Skip to content

Commit 55089ce

Browse files
fabriziosestitofabriziosestito
committed
test: add audit-scanner cert and secret generation unit tests
Signed-off-by: Fabrizio Sestito <[email protected]>
1 parent d8ed164 commit 55089ce

File tree

2 files changed

+31
-1
lines changed

2 files changed

+31
-1
lines changed

charts/kubewarden-controller/tests/webhooks_existing_certifcates_test.yaml

+22-1
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,14 @@ kubernetesProvider:
2929
data:
3030
tls.crt: "dGxzLmNydA==" # "tls.crt" in base64
3131
tls.key: "dGxzLmtleQ==" # "tls.key" in base64
32+
- kind: Secret
33+
apiVersion: v1
34+
metadata:
35+
name: kubewarden-audit-scanner-client-cert
36+
namespace: kubewarden
37+
data:
38+
tls.crt: "dGxzLmNydA==" # "tls.crt" in base64
39+
tls.key: "dGxzLmtleQ==" # "tls.key" in base64
3240
tests:
3341
- it: "should reuse the existing CA certificate"
3442
documentSelector:
@@ -47,7 +55,7 @@ tests:
4755
path: data["old-ca.crt"]
4856
value: "old-ca.crt"
4957
decodeBase64: true
50-
- it: "should reuse the existing leaf certificate"
58+
- it: "should reuse the existing leaf certificate (webhook server)"
5159
documentSelector:
5260
path: metadata.name
5361
value: kubewarden-webhook-server-cert
@@ -60,6 +68,19 @@ tests:
6068
path: data["tls.key"]
6169
value: "tls.key"
6270
decodeBase64: true
71+
- it: "should reuse the existing leaf certificate (audit-scanner)"
72+
documentSelector:
73+
path: metadata.name
74+
value: kubewarden-audit-scanner-client-cert
75+
asserts:
76+
- equal:
77+
path: data["tls.crt"]
78+
value: "tls.crt"
79+
decodeBase64: true
80+
- equal:
81+
path: data["tls.key"]
82+
value: "tls.key"
83+
decodeBase64: true
6384
- it: "should inject the caBundle (ca + old ca) into the webhook configurations"
6485
documentSelector:
6586
path: apiVersion

charts/kubewarden-controller/tests/webhooks_test.yaml

+9
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,15 @@ tests:
2222
path: data["tls.crt"]
2323
- isNotNullOrEmpty:
2424
path: data["tls.key"]
25+
- it: "should generate a leaf certificate and store it in the kubewarden-audit-scanner-client-cert secret"
26+
documentSelector:
27+
path: metadata.name
28+
value: kubewarden-audit-scanner-client-cert
29+
asserts:
30+
- isNotNullOrEmpty:
31+
path: data["tls.crt"]
32+
- isNotNullOrEmpty:
33+
path: data["tls.key"]
2534
- it: "should inject the caBundle into the webhook configurations"
2635
documentSelector:
2736
path: apiVersion

0 commit comments

Comments
 (0)