diff --git a/pkg/bundle/bundle.go b/pkg/bundle/bundle.go index f26ac074..892eb3bb 100644 --- a/pkg/bundle/bundle.go +++ b/pkg/bundle/bundle.go @@ -37,6 +37,7 @@ import ( trustapi "github.com/cert-manager/trust-manager/pkg/apis/trust/v1alpha1" "github.com/cert-manager/trust-manager/pkg/bundle/internal/ssa_client" + "github.com/cert-manager/trust-manager/pkg/bundle/internal/target" "github.com/cert-manager/trust-manager/pkg/fspkg" ) @@ -67,10 +68,6 @@ type bundle struct { // a cache-backed Kubernetes client client client.Client - // targetCache is a cache.Cache that holds cached ConfigMap and Secret - // resources that are used as targets for Bundles. - targetCache client.Reader - // defaultPackage holds the loaded 'default' certificate package, if one was specified // at startup. defaultPackage *fspkg.Package @@ -84,9 +81,7 @@ type bundle struct { // Options holds options for the Bundle controller. Options - // patchResourceOverwrite allows use to override the patchResource function - // it is used for testing purposes - patchResourceOverwrite func(ctx context.Context, obj interface{}) error + targetReconciler *target.Reconciler } // Reconcile is the top level function for reconciling over synced Bundles. @@ -253,7 +248,7 @@ func (b *bundle) reconcileBundle(ctx context.Context, req ctrl.Request) (result Kind: string(kind), }, } - err := b.targetCache.List(ctx, targetList, &client.ListOptions{ + err := b.targetReconciler.Cache.List(ctx, targetList, &client.ListOptions{ LabelSelector: labels.SelectorFromSet(map[string]string{ trustapi.BundleLabelKey: bundle.Name, }), @@ -303,12 +298,12 @@ func (b *bundle) reconcileBundle(ctx context.Context, req ctrl.Request) (result if target.Kind == configMapTarget { syncFunc = func(targetLog logr.Logger, target targetResource, shouldExist bool) (bool, error) { - return b.syncConfigMapTarget(ctx, targetLog, &bundle, target.NamespacedName, resolvedBundle.targetData, shouldExist) + return b.targetReconciler.SyncConfigMap(ctx, targetLog, &bundle, target.NamespacedName, resolvedBundle.Data, shouldExist) } } if target.Kind == secretTarget { syncFunc = func(targetLog logr.Logger, target targetResource, shouldExist bool) (bool, error) { - return b.syncSecretTarget(ctx, targetLog, &bundle, target.NamespacedName, resolvedBundle.targetData, shouldExist) + return b.targetReconciler.SyncSecret(ctx, targetLog, &bundle, target.NamespacedName, resolvedBundle.Data, shouldExist) } } diff --git a/pkg/bundle/bundle_test.go b/pkg/bundle/bundle_test.go index 56f8cc9a..f27b7075 100644 --- a/pkg/bundle/bundle_test.go +++ b/pkg/bundle/bundle_test.go @@ -41,6 +41,7 @@ import ( trustapi "github.com/cert-manager/trust-manager/pkg/apis/trust/v1alpha1" "github.com/cert-manager/trust-manager/pkg/bundle/internal/ssa_client" + "github.com/cert-manager/trust-manager/pkg/bundle/internal/target" "github.com/cert-manager/trust-manager/pkg/bundle/internal/truststore" "github.com/cert-manager/trust-manager/pkg/fspkg" "github.com/cert-manager/trust-manager/pkg/util" @@ -1312,22 +1313,25 @@ func Test_Reconcile(t *testing.T) { log, ctx := ktesting.NewTestContext(t) b := &bundle{ - client: fakeClient, - targetCache: fakeClient, - recorder: fakeRecorder, - clock: fixedclock, + client: fakeClient, + recorder: fakeRecorder, + clock: fixedclock, Options: Options{ Log: log, Namespace: trustNamespace, SecretTargetsEnabled: !test.disableSecretTargets, FilterExpiredCerts: true, }, - patchResourceOverwrite: func(ctx context.Context, obj interface{}) error { - logMutex.Lock() - defer logMutex.Unlock() + targetReconciler: &target.Reconciler{ + Client: fakeClient, + Cache: fakeClient, + PatchResourceOverwrite: func(ctx context.Context, obj interface{}) error { + logMutex.Lock() + defer logMutex.Unlock() - resourcePatches = append(resourcePatches, obj) - return nil + resourcePatches = append(resourcePatches, obj) + return nil + }, }, } diff --git a/pkg/bundle/controller.go b/pkg/bundle/controller.go index aa0ab12a..3ea5d114 100644 --- a/pkg/bundle/controller.go +++ b/pkg/bundle/controller.go @@ -37,6 +37,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/source" trustapi "github.com/cert-manager/trust-manager/pkg/apis/trust/v1alpha1" + "github.com/cert-manager/trust-manager/pkg/bundle/internal/target" "github.com/cert-manager/trust-manager/pkg/fspkg" ) @@ -52,11 +53,14 @@ func AddBundleController( targetCache cache.Cache, ) error { b := &bundle{ - client: mgr.GetClient(), - targetCache: targetCache, - recorder: mgr.GetEventRecorderFor("bundles"), - clock: clock.RealClock{}, - Options: opts, + client: mgr.GetClient(), + recorder: mgr.GetEventRecorderFor("bundles"), + clock: clock.RealClock{}, + Options: opts, + targetReconciler: &target.Reconciler{ + Client: mgr.GetClient(), + Cache: targetCache, + }, } if b.Options.DefaultPackageLocation != "" { diff --git a/pkg/bundle/target.go b/pkg/bundle/internal/target/target.go similarity index 78% rename from pkg/bundle/target.go rename to pkg/bundle/internal/target/target.go index 36a9532c..9db0046b 100644 --- a/pkg/bundle/target.go +++ b/pkg/bundle/internal/target/target.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package bundle +package target import ( "bytes" @@ -42,16 +42,29 @@ import ( "github.com/cert-manager/trust-manager/pkg/util" ) -// syncConfigMapTarget syncs the given data to the target ConfigMap in the given namespace. +type Reconciler struct { + // a cache-backed Kubernetes client + Client client.Client + + // Cache is a cache.Cache that holds cached ConfigMap and Secret + // resources that are used as targets for Bundles. + Cache client.Reader + + // PatchResourceOverwrite allows use to override the patchResource function + // it is used for testing purposes + PatchResourceOverwrite func(ctx context.Context, obj interface{}) error +} + +// SyncConfigMap syncs the given data to the target ConfigMap in the given namespace. // The name of the ConfigMap is the same as the Bundle. // Ensures the ConfigMap is owned by the given Bundle, and the data is up to date. // Returns true if the ConfigMap has been created or was updated. -func (b *bundle) syncConfigMapTarget( +func (r *Reconciler) SyncConfigMap( ctx context.Context, log logr.Logger, bundle *trustapi.Bundle, name types.NamespacedName, - resolvedBundle targetData, + resolvedBundle Data, shouldExist bool, ) (bool, error) { targetObj := &metav1.PartialObjectMetadata{ @@ -60,7 +73,7 @@ func (b *bundle) syncConfigMapTarget( APIVersion: "v1", }, } - err := b.targetCache.Get(ctx, name, targetObj) + err := r.Cache.Get(ctx, name, targetObj) if err != nil && !apierrors.IsNotFound(err) { return false, fmt.Errorf("failed to get ConfigMap %s: %w", name, err) } @@ -74,13 +87,13 @@ func (b *bundle) syncConfigMapTarget( if !apierrors.IsNotFound(err) && !shouldExist { // Apply empty patch to remove the key(s). configMapPatch := prepareTargetPatch(coreapplyconfig.ConfigMap(name.Name, name.Namespace), *bundle) - configMap, err := b.patchConfigMap(ctx, configMapPatch) + configMap, err := r.patchConfigMap(ctx, configMapPatch) if err != nil { return false, fmt.Errorf("failed to patch ConfigMap %s: %w", name, err) } // If the ConfigMap is empty, delete it. if configMap != nil && len(configMap.Data) == 0 && len(configMap.BinaryData) == 0 { - return true, b.client.Delete(ctx, configMap) + return true, r.Client.Delete(ctx, configMap) } return true, nil } @@ -92,16 +105,16 @@ func (b *bundle) syncConfigMapTarget( // Generated JKS is not deterministic - best we can do here is update if the pem cert has // changed (hence not checking if JKS matches) - dataHash := fmt.Sprintf("%x", sha256.Sum256([]byte(resolvedBundle.data))) + dataHash := fmt.Sprintf("%x", sha256.Sum256([]byte(resolvedBundle.Data))) configMapData := map[string]string{ - bundleTarget.ConfigMap.Key: resolvedBundle.data, + bundleTarget.ConfigMap.Key: resolvedBundle.Data, } - configMapBinData := resolvedBundle.binaryData + configMapBinData := resolvedBundle.BinaryData // If the ConfigMap doesn't exist, create it. if !apierrors.IsNotFound(err) { // Exit early if no update is needed - if exit, err := b.needsUpdate(ctx, targetKindConfigMap, log, targetObj, bundle, dataHash); err != nil { + if exit, err := r.needsUpdate(ctx, KindConfigMap, log, targetObj, bundle, dataHash); err != nil { return false, err } else if !exit { return false, nil @@ -115,7 +128,7 @@ func (b *bundle) syncConfigMapTarget( WithData(configMapData). WithBinaryData(configMapBinData) - if _, err = b.patchConfigMap(ctx, configMapPatch); err != nil { + if _, err = r.patchConfigMap(ctx, configMapPatch); err != nil { return false, fmt.Errorf("failed to patch ConfigMap %s: %w", name, err) } @@ -124,16 +137,16 @@ func (b *bundle) syncConfigMapTarget( return true, nil } -// syncSecretTarget syncs the given data to the target Secret in the given namespace. +// SyncSecret syncs the given data to the target Secret in the given namespace. // The name of the Secret is the same as the Bundle. // Ensures the Secret is owned by the given Bundle, and the data is up to date. // Returns true if the Secret has been created or was updated. -func (b *bundle) syncSecretTarget( +func (r *Reconciler) SyncSecret( ctx context.Context, log logr.Logger, bundle *trustapi.Bundle, name types.NamespacedName, - resolvedBundle targetData, + resolvedBundle Data, shouldExist bool, ) (bool, error) { targetObj := &metav1.PartialObjectMetadata{ @@ -142,7 +155,7 @@ func (b *bundle) syncSecretTarget( APIVersion: "v1", }, } - err := b.targetCache.Get(ctx, name, targetObj) + err := r.Cache.Get(ctx, name, targetObj) if err != nil && !apierrors.IsNotFound(err) { return false, fmt.Errorf("failed to get Secret %s: %w", name, err) } @@ -156,13 +169,13 @@ func (b *bundle) syncSecretTarget( if !apierrors.IsNotFound(err) && !shouldExist { // Apply empty patch to remove the key(s). patch := prepareTargetPatch(coreapplyconfig.Secret(name.Name, name.Namespace), *bundle) - secret, err := b.patchSecret(ctx, patch) + secret, err := r.patchSecret(ctx, patch) if err != nil { return false, fmt.Errorf("failed to patch Secret %s: %w", name, err) } // If the Secret is empty, delete it. if secret != nil && len(secret.Data) == 0 { - return true, b.client.Delete(ctx, secret) + return true, r.Client.Delete(ctx, secret) } return true, nil } @@ -174,19 +187,19 @@ func (b *bundle) syncSecretTarget( // Generated JKS is not deterministic - best we can do here is update if the pem cert has // changed (hence not checking if JKS matches) - dataHash := fmt.Sprintf("%x", sha256.Sum256([]byte(resolvedBundle.data))) + dataHash := fmt.Sprintf("%x", sha256.Sum256([]byte(resolvedBundle.Data))) secretData := map[string][]byte{ - bundleTarget.Secret.Key: []byte(resolvedBundle.data), + bundleTarget.Secret.Key: []byte(resolvedBundle.Data), } - for k, v := range resolvedBundle.binaryData { + for k, v := range resolvedBundle.BinaryData { secretData[k] = v } // If the Secret doesn't exist, create it. if !apierrors.IsNotFound(err) { // Exit early if no update is needed - if exit, err := b.needsUpdate(ctx, targetKindSecret, log, targetObj, bundle, dataHash); err != nil { + if exit, err := r.needsUpdate(ctx, KindSecret, log, targetObj, bundle, dataHash); err != nil { return false, err } else if !exit { return false, nil @@ -199,7 +212,7 @@ func (b *bundle) syncSecretTarget( }). WithData(secretData) - if _, err = b.patchSecret(ctx, secretPatch); err != nil { + if _, err = r.patchSecret(ctx, secretPatch); err != nil { return false, fmt.Errorf("failed to patch Secret %s: %w", name, err) } @@ -208,14 +221,14 @@ func (b *bundle) syncSecretTarget( return true, nil } -type targetKind string +type Kind string const ( - targetKindConfigMap targetKind = "ConfigMap" - targetKindSecret targetKind = "Secret" + KindConfigMap Kind = "ConfigMap" + KindSecret Kind = "Secret" ) -func (b *bundle) needsUpdate(ctx context.Context, kind targetKind, log logr.Logger, obj *metav1.PartialObjectMetadata, bundle *trustapi.Bundle, dataHash string) (bool, error) { +func (r *Reconciler) needsUpdate(ctx context.Context, kind Kind, log logr.Logger, obj *metav1.PartialObjectMetadata, bundle *trustapi.Bundle, dataHash string) (bool, error) { needsUpdate := false if !metav1.IsControlledBy(obj, bundle) { needsUpdate = true @@ -233,10 +246,10 @@ func (b *bundle) needsUpdate(ctx context.Context, kind targetKind, log logr.Logg var key string var targetFieldNames []string switch kind { - case targetKindConfigMap: + case KindConfigMap: key = bundle.Spec.Target.ConfigMap.Key targetFieldNames = []string{"data", "binaryData"} - case targetKindSecret: + case KindSecret: key = bundle.Spec.Target.Secret.Key targetFieldNames = []string{"data"} default: @@ -258,10 +271,10 @@ func (b *bundle) needsUpdate(ctx context.Context, kind targetKind, log logr.Logg needsUpdate = true } - if kind == targetKindConfigMap { + if kind == KindConfigMap { if bundle.Spec.Target.ConfigMap != nil { // Check if we need to migrate the ConfigMap managed fields to the Apply field operation - if didMigrate, err := ssa_client.MigrateToApply(ctx, b.client, obj); err != nil { + if didMigrate, err := ssa_client.MigrateToApply(ctx, r.Client, obj); err != nil { return false, fmt.Errorf("failed to migrate ConfigMap %s/%s to Apply: %w", obj.Namespace, obj.Name, err) } else if didMigrate { log.V(2).Info("migrated configmap from CSA to SSA") @@ -305,9 +318,9 @@ func listManagedProperties(configmap *metav1.PartialObjectMetadata, fieldManager return properties, nil } -func (b *bundle) patchConfigMap(ctx context.Context, applyConfig *coreapplyconfig.ConfigMapApplyConfiguration) (*corev1.ConfigMap, error) { - if b.patchResourceOverwrite != nil { - return nil, b.patchResourceOverwrite(ctx, applyConfig) +func (r *Reconciler) patchConfigMap(ctx context.Context, applyConfig *coreapplyconfig.ConfigMapApplyConfiguration) (*corev1.ConfigMap, error) { + if r.PatchResourceOverwrite != nil { + return nil, r.PatchResourceOverwrite(ctx, applyConfig) } target, patch, err := ssa_client.GenerateConfigMapPatch(applyConfig) @@ -315,12 +328,12 @@ func (b *bundle) patchConfigMap(ctx context.Context, applyConfig *coreapplyconfi return nil, fmt.Errorf("failed to generate patch: %w", err) } - return target, b.client.Patch(ctx, target, patch, ssa_client.FieldManager, client.ForceOwnership) + return target, r.Client.Patch(ctx, target, patch, ssa_client.FieldManager, client.ForceOwnership) } -func (b *bundle) patchSecret(ctx context.Context, applyConfig *coreapplyconfig.SecretApplyConfiguration) (*corev1.Secret, error) { - if b.patchResourceOverwrite != nil { - return nil, b.patchResourceOverwrite(ctx, applyConfig) +func (r *Reconciler) patchSecret(ctx context.Context, applyConfig *coreapplyconfig.SecretApplyConfiguration) (*corev1.Secret, error) { + if r.PatchResourceOverwrite != nil { + return nil, r.PatchResourceOverwrite(ctx, applyConfig) } target, patch, err := ssa_client.GenerateSecretPatch(applyConfig) @@ -328,7 +341,7 @@ func (b *bundle) patchSecret(ctx context.Context, applyConfig *coreapplyconfig.S return nil, fmt.Errorf("failed to generate patch: %w", err) } - return target, b.client.Patch(ctx, target, patch, ssa_client.FieldManager, client.ForceOwnership) + return target, r.Client.Patch(ctx, target, patch, ssa_client.FieldManager, client.ForceOwnership) } type targetApplyConfiguration[T any] interface { @@ -354,23 +367,23 @@ func prepareTargetPatch[T targetApplyConfiguration[T]](target T, bundle trustapi ) } -type targetData struct { - data string - binaryData map[string][]byte +type Data struct { + Data string + BinaryData map[string][]byte } -func (b *targetData) populate(pool *util.CertPool, formats *trustapi.AdditionalFormats) error { - b.data = pool.PEM() +func (b *Data) Populate(pool *util.CertPool, formats *trustapi.AdditionalFormats) error { + b.Data = pool.PEM() if formats != nil { - b.binaryData = make(map[string][]byte) + b.BinaryData = make(map[string][]byte) if formats.JKS != nil { encoded, err := truststore.NewJKSEncoder(*formats.JKS.Password).Encode(pool) if err != nil { return fmt.Errorf("failed to encode JKS: %w", err) } - b.binaryData[formats.JKS.Key] = encoded + b.BinaryData[formats.JKS.Key] = encoded } if formats.PKCS12 != nil { @@ -378,7 +391,7 @@ func (b *targetData) populate(pool *util.CertPool, formats *trustapi.AdditionalF if err != nil { return fmt.Errorf("failed to encode PKCS12: %w", err) } - b.binaryData[formats.PKCS12.Key] = encoded + b.BinaryData[formats.PKCS12.Key] = encoded } } return nil diff --git a/pkg/bundle/target_test.go b/pkg/bundle/internal/target/target_test.go similarity index 97% rename from pkg/bundle/target_test.go rename to pkg/bundle/internal/target/target_test.go index bdb29e60..c73bffaa 100644 --- a/pkg/bundle/target_test.go +++ b/pkg/bundle/internal/target/target_test.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package bundle +package target import ( "context" @@ -570,11 +570,10 @@ func Test_syncConfigMapTarget(t *testing.T) { resourcePatches []interface{} ) - b := &bundle{ - client: fakeClient, - targetCache: fakeClient, - recorder: fakeRecorder, - patchResourceOverwrite: func(ctx context.Context, obj interface{}) error { + r := &Reconciler{ + Client: fakeClient, + Cache: fakeClient, + PatchResourceOverwrite: func(ctx context.Context, obj interface{}) error { logMutex.Lock() defer logMutex.Unlock() @@ -589,14 +588,14 @@ func Test_syncConfigMapTarget(t *testing.T) { AdditionalFormats: &trustapi.AdditionalFormats{}, }, } - resolvedBundle := targetData{data: data, binaryData: make(map[string][]byte)} + resolvedBundle := Data{Data: data, BinaryData: make(map[string][]byte)} if test.withJKS { spec.Target.AdditionalFormats.JKS = &trustapi.JKS{ KeySelector: trustapi.KeySelector{ Key: jksKey, }, } - resolvedBundle.binaryData[jksKey] = jksData + resolvedBundle.BinaryData[jksKey] = jksData } if test.withPKCS12 { spec.Target.AdditionalFormats.PKCS12 = &trustapi.PKCS12{ @@ -604,11 +603,11 @@ func Test_syncConfigMapTarget(t *testing.T) { Key: pkcs12Key, }, } - resolvedBundle.binaryData[pkcs12Key] = pkcs12Data + resolvedBundle.BinaryData[pkcs12Key] = pkcs12Data } log, ctx := ktesting.NewTestContext(t) - needsUpdate, err := b.syncConfigMapTarget(ctx, log, &trustapi.Bundle{ + needsUpdate, err := r.SyncConfigMap(ctx, log, &trustapi.Bundle{ ObjectMeta: metav1.ObjectMeta{Name: bundleName}, Spec: spec, }, types.NamespacedName{Name: bundleName, Namespace: test.namespace.Name}, resolvedBundle, test.shouldExist) @@ -691,7 +690,6 @@ func Test_syncSecretTarget(t *testing.T) { expJKS bool // Expect PKCS12 to exist in the secret at the end of the sync. expPKCS12 bool - expEvent string // Expect the owner reference of the secret to point to the bundle. expOwnerReference bool expNeedsUpdate bool @@ -1182,19 +1180,17 @@ func Test_syncSecretTarget(t *testing.T) { clientBuilder.WithRuntimeObjects(test.object) } - fakeclient := clientBuilder.Build() - fakerecorder := record.NewFakeRecorder(1) + fakeClient := clientBuilder.Build() var ( logMutex sync.Mutex resourcePatches []interface{} ) - b := &bundle{ - client: fakeclient, - targetCache: fakeclient, - recorder: fakerecorder, - patchResourceOverwrite: func(ctx context.Context, obj interface{}) error { + r := &Reconciler{ + Client: fakeClient, + Cache: fakeClient, + PatchResourceOverwrite: func(ctx context.Context, obj interface{}) error { logMutex.Lock() defer logMutex.Unlock() @@ -1209,14 +1205,14 @@ func Test_syncSecretTarget(t *testing.T) { AdditionalFormats: &trustapi.AdditionalFormats{}, }, } - resolvedBundle := targetData{data: data, binaryData: make(map[string][]byte)} + resolvedBundle := Data{Data: data, BinaryData: make(map[string][]byte)} if test.withJKS { spec.Target.AdditionalFormats.JKS = &trustapi.JKS{ KeySelector: trustapi.KeySelector{ Key: jksKey, }, } - resolvedBundle.binaryData[jksKey] = jksData + resolvedBundle.BinaryData[jksKey] = jksData } if test.withPKCS12 { spec.Target.AdditionalFormats.PKCS12 = &trustapi.PKCS12{ @@ -1224,11 +1220,11 @@ func Test_syncSecretTarget(t *testing.T) { Key: pkcs12Key, }, } - resolvedBundle.binaryData[pkcs12Key] = pkcs12Data + resolvedBundle.BinaryData[pkcs12Key] = pkcs12Data } log, ctx := ktesting.NewTestContext(t) - needsUpdate, err := b.syncSecretTarget(ctx, log, &trustapi.Bundle{ + needsUpdate, err := r.SyncSecret(ctx, log, &trustapi.Bundle{ ObjectMeta: metav1.ObjectMeta{Name: bundleName}, Spec: spec, }, types.NamespacedName{Name: bundleName, Namespace: test.namespace.Name}, resolvedBundle, test.shouldExist) @@ -1276,13 +1272,6 @@ func Test_syncSecretTarget(t *testing.T) { assert.Equal(t, pkcs12Data, binData) } } - - var event string - select { - case event = <-fakerecorder.Events: - default: - } - assert.Equal(t, test.expEvent, event) }) } } diff --git a/pkg/bundle/source.go b/pkg/bundle/source.go index cb01cb0d..d3bcea6d 100644 --- a/pkg/bundle/source.go +++ b/pkg/bundle/source.go @@ -28,6 +28,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" trustapi "github.com/cert-manager/trust-manager/pkg/apis/trust/v1alpha1" + "github.com/cert-manager/trust-manager/pkg/bundle/internal/target" "github.com/cert-manager/trust-manager/pkg/util" ) @@ -39,7 +40,7 @@ type selectsNothingError struct{ error } // certificate data from concatenating all the sources together, binary data for any additional formats and // any metadata from the sources which needs to be exposed on the Bundle resource's status field. type bundleData struct { - targetData + target.Data defaultCAPackageStringID string } @@ -100,7 +101,7 @@ func (b *bundle) buildSourceBundle(ctx context.Context, sources []trustapi.Bundl return bundleData{}, fmt.Errorf("couldn't find any valid certificates in bundle") } - if err := resolvedBundle.populate(certPool, formats); err != nil { + if err := resolvedBundle.Data.Populate(certPool, formats); err != nil { return bundleData{}, err } diff --git a/pkg/bundle/source_test.go b/pkg/bundle/source_test.go index 1232e943..1c78bffc 100644 --- a/pkg/bundle/source_test.go +++ b/pkg/bundle/source_test.go @@ -39,6 +39,12 @@ import ( "github.com/cert-manager/trust-manager/test/dummy" ) +const ( + jksKey = "trust.jks" + pkcs12Key = "trust.p12" + data = dummy.TestCertificate1 +) + func Test_buildSourceBundle(t *testing.T) { tests := map[string]struct { sources []trustapi.BundleSource @@ -369,11 +375,11 @@ func Test_buildSourceBundle(t *testing.T) { t.Errorf("unexpected notFoundError, exp=%t got=%v", test.expNotFoundError, err) } - if resolvedBundle.data != test.expData { - t.Errorf("unexpected data, exp=%q got=%q", test.expData, resolvedBundle.data) + if resolvedBundle.Data.Data != test.expData { + t.Errorf("unexpected data, exp=%q got=%q", test.expData, resolvedBundle.Data.Data) } - binData, jksExists := resolvedBundle.binaryData[jksKey] + binData, jksExists := resolvedBundle.Data.BinaryData[jksKey] assert.Equal(t, test.expJKS, jksExists) if test.expJKS { @@ -397,7 +403,7 @@ func Test_buildSourceBundle(t *testing.T) { assert.Equal(t, p.Bytes, cert.Certificate.Content) } - binData, pkcs12Exists := resolvedBundle.binaryData[pkcs12Key] + binData, pkcs12Exists := resolvedBundle.Data.BinaryData[pkcs12Key] assert.Equal(t, test.expPKCS12, pkcs12Exists) if test.expPKCS12 {