diff --git a/helm/values.yaml b/helm/values.yaml index 38d612b..f2d217a 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -73,3 +73,7 @@ securityContext: metrics: port: 8080 + +prometheusServiceMonitor: false +prometheusServiceMonitorSelectorLabel: stable +prometheusServiceMonitorNameSpace: default diff --git a/pkg/controllers/certificaterequest_controller.go b/pkg/controllers/certificaterequest_controller.go index 4bf1424..8353a6f 100644 --- a/pkg/controllers/certificaterequest_controller.go +++ b/pkg/controllers/certificaterequest_controller.go @@ -27,6 +27,7 @@ import ( cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1" ncmv1 "github.com/nokia/ncm-issuer/api/v1" + crmetrics "github.com/nokia/ncm-issuer/pkg/controllers/metrics" "github.com/nokia/ncm-issuer/pkg/provisioner" core "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -43,6 +44,12 @@ import ( const ( GetCAsRequeueTime = time.Second * 30 CSRRequeueTime = time.Minute + + labelUnr = "unrecognised" + labelEnr = "enrollment" + labelRen = "renewal" + labelTrue = "true" + labelFalse = "false" ) var ( @@ -61,12 +68,6 @@ type CertificateRequestReconciler struct { Log logr.Logger } -const ( - labelCR = "cr" - labelEnr = "enrollment" - labelRen = "renewal" -) - // +kubebuilder:rbac:groups=cert-manager.io,resources=certificaterequests,verbs=get;list;watch;update // +kubebuilder:rbac:groups=cert-manager.io,resources=certificaterequests/status,verbs=get;update;patch // +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch @@ -87,10 +88,20 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R return ctrl.Result{}, err } + // Update metrics after processing each certificate request + crStartTS := time.Now() + defer func() { + r.updateMetrics(time.Since(crStartTS)) + }() + + crmetrics.CertificateRequestTotal.Inc() + // Checks the CertificateRequest's issuerRef and if it does not match the // cert-manager group name, log a message at a debug level and stop processing. if cr.Spec.IssuerRef.Group != ncmv1.GroupVersion.Group { log.V(4).Info("Resource does not specify an issuerRef group name that we are responsible for", "group", cr.Spec.IssuerRef.Group) + + crmetrics.CertificateRequestFails.WithLabelValues(labelUnr, labelFalse).Inc() return ctrl.Result{}, nil } @@ -100,6 +111,8 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R Reason: cmapi.CertificateRequestReasonFailed, }) { log.V(4).Info("Certificate request has been marked as failed") + + crmetrics.CertificateRequestFails.WithLabelValues(labelUnr, labelFalse).Inc() return ctrl.Result{}, nil } @@ -109,25 +122,31 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R nowTime := metav1.NewTime(r.Clock.Now()) cr.Status.FailureTime = &nowTime } - _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonDenied, "Certificate request has been denied by ncm-issuer") + + crmetrics.CertificateRequestFails.WithLabelValues(labelUnr, labelFalse).Inc() return ctrl.Result{}, nil } if !apiutil.CertificateRequestIsApproved(cr) { log.V(4).Info("Certificate request has not been approved yet") + + crmetrics.CertificateRequestFails.WithLabelValues(labelUnr, labelTrue).Inc() return ctrl.Result{}, nil } if len(cr.Status.Certificate) > 0 { log.V(4).Info("Existing certificate data found in status, skipping already completed certificate request") + crmetrics.CertificateRequestFails.WithLabelValues(labelUnr, labelFalse).Inc() return ctrl.Result{}, nil } if err := validateCertificateRequest(cr); err != nil { log.Error(err, "Certificate request has issues", "cr", req.NamespacedName) _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Certificate request has issues: %v", err) + + crmetrics.CertificateRequestFails.WithLabelValues(labelUnr, labelFalse).Inc() return ctrl.Result{}, nil } @@ -136,6 +155,8 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R if err != nil { log.Error(err, "Unrecognised kind. Ignoring.") _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Unrecognised kind err: %v", err) + + crmetrics.CertificateRequestFails.WithLabelValues(labelUnr, labelFalse).Inc() return ctrl.Result{}, nil } @@ -151,14 +172,17 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R if err = r.Get(ctx, issuerName, issuer); err != nil { log.Error(err, "Failed to get issuer") _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Issuer is not existing yet") + + crmetrics.CertificateRequestFails.WithLabelValues(labelUnr, labelTrue).Inc() return ctrl.Result{}, errFailedGetIssuer } issuerSpec, issuerStatus, err := GetSpecAndStatus(issuer) if err != nil { - log.Error(err, "Failed to get spec and status for the issuer") - _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to get spec and status for issuer") - return ctrl.Result{}, nil + _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to get spec and status for issuer") + + crmetrics.CertificateRequestFails.WithLabelValues(labelUnr, labelTrue).Inc() + return ctrl.Result{}, err } if cr.Spec.IssuerRef.Kind == "ClusterIssuer" { @@ -172,12 +196,16 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R Status: ncmv1.ConditionTrue, }) { _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to get (cluster) issuer %s is not 'Ready', its condition: %s", issuerName, issuerStatus.Conditions) + + crmetrics.CertificateRequestFails.WithLabelValues(labelUnr, labelTrue).Inc() return ctrl.Result{}, errIssuerNotReady } p, ok := r.Provisioners.Get(issuerName) if !ok { _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to get provisioner for resource: %s", issuerName) + + crmetrics.CertificateRequestFails.WithLabelValues(labelUnr, labelTrue).Inc() return ctrl.Result{}, errFailedGetProvisioner } @@ -186,6 +214,8 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R Namespace: req.Namespace, Name: cr.Annotations[cmapi.CertificateNameKey]}, crt); err != nil { log.Error(err, "Certificate object not found") _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Certificate object not found") + + crmetrics.CertificateRequestFails.WithLabelValues(labelUnr, labelFalse).Inc() return ctrl.Result{}, nil } @@ -207,6 +237,7 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R // and we should perform re-enrollment operation instead isRenewal = false } else { + crmetrics.CertificateRequestFails.WithLabelValues(labelUnr, labelTrue).Inc() return ctrl.Result{}, err } } else { @@ -223,6 +254,7 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R if apierrors.IsNotFound(err) { isRenewal = false } else { + crmetrics.CertificateRequestFails.WithLabelValues(labelUnr, labelTrue).Inc() return ctrl.Result{}, err } @@ -236,45 +268,63 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R if errors.Is(err, provisioner.ErrFailedGetCAs) { log.Error(err, "Could not established connection with NCM API") _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to get CAs during renewal") + + crmetrics.CertificateRequestFails.WithLabelValues(labelRen, labelTrue).Inc() return ctrl.Result{RequeueAfter: GetCAsRequeueTime}, nil } log.Error(err, "Failed to renew certificate") _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to renew certificate err: %v", err) + + crmetrics.CertificateRequestFails.WithLabelValues(labelRen, labelTrue).Inc() return ctrl.Result{}, err } secretCertID = GetCertIDSecret(req.Namespace, secretName, certID) if err = r.Update(ctx, secretCertID); err != nil { _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to update secret err: %v", err) + + crmetrics.CertificateRequestFails.WithLabelValues(labelRen, labelTrue).Inc() return ctrl.Result{}, err } cr.Status.CA = ca cr.Status.Certificate = tls + crmetrics.CertificateRequestSuccesses.WithLabelValues(labelRen).Inc() } else { log.Info("Performing signing operation", "certificate", cr.Annotations[cmapi.CertificateNameKey]) + ca, tls, certID, err := p.Sign(cr) if err != nil { switch { case errors.Is(err, provisioner.ErrFailedGetCAs): log.Error(err, "Could not established connection with NCM API") _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to get CAs during signing") + + crmetrics.CertificateRequestFails.WithLabelValues(labelEnr, labelTrue).Inc() return ctrl.Result{RequeueAfter: GetCAsRequeueTime}, nil case errors.Is(err, provisioner.ErrCSRNotAccepted): log.Error(err, "CSR status in NCM is not yet expected one") _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "CSR in NCM has not yet been approved") + + crmetrics.CertificateRequestFails.WithLabelValues(labelEnr, labelTrue).Inc() return ctrl.Result{RequeueAfter: CSRRequeueTime}, nil case errors.Is(err, provisioner.ErrCSRRejected): log.Error(err, "CSR status in NCM is not expected one, further actions should be taken manually") - _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "CSR has been rejected by NCM") + _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonDenied, "CSR has been rejected by NCM") + + crmetrics.CertificateRequestFails.WithLabelValues(labelEnr, labelFalse).Inc() return ctrl.Result{}, nil case errors.Is(err, provisioner.ErrCSRCheckLimitExceeded): log.Error(err, "CSR status in NCM is not expected one, further actions should be taken manually") - _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "CSR has not been accepted for too long time") + _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonDenied, "CSR has not been accepted for too long time") + + crmetrics.CertificateRequestFails.WithLabelValues(labelEnr, labelFalse).Inc() return ctrl.Result{}, nil default: log.Error(err, "Unexpected error during certificate signing") _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to sign certificate err: %v", err) + + crmetrics.CertificateRequestFails.WithLabelValues(labelEnr, labelTrue).Inc() return ctrl.Result{}, err } } @@ -283,20 +333,25 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R if isSecretWithCertID { if err = r.Update(ctx, secretCertID); err != nil { _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to update secret err: %v", err) + + crmetrics.CertificateRequestFails.WithLabelValues(labelEnr, labelTrue).Inc() return ctrl.Result{}, err } } else { if err = r.Create(ctx, secretCertID); err != nil { _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to create secret err: %v", err) + + crmetrics.CertificateRequestFails.WithLabelValues(labelEnr, labelTrue).Inc() return ctrl.Result{}, err } } cr.Status.CA = ca cr.Status.Certificate = tls + crmetrics.CertificateRequestSuccesses.WithLabelValues(labelEnr).Inc() } - // Finally, update the status + log.Info("Successfully issued certificate", "certificateName", cr.Annotations[cmapi.CertificateNameKey]) return ctrl.Result{}, r.setStatus(ctx, cr, cmmeta.ConditionTrue, cmapi.CertificateRequestReasonIssued, "Successfully issued certificate") } @@ -324,6 +379,10 @@ func (r *CertificateRequestReconciler) setStatus(ctx context.Context, cr *cmapi. return nil } +func (r *CertificateRequestReconciler) updateMetrics(crTime time.Duration) { + crmetrics.CertificateRequestTime.Observe(crTime.Seconds()) +} + func (r *CertificateRequestReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&cmapi.CertificateRequest{}). diff --git a/pkg/controllers/certificaterequest_controller_test.go b/pkg/controllers/certificaterequest_controller_test.go index 6a6cfe1..bc7d558 100644 --- a/pkg/controllers/certificaterequest_controller_test.go +++ b/pkg/controllers/certificaterequest_controller_test.go @@ -11,14 +11,14 @@ import ( "strings" "testing" - testr "github.com/go-logr/logr/testing" + "github.com/go-logr/logr/testr" "github.com/google/go-cmp/cmp" apiutil "github.com/jetstack/cert-manager/pkg/api/util" cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1" ncmv1 "github.com/nokia/ncm-issuer/api/v1" "github.com/nokia/ncm-issuer/pkg/provisioner" - "github.com/nokia/ncm-issuer/test/unit" + "github.com/nokia/ncm-issuer/test/unit/gen" "github.com/stretchr/testify/require" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -37,7 +37,7 @@ func TestCertificateRequestReconcile(t *testing.T) { name string namespacedName types.NamespacedName issuerName types.NamespacedName - provisioner *unit.FakeProvisioner + provisioner *gen.FakeProvisioner objects []client.Object err error expectedResult ctrl.Result @@ -52,7 +52,7 @@ func TestCertificateRequestReconcile(t *testing.T) { clk := clock.RealClock{} - injectProvisioner := func(name types.NamespacedName, p *unit.FakeProvisioner) *provisioner.ProvisionersMap { + injectProvisioner := func(name types.NamespacedName, p *gen.FakeProvisioner) *provisioner.ProvisionersMap { pm := provisioner.NewProvisionersMap() pm.AddOrReplace(name, p) return pm @@ -87,7 +87,7 @@ func TestCertificateRequestReconcile(t *testing.T) { Clock: clk, Recorder: record.NewFakeRecorder(10), Provisioners: injectProvisioner(tc.issuerName, tc.provisioner), - Log: testr.TestLogger{T: t}, + Log: testr.New(t), } result, err := controller.Reconcile(context.TODO(), reconcile.Request{NamespacedName: tc.namespacedName}) @@ -188,7 +188,7 @@ func TestCertificateRequestReconcile(t *testing.T) { }, }, }, - provisioner: unit.NewFakeProvisioner(), + provisioner: gen.NewFakeProvisioner(), expectedConditionStatus: cmmeta.ConditionFalse, expectedConditionReason: cmapi.CertificateRequestReasonFailed, }, @@ -241,7 +241,7 @@ func TestCertificateRequestReconcile(t *testing.T) { }, }, }, - provisioner: unit.NewFakeProvisioner(), + provisioner: gen.NewFakeProvisioner(), expectedConditionStatus: cmmeta.ConditionFalse, expectedConditionReason: cmapi.CertificateRequestReasonDenied, }, @@ -662,7 +662,7 @@ func TestCertificateRequestReconcile(t *testing.T) { }, }, }, - provisioner: unit.NewFakeProvisioner(), + provisioner: gen.NewFakeProvisioner(), err: errors.New("certificate object not found"), expectedConditionStatus: cmmeta.ConditionFalse, expectedConditionReason: cmapi.CertificateRequestReasonFailed, @@ -777,8 +777,8 @@ func TestCertificateRequestReconcile(t *testing.T) { }, }, }, - provisioner: unit.NewFakeProvisioner( - unit.SetFakeProvisionerSignError(provisioner.ErrFailedGetCAs)), + provisioner: gen.NewFakeProvisioner( + gen.SetFakeProvisionerSignError(provisioner.ErrFailedGetCAs)), err: provisioner.ErrFailedGetCAs, expectedResult: ctrl.Result{ RequeueAfter: GetCAsRequeueTime, @@ -896,8 +896,8 @@ func TestCertificateRequestReconcile(t *testing.T) { }, }, }, - provisioner: unit.NewFakeProvisioner( - unit.SetFakeProvisionerSignError(provisioner.ErrCSRNotAccepted)), + provisioner: gen.NewFakeProvisioner( + gen.SetFakeProvisionerSignError(provisioner.ErrCSRNotAccepted)), err: provisioner.ErrCSRNotAccepted, expectedResult: ctrl.Result{ RequeueAfter: CSRRequeueTime, @@ -1015,11 +1015,11 @@ func TestCertificateRequestReconcile(t *testing.T) { }, }, }, - provisioner: unit.NewFakeProvisioner( - unit.SetFakeProvisionerSignError(provisioner.ErrCSRRejected)), + provisioner: gen.NewFakeProvisioner( + gen.SetFakeProvisionerSignError(provisioner.ErrCSRRejected)), err: provisioner.ErrCSRRejected, expectedConditionStatus: cmmeta.ConditionFalse, - expectedConditionReason: cmapi.CertificateRequestReasonFailed, + expectedConditionReason: cmapi.CertificateRequestReasonDenied, }, { name: "exceeded-single-csr-check-limit", @@ -1131,11 +1131,11 @@ func TestCertificateRequestReconcile(t *testing.T) { }, }, }, - provisioner: unit.NewFakeProvisioner( - unit.SetFakeProvisionerSignError(provisioner.ErrCSRCheckLimitExceeded)), + provisioner: gen.NewFakeProvisioner( + gen.SetFakeProvisionerSignError(provisioner.ErrCSRCheckLimitExceeded)), err: provisioner.ErrCSRCheckLimitExceeded, expectedConditionStatus: cmmeta.ConditionFalse, - expectedConditionReason: cmapi.CertificateRequestReasonFailed, + expectedConditionReason: cmapi.CertificateRequestReasonDenied, }, { name: "csr-unexpected-error", @@ -1247,8 +1247,8 @@ func TestCertificateRequestReconcile(t *testing.T) { }, }, }, - provisioner: unit.NewFakeProvisioner( - unit.SetFakeProvisionerSignError(errors.New("unexpected"))), + provisioner: gen.NewFakeProvisioner( + gen.SetFakeProvisionerSignError(errors.New("unexpected"))), err: errors.New("unexpected"), expectedConditionStatus: cmmeta.ConditionFalse, expectedConditionReason: cmapi.CertificateRequestReasonPending, @@ -1363,8 +1363,8 @@ func TestCertificateRequestReconcile(t *testing.T) { }, }, }, - provisioner: unit.NewFakeProvisioner( - unit.SetFakeProvisionerSign([]byte("ca"), []byte("tls"), "random-id")), + provisioner: gen.NewFakeProvisioner( + gen.SetFakeProvisionerSign([]byte("ca"), []byte("tls"), "random-id")), expectedConditionStatus: cmmeta.ConditionTrue, expectedConditionReason: cmapi.CertificateRequestReasonIssued, }, @@ -1469,8 +1469,8 @@ func TestCertificateRequestReconcile(t *testing.T) { }, }, }, - provisioner: unit.NewFakeProvisioner( - unit.SetFakeProvisionerSign([]byte("ca"), []byte("tls"), "random-id")), + provisioner: gen.NewFakeProvisioner( + gen.SetFakeProvisionerSign([]byte("ca"), []byte("tls"), "random-id")), expectedConditionStatus: cmmeta.ConditionTrue, expectedConditionReason: cmapi.CertificateRequestReasonIssued, }, @@ -1572,8 +1572,8 @@ func TestCertificateRequestReconcile(t *testing.T) { }, }, }, - provisioner: unit.NewFakeProvisioner( - unit.SetFakeProvisionerSign([]byte("ca"), []byte("tls"), "random-id")), + provisioner: gen.NewFakeProvisioner( + gen.SetFakeProvisionerSign([]byte("ca"), []byte("tls"), "random-id")), expectedConditionStatus: cmmeta.ConditionTrue, expectedConditionReason: cmapi.CertificateRequestReasonIssued, }, @@ -1687,8 +1687,8 @@ func TestCertificateRequestReconcile(t *testing.T) { }, }, }, - provisioner: unit.NewFakeProvisioner( - unit.SetFakeProvisionerSign([]byte("ca"), []byte("tls"), "random-id")), + provisioner: gen.NewFakeProvisioner( + gen.SetFakeProvisionerSign([]byte("ca"), []byte("tls"), "random-id")), expectedConditionStatus: cmmeta.ConditionTrue, expectedConditionReason: cmapi.CertificateRequestReasonIssued, }, @@ -1799,8 +1799,8 @@ func TestCertificateRequestReconcile(t *testing.T) { }, }, }, - provisioner: unit.NewFakeProvisioner( - unit.SetFakeProvisionerRenewError(provisioner.ErrFailedGetCAs)), + provisioner: gen.NewFakeProvisioner( + gen.SetFakeProvisionerRenewError(provisioner.ErrFailedGetCAs)), err: provisioner.ErrFailedGetCAs, expectedResult: ctrl.Result{ RequeueAfter: GetCAsRequeueTime, @@ -1915,8 +1915,8 @@ func TestCertificateRequestReconcile(t *testing.T) { }, }, }, - provisioner: unit.NewFakeProvisioner( - unit.SetFakeProvisionerRenew([]byte("ca"), []byte("tls"), "random-id")), + provisioner: gen.NewFakeProvisioner( + gen.SetFakeProvisionerRenew([]byte("ca"), []byte("tls"), "random-id")), expectedConditionStatus: cmmeta.ConditionTrue, expectedConditionReason: cmapi.CertificateRequestReasonIssued, }, @@ -2027,8 +2027,8 @@ func TestCertificateRequestReconcile(t *testing.T) { }, }, }, - provisioner: unit.NewFakeProvisioner( - unit.SetFakeProvisionerRenew([]byte("ca"), []byte("tls"), "random-id")), + provisioner: gen.NewFakeProvisioner( + gen.SetFakeProvisionerRenew([]byte("ca"), []byte("tls"), "random-id")), expectedConditionStatus: cmmeta.ConditionTrue, expectedConditionReason: cmapi.CertificateRequestReasonIssued, }, diff --git a/pkg/controllers/issuer_controller_test.go b/pkg/controllers/issuer_controller_test.go index 2122115..83cff2d 100644 --- a/pkg/controllers/issuer_controller_test.go +++ b/pkg/controllers/issuer_controller_test.go @@ -3,11 +3,11 @@ package controllers import ( "context" "errors" + "github.com/go-logr/logr/testr" "strings" "testing" "time" - testr "github.com/go-logr/logr/testing" "github.com/google/go-cmp/cmp" ncmv1 "github.com/nokia/ncm-issuer/api/v1" "github.com/nokia/ncm-issuer/pkg/provisioner" @@ -62,7 +62,7 @@ func TestIssuerReconcile(t *testing.T) { Clock: clk, Recorder: record.NewFakeRecorder(10), Provisioners: p, - Log: testr.TestLogger{T: t}, + Log: testr.New(t), } _, err := controller.Reconcile(context.TODO(), reconcile.Request{NamespacedName: tc.namespacedName}) @@ -125,7 +125,7 @@ func TestIssuerReconcile(t *testing.T) { Status: ncmv1.ConditionFalse, LastTransitionTime: &now, Reason: "NotFound", - Message: "failed to retrieve auth secret err: secrets \"ncm-auth-secret\" not found", + Message: "Failed to retrieve auth secret err: secrets \"ncm-auth-secret\" not found", }, }, }, @@ -162,7 +162,7 @@ func TestIssuerReconcile(t *testing.T) { Status: ncmv1.ConditionFalse, LastTransitionTime: &now, Reason: "Error", - Message: "failed to validate config provided in spec: incorrect authentication data: missing username or usrpassword", + Message: "Failed to validate config provided in spec: incorrect authentication data: missing username or usrpassword", }, }, }, @@ -199,7 +199,7 @@ func TestIssuerReconcile(t *testing.T) { Status: ncmv1.ConditionFalse, LastTransitionTime: &now, Reason: "NotFound", - Message: "failed to retrieve auth secret err: secrets \"ncm-tls-secret\" not found", + Message: "Failed to retrieve auth secret err: secrets \"ncm-tls-secret\" not found", }, }, }, @@ -248,7 +248,7 @@ func TestIssuerReconcile(t *testing.T) { Status: ncmv1.ConditionFalse, LastTransitionTime: &now, Reason: "Error", - Message: "failed to validate config provided in spec: incorrect TLS data: missing cacert, key or cert in TLS secret", + Message: "Failed to validate config provided in spec: incorrect TLS data: missing cacert, key or cert in TLS secret", }, }, }, @@ -289,7 +289,7 @@ func TestIssuerReconcile(t *testing.T) { Status: ncmv1.ConditionFalse, LastTransitionTime: &now, Reason: "Error", - Message: "failed to create new provisioner err: NCM API Client Error reason: cannot create new API client, err: parse \"https://ncm-server.local:-8081\": invalid port \":-8081\" after host", + Message: "Failed to create new provisioner err: NCM API Client Error reason: cannot create new API client, err: parse \"https://ncm-server.local:-8081\": invalid port \":-8081\" after host", }, }, }, diff --git a/pkg/controllers/metrics/metrics.go b/pkg/controllers/metrics/metrics.go index 39dc9e6..0e5db4e 100644 --- a/pkg/controllers/metrics/metrics.go +++ b/pkg/controllers/metrics/metrics.go @@ -12,27 +12,34 @@ const ( var ( // CertificateRequestTotal is a prometheus metrics which holds the total number // of certificate requests. - CertificateRequestTotal = prometheus.NewCounterVec(prometheus.CounterOpts{ + CertificateRequestTotal = prometheus.NewCounter(prometheus.CounterOpts{ Namespace: namespace, Name: "certificate_request_total", Help: "The total number of certificate requests", - }, []string{"requestType"}) + }) // CertificateRequestSuccesses is a prometheus metrics which holds the total number - // of succeeded certificate requests. + // of succeeded certificate requests. Type refers to type of operation that + // would be performed i.e. unrecognised, enrollment, renewal. Unrecognised + // type exists due to the need to perform actions for recognise the type of + // operation and that actions may fail. CertificateRequestSuccesses = prometheus.NewCounterVec(prometheus.CounterOpts{ Namespace: namespace, Name: "certificate_request_successes_total", Help: "The total number of succeeded certificate requests", - }, []string{"requestType"}) + }, []string{"type"}) // CertificateRequestFails is a prometheus metrics which holds the total number - // of failed certificate requests. + // of failed certificate requests. Type refers to type of operation + // that would be performed i.e. unrecognised, enrollment, renewal. Unrecognised + // type exists due to the need to perform actions for recognise the type of + // operation and that actions may fail. Retry determines whether a new attempt + // at processing certificate request will be made despite failure. CertificateRequestFails = prometheus.NewCounterVec(prometheus.CounterOpts{ Namespace: namespace, Name: "certificate_request_fails_total", - Help: "The total numbers of failed certificate requests", - }, []string{"requestType"}) + Help: "The total number of failed certificate requests", + }, []string{"type", "retry"}) // CertificateRequestTime is a prometheus metrics which keeps track of the // duration of certificate request. diff --git a/pkg/ncmapi/ncmapi_test.go b/pkg/ncmapi/ncmapi_test.go index 3282bc6..f85c980 100644 --- a/pkg/ncmapi/ncmapi_test.go +++ b/pkg/ncmapi/ncmapi_test.go @@ -16,7 +16,7 @@ import ( "testing" "time" - testr "github.com/go-logr/logr/testing" + "github.com/go-logr/logr/testr" "github.com/google/go-cmp/cmp" "github.com/nokia/ncm-issuer/pkg/cfg" ) @@ -109,7 +109,13 @@ func TestNewClientCreation(t *testing.T) { clientCert, _ := tls.LoadX509KeyPair(certFile.Name(), certKey.Name()) run := func(t *testing.T, tc testCase) { - c, err := NewClient(tc.config, &testr.TestLogger{}) + var c *Client + var err error + if tc.expectedClient != nil { + c, err = NewClient(tc.config, tc.expectedClient.log) + } else { + c, err = NewClient(tc.config, testr.New(t)) + } if tc.err != nil && err != nil && !strings.Contains(err.Error(), tc.err.Error()) { t.Errorf("%s failed; expected error containing %s; got %s", tc.name, tc.err.Error(), err.Error()) @@ -164,7 +170,7 @@ func TestNewClientCreation(t *testing.T) { client: &http.Client{ Timeout: DefaultHTTPTimeout * time.Second, }, - log: &testr.TestLogger{}, + log: testr.New(t), }, }, { @@ -186,7 +192,7 @@ func TestNewClientCreation(t *testing.T) { TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, }, }, - log: &testr.TestLogger{}, + log: testr.New(t), }, }, { @@ -210,7 +216,7 @@ func TestNewClientCreation(t *testing.T) { }, }, }, - log: &testr.TestLogger{}, + log: testr.New(t), }, }, { @@ -238,7 +244,7 @@ func TestNewClientCreation(t *testing.T) { }, }, }, - log: &testr.TestLogger{}, + log: testr.New(t), }, }, } @@ -264,7 +270,7 @@ func TestNewRequestCreation(t *testing.T) { Password: "ncm-user-password", } - c, _ := NewClient(config, testr.TestLogger{T: t}) + c, _ := NewClient(config, testr.New(t)) params := url.Values{} _, err := c.newRequest(tc.method, "random-path", strings.NewReader(params.Encode())) @@ -313,7 +319,7 @@ func TestValidateResponse(t *testing.T) { Password: "ncm-user-password", } - c, _ := NewClient(config, testr.TestLogger{T: t}) + c, _ := NewClient(config, testr.New(t)) body, err := c.validateResponse(tc.resp) if tc.err != nil && err != nil && !strings.Contains(err.Error(), tc.err.Error()) { @@ -390,7 +396,7 @@ func TestGetCAs(t *testing.T) { Password: "ncm-user-password", } - c, _ := NewClient(config, testr.TestLogger{T: t}) + c, _ := NewClient(config, testr.New(t)) cas, err := c.GetCAs() if tc.err != nil && err != nil && !strings.Contains(err.Error(), tc.err.Error()) { @@ -475,7 +481,7 @@ func TestGetCA(t *testing.T) { Password: "ncm-user-password", } - c, _ := NewClient(config, testr.TestLogger{T: t}) + c, _ := NewClient(config, testr.New(t)) ca, err := c.GetCA("random-path") if tc.err != nil && err != nil && !strings.Contains(err.Error(), tc.err.Error()) { diff --git a/pkg/provisioner/ncm_test.go b/pkg/provisioner/ncm_test.go index 9dc75dd..c0a003a 100644 --- a/pkg/provisioner/ncm_test.go +++ b/pkg/provisioner/ncm_test.go @@ -6,11 +6,11 @@ import ( "sync" "testing" - testr "github.com/go-logr/logr/testing" + "github.com/go-logr/logr/testr" cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" "github.com/nokia/ncm-issuer/pkg/cfg" "github.com/nokia/ncm-issuer/pkg/ncmapi" - "github.com/nokia/ncm-issuer/test/unit" + "github.com/nokia/ncm-issuer/test/unit/gen" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -149,7 +149,7 @@ func TestGetChainAndWantedCA(t *testing.T) { pendingCSRs: map[string]*PendingCSR{}, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), } chain, ca, err := p.getChainAndWantedCA(&crt1) @@ -170,29 +170,29 @@ func TestGetChainAndWantedCA(t *testing.T) { testCases := []testCase{ { name: "get-chain-and-ca-success", - fakeClient: unit.NewFakeClient( - unit.NoErrorFakeClientGetCA(), - unit.NoErrorFakeClientDownloadCertificate(), - unit.NoErrorFakeClientDownloadCertificateInPEM()), + fakeClient: gen.NewFakeClient( + gen.NoErrorFakeClientGetCA(), + gen.NoErrorFakeClientDownloadCertificate(), + gen.NoErrorFakeClientDownloadCertificateInPEM()), err: nil, expectedChain: []byte(""), expectedCA: []byte("-----BEGIN CERTIFICATE-----\nMn012Se...\n-----END CERTIFICATE-----\n"), }, { name: "cannot-download-certificate", - fakeClient: unit.NewFakeClient( - unit.NoErrorFakeClientGetCA(), - unit.SetFakeClientDownloadCertificateError(errors.New("failed to download CA certificate"))), + fakeClient: gen.NewFakeClient( + gen.NoErrorFakeClientGetCA(), + gen.SetFakeClientDownloadCertificateError(errors.New("failed to download CA certificate"))), err: errors.New("failed to download CA certificate"), expectedChain: []byte(""), expectedCA: []byte(""), }, { name: "cannot-download-certificate-in-pem", - fakeClient: unit.NewFakeClient( - unit.NoErrorFakeClientGetCA(), - unit.NoErrorFakeClientDownloadCertificate(), - unit.SetFakeClientDownloadCertificateInPEMError(errors.New("failed to download CA certificate in PEM")), + fakeClient: gen.NewFakeClient( + gen.NoErrorFakeClientGetCA(), + gen.NoErrorFakeClientDownloadCertificate(), + gen.SetFakeClientDownloadCertificateInPEMError(errors.New("failed to download CA certificate in PEM")), ), err: errors.New("failed to download CA certificate in PEM"), expectedChain: []byte(""), @@ -222,7 +222,7 @@ func TestPreparingCAAndTLS(t *testing.T) { run := func(t *testing.T, tc testCase) { - p, _ := NewProvisioner(tc.config, &testr.TestLogger{T: t}) + p, _ := NewProvisioner(tc.config, testr.New(t)) ca, tls := p.prepareCAAndTLS(rootCA, leafCert, func() []byte { if tc.config.LittleEndian { return append(interCA, signingCA...) @@ -335,13 +335,13 @@ func TestSign(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "Mn012Se", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAsError(ErrFailedGetCAs)), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAsError(ErrFailedGetCAs)), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{}, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: ErrFailedGetCAs, expectedCA: []byte(""), @@ -354,16 +354,16 @@ func TestSign(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "eFgEf12", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAs(CAsResponse), - unit.NoErrorFakeClientGetCA(), - unit.NoErrorFakeClientDownloadCertificate(), - unit.NoErrorFakeClientDownloadCertificateInPEM()), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAs(CAsResponse), + gen.NoErrorFakeClientGetCA(), + gen.NoErrorFakeClientDownloadCertificate(), + gen.NoErrorFakeClientDownloadCertificateInPEM()), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{}, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: errors.New("has not been found"), expectedCA: []byte(""), @@ -376,17 +376,17 @@ func TestSign(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "Mn012Se", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAs(CAsResponse), - unit.NoErrorFakeClientGetCA(), - unit.SetFakeClientSendCSRError(errors.New("cannot established connection")), - unit.NoErrorFakeClientDownloadCertificate(), - unit.NoErrorFakeClientDownloadCertificateInPEM()), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAs(CAsResponse), + gen.NoErrorFakeClientGetCA(), + gen.SetFakeClientSendCSRError(errors.New("cannot established connection")), + gen.NoErrorFakeClientDownloadCertificate(), + gen.NoErrorFakeClientDownloadCertificateInPEM()), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{}, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: errors.New("failed to send CSR"), expectedCA: []byte(""), @@ -399,18 +399,18 @@ func TestSign(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "Mn012Se", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAs(CAsResponse), - unit.NoErrorFakeClientGetCA(), - unit.NoErrorFakeClientSendCSR(), - unit.NoErrorFakeClientDownloadCertificate(), - unit.NoErrorFakeClientDownloadCertificateInPEM(), - unit.SetFakeClientCSRStatusError(errors.New("cannot established connection"))), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAs(CAsResponse), + gen.NoErrorFakeClientGetCA(), + gen.NoErrorFakeClientSendCSR(), + gen.NoErrorFakeClientDownloadCertificate(), + gen.NoErrorFakeClientDownloadCertificateInPEM(), + gen.SetFakeClientCSRStatusError(errors.New("cannot established connection"))), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{}, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: errors.New("failed checking CSR status in NCM"), expectedCA: []byte(""), @@ -423,18 +423,18 @@ func TestSign(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "Mn012Se", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAs(CAsResponse), - unit.NoErrorFakeClientGetCA(), - unit.NoErrorFakeClientSendCSR(), - unit.NoErrorFakeClientDownloadCertificate(), - unit.NoErrorFakeClientDownloadCertificateInPEM(), - unit.SetFakeClientCSRStatus(CSRStatusPending)), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAs(CAsResponse), + gen.NoErrorFakeClientGetCA(), + gen.NoErrorFakeClientSendCSR(), + gen.NoErrorFakeClientDownloadCertificate(), + gen.NoErrorFakeClientDownloadCertificateInPEM(), + gen.SetFakeClientCSRStatus(CSRStatusPending)), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{}, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: ErrCSRNotAccepted, expectedCA: []byte(""), @@ -447,18 +447,18 @@ func TestSign(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "Mn012Se", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAs(CAsResponse), - unit.NoErrorFakeClientGetCA(), - unit.NoErrorFakeClientSendCSR(), - unit.NoErrorFakeClientDownloadCertificate(), - unit.NoErrorFakeClientDownloadCertificateInPEM(), - unit.SetFakeClientCSRStatus(CSRStatusRejected)), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAs(CAsResponse), + gen.NoErrorFakeClientGetCA(), + gen.NoErrorFakeClientSendCSR(), + gen.NoErrorFakeClientDownloadCertificate(), + gen.NoErrorFakeClientDownloadCertificateInPEM(), + gen.SetFakeClientCSRStatus(CSRStatusRejected)), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{}, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: ErrCSRRejected, expectedCA: []byte(""), @@ -471,18 +471,18 @@ func TestSign(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "Mn012Se", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAs(CAsResponse), - unit.NoErrorFakeClientGetCA(), - unit.NoErrorFakeClientSendCSR(), - unit.NoErrorFakeClientDownloadCertificate(), - unit.NoErrorFakeClientDownloadCertificateInPEM(), - unit.SetFakeClientCSRStatus(CSRStatusAccepted)), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAs(CAsResponse), + gen.NoErrorFakeClientGetCA(), + gen.NoErrorFakeClientSendCSR(), + gen.NoErrorFakeClientDownloadCertificate(), + gen.NoErrorFakeClientDownloadCertificateInPEM(), + gen.SetFakeClientCSRStatus(CSRStatusAccepted)), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{}, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: nil, expectedCA: []byte("-----BEGIN CERTIFICATE-----\nMn012Se...\n-----END CERTIFICATE-----\n"), @@ -495,13 +495,13 @@ func TestSign(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "Mn012Se", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAs(CAsResponse), - unit.NoErrorFakeClientGetCA(), - unit.NoErrorFakeClientSendCSR(), - unit.NoErrorFakeClientDownloadCertificate(), - unit.NoErrorFakeClientDownloadCertificateInPEM(), - unit.SetFakeClientCSRStatus(CSRStatusAccepted)), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAs(CAsResponse), + gen.NoErrorFakeClientGetCA(), + gen.NoErrorFakeClientSendCSR(), + gen.NoErrorFakeClientDownloadCertificate(), + gen.NoErrorFakeClientDownloadCertificateInPEM(), + gen.SetFakeClientCSRStatus(CSRStatusAccepted)), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{ "ncm-ns.ncm-certificate": { @@ -511,7 +511,7 @@ func TestSign(t *testing.T) { }, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: nil, expectedCA: []byte("-----BEGIN CERTIFICATE-----\nMn012Se...\n-----END CERTIFICATE-----\n"), @@ -555,13 +555,13 @@ func TestHandlingCSR(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "Mn012Se", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAs(CAsResponse), - unit.NoErrorFakeClientGetCA(), - unit.NoErrorFakeClientSendCSR(), - unit.NoErrorFakeClientDownloadCertificate(), - unit.NoErrorFakeClientDownloadCertificateInPEM(), - unit.SetFakeClientCSRStatusError(errors.New("cannot established connection"))), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAs(CAsResponse), + gen.NoErrorFakeClientGetCA(), + gen.NoErrorFakeClientSendCSR(), + gen.NoErrorFakeClientDownloadCertificate(), + gen.NoErrorFakeClientDownloadCertificateInPEM(), + gen.SetFakeClientCSRStatusError(errors.New("cannot established connection"))), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{ "ncm-ns.ncm-certificate": { @@ -571,7 +571,7 @@ func TestHandlingCSR(t *testing.T) { }, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: errors.New("failed checking CSR status in NCM"), }, @@ -582,13 +582,13 @@ func TestHandlingCSR(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "Mn012Se", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAs(CAsResponse), - unit.NoErrorFakeClientGetCA(), - unit.NoErrorFakeClientSendCSR(), - unit.NoErrorFakeClientDownloadCertificate(), - unit.NoErrorFakeClientDownloadCertificateInPEM(), - unit.SetFakeClientCSRStatus(CSRStatusPending)), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAs(CAsResponse), + gen.NoErrorFakeClientGetCA(), + gen.NoErrorFakeClientSendCSR(), + gen.NoErrorFakeClientDownloadCertificate(), + gen.NoErrorFakeClientDownloadCertificateInPEM(), + gen.SetFakeClientCSRStatus(CSRStatusPending)), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{ "ncm-ns.ncm-certificate": { @@ -598,7 +598,7 @@ func TestHandlingCSR(t *testing.T) { }, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: ErrCSRNotAccepted, }, @@ -609,13 +609,13 @@ func TestHandlingCSR(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "Mn012Se", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAs(CAsResponse), - unit.NoErrorFakeClientGetCA(), - unit.NoErrorFakeClientSendCSR(), - unit.NoErrorFakeClientDownloadCertificate(), - unit.NoErrorFakeClientDownloadCertificateInPEM(), - unit.SetFakeClientCSRStatus(CSRStatusPending)), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAs(CAsResponse), + gen.NoErrorFakeClientGetCA(), + gen.NoErrorFakeClientSendCSR(), + gen.NoErrorFakeClientDownloadCertificate(), + gen.NoErrorFakeClientDownloadCertificateInPEM(), + gen.SetFakeClientCSRStatus(CSRStatusPending)), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{ "ncm-ns.ncm-certificate": { @@ -625,7 +625,7 @@ func TestHandlingCSR(t *testing.T) { }, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: ErrCSRCheckLimitExceeded, }, @@ -636,13 +636,13 @@ func TestHandlingCSR(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "Mn012Se", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAs(CAsResponse), - unit.NoErrorFakeClientGetCA(), - unit.NoErrorFakeClientSendCSR(), - unit.NoErrorFakeClientDownloadCertificate(), - unit.NoErrorFakeClientDownloadCertificateInPEM(), - unit.SetFakeClientCSRStatus(CSRStatusPostponed)), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAs(CAsResponse), + gen.NoErrorFakeClientGetCA(), + gen.NoErrorFakeClientSendCSR(), + gen.NoErrorFakeClientDownloadCertificate(), + gen.NoErrorFakeClientDownloadCertificateInPEM(), + gen.SetFakeClientCSRStatus(CSRStatusPostponed)), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{ "ncm-ns.ncm-certificate": { @@ -652,7 +652,7 @@ func TestHandlingCSR(t *testing.T) { }, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: ErrCSRRejected, }, @@ -663,13 +663,13 @@ func TestHandlingCSR(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "Mn012Se", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAs(CAsResponse), - unit.NoErrorFakeClientGetCA(), - unit.NoErrorFakeClientSendCSR(), - unit.NoErrorFakeClientDownloadCertificate(), - unit.NoErrorFakeClientDownloadCertificateInPEM(), - unit.SetFakeClientCSRStatus(CSRStatusApproved)), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAs(CAsResponse), + gen.NoErrorFakeClientGetCA(), + gen.NoErrorFakeClientSendCSR(), + gen.NoErrorFakeClientDownloadCertificate(), + gen.NoErrorFakeClientDownloadCertificateInPEM(), + gen.SetFakeClientCSRStatus(CSRStatusApproved)), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{ "ncm-ns.ncm-certificate": { @@ -679,7 +679,7 @@ func TestHandlingCSR(t *testing.T) { }, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: ErrCSRNotAccepted, }, @@ -690,13 +690,13 @@ func TestHandlingCSR(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "Mn012Se", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAs(CAsResponse), - unit.NoErrorFakeClientGetCA(), - unit.NoErrorFakeClientSendCSR(), - unit.NoErrorFakeClientDownloadCertificate(), - unit.NoErrorFakeClientDownloadCertificateInPEM(), - unit.SetFakeClientCSRStatus(CSRStatusRejected)), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAs(CAsResponse), + gen.NoErrorFakeClientGetCA(), + gen.NoErrorFakeClientSendCSR(), + gen.NoErrorFakeClientDownloadCertificate(), + gen.NoErrorFakeClientDownloadCertificateInPEM(), + gen.SetFakeClientCSRStatus(CSRStatusRejected)), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{ "ncm-ns.ncm-certificate": { @@ -706,7 +706,7 @@ func TestHandlingCSR(t *testing.T) { }, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: ErrCSRRejected, }, @@ -717,13 +717,13 @@ func TestHandlingCSR(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "Mn012Se", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAs(CAsResponse), - unit.NoErrorFakeClientGetCA(), - unit.NoErrorFakeClientSendCSR(), - unit.NoErrorFakeClientDownloadCertificate(), - unit.NoErrorFakeClientDownloadCertificateInPEM(), - unit.SetFakeClientCSRStatus("unexpected")), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAs(CAsResponse), + gen.NoErrorFakeClientGetCA(), + gen.NoErrorFakeClientSendCSR(), + gen.NoErrorFakeClientDownloadCertificate(), + gen.NoErrorFakeClientDownloadCertificateInPEM(), + gen.SetFakeClientCSRStatus("unexpected")), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{ "ncm-ns.ncm-certificate": { @@ -733,7 +733,7 @@ func TestHandlingCSR(t *testing.T) { }, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: errors.New("unexpected"), }, @@ -780,13 +780,13 @@ func TestRenew(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "Mn012Se", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAsError(ErrFailedGetCAs)), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAsError(ErrFailedGetCAs)), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{}, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: ErrFailedGetCAs, expectedCA: []byte(""), @@ -799,18 +799,18 @@ func TestRenew(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "Mn012Se", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAs(CAsResponse), - unit.NoErrorFakeClientGetCA(), - unit.NoErrorFakeClientSendCSR(), - unit.NoErrorFakeClientDownloadCertificate(), - unit.NoErrorFakeClientDownloadCertificateInPEM(), - unit.SetFakeClientRenewCertificateError(errors.New("cannot established connection"))), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAs(CAsResponse), + gen.NoErrorFakeClientGetCA(), + gen.NoErrorFakeClientSendCSR(), + gen.NoErrorFakeClientDownloadCertificate(), + gen.NoErrorFakeClientDownloadCertificateInPEM(), + gen.SetFakeClientRenewCertificateError(errors.New("cannot established connection"))), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{}, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: errors.New("failed to renew certificate"), expectedCA: []byte(""), @@ -823,18 +823,18 @@ func TestRenew(t *testing.T) { NCMConfig: &cfg.NCMConfig{ CAsHref: "Mn012Se", }, - NCMClient: unit.NewFakeClient( - unit.SetFakeClientGetCAs(CAsResponse), - unit.NoErrorFakeClientGetCA(), - unit.NoErrorFakeClientSendCSR(), - unit.NoErrorFakeClientDownloadCertificate(), - unit.NoErrorFakeClientDownloadCertificateInPEM(), - unit.SetFakeClientRenewCertificate("L34FC3RT")), + NCMClient: gen.NewFakeClient( + gen.SetFakeClientGetCAs(CAsResponse), + gen.NoErrorFakeClientGetCA(), + gen.NoErrorFakeClientSendCSR(), + gen.NoErrorFakeClientDownloadCertificate(), + gen.NoErrorFakeClientDownloadCertificateInPEM(), + gen.SetFakeClientRenewCertificate("L34FC3RT")), pendingCSRs: &PendingCSRsMap{ pendingCSRs: map[string]*PendingCSR{}, mu: sync.RWMutex{}, }, - log: &testr.TestLogger{T: t}, + log: testr.New(t), }, err: nil, expectedCA: []byte("-----BEGIN CERTIFICATE-----\nMn012Se...\n-----END CERTIFICATE-----\n"), diff --git a/release_notes.txt b/release_notes.txt index b773592..d18c5a9 100644 --- a/release_notes.txt +++ b/release_notes.txt @@ -38,3 +38,4 @@ Version 1.0.3 (Build Version 1.0.3) Version 1.0.4 (Build version 1.0.4) - Fixed data races when getting NCM config defined in issuer spec - Improved handling CSR statuses returned by NCM +- Added prometheus metrics to track certificate requests diff --git a/test/unit/ncm.go b/test/unit/gen/ncm.go similarity index 99% rename from test/unit/ncm.go rename to test/unit/gen/ncm.go index b65fccb..1aa1429 100644 --- a/test/unit/ncm.go +++ b/test/unit/gen/ncm.go @@ -1,4 +1,4 @@ -package unit +package gen import ( cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" diff --git a/test/unit/ncmapi.go b/test/unit/gen/ncmapi.go similarity index 99% rename from test/unit/ncmapi.go rename to test/unit/gen/ncmapi.go index a6d4898..919acdb 100644 --- a/test/unit/ncmapi.go +++ b/test/unit/gen/ncmapi.go @@ -1,4 +1,4 @@ -package unit +package gen import ( "fmt"