Fix CertificateRequest test

In Go 1.17 x509.CreateCertificate fails if public key doesn't match private key https://golang.org/doc/go1.17 Signed-off-by: irbekrm <irbekrm@gmail.com>
irbekrm · Sep 27, 2021 · 6d99dcd · 6d99dcd
1 parent b14f8db
commit 6d99dcd
Showing 1 changed file with 23 additions and 2 deletions.
diff --git a/pkg/controller/certificaterequests/sync_test.go b/pkg/controller/certificaterequests/sync_test.go
@@ -52,6 +52,7 @@ var (
 )
 
 func generateCSR(t *testing.T, secretKey crypto.Signer, alg x509.SignatureAlgorithm) []byte {
+	t.Helper()
 	asn1Subj, _ := asn1.Marshal(pkix.Name{
 		CommonName: "test",
 	}.ToRDNSequence())
@@ -72,6 +73,7 @@ func generateCSR(t *testing.T, secretKey crypto.Signer, alg x509.SignatureAlgori
 }
 
 func generateSelfSignedCert(t *testing.T, cr *cmapi.CertificateRequest, key crypto.Signer, notBefore, notAfter time.Time) []byte {
+	t.Helper()
 	template, err := pki.GenerateTemplateFromCertificateRequest(cr)
 	if err != nil {
 		t.Errorf("failed to generate cert template from CSR: %v", err)
@@ -113,6 +115,7 @@ func TestSync(t *testing.T) {
 	}
 
 	csrRSAPEM := generateCSR(t, skRSA, x509.SHA256WithRSA)
+	csrECPEM := generateCSR(t, skEC, x509.ECDSAWithSHA256)
 
 	baseIssuer := gen.Issuer("test-issuer",
 		gen.SetIssuerSelfSigned(cmapi.SelfSignedIssuer{}),
@@ -140,12 +143,30 @@ func TestSync(t *testing.T) {
 			LastTransitionTime: &nowMetaTime,
 		}),
 	)
+	baseCRNotApprovedEC := gen.CertificateRequest("test-cr",
+		gen.SetCertificateRequestIsCA(false),
+		gen.SetCertificateRequestCSR(csrECPEM),
+		gen.SetCertificateRequestIssuer(cmmeta.ObjectReference{
+			Kind: baseIssuer.Kind,
+			Name: baseIssuer.Name,
+		}),
+	)
+
+	baseCREC := gen.CertificateRequestFrom(baseCRNotApprovedEC,
+		gen.SetCertificateRequestStatusCondition(cmapi.CertificateRequestCondition{
+			Type:               cmapi.CertificateRequestConditionApproved,
+			Status:             cmmeta.ConditionTrue,
+			Reason:             "cert-manager.io",
+			Message:            "Certificate request has been approved by cert-manager.io",
+			LastTransitionTime: &nowMetaTime,
+		}),
+	)
 
 	certRSAPEM := generateSelfSignedCert(t, baseCR, skRSA, fixedClockStart, fixedClockStart.Add(time.Hour*12))
 	certRSAPEMExpired := generateSelfSignedCert(t, baseCR, skRSA, fixedClockStart.Add(-time.Hour*13), fixedClockStart.Add(-time.Hour*12))
 
-	certECPEM := generateSelfSignedCert(t, baseCR, skEC, fixedClockStart, fixedClockStart.Add(time.Hour*12))
-	certECPEMExpired := generateSelfSignedCert(t, baseCR, skEC, fixedClockStart.Add(-time.Hour*13), fixedClockStart.Add(-time.Hour*12))
+	certECPEM := generateSelfSignedCert(t, baseCREC, skEC, fixedClockStart, fixedClockStart.Add(time.Hour*12))
+	certECPEMExpired := generateSelfSignedCert(t, baseCREC, skEC, fixedClockStart.Add(-time.Hour*13), fixedClockStart.Add(-time.Hour*12))
 
 	tests := map[string]testT{
 		"should return nil (no action) if group name if not 'cert-manager.io' or ''": {