ) , apiv1 . Options {
IsCreator : true , Project : testProject , Location : testLocation , CaPool : testCaPool , CaPoolTier : "DevOps" ,
} } , & CloudCAS {
client : & testClient { } ,
project : testProject ,
location : testLocation ,
client : & testClient { } ,
project : testProject ,
location : testLocation ,
caPool : testCaPool ,
caPoolTier : pb . CaPool_DEVOPS ,
} , false } ,
{ "ok creator enterprise" , args { context . Background ( ) , apiv1 . Options {
IsCreator : true , Project : testProject , Location : testLocation , CaPool : testCaPool , CaPoolTier : "ENTERPRISE" ,
} } , & CloudCAS {
client : & testClient { } ,
project : testProject ,
location : testLocation ,
caPool : testCaPool ,
caPoolTier : pb . CaPool_ENTERPRISE ,
} , false } ,
{ "fail certificate authority" , args { context . Background ( ) , apiv1 . Options {
CertificateAuthority : "projects/ok1234/locations/ok1234/certificateAuthorities/ok1234/bad" ,
CertificateAuthority : "projects/ok1234/locations/ok1234/c aPools/ok1234/c ertificateAuthorities/ok1234/bad",
} } , nil , true } ,
{ "fail certificate authority regex" , args { context . Background ( ) , apiv1 . Options { } } , nil , true } ,
{ "fail with credentials" , args { context . Background ( ) , apiv1 . Options {
@ -291,6 +341,9 @@ func TestNew(t *testing.T) {
{ "fail creator location" , args { context . Background ( ) , apiv1 . Options {
IsCreator : true , Project : testProject , Location : "" ,
} } , nil , true } ,
{ "fail caPool" , args { context . Background ( ) , apiv1 . Options {
IsCreator : true , Project : testProject , Location : testLocation , CaPool : "" ,
} } , nil , true } ,
}
for _ , tt := range tests {
t . Run ( tt . name , func ( t * testing . T ) {
@ -320,6 +373,7 @@ func TestNew_register(t *testing.T) {
certificateAuthority : testAuthorityName ,
project : testProject ,
location : testLocation ,
caPool : testCaPool ,
}
newFn , ok := apiv1 . LoadCertificateAuthorityServiceNewFunc ( apiv1 . CloudCAS )
@ -338,7 +392,6 @@ func TestNew_register(t *testing.T) {
if ! reflect . DeepEqual ( got , want ) {
t . Errorf ( "New() = %v, want %v" , got , want )
}
}
func TestNew_real ( t * testing . T ) {
@ -812,14 +865,27 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
if err != nil {
t . Fatal ( err )
}
fake := & privateca . CertificateAuthorityClient {
LROClient : client ,
fake , err := privateca . NewCertificateAuthorityClient ( context . Background ( ) , option . WithGRPCConn ( conn ) )
if err != nil {
t . Fatal ( err )
}
fake . LROClient = client
// Configure mocks
any := gomock . Any ( )
// ok root
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( nil , status . Error ( codes . NotFound , "not found" ) )
m . EXPECT ( ) . CreateCaPool ( any , any ) . Return ( fake . CreateCaPoolOperation ( "CreateCaPool" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "CreateCaPool" ,
Done : true ,
Result : & longrunningpb . Operation_Response {
Response : must ( anypb . New ( & pb . CaPool {
Name : testCaPoolName ,
} ) ) . ( * anypb . Any ) ,
} ,
} , nil )
m . EXPECT ( ) . CreateCertificateAuthority ( any , any ) . Return ( fake . CreateCertificateAuthorityOperation ( "CreateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "CreateCertificateAuthority" ,
@ -831,8 +897,20 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
} ) ) . ( * anypb . Any ) ,
} ,
} , nil )
m . EXPECT ( ) . EnableCertificateAuthority ( any , any ) . Return ( fake . EnableCertificateAuthorityOperation ( "EnableCertificateAuthorityOperation" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "EnableCertificateAuthority" ,
Done : true ,
Result : & longrunningpb . Operation_Response {
Response : must ( anypb . New ( & pb . CertificateAuthority {
Name : testAuthorityName ,
PemCaCertificates : [ ] string { testRootCertificate } ,
} ) ) . ( * anypb . Any ) ,
} ,
} , nil )
// ok intermediate
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( & pb . CaPool { Name : testCaPoolName } , nil )
m . EXPECT ( ) . CreateCertificateAuthority ( any , any ) . Return ( fake . CreateCertificateAuthorityOperation ( "CreateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "CreateCertificateAuthority" ,
@ -846,6 +924,10 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
m . EXPECT ( ) . FetchCertificateAuthorityCsr ( any , any ) . Return ( & pb . FetchCertificateAuthorityCsrResponse {
PemCsr : testIntermediateCsr ,
} , nil )
m . EXPECT ( ) . CreateCertificate ( any , any ) . Return ( & pb . Certificate {
PemCertificate : testIntermediateCertificate ,
PemCertificateChain : [ ] string { testRootCertificate } ,
} , nil )
m . EXPECT ( ) . ActivateCertificateAuthority ( any , any ) . Return ( fake . ActivateCertificateAuthorityOperation ( "ActivateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "ActivateCertificateAuthority" ,
@ -857,7 +939,20 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
} ) ) . ( * anypb . Any ) ,
} ,
} , nil )
m . EXPECT ( ) . EnableCertificateAuthority ( any , any ) . Return ( fake . EnableCertificateAuthorityOperation ( "EnableCertificateAuthorityOperation" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "EnableCertificateAuthority" ,
Done : true ,
Result : & longrunningpb . Operation_Response {
Response : must ( anypb . New ( & pb . CertificateAuthority {
Name : testAuthorityName ,
PemCaCertificates : [ ] string { testIntermediateCertificate , testRootCertificate } ,
} ) ) . ( * anypb . Any ) ,
} ,
} , nil )
// ok intermediate local signer
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( & pb . CaPool { Name : testCaPoolName } , nil )
m . EXPECT ( ) . CreateCertificateAuthority ( any , any ) . Return ( fake . CreateCertificateAuthorityOperation ( "CreateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "CreateCertificateAuthority" ,
@ -871,10 +966,6 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
m . EXPECT ( ) . FetchCertificateAuthorityCsr ( any , any ) . Return ( & pb . FetchCertificateAuthorityCsrResponse {
PemCsr : testIntermediateCsr ,
} , nil )
m . EXPECT ( ) . CreateCertificate ( any , any ) . Return ( & pb . Certificate {
PemCertificate : testIntermediateCertificate ,
PemCertificateChain : [ ] string { testRootCertificate } ,
} , nil )
m . EXPECT ( ) . ActivateCertificateAuthority ( any , any ) . Return ( fake . ActivateCertificateAuthorityOperation ( "ActivateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "ActivateCertificateAuthority" ,
@ -886,8 +977,20 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
} ) ) . ( * anypb . Any ) ,
} ,
} , nil )
m . EXPECT ( ) . EnableCertificateAuthority ( any , any ) . Return ( fake . EnableCertificateAuthorityOperation ( "EnableCertificateAuthorityOperation" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "EnableCertificateAuthority" ,
Done : true ,
Result : & longrunningpb . Operation_Response {
Response : must ( anypb . New ( & pb . CertificateAuthority {
Name : testAuthorityName ,
PemCaCertificates : [ ] string { testIntermediateCertificate , testRootCertificate } ,
} ) ) . ( * anypb . Any ) ,
} ,
} , nil )
// ok create key
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( & pb . CaPool { Name : testCaPoolName } , nil )
m . EXPECT ( ) . CreateCertificateAuthority ( any , any ) . Return ( fake . CreateCertificateAuthorityOperation ( "CreateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "CreateCertificateAuthority" ,
@ -899,15 +1002,137 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
} ) ) . ( * anypb . Any ) ,
} ,
} , nil )
m . EXPECT ( ) . EnableCertificateAuthority ( any , any ) . Return ( fake . EnableCertificateAuthorityOperation ( "EnableCertificateAuthorityOperation" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "EnableCertificateAuthority" ,
Done : true ,
Result : & longrunningpb . Operation_Response {
Response : must ( anypb . New ( & pb . CertificateAuthority {
Name : testAuthorityName ,
PemCaCertificates : [ ] string { testRootCertificate } ,
} ) ) . ( * anypb . Any ) ,
} ,
} , nil )
// fail GetCaPool
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( nil , errTest )
// fail CreateCaPool
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( nil , status . Error ( codes . NotFound , "not found" ) )
m . EXPECT ( ) . CreateCaPool ( any , any ) . Return ( nil , errTest )
// fail CreateCaPool.Wait
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( nil , status . Error ( codes . NotFound , "not found" ) )
m . EXPECT ( ) . CreateCaPool ( any , any ) . Return ( fake . CreateCaPoolOperation ( "CreateCaPool" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( nil , errTest )
// fail CreateCertificateAuthority
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( & pb . CaPool { Name : testCaPoolName } , nil )
m . EXPECT ( ) . CreateCertificateAuthority ( any , any ) . Return ( nil , errTest )
// fail CreateCertificateAuthority.Wait
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( & pb . CaPool { Name : testCaPoolName } , nil )
m . EXPECT ( ) . CreateCertificateAuthority ( any , any ) . Return ( fake . CreateCertificateAuthorityOperation ( "CreateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( nil , errTest )
// fail EnableCertificateAuthority
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( & pb . CaPool { Name : testCaPoolName } , nil )
m . EXPECT ( ) . CreateCertificateAuthority ( any , any ) . Return ( fake . CreateCertificateAuthorityOperation ( "CreateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "CreateCertificateAuthority" ,
Done : true ,
Result : & longrunningpb . Operation_Response {
Response : must ( anypb . New ( & pb . CertificateAuthority {
Name : testAuthorityName ,
PemCaCertificates : [ ] string { testRootCertificate } ,
} ) ) . ( * anypb . Any ) ,
} ,
} , nil )
m . EXPECT ( ) . EnableCertificateAuthority ( any , any ) . Return ( nil , errTest )
// fail EnableCertificateAuthority.Wait
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( & pb . CaPool { Name : testCaPoolName } , nil )
m . EXPECT ( ) . CreateCertificateAuthority ( any , any ) . Return ( fake . CreateCertificateAuthorityOperation ( "CreateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "CreateCertificateAuthority" ,
Done : true ,
Result : & longrunningpb . Operation_Response {
Response : must ( anypb . New ( & pb . CertificateAuthority {
Name : testAuthorityName ,
PemCaCertificates : [ ] string { testRootCertificate } ,
} ) ) . ( * anypb . Any ) ,
} ,
} , nil )
m . EXPECT ( ) . EnableCertificateAuthority ( any , any ) . Return ( fake . EnableCertificateAuthorityOperation ( "EnableCertificateAuthorityOperation" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( nil , errTest )
// fail EnableCertificateAuthority intermediate
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( & pb . CaPool { Name : testCaPoolName } , nil )
m . EXPECT ( ) . CreateCertificateAuthority ( any , any ) . Return ( fake . CreateCertificateAuthorityOperation ( "CreateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "CreateCertificateAuthority" ,
Done : true ,
Result : & longrunningpb . Operation_Response {
Response : must ( anypb . New ( & pb . CertificateAuthority {
Name : testAuthorityName ,
} ) ) . ( * anypb . Any ) ,
} ,
} , nil )
m . EXPECT ( ) . FetchCertificateAuthorityCsr ( any , any ) . Return ( & pb . FetchCertificateAuthorityCsrResponse {
PemCsr : testIntermediateCsr ,
} , nil )
m . EXPECT ( ) . CreateCertificate ( any , any ) . Return ( & pb . Certificate {
PemCertificate : testIntermediateCertificate ,
PemCertificateChain : [ ] string { testRootCertificate } ,
} , nil )
m . EXPECT ( ) . ActivateCertificateAuthority ( any , any ) . Return ( fake . ActivateCertificateAuthorityOperation ( "ActivateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "ActivateCertificateAuthority" ,
Done : true ,
Result : & longrunningpb . Operation_Response {
Response : must ( anypb . New ( & pb . CertificateAuthority {
Name : testAuthorityName ,
PemCaCertificates : [ ] string { testIntermediateCertificate , testRootCertificate } ,
} ) ) . ( * anypb . Any ) ,
} ,
} , nil )
m . EXPECT ( ) . EnableCertificateAuthority ( any , any ) . Return ( nil , errTest )
// fail EnableCertificateAuthority.Wait intermediate
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( & pb . CaPool { Name : testCaPoolName } , nil )
m . EXPECT ( ) . CreateCertificateAuthority ( any , any ) . Return ( fake . CreateCertificateAuthorityOperation ( "CreateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "CreateCertificateAuthority" ,
Done : true ,
Result : & longrunningpb . Operation_Response {
Response : must ( anypb . New ( & pb . CertificateAuthority {
Name : testAuthorityName ,
} ) ) . ( * anypb . Any ) ,
} ,
} , nil )
m . EXPECT ( ) . FetchCertificateAuthorityCsr ( any , any ) . Return ( & pb . FetchCertificateAuthorityCsrResponse {
PemCsr : testIntermediateCsr ,
} , nil )
m . EXPECT ( ) . CreateCertificate ( any , any ) . Return ( & pb . Certificate {
PemCertificate : testIntermediateCertificate ,
PemCertificateChain : [ ] string { testRootCertificate } ,
} , nil )
m . EXPECT ( ) . ActivateCertificateAuthority ( any , any ) . Return ( fake . ActivateCertificateAuthorityOperation ( "ActivateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "ActivateCertificateAuthority" ,
Done : true ,
Result : & longrunningpb . Operation_Response {
Response : must ( anypb . New ( & pb . CertificateAuthority {
Name : testAuthorityName ,
PemCaCertificates : [ ] string { testIntermediateCertificate , testRootCertificate } ,
} ) ) . ( * anypb . Any ) ,
} ,
} , nil )
m . EXPECT ( ) . EnableCertificateAuthority ( any , any ) . Return ( fake . EnableCertificateAuthorityOperation ( "EnableCertificateAuthorityOperation" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( nil , errTest )
// fail FetchCertificateAuthorityCsr
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( & pb . CaPool { Name : testCaPoolName } , nil )
m . EXPECT ( ) . CreateCertificateAuthority ( any , any ) . Return ( fake . CreateCertificateAuthorityOperation ( "CreateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "CreateCertificateAuthority" ,
@ -921,6 +1146,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
m . EXPECT ( ) . FetchCertificateAuthorityCsr ( any , any ) . Return ( nil , errTest )
// fail CreateCertificate
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( & pb . CaPool { Name : testCaPoolName } , nil )
m . EXPECT ( ) . CreateCertificateAuthority ( any , any ) . Return ( fake . CreateCertificateAuthorityOperation ( "CreateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "CreateCertificateAuthority" ,
@ -937,6 +1163,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
m . EXPECT ( ) . CreateCertificate ( any , any ) . Return ( nil , errTest )
// fail ActivateCertificateAuthority
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( & pb . CaPool { Name : testCaPoolName } , nil )
m . EXPECT ( ) . CreateCertificateAuthority ( any , any ) . Return ( fake . CreateCertificateAuthorityOperation ( "CreateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "CreateCertificateAuthority" ,
@ -957,6 +1184,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
m . EXPECT ( ) . ActivateCertificateAuthority ( any , any ) . Return ( nil , errTest )
// fail ActivateCertificateAuthority.Wait
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( & pb . CaPool { Name : testCaPoolName } , nil )
m . EXPECT ( ) . CreateCertificateAuthority ( any , any ) . Return ( fake . CreateCertificateAuthorityOperation ( "CreateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "CreateCertificateAuthority" ,
@ -978,6 +1206,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( nil , errTest )
// fail x509util.CreateCertificate
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( & pb . CaPool { Name : testCaPoolName } , nil )
m . EXPECT ( ) . CreateCertificateAuthority ( any , any ) . Return ( fake . CreateCertificateAuthorityOperation ( "CreateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "CreateCertificateAuthority" ,
@ -993,6 +1222,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
} , nil )
// fail parseCertificateRequest
m . EXPECT ( ) . GetCaPool ( any , any ) . Return ( & pb . CaPool { Name : testCaPoolName } , nil )
m . EXPECT ( ) . CreateCertificateAuthority ( any , any ) . Return ( fake . CreateCertificateAuthorityOperation ( "CreateCertificateAuthority" ) , nil )
mos . EXPECT ( ) . GetOperation ( any , any ) . Return ( & longrunningpb . Operation {
Name : "CreateCertificateAuthority" ,
@ -1015,6 +1245,8 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
certificateAuthority string
project string
location string
caPool string
caPoolTier pb . CaPool_Tier
}
type args struct {
req * apiv1 . CreateCertificateAuthorityRequest
@ -1026,7 +1258,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
want * apiv1 . CreateCertificateAuthorityResponse
wantErr bool
} {
{ "ok root" , fields { m , "" , testProject , testLocation }, args { & apiv1 . CreateCertificateAuthorityRequest {
{ "ok root" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_ENTERPRISE }, args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . RootCA ,
Template : mustParseCertificate ( t , testRootCertificate ) ,
Lifetime : 24 * time . Hour ,
@ -1034,7 +1266,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
Name : testAuthorityName ,
Certificate : rootCrt ,
} , false } ,
{ "ok intermediate" , fields { m , "" , testProject , testLocation }, args { & apiv1 . CreateCertificateAuthorityRequest {
{ "ok intermediate" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS }, args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . IntermediateCA ,
Template : mustParseCertificate ( t , testIntermediateCertificate ) ,
Lifetime : 24 * time . Hour ,
@ -1047,7 +1279,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
Certificate : intCrt ,
CertificateChain : [ ] * x509 . Certificate { rootCrt } ,
} , false } ,
{ "ok intermediate local signer" , fields { m , "" , testProject , testLocation }, args { & apiv1 . CreateCertificateAuthorityRequest {
{ "ok intermediate local signer" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_ENTERPRISE }, args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . IntermediateCA ,
Template : mustParseCertificate ( t , testIntermediateCertificate ) ,
Lifetime : 24 * time . Hour ,
@ -1060,7 +1292,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
Certificate : intCrt ,
CertificateChain : [ ] * x509 . Certificate { rootCrt } ,
} , false } ,
{ "ok create key" , fields { m , "" , testProject , testLocation }, args { & apiv1 . CreateCertificateAuthorityRequest {
{ "ok create key" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS }, args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . RootCA ,
Template : mustParseCertificate ( t , testRootCertificate ) ,
Lifetime : 24 * time . Hour ,
@ -1071,41 +1303,46 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
Name : testAuthorityName ,
Certificate : rootCrt ,
} , false } ,
{ "fail project" , fields { m , "" , "" , testLocation } , args { & apiv1 . CreateCertificateAuthorityRequest {
{ "fail project" , fields { m , "" , "" , testLocation , testCaPool , pb . CaPool_DEVOPS } , args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . RootCA ,
Template : mustParseCertificate ( t , testRootCertificate ) ,
Lifetime : 24 * time . Hour ,
} } , nil , true } ,
{ "fail location" , fields { m , "" , testProject , "" , testCaPool , pb . CaPool_DEVOPS } , args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . RootCA ,
Template : mustParseCertificate ( t , testRootCertificate ) ,
Lifetime : 24 * time . Hour ,
} } , nil , true } ,
{ "fail location" , fields { m , "" , testProject , "" } , args { & apiv1 . CreateCertificateAuthorityRequest {
{ "fail caPool ", fields { m , "" , testProject , testLocation , "" , pb . CaPool_DEVOPS } , args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . RootCA ,
Template : mustParseCertificate ( t , testRootCertificate ) ,
Lifetime : 24 * time . Hour ,
} } , nil , true } ,
{ "fail template" , fields { m , "" , testProject , testLocation }, args { & apiv1 . CreateCertificateAuthorityRequest {
{ "fail template" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS }, args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . RootCA ,
Lifetime : 24 * time . Hour ,
} } , nil , true } ,
{ "fail lifetime" , fields { m , "" , testProject , testLocation }, args { & apiv1 . CreateCertificateAuthorityRequest {
{ "fail lifetime" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS }, args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . RootCA ,
Template : mustParseCertificate ( t , testRootCertificate ) ,
} } , nil , true } ,
{ "fail parent" , fields { m , "" , testProject , testLocation }, args { & apiv1 . CreateCertificateAuthorityRequest {
{ "fail parent" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS }, args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . IntermediateCA ,
Template : mustParseCertificate ( t , testRootCertificate ) ,
Lifetime : 24 * time . Hour ,
} } , nil , true } ,
{ "fail parent name" , fields { m , "" , testProject , testLocation }, args { & apiv1 . CreateCertificateAuthorityRequest {
{ "fail parent name" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS }, args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . IntermediateCA ,
Template : mustParseCertificate ( t , testRootCertificate ) ,
Lifetime : 24 * time . Hour ,
Parent : & apiv1 . CreateCertificateAuthorityResponse { } ,
} } , nil , true } ,
{ "fail type" , fields { m , "" , testProject , testLocation }, args { & apiv1 . CreateCertificateAuthorityRequest {
{ "fail type" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS }, args { & apiv1 . CreateCertificateAuthorityRequest {
Type : 0 ,
Template : mustParseCertificate ( t , testRootCertificate ) ,
Lifetime : 24 * time . Hour ,
} } , nil , true } ,
{ "fail create key" , fields { m , "" , testProject , testLocation }, args { & apiv1 . CreateCertificateAuthorityRequest {
{ "fail create key" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS }, args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . RootCA ,
Template : mustParseCertificate ( t , testRootCertificate ) ,
Lifetime : 24 * time . Hour ,
@ -1113,17 +1350,62 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
SignatureAlgorithm : kmsapi . PureEd25519 ,
} ,
} } , nil , true } ,
{ "fail CreateCertificateAuthority ", fields { m , "" , testProject , testLocation } , args { & apiv1 . CreateCertificateAuthorityRequest {
{ "fail GetCaPool ", fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS } , args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . RootCA ,
Template : mustParseCertificate ( t , testRootCertificate ) ,
Lifetime : 24 * time . Hour ,
} } , nil , true } ,
{ "fail CreateC ertificateAuthority.Wait ", fields { m , "" , testProject , testLocation } , args { & apiv1 . CreateCertificateAuthorityRequest {
{ "fail CreateC aPool ", fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS } , args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . RootCA ,
Template : mustParseCertificate ( t , testRootCertificate ) ,
Lifetime : 24 * time . Hour ,
} } , nil , true } ,
{ "fail FetchCertificateAuthorityCsr" , fields { m , "" , testProject , testLocation } , args { & apiv1 . CreateCertificateAuthorityRequest {
{ "fail CreateCaPool.Wait" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS } , args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . RootCA ,
Template : mustParseCertificate ( t , testRootCertificate ) ,
Lifetime : 24 * time . Hour ,
} } , nil , true } ,
{ "fail CreateCertificateAuthority" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS } , args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . RootCA ,
Template : mustParseCertificate ( t , testRootCertificate ) ,
Lifetime : 24 * time . Hour ,
} } , nil , true } ,
{ "fail CreateCertificateAuthority.Wait" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS } , args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . RootCA ,
Template : mustParseCertificate ( t , testRootCertificate ) ,
Lifetime : 24 * time . Hour ,
} } , nil , true } ,
{ "fail EnableCertificateAuthority" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS } , args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . RootCA ,
Template : mustParseCertificate ( t , testRootCertificate ) ,
Lifetime : 24 * time . Hour ,
} } , nil , true } ,
{ "fail EnableCertificateAuthority.Wait" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS } , args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . RootCA ,
Template : mustParseCertificate ( t , testRootCertificate ) ,
Lifetime : 24 * time . Hour ,
} } , nil , true } ,
{ "fail EnableCertificateAuthority intermediate" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS } , args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . IntermediateCA ,
Template : mustParseCertificate ( t , testIntermediateCertificate ) ,
Lifetime : 24 * time . Hour ,
Parent : & apiv1 . CreateCertificateAuthorityResponse {
Name : testAuthorityName ,
Certificate : rootCrt ,
} ,
} } , nil , true } ,
{ "fail EnableCertificateAuthority.Wait intermediate" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS } , args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . IntermediateCA ,
Template : mustParseCertificate ( t , testIntermediateCertificate ) ,
Lifetime : 24 * time . Hour ,
Parent : & apiv1 . CreateCertificateAuthorityResponse {
Name : testAuthorityName ,
Certificate : rootCrt ,
} ,
} } , nil , true } ,
{ "fail FetchCertificateAuthorityCsr" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS } , args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . IntermediateCA ,
Template : mustParseCertificate ( t , testIntermediateCertificate ) ,
Lifetime : 24 * time . Hour ,
@ -1132,7 +1414,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
Certificate : rootCrt ,
} ,
} } , nil , true } ,
{ "fail CreateCertificate" , fields { m , "" , testProject , testLocation }, args { & apiv1 . CreateCertificateAuthorityRequest {
{ "fail CreateCertificate" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS }, args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . IntermediateCA ,
Template : mustParseCertificate ( t , testIntermediateCertificate ) ,
Lifetime : 24 * time . Hour ,
@ -1141,7 +1423,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
Certificate : rootCrt ,
} ,
} } , nil , true } ,
{ "fail ActivateCertificateAuthority" , fields { m , "" , testProject , testLocation }, args { & apiv1 . CreateCertificateAuthorityRequest {
{ "fail ActivateCertificateAuthority" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS }, args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . IntermediateCA ,
Template : mustParseCertificate ( t , testIntermediateCertificate ) ,
Lifetime : 24 * time . Hour ,
@ -1150,7 +1432,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
Certificate : rootCrt ,
} ,
} } , nil , true } ,
{ "fail ActivateCertificateAuthority.Wait" , fields { m , "" , testProject , testLocation }, args { & apiv1 . CreateCertificateAuthorityRequest {
{ "fail ActivateCertificateAuthority.Wait" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS }, args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . IntermediateCA ,
Template : mustParseCertificate ( t , testIntermediateCertificate ) ,
Lifetime : 24 * time . Hour ,
@ -1159,7 +1441,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
Certificate : rootCrt ,
} ,
} } , nil , true } ,
{ "fail x509util.CreateCertificate" , fields { m , "" , testProject , testLocation }, args { & apiv1 . CreateCertificateAuthorityRequest {
{ "fail x509util.CreateCertificate" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS }, args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . IntermediateCA ,
Template : mustParseCertificate ( t , testIntermediateCertificate ) ,
Lifetime : 24 * time . Hour ,
@ -1168,7 +1450,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
Signer : createBadSigner ( t ) ,
} ,
} } , nil , true } ,
{ "fail parseCertificateRequest" , fields { m , "" , testProject , testLocation }, args { & apiv1 . CreateCertificateAuthorityRequest {
{ "fail parseCertificateRequest" , fields { m , "" , testProject , testLocation , testCaPool , pb . CaPool_DEVOPS }, args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . IntermediateCA ,
Template : mustParseCertificate ( t , testIntermediateCertificate ) ,
Lifetime : 24 * time . Hour ,
@ -1185,6 +1467,8 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
certificateAuthority : tt . fields . certificateAuthority ,
project : tt . fields . project ,
location : tt . fields . location ,
caPool : tt . fields . caPool ,
caPoolTier : tt . fields . caPoolTier ,
}
got , err := c . CreateCertificateAuthority ( tt . args . req )
if ( err != nil ) != tt . wantErr {