Browse Source

tests for certificate case

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
Gustavo Carvalho 4 years ago
parent
commit
9722616847

+ 24 - 0
pkg/provider/azure/keyvault/fake/fake.go

@@ -81,6 +81,30 @@ func (mc *AzureMockClient) WithCertificate(serviceURL, secretName, secretVersion
 	}
 }
 
+func (mc *AzureMockClient) WithImportCertificate(apiOutput keyvault.CertificateBundle, err error) {
+	if mc != nil {
+		mc.importCertificate = func(ctx context.Context, vaultBaseURL string, certificateName string, parameters keyvault.CertificateImportParameters) (keyvault.CertificateBundle, error) {
+			return apiOutput, err
+		}
+	}
+}
+
+func (mc *AzureMockClient) WithCreateKey(output keyvault.KeyBundle, err error) {
+	if mc != nil {
+		mc.createKey = func(ctx context.Context, vaultBaseURL string, keyName string, parameters keyvault.KeyCreateParameters) (result keyvault.KeyBundle, err error) {
+			return output, err
+		}
+	}
+}
+
+func (mc *AzureMockClient) WithSetSecret(output keyvault.SecretBundle, err error) {
+	if mc != nil {
+		mc.setSecret = func(ctx context.Context, vaultBaseURL string, secretName string, parameters keyvault.SecretSetParameters) (result keyvault.SecretBundle, err error) {
+			return output, err
+		}
+	}
+}
+
 func (mc *AzureMockClient) WithList(serviceURL string, apiOutput keyvault.SecretListResultIterator, err error) {
 	if mc != nil {
 		mc.getSecretsComplete = func(ctx context.Context, vaultBaseURL string, maxresults *int32) (result keyvault.SecretListResultIterator, err error) {

+ 8 - 3
pkg/provider/azure/keyvault/keyvault.go

@@ -20,6 +20,7 @@ import (
 	"crypto/x509"
 	b64 "encoding/base64"
 	"encoding/json"
+	"encoding/pem"
 	"errors"
 	"fmt"
 	"os"
@@ -211,7 +212,11 @@ func (a *Azure) ValidateStore(store esv1beta1.GenericStore) error {
 func getCertificateFromValue(value []byte) (*x509.Certificate, error) {
 	_, localCert, err := pkcs12.Decode(value, "")
 	if err != nil {
-		return x509.ParseCertificate(value)
+		pemBlock, _ := pem.Decode(value)
+		if pemBlock == nil {
+			return x509.ParseCertificate(value)
+		}
+		return x509.ParseCertificate(pemBlock.Bytes)
 	}
 	return localCert, err
 }
@@ -244,13 +249,13 @@ func (a *Azure) SetSecret(ctx context.Context, value []byte, ref esv1beta1.PushR
 		val := b64.StdEncoding.EncodeToString(value)
 		localCert, err := getCertificateFromValue(value)
 		if err != nil {
-			return fmt.Errorf("value from secret is not a valid certificate:%v", err)
+			return fmt.Errorf("value from secret is not a valid certificate: %v", err)
 		}
 		b := sha1.Sum(localCert.Raw)
 		sha1Fingerprint := b64.RawURLEncoding.EncodeToString(b[:])
 		cert, err := a.baseClient.GetCertificate(ctx, *a.provider.VaultURL, secretName, "")
 		if err != nil && err.(autorest.DetailedError).StatusCode != 404 {
-			return err
+			return fmt.Errorf("could not get certificate from keyvault: %v", err)
 		}
 		if err == nil {
 			man, ok := cert.Tags["managed-by"]

File diff suppressed because it is too large
+ 34 - 13
pkg/provider/azure/keyvault/keyvault_test.go


Some files were not shown because too many files changed in this diff