Add more tests

Makefile

@@ -15,6 +15,11 @@ PROJECT                           := github.com/gardener/cert-management
 CERT_IMAGE_REPOSITORY             := $(REGISTRY)/cert-controller-manager
 VERSION                           := $(shell cat VERSION)
 IMAGE_TAG                         := $(VERSION)
+GO_MOCKGEN_VERSION ?= $(shell go list -m -f "{{.Version}}" github.com/golang/mock)
+
+install-mockgen:
+	@echo "Installing github.com/golang/mock/mockgen@$(GO_MOCKGEN_VERSION)"
+	@go install github.com/golang/mock/mockgen@$(GO_MOCKGEN_VERSION)
 
 #########################################
 # Tools                                 #
@@ -77,12 +82,12 @@ test-integration: $(REPORT_COLLECTOR) $(SETUP_ENVTEST)
 
 .PHONY: test-cov
 test-cov:
-	@bash $(GARDENER_HACK_DIR)/test-cover.sh $(shell go list ./pkg/... | grep -v /pkg/client) ./cmd/...
+	@bash $(GARDENER_HACK_DIR)/test-cover.sh $(shell go list ./pkg/... | grep -v -E "/pkg/client|/mock") ./cmd/...
 
 .PHONY: generate
-generate: $(VGOPATH) $(CONTROLLER_GEN)
+generate: $(VGOPATH) $(CONTROLLER_GEN) install-mockgen
 	@GARDENER_HACK_DIR=$(GARDENER_HACK_DIR) VGOPATH=$(VGOPATH) REPO_ROOT=$(REPO_ROOT) ./hack/generate-code
-	@CONTROLLER_MANAGER_LIB_HACK_DIR=$(CONTROLLER_MANAGER_LIB_HACK_DIR) CONTROLLER_GEN=$(shell realpath $(CONTROLLER_GEN)) go generate ./pkg/apis/cert/...
+	@CONTROLLER_MANAGER_LIB_HACK_DIR=$(CONTROLLER_MANAGER_LIB_HACK_DIR) CONTROLLER_GEN=$(shell realpath $(CONTROLLER_GEN)) go generate ./pkg/...
 	@./hack/copy-crds.sh
 	@go fmt ./pkg/...
 

go.mod

@@ -71,6 +71,7 @@ require (
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
+	github.com/golang/mock v1.6.0 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.9 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect

go.sum

@@ -163,6 +163,8 @@ github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUv
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
+github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -387,6 +389,7 @@ github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZ
 github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
@@ -437,6 +440,7 @@ golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
@@ -461,6 +465,7 @@ golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
@@ -506,6 +511,8 @@ golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -568,6 +575,7 @@ golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE=

pkg/cert/legobridge/certificate_test.go

@@ -14,8 +14,10 @@ import (
 	"time"
 
 	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/go-acme/lego/v4/certificate"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/utils/ptr"
 
 	api "github.com/gardener/cert-management/pkg/apis/cert/v1alpha1"
@@ -60,6 +62,28 @@ var _ = Describe("Certificate", func() {
 		Entry("ECDSA with wrong size", certcrypto.KeyType(""), api.ECDSAKeyAlgorithm, 511),
 	)
 
+	Describe("NewCertificatePrivateKeyDefaults", func() {
+		It("should return an error for unknown algorithm", func() {
+			_, err := NewCertificatePrivateKeyDefaults(api.PrivateKeyAlgorithm("NotAnAlgorithm"), api.PrivateKeySize(0), api.PrivateKeySize(0))
+			Expect(err).To(MatchError("invalid algoritm: 'NotAnAlgorithm' (allowed values: 'RSA' and 'ECDSA')"))
+		})
+
+		It("should return an error for invalid RSA key size", func() {
+			_, err := NewCertificatePrivateKeyDefaults(api.PrivateKeyAlgorithm("RSA"), api.PrivateKeySize(1234), api.PrivateKeySize(0))
+			Expect(err).To(MatchError("invalid RSA private key size: 1234 (allowed values: 2048, 3072, 4096)"))
+		})
+
+		It("should return an error for invalid ECDSA key size", func() {
+			_, err := NewCertificatePrivateKeyDefaults(api.PrivateKeyAlgorithm("RSA"), api.PrivateKeySize(2048), api.PrivateKeySize(1234))
+			Expect(err).To(MatchError("invalid ECDSA private key size: 1234 (allowed values: 256, 384)"))
+		})
+	})
+
+	It("obtainForDomains should fail with unknown key type", func() {
+		_, err := obtainForDomains(nil, []string{}, ObtainInput{KeyType: "SomeUnknownKeyType"})
+		Expect(err).To(MatchError("invalid KeyType: SomeUnknownKeyType"))
+	})
+
 	Context("#newSelfSignedCertFromCSRinPEMFormat", func() {
 		It("should fail decoding the CSR with empty input", func() {
 			_, _, err := newSelfSignedCertFromCSRinPEMFormat(ObtainInput{})
@@ -123,6 +147,35 @@ var _ = Describe("Certificate", func() {
 			assertRSAPrivateKeySize(cert.PrivateKey, 2048)
 		})
 	})
+
+	Describe("Certificate/SecretData conversion", func() {
+		It("CertificateToSecretData should return correct SecretData", func() {
+			certificates := &certificate.Resource{
+				Certificate:       []byte{0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01},
+				PrivateKey:        []byte{0x3a, 0x4e, 0x5b, 0x6c, 0x7d, 0x8e, 0x9f},
+				IssuerCertificate: []byte{0xba, 0xcb, 0xdc, 0xed, 0xfe, 0x0f, 0x1f},
+			}
+
+			secretData := CertificatesToSecretData(certificates)
+
+			Expect(secretData[corev1.TLSCertKey]).To(Equal(certificates.Certificate))
+			Expect(secretData[corev1.TLSPrivateKeyKey]).To(Equal(certificates.PrivateKey))
+			Expect(secretData[TLSCAKey]).To(Equal(certificates.IssuerCertificate))
+		})
+
+		It("SecretDataToCertificates should return correct Certificates", func() {
+			secretData := map[string][]byte{}
+			secretData[corev1.TLSCertKey] = []byte{0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01}
+			secretData[corev1.TLSPrivateKeyKey] = []byte{0x3a, 0x4e, 0x5b, 0x6c, 0x7d, 0x8e, 0x9f}
+			secretData[TLSCAKey] = []byte{0xba, 0xcb, 0xdc, 0xed, 0xfe, 0x0f, 0x1f}
+
+			certificates := SecretDataToCertificates(secretData)
+
+			Expect(certificates.Certificate).To(Equal(secretData[corev1.TLSCertKey]))
+			Expect(certificates.PrivateKey).To(Equal(secretData[corev1.TLSPrivateKeyKey]))
+			Expect(certificates.IssuerCertificate).To(Equal(secretData[TLSCAKey]))
+		})
+	})
 })
 
 func assertRSAPrivateKeySize(keyMaterial []byte, expectedBits int) {

pkg/cert/legobridge/delegatingprovider_test.go

@@ -0,0 +1,67 @@
+// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package legobridge
+
+import (
+	"errors"
+	"time"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	"k8s.io/apimachinery/pkg/util/wait"
+)
+
+var _ = Describe("Delegating Provider", func() {
+	Describe("retryOnUpdateEroor", func() {
+		BeforeEach(func() {
+			// Override the default backoff settings to speed up the tests
+			backoff = wait.Backoff{
+				Steps:    4,
+				Duration: 10 * time.Millisecond,
+				Factor:   1.1,
+				Jitter:   0.1,
+				Cap:      100 * time.Millisecond,
+			}
+		})
+
+		It("should succeed without error", func() {
+			err := retryOnUpdateError(func() error {
+				return nil
+			})
+			Expect(err).NotTo(HaveOccurred())
+		})
+
+		It("should succeed after a few retries if updateError occures", func() {
+			var i int
+			err := retryOnUpdateError(func() error {
+				i++
+				if i < 3 {
+					return &updateError{"failed"}
+				}
+				return nil
+			})
+			Expect(err).NotTo(HaveOccurred())
+		})
+
+		It("should fail if some other error occures and return the error", func() {
+			var i int
+			err := retryOnUpdateError(func() error {
+				i++
+				if i < 3 {
+					return errors.New("failed")
+				}
+				return nil
+			})
+			Expect(err).To(MatchError("failed"))
+		})
+
+		It("should fail after timeout", func() {
+			err := retryOnUpdateError(func() error {
+				return &updateError{"failed"}
+			})
+			Expect(err).To(HaveOccurred())
+		})
+	})
+})

pkg/cert/legobridge/keystores_test.go

@@ -0,0 +1,44 @@
+// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package legobridge_test
+
+import (
+	"github.com/gardener/cert-management/pkg/cert/legobridge"
+	corev1 "k8s.io/api/core/v1"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("Pending", func() {
+	Describe("RemoveKeystoresFromSecret", func() {
+		It("should do nothing if secret is nil", func() {
+			Expect(func() {
+				legobridge.RemoveKeystoresFromSecret(nil)
+			}).NotTo(Panic())
+		})
+
+		It("should do nothing if the data in the secret is nil", func() {
+			secret := &corev1.Secret{}
+			legobridge.RemoveKeystoresFromSecret(secret)
+			Expect(secret.Data).To(BeNil())
+		})
+
+		It("should remove the keystore data from the secret", func() {
+			secret := &corev1.Secret{
+				Data: map[string][]byte{
+					"Field1":                   []byte("Field1"),
+					"Field2":                   []byte("Field2"),
+					legobridge.PKCS12SecretKey: []byte(legobridge.PKCS12SecretKey),
+				},
+			}
+			legobridge.RemoveKeystoresFromSecret(secret)
+			Expect(secret.Data).To(Equal(map[string][]byte{
+				"Field1": []byte("Field1"),
+				"Field2": []byte("Field2"),
+			}))
+		})
+	})
+})

pkg/cert/legobridge/pending_test.go

@@ -0,0 +1,40 @@
+// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package legobridge_test
+
+import (
+	"github.com/gardener/cert-management/pkg/cert/legobridge"
+	"github.com/gardener/controller-manager-library/pkg/resources"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("Pending", func() {
+	It("should add an object to PendingCertificateRequests and remove it afterwards", func() {
+		name := resources.NewObjectName("test", "test-cert")
+		pendingRequests := legobridge.NewPendingRequests()
+		By("Adding the Object")
+		pendingRequests.Add(name)
+		Expect(pendingRequests.Contains(name)).To(BeTrue())
+
+		By("Removing the Object")
+		pendingRequests.Remove(name)
+		Expect(pendingRequests.Contains(name)).To(BeFalse())
+	})
+
+	It("should add an object to PendingResults and remove it afterwards", func() {
+		name := resources.NewObjectName("test", "test-cert")
+		pendingResults := legobridge.NewPendingResults()
+		result := &legobridge.ObtainOutput{}
+
+		By("Adding the Object")
+		pendingResults.Add(name, result)
+		Expect(pendingResults.Peek(name)).To(Equal(result))
+
+		By("Removing the Object")
+		pendingResults.Remove(name)
+		Expect(pendingResults.Peek(name)).To(BeNil())
+	})
+})

pkg/cert/utils/mock/doc.go

@@ -0,0 +1,7 @@
+// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors
+//
+// SPDX-License-Identifier: Apache-2.0
+
+//go:generate mockgen -package=mock -destination=mocks.go github.com/gardener/controller-manager-library/pkg/resources Object
+
+package mock