|
|
|
@ -20,7 +20,7 @@ import (
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
lroauto "cloud.google.com/go/longrunning/autogen"
|
|
|
|
|
privateca "cloud.google.com/go/security/privateca/apiv1beta1"
|
|
|
|
|
privateca "cloud.google.com/go/security/privateca/apiv1"
|
|
|
|
|
gomock "github.com/golang/mock/gomock"
|
|
|
|
|
"github.com/google/uuid"
|
|
|
|
|
gax "github.com/googleapis/gax-go/v2"
|
|
|
|
@ -28,19 +28,23 @@ import (
|
|
|
|
|
"github.com/smallstep/certificates/cas/apiv1"
|
|
|
|
|
kmsapi "github.com/smallstep/certificates/kms/apiv1"
|
|
|
|
|
"google.golang.org/api/option"
|
|
|
|
|
pb "google.golang.org/genproto/googleapis/cloud/security/privateca/v1beta1"
|
|
|
|
|
pb "google.golang.org/genproto/googleapis/cloud/security/privateca/v1"
|
|
|
|
|
longrunningpb "google.golang.org/genproto/googleapis/longrunning"
|
|
|
|
|
"google.golang.org/grpc"
|
|
|
|
|
"google.golang.org/grpc/codes"
|
|
|
|
|
"google.golang.org/grpc/status"
|
|
|
|
|
"google.golang.org/grpc/test/bufconn"
|
|
|
|
|
"google.golang.org/protobuf/types/known/anypb"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
errTest = errors.New("test error")
|
|
|
|
|
testAuthorityName = "projects/test-project/locations/us-west1/certificateAuthorities/test-ca"
|
|
|
|
|
testCertificateName = "projects/test-project/locations/us-west1/certificateAuthorities/test-ca/certificates/test-certificate"
|
|
|
|
|
testCaPoolName = "projects/test-project/locations/us-west1/caPools/test-capool"
|
|
|
|
|
testAuthorityName = "projects/test-project/locations/us-west1/caPools/test-capool/certificateAuthorities/test-ca"
|
|
|
|
|
testCertificateName = "projects/test-project/locations/us-west1/caPools/test-capool/certificateAuthorities/test-ca/certificates/test-certificate"
|
|
|
|
|
testProject = "test-project"
|
|
|
|
|
testLocation = "us-west1"
|
|
|
|
|
testCaPool = "test-capool"
|
|
|
|
|
testRootCertificate = `-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBeDCCAR+gAwIBAgIQcXWWjtSZ/PAyH8D1Ou4L9jAKBggqhkjOPQQDAjAbMRkw
|
|
|
|
|
FwYDVQQDExBDbG91ZENBUyBSb290IENBMB4XDTIwMTAyNzIyNTM1NFoXDTMwMTAy
|
|
|
|
@ -214,6 +218,18 @@ func (c *testClient) ActivateCertificateAuthority(ctx context.Context, req *pb.A
|
|
|
|
|
return nil, errors.New("use NewMockCertificateAuthorityClient")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *testClient) EnableCertificateAuthority(ctx context.Context, req *pb.EnableCertificateAuthorityRequest, opts ...gax.CallOption) (*privateca.EnableCertificateAuthorityOperation, error) {
|
|
|
|
|
return nil, errors.New("use NewMockCertificateAuthorityClient")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *testClient) GetCaPool(ctx context.Context, req *pb.GetCaPoolRequest, opts ...gax.CallOption) (*pb.CaPool, error) {
|
|
|
|
|
return nil, errors.New("use NewMockCertificateAuthorityClient")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *testClient) CreateCaPool(ctx context.Context, req *pb.CreateCaPoolRequest, opts ...gax.CallOption) (*privateca.CreateCaPoolOperation, error) {
|
|
|
|
|
return nil, errors.New("use NewMockCertificateAuthorityClient")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func mustParseCertificate(t *testing.T, pemCert string) *x509.Certificate {
|
|
|
|
|
t.Helper()
|
|
|
|
|
crt, err := parseCertificate(pemCert)
|
|
|
|
@ -262,6 +278,18 @@ func TestNew(t *testing.T) {
|
|
|
|
|
certificateAuthority: testAuthorityName,
|
|
|
|
|
project: testProject,
|
|
|
|
|
location: testLocation,
|
|
|
|
|
caPool: testCaPool,
|
|
|
|
|
caPoolTier: 0,
|
|
|
|
|
}, false},
|
|
|
|
|
{"ok authority and creator", args{context.Background(), apiv1.Options{
|
|
|
|
|
CertificateAuthority: testAuthorityName, IsCreator: true,
|
|
|
|
|
}}, &CloudCAS{
|
|
|
|
|
client: &testClient{},
|
|
|
|
|
certificateAuthority: testAuthorityName,
|
|
|
|
|
project: testProject,
|
|
|
|
|
location: testLocation,
|
|
|
|
|
caPool: testCaPool,
|
|
|
|
|
caPoolTier: 0,
|
|
|
|
|
}, false},
|
|
|
|
|
{"ok with credentials", args{context.Background(), apiv1.Options{
|
|
|
|
|
CertificateAuthority: testAuthorityName, CredentialsFile: "testdata/credentials.json",
|
|
|
|
@ -270,16 +298,38 @@ func TestNew(t *testing.T) {
|
|
|
|
|
certificateAuthority: testAuthorityName,
|
|
|
|
|
project: testProject,
|
|
|
|
|
location: testLocation,
|
|
|
|
|
caPool: testCaPool,
|
|
|
|
|
caPoolTier: 0,
|
|
|
|
|
}, false},
|
|
|
|
|
{"ok creator", args{context.Background(), apiv1.Options{
|
|
|
|
|
IsCreator: true, Project: testProject, Location: testLocation,
|
|
|
|
|
IsCreator: true, Project: testProject, Location: testLocation, CaPool: testCaPool,
|
|
|
|
|
}}, &CloudCAS{
|
|
|
|
|
client: &testClient{},
|
|
|
|
|
project: testProject,
|
|
|
|
|
location: testLocation,
|
|
|
|
|
caPool: testCaPool,
|
|
|
|
|
caPoolTier: pb.CaPool_DEVOPS,
|
|
|
|
|
}, false},
|
|
|
|
|
{"ok creator devops", args{context.Background(), apiv1.Options{
|
|
|
|
|
IsCreator: true, Project: testProject, Location: testLocation, CaPool: testCaPool, CaPoolTier: "DevOps",
|
|
|
|
|
}}, &CloudCAS{
|
|
|
|
|
client: &testClient{},
|
|
|
|
|
project: testProject,
|
|
|
|
|
location: testLocation,
|
|
|
|
|
client: &testClient{},
|
|
|
|
|
project: testProject,
|
|
|
|
|
location: testLocation,
|
|
|
|
|
caPool: testCaPool,
|
|
|
|
|
caPoolTier: pb.CaPool_DEVOPS,
|
|
|
|
|
}, false},
|
|
|
|
|
{"ok creator enterprise", args{context.Background(), apiv1.Options{
|
|
|
|
|
IsCreator: true, Project: testProject, Location: testLocation, CaPool: testCaPool, CaPoolTier: "ENTERPRISE",
|
|
|
|
|
}}, &CloudCAS{
|
|
|
|
|
client: &testClient{},
|
|
|
|
|
project: testProject,
|
|
|
|
|
location: testLocation,
|
|
|
|
|
caPool: testCaPool,
|
|
|
|
|
caPoolTier: pb.CaPool_ENTERPRISE,
|
|
|
|
|
}, false},
|
|
|
|
|
{"fail certificate authority", args{context.Background(), apiv1.Options{
|
|
|
|
|
CertificateAuthority: "projects/ok1234/locations/ok1234/certificateAuthorities/ok1234/bad",
|
|
|
|
|
CertificateAuthority: "projects/ok1234/locations/ok1234/caPools/ok1234/certificateAuthorities/ok1234/bad",
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail certificate authority regex", args{context.Background(), apiv1.Options{}}, nil, true},
|
|
|
|
|
{"fail with credentials", args{context.Background(), apiv1.Options{
|
|
|
|
@ -291,6 +341,9 @@ func TestNew(t *testing.T) {
|
|
|
|
|
{"fail creator location", args{context.Background(), apiv1.Options{
|
|
|
|
|
IsCreator: true, Project: testProject, Location: "",
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail caPool", args{context.Background(), apiv1.Options{
|
|
|
|
|
IsCreator: true, Project: testProject, Location: testLocation, CaPool: "",
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
}
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
@ -320,6 +373,7 @@ func TestNew_register(t *testing.T) {
|
|
|
|
|
certificateAuthority: testAuthorityName,
|
|
|
|
|
project: testProject,
|
|
|
|
|
location: testLocation,
|
|
|
|
|
caPool: testCaPool,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
newFn, ok := apiv1.LoadCertificateAuthorityServiceNewFunc(apiv1.CloudCAS)
|
|
|
|
@ -338,7 +392,6 @@ func TestNew_register(t *testing.T) {
|
|
|
|
|
if !reflect.DeepEqual(got, want) {
|
|
|
|
|
t.Errorf("New() = %v, want %v", got, want)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestNew_real(t *testing.T) {
|
|
|
|
@ -812,14 +865,27 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
fake := &privateca.CertificateAuthorityClient{
|
|
|
|
|
LROClient: client,
|
|
|
|
|
fake, err := privateca.NewCertificateAuthorityClient(context.Background(), option.WithGRPCConn(conn))
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
fake.LROClient = client
|
|
|
|
|
|
|
|
|
|
// Configure mocks
|
|
|
|
|
any := gomock.Any()
|
|
|
|
|
|
|
|
|
|
// ok root
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(nil, status.Error(codes.NotFound, "not found"))
|
|
|
|
|
m.EXPECT().CreateCaPool(any, any).Return(fake.CreateCaPoolOperation("CreateCaPool"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "CreateCaPool",
|
|
|
|
|
Done: true,
|
|
|
|
|
Result: &longrunningpb.Operation_Response{
|
|
|
|
|
Response: must(anypb.New(&pb.CaPool{
|
|
|
|
|
Name: testCaPoolName,
|
|
|
|
|
})).(*anypb.Any),
|
|
|
|
|
},
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "CreateCertificateAuthority",
|
|
|
|
@ -831,8 +897,20 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
})).(*anypb.Any),
|
|
|
|
|
},
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().EnableCertificateAuthority(any, any).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "EnableCertificateAuthority",
|
|
|
|
|
Done: true,
|
|
|
|
|
Result: &longrunningpb.Operation_Response{
|
|
|
|
|
Response: must(anypb.New(&pb.CertificateAuthority{
|
|
|
|
|
Name: testAuthorityName,
|
|
|
|
|
PemCaCertificates: []string{testRootCertificate},
|
|
|
|
|
})).(*anypb.Any),
|
|
|
|
|
},
|
|
|
|
|
}, nil)
|
|
|
|
|
|
|
|
|
|
// ok intermediate
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "CreateCertificateAuthority",
|
|
|
|
@ -846,6 +924,10 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
m.EXPECT().FetchCertificateAuthorityCsr(any, any).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
|
|
|
|
PemCsr: testIntermediateCsr,
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificate(any, any).Return(&pb.Certificate{
|
|
|
|
|
PemCertificate: testIntermediateCertificate,
|
|
|
|
|
PemCertificateChain: []string{testRootCertificate},
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().ActivateCertificateAuthority(any, any).Return(fake.ActivateCertificateAuthorityOperation("ActivateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "ActivateCertificateAuthority",
|
|
|
|
@ -857,7 +939,20 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
})).(*anypb.Any),
|
|
|
|
|
},
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().EnableCertificateAuthority(any, any).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "EnableCertificateAuthority",
|
|
|
|
|
Done: true,
|
|
|
|
|
Result: &longrunningpb.Operation_Response{
|
|
|
|
|
Response: must(anypb.New(&pb.CertificateAuthority{
|
|
|
|
|
Name: testAuthorityName,
|
|
|
|
|
PemCaCertificates: []string{testIntermediateCertificate, testRootCertificate},
|
|
|
|
|
})).(*anypb.Any),
|
|
|
|
|
},
|
|
|
|
|
}, nil)
|
|
|
|
|
|
|
|
|
|
// ok intermediate local signer
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "CreateCertificateAuthority",
|
|
|
|
@ -871,10 +966,6 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
m.EXPECT().FetchCertificateAuthorityCsr(any, any).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
|
|
|
|
PemCsr: testIntermediateCsr,
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificate(any, any).Return(&pb.Certificate{
|
|
|
|
|
PemCertificate: testIntermediateCertificate,
|
|
|
|
|
PemCertificateChain: []string{testRootCertificate},
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().ActivateCertificateAuthority(any, any).Return(fake.ActivateCertificateAuthorityOperation("ActivateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "ActivateCertificateAuthority",
|
|
|
|
@ -886,8 +977,20 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
})).(*anypb.Any),
|
|
|
|
|
},
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().EnableCertificateAuthority(any, any).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "EnableCertificateAuthority",
|
|
|
|
|
Done: true,
|
|
|
|
|
Result: &longrunningpb.Operation_Response{
|
|
|
|
|
Response: must(anypb.New(&pb.CertificateAuthority{
|
|
|
|
|
Name: testAuthorityName,
|
|
|
|
|
PemCaCertificates: []string{testIntermediateCertificate, testRootCertificate},
|
|
|
|
|
})).(*anypb.Any),
|
|
|
|
|
},
|
|
|
|
|
}, nil)
|
|
|
|
|
|
|
|
|
|
// ok create key
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "CreateCertificateAuthority",
|
|
|
|
@ -899,15 +1002,137 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
})).(*anypb.Any),
|
|
|
|
|
},
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().EnableCertificateAuthority(any, any).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "EnableCertificateAuthority",
|
|
|
|
|
Done: true,
|
|
|
|
|
Result: &longrunningpb.Operation_Response{
|
|
|
|
|
Response: must(anypb.New(&pb.CertificateAuthority{
|
|
|
|
|
Name: testAuthorityName,
|
|
|
|
|
PemCaCertificates: []string{testRootCertificate},
|
|
|
|
|
})).(*anypb.Any),
|
|
|
|
|
},
|
|
|
|
|
}, nil)
|
|
|
|
|
|
|
|
|
|
// fail GetCaPool
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(nil, errTest)
|
|
|
|
|
|
|
|
|
|
// fail CreateCaPool
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(nil, status.Error(codes.NotFound, "not found"))
|
|
|
|
|
m.EXPECT().CreateCaPool(any, any).Return(nil, errTest)
|
|
|
|
|
|
|
|
|
|
// fail CreateCaPool.Wait
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(nil, status.Error(codes.NotFound, "not found"))
|
|
|
|
|
m.EXPECT().CreateCaPool(any, any).Return(fake.CreateCaPoolOperation("CreateCaPool"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(nil, errTest)
|
|
|
|
|
|
|
|
|
|
// fail CreateCertificateAuthority
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificateAuthority(any, any).Return(nil, errTest)
|
|
|
|
|
|
|
|
|
|
// fail CreateCertificateAuthority.Wait
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(nil, errTest)
|
|
|
|
|
|
|
|
|
|
// fail EnableCertificateAuthority
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "CreateCertificateAuthority",
|
|
|
|
|
Done: true,
|
|
|
|
|
Result: &longrunningpb.Operation_Response{
|
|
|
|
|
Response: must(anypb.New(&pb.CertificateAuthority{
|
|
|
|
|
Name: testAuthorityName,
|
|
|
|
|
PemCaCertificates: []string{testRootCertificate},
|
|
|
|
|
})).(*anypb.Any),
|
|
|
|
|
},
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().EnableCertificateAuthority(any, any).Return(nil, errTest)
|
|
|
|
|
|
|
|
|
|
// fail EnableCertificateAuthority.Wait
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "CreateCertificateAuthority",
|
|
|
|
|
Done: true,
|
|
|
|
|
Result: &longrunningpb.Operation_Response{
|
|
|
|
|
Response: must(anypb.New(&pb.CertificateAuthority{
|
|
|
|
|
Name: testAuthorityName,
|
|
|
|
|
PemCaCertificates: []string{testRootCertificate},
|
|
|
|
|
})).(*anypb.Any),
|
|
|
|
|
},
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().EnableCertificateAuthority(any, any).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(nil, errTest)
|
|
|
|
|
|
|
|
|
|
// fail EnableCertificateAuthority intermediate
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "CreateCertificateAuthority",
|
|
|
|
|
Done: true,
|
|
|
|
|
Result: &longrunningpb.Operation_Response{
|
|
|
|
|
Response: must(anypb.New(&pb.CertificateAuthority{
|
|
|
|
|
Name: testAuthorityName,
|
|
|
|
|
})).(*anypb.Any),
|
|
|
|
|
},
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().FetchCertificateAuthorityCsr(any, any).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
|
|
|
|
PemCsr: testIntermediateCsr,
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificate(any, any).Return(&pb.Certificate{
|
|
|
|
|
PemCertificate: testIntermediateCertificate,
|
|
|
|
|
PemCertificateChain: []string{testRootCertificate},
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().ActivateCertificateAuthority(any, any).Return(fake.ActivateCertificateAuthorityOperation("ActivateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "ActivateCertificateAuthority",
|
|
|
|
|
Done: true,
|
|
|
|
|
Result: &longrunningpb.Operation_Response{
|
|
|
|
|
Response: must(anypb.New(&pb.CertificateAuthority{
|
|
|
|
|
Name: testAuthorityName,
|
|
|
|
|
PemCaCertificates: []string{testIntermediateCertificate, testRootCertificate},
|
|
|
|
|
})).(*anypb.Any),
|
|
|
|
|
},
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().EnableCertificateAuthority(any, any).Return(nil, errTest)
|
|
|
|
|
|
|
|
|
|
// fail EnableCertificateAuthority.Wait intermediate
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "CreateCertificateAuthority",
|
|
|
|
|
Done: true,
|
|
|
|
|
Result: &longrunningpb.Operation_Response{
|
|
|
|
|
Response: must(anypb.New(&pb.CertificateAuthority{
|
|
|
|
|
Name: testAuthorityName,
|
|
|
|
|
})).(*anypb.Any),
|
|
|
|
|
},
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().FetchCertificateAuthorityCsr(any, any).Return(&pb.FetchCertificateAuthorityCsrResponse{
|
|
|
|
|
PemCsr: testIntermediateCsr,
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificate(any, any).Return(&pb.Certificate{
|
|
|
|
|
PemCertificate: testIntermediateCertificate,
|
|
|
|
|
PemCertificateChain: []string{testRootCertificate},
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().ActivateCertificateAuthority(any, any).Return(fake.ActivateCertificateAuthorityOperation("ActivateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "ActivateCertificateAuthority",
|
|
|
|
|
Done: true,
|
|
|
|
|
Result: &longrunningpb.Operation_Response{
|
|
|
|
|
Response: must(anypb.New(&pb.CertificateAuthority{
|
|
|
|
|
Name: testAuthorityName,
|
|
|
|
|
PemCaCertificates: []string{testIntermediateCertificate, testRootCertificate},
|
|
|
|
|
})).(*anypb.Any),
|
|
|
|
|
},
|
|
|
|
|
}, nil)
|
|
|
|
|
m.EXPECT().EnableCertificateAuthority(any, any).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(nil, errTest)
|
|
|
|
|
|
|
|
|
|
// fail FetchCertificateAuthorityCsr
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "CreateCertificateAuthority",
|
|
|
|
@ -921,6 +1146,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
m.EXPECT().FetchCertificateAuthorityCsr(any, any).Return(nil, errTest)
|
|
|
|
|
|
|
|
|
|
// fail CreateCertificate
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "CreateCertificateAuthority",
|
|
|
|
@ -937,6 +1163,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
m.EXPECT().CreateCertificate(any, any).Return(nil, errTest)
|
|
|
|
|
|
|
|
|
|
// fail ActivateCertificateAuthority
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "CreateCertificateAuthority",
|
|
|
|
@ -957,6 +1184,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
m.EXPECT().ActivateCertificateAuthority(any, any).Return(nil, errTest)
|
|
|
|
|
|
|
|
|
|
// fail ActivateCertificateAuthority.Wait
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "CreateCertificateAuthority",
|
|
|
|
@ -978,6 +1206,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(nil, errTest)
|
|
|
|
|
|
|
|
|
|
// fail x509util.CreateCertificate
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "CreateCertificateAuthority",
|
|
|
|
@ -993,6 +1222,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
}, nil)
|
|
|
|
|
|
|
|
|
|
// fail parseCertificateRequest
|
|
|
|
|
m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
|
|
|
|
|
m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
|
|
|
|
|
mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
|
|
|
|
|
Name: "CreateCertificateAuthority",
|
|
|
|
@ -1015,6 +1245,8 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
certificateAuthority string
|
|
|
|
|
project string
|
|
|
|
|
location string
|
|
|
|
|
caPool string
|
|
|
|
|
caPoolTier pb.CaPool_Tier
|
|
|
|
|
}
|
|
|
|
|
type args struct {
|
|
|
|
|
req *apiv1.CreateCertificateAuthorityRequest
|
|
|
|
@ -1026,7 +1258,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
want *apiv1.CreateCertificateAuthorityResponse
|
|
|
|
|
wantErr bool
|
|
|
|
|
}{
|
|
|
|
|
{"ok root", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"ok root", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_ENTERPRISE}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.RootCA,
|
|
|
|
|
Template: mustParseCertificate(t, testRootCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
@ -1034,7 +1266,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
Name: testAuthorityName,
|
|
|
|
|
Certificate: rootCrt,
|
|
|
|
|
}, false},
|
|
|
|
|
{"ok intermediate", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"ok intermediate", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.IntermediateCA,
|
|
|
|
|
Template: mustParseCertificate(t, testIntermediateCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
@ -1047,7 +1279,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
Certificate: intCrt,
|
|
|
|
|
CertificateChain: []*x509.Certificate{rootCrt},
|
|
|
|
|
}, false},
|
|
|
|
|
{"ok intermediate local signer", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"ok intermediate local signer", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_ENTERPRISE}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.IntermediateCA,
|
|
|
|
|
Template: mustParseCertificate(t, testIntermediateCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
@ -1060,7 +1292,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
Certificate: intCrt,
|
|
|
|
|
CertificateChain: []*x509.Certificate{rootCrt},
|
|
|
|
|
}, false},
|
|
|
|
|
{"ok create key", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"ok create key", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.RootCA,
|
|
|
|
|
Template: mustParseCertificate(t, testRootCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
@ -1071,41 +1303,46 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
Name: testAuthorityName,
|
|
|
|
|
Certificate: rootCrt,
|
|
|
|
|
}, false},
|
|
|
|
|
{"fail project", fields{m, "", "", testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"fail project", fields{m, "", "", testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.RootCA,
|
|
|
|
|
Template: mustParseCertificate(t, testRootCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail location", fields{m, "", testProject, "", testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.RootCA,
|
|
|
|
|
Template: mustParseCertificate(t, testRootCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail location", fields{m, "", testProject, ""}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"fail caPool", fields{m, "", testProject, testLocation, "", pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.RootCA,
|
|
|
|
|
Template: mustParseCertificate(t, testRootCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail template", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"fail template", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.RootCA,
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail lifetime", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"fail lifetime", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.RootCA,
|
|
|
|
|
Template: mustParseCertificate(t, testRootCertificate),
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail parent", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"fail parent", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.IntermediateCA,
|
|
|
|
|
Template: mustParseCertificate(t, testRootCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail parent name", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"fail parent name", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.IntermediateCA,
|
|
|
|
|
Template: mustParseCertificate(t, testRootCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
|
Parent: &apiv1.CreateCertificateAuthorityResponse{},
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail type", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"fail type", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: 0,
|
|
|
|
|
Template: mustParseCertificate(t, testRootCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail create key", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"fail create key", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.RootCA,
|
|
|
|
|
Template: mustParseCertificate(t, testRootCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
@ -1113,17 +1350,62 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
SignatureAlgorithm: kmsapi.PureEd25519,
|
|
|
|
|
},
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail CreateCertificateAuthority", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"fail GetCaPool", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.RootCA,
|
|
|
|
|
Template: mustParseCertificate(t, testRootCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail CreateCertificateAuthority.Wait", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"fail CreateCaPool", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.RootCA,
|
|
|
|
|
Template: mustParseCertificate(t, testRootCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail FetchCertificateAuthorityCsr", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"fail CreateCaPool.Wait", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.RootCA,
|
|
|
|
|
Template: mustParseCertificate(t, testRootCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail CreateCertificateAuthority", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.RootCA,
|
|
|
|
|
Template: mustParseCertificate(t, testRootCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail CreateCertificateAuthority.Wait", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.RootCA,
|
|
|
|
|
Template: mustParseCertificate(t, testRootCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail EnableCertificateAuthority", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.RootCA,
|
|
|
|
|
Template: mustParseCertificate(t, testRootCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail EnableCertificateAuthority.Wait", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.RootCA,
|
|
|
|
|
Template: mustParseCertificate(t, testRootCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
|
|
|
|
|
{"fail EnableCertificateAuthority intermediate", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.IntermediateCA,
|
|
|
|
|
Template: mustParseCertificate(t, testIntermediateCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
|
Parent: &apiv1.CreateCertificateAuthorityResponse{
|
|
|
|
|
Name: testAuthorityName,
|
|
|
|
|
Certificate: rootCrt,
|
|
|
|
|
},
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail EnableCertificateAuthority.Wait intermediate", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.IntermediateCA,
|
|
|
|
|
Template: mustParseCertificate(t, testIntermediateCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
|
Parent: &apiv1.CreateCertificateAuthorityResponse{
|
|
|
|
|
Name: testAuthorityName,
|
|
|
|
|
Certificate: rootCrt,
|
|
|
|
|
},
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
|
|
|
|
|
{"fail FetchCertificateAuthorityCsr", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.IntermediateCA,
|
|
|
|
|
Template: mustParseCertificate(t, testIntermediateCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
@ -1132,7 +1414,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
Certificate: rootCrt,
|
|
|
|
|
},
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail CreateCertificate", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"fail CreateCertificate", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.IntermediateCA,
|
|
|
|
|
Template: mustParseCertificate(t, testIntermediateCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
@ -1141,7 +1423,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
Certificate: rootCrt,
|
|
|
|
|
},
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail ActivateCertificateAuthority", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"fail ActivateCertificateAuthority", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.IntermediateCA,
|
|
|
|
|
Template: mustParseCertificate(t, testIntermediateCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
@ -1150,7 +1432,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
Certificate: rootCrt,
|
|
|
|
|
},
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail ActivateCertificateAuthority.Wait", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"fail ActivateCertificateAuthority.Wait", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.IntermediateCA,
|
|
|
|
|
Template: mustParseCertificate(t, testIntermediateCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
@ -1159,7 +1441,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
Certificate: rootCrt,
|
|
|
|
|
},
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail x509util.CreateCertificate", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"fail x509util.CreateCertificate", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.IntermediateCA,
|
|
|
|
|
Template: mustParseCertificate(t, testIntermediateCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
@ -1168,7 +1450,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
Signer: createBadSigner(t),
|
|
|
|
|
},
|
|
|
|
|
}}, nil, true},
|
|
|
|
|
{"fail parseCertificateRequest", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
{"fail parseCertificateRequest", fields{m, "", testProject, testLocation, testCaPool, pb.CaPool_DEVOPS}, args{&apiv1.CreateCertificateAuthorityRequest{
|
|
|
|
|
Type: apiv1.IntermediateCA,
|
|
|
|
|
Template: mustParseCertificate(t, testIntermediateCertificate),
|
|
|
|
|
Lifetime: 24 * time.Hour,
|
|
|
|
@ -1185,6 +1467,8 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
|
|
|
|
certificateAuthority: tt.fields.certificateAuthority,
|
|
|
|
|
project: tt.fields.project,
|
|
|
|
|
location: tt.fields.location,
|
|
|
|
|
caPool: tt.fields.caPool,
|
|
|
|
|
caPoolTier: tt.fields.caPoolTier,
|
|
|
|
|
}
|
|
|
|
|
got, err := c.CreateCertificateAuthority(tt.args.req)
|
|
|
|
|
if (err != nil) != tt.wantErr {
|
|
|
|
|