-
Notifications
You must be signed in to change notification settings - Fork 11
/
fake_manager.go
107 lines (94 loc) · 2.7 KB
/
fake_manager.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
package certificate
import (
"context"
"fmt"
"time"
"github.com/flomesh-io/fsm/pkg/apis/config/v1alpha3"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/flomesh-io/fsm/pkg/certificate/pem"
"github.com/flomesh-io/fsm/pkg/constants"
)
var (
validity = time.Hour
)
type fakeMRCClient struct{}
func (c *fakeMRCClient) GetCertIssuerForMRC(mrc *v1alpha3.MeshRootCertificate) (Issuer, pem.RootCertificate, error) {
return &fakeIssuer{}, pem.RootCertificate("rootCA"), nil
}
// List returns the single, pre-generated MRC. It is intended to implement the certificate.MRCClient interface.
func (c *fakeMRCClient) List() ([]*v1alpha3.MeshRootCertificate, error) {
// return single empty object in the list.
return []*v1alpha3.MeshRootCertificate{{
Spec: v1alpha3.MeshRootCertificateSpec{
TrustDomain: "fake.domain.com",
},
}}, nil
}
func (c *fakeMRCClient) Watch(ctx context.Context) (<-chan MRCEvent, error) {
ch := make(chan MRCEvent)
go func() {
ch <- MRCEvent{
Type: MRCEventAdded,
MRC: &v1alpha3.MeshRootCertificate{
ObjectMeta: metav1.ObjectMeta{
Name: "fsm-mesh-root-certificate",
Namespace: "fsm-system",
},
Spec: v1alpha3.MeshRootCertificateSpec{
TrustDomain: "fake.domain.com",
Provider: v1alpha3.ProviderSpec{
Tresor: &v1alpha3.TresorProviderSpec{
CA: v1alpha3.TresorCASpec{
SecretRef: v1.SecretReference{
Name: "fsm-ca-bundle",
Namespace: "fsm-system",
},
},
},
},
},
Status: v1alpha3.MeshRootCertificateStatus{
State: constants.MRCStateActive,
},
},
}
close(ch)
}()
return ch, nil
}
type fakeIssuer struct {
err bool
id string
}
// IssueCertificate is a testing helper to satisfy the certificate client interface
func (i *fakeIssuer) IssueCertificate(cn CommonName, saNames []string, validityPeriod time.Duration) (*Certificate, error) {
if i.err {
return nil, fmt.Errorf("%s failed", i.id)
}
return &Certificate{
CommonName: cn,
SANames: saNames,
Expiration: time.Now().Add(validityPeriod),
// simply used to distinguish the private/public key from other issuers
IssuingCA: pem.RootCertificate(i.id),
TrustedCAs: pem.RootCertificate(i.id),
PrivateKey: pem.PrivateKey(i.id),
}, nil
}
// FakeCertManager is a testing helper that returns a *certificate.Manager
func FakeCertManager() (*Manager, error) {
getCertValidityDuration := func() time.Duration { return validity }
cm, err := NewManager(
context.Background(),
&fakeMRCClient{},
getCertValidityDuration,
getCertValidityDuration,
nil,
1*time.Hour,
)
if err != nil {
return nil, fmt.Errorf("error creating fakeCertManager, err: %w", err)
}
return cm, nil
}