test: fix vault pki test cases

Since vault version 1.11.0 the full CA chain is returned for signed
certs: hashicorp/vault#15155 (while the PR is
closed the behaviour was still merged, see note hashicorp/vault#15155 (comment)).

Signed-off-by: LukasAuerbeck <17929465+LukasAuerbeck@users.noreply.github.com>

pkg/controllers/e2e_test/vaultcertificateauthority/vaultcertificateauthority_controller_test.go

@@ -175,7 +175,7 @@ var _ = Describe("VaultCertificateAuthority Controller", func() {
 			publicInfoSecretPath := core.SecretPath(common.GetCAInfoSecretPath(ca))
 			privateInfoSecretPath := core.SecretPath(common.GetCAPrivateKeySecretPath(ca))
 			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretFieldWithValue("certificate", e2e_test.RootCertificate))
-			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretFieldFieldWithLength("certificate_chain", 0))
+			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretField("certificate_chain"))
 			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretFieldWithValue("full_certificate_chain", e2e_test.RootCertificate))
 			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretFieldWithValue("issuer", e2e_test.RootCertificate))
 			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretFieldWithValue("serial_number", "39:af:8c:ff:af:94:27:5f:49:7f:91:99:cc:ad:2e:cc:a3:bf:15:d7"))
@@ -259,7 +259,7 @@ var _ = Describe("VaultCertificateAuthority Controller", func() {
 			publicInfoSecretPath := core.SecretPath(common.GetCAInfoSecretPath(ca))
 			privateInfoSecretPath := core.SecretPath(common.GetCAPrivateKeySecretPath(ca))
 			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretField("certificate"))
-			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretFieldFieldWithLength("certificate_chain", 0))
+			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretField("certificate_chain"))
 			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretField("full_certificate_chain"))
 			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretField("issuer"))
 			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretField("serial_number"))
@@ -347,7 +347,7 @@ var _ = Describe("VaultCertificateAuthority Controller", func() {
 			publicInfoSecretPath := core.SecretPath(common.GetCAInfoSecretPath(ca))
 			privateInfoSecretPath := core.SecretPath(common.GetCAPrivateKeySecretPath(ca))
 			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretFieldWithValue("certificate", e2e_test.RootCertificate))
-			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretFieldFieldWithLength("certificate_chain", 0))
+			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretField("certificate_chain"))
 			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretFieldWithValue("full_certificate_chain", e2e_test.RootCertificate))
 			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretFieldWithValue("issuer", e2e_test.RootCertificate))
 			Test.VaultEnv.KvSecret(common.InternalKvEngine, publicInfoSecretPath).Should(HaveKvSecretFieldWithValue("serial_number", "39:af:8c:ff:af:94:27:5f:49:7f:91:99:cc:ad:2e:cc:a3:bf:15:d7"))

pkg/vault/e2e_test/pki_test.go

@@ -107,7 +107,7 @@ var _ = Describe("PKI API", func() {
 			Expect(info.PrivateKey).To(BeEmpty())
 			Expect(info.PrivateKeyType).To(BeEmpty())
 			Expect(info.Certificate).NotTo(BeEmpty())
-			Expect(info.CertificateChain).To(BeEmpty())
+			Expect(info.CertificateChain).NotTo(BeEmpty())
 			Expect(info.IssuingCertificateAuthority).To(Equal(info.Certificate))
 
 			Expect(vaultAPI.UpdateRootCA(root)).To(Succeed())
@@ -134,7 +134,7 @@ var _ = Describe("PKI API", func() {
 			Expect(info.PrivateKey).NotTo(BeEmpty())
 			Expect(info.PrivateKeyType).NotTo(BeEmpty())
 			Expect(info.Certificate).NotTo(BeEmpty())
-			Expect(info.CertificateChain).To(BeEmpty())
+			Expect(info.CertificateChain).NotTo(BeEmpty())
 			Expect(info.IssuingCertificateAuthority).To(Equal(info.Certificate))
 
 			Expect(vaultAPI.UpdateRootCA(root)).To(Succeed())
@@ -288,7 +288,7 @@ var _ = Describe("PKI API", func() {
 			Expect(info.PrivateKey).To(BeEmpty())
 			Expect(info.PrivateKeyType).To(BeEmpty())
 			Expect(info.Certificate).To(Equal(rootCertificate))
-			Expect(info.CertificateChain).To(BeEmpty())
+			Expect(info.CertificateChain).To(Equal(rootCertificate))
 			Expect(info.IssuingCertificateAuthority).To(Equal(rootCertificate))
 
 			Expect(vaultAPI.UpdateRootCA(root)).To(Succeed())
@@ -315,7 +315,7 @@ var _ = Describe("PKI API", func() {
 			Expect(info.PrivateKey).To(Equal(rootPrivateKey))
 			Expect(info.PrivateKeyType).To(Equal(pki.KeyTypeRSA))
 			Expect(info.Certificate).To(Equal(rootCertificate))
-			Expect(info.CertificateChain).To(BeEmpty())
+			Expect(info.CertificateChain).To(Equal(rootCertificate))
 			Expect(info.IssuingCertificateAuthority).To(Equal(rootCertificate))
 
 			Expect(vaultAPI.UpdateRootCA(root)).To(Succeed())
@@ -516,7 +516,8 @@ var _ = Describe("PKI API", func() {
 			Expect(info.PrivateKey).To(BeEmpty())
 			Expect(info.PrivateKeyType).To(BeEmpty())
 			Expect(info.Certificate).NotTo(BeEmpty())
-			Expect(info.CertificateChain).To(Equal(info.Certificate))
+			expectedChain := fmt.Sprintf("%s\n%s", info.Certificate, rootCACert)
+			Expect(info.CertificateChain).To(Equal(expectedChain))
 			Expect(info.IssuingCertificateAuthority).NotTo(BeEmpty())
 			Expect(info.IssuingCertificateAuthority).NotTo(Equal(info.Certificate))
 			Expect(info.IssuingCertificateAuthority).To(Equal(rootCACert))
@@ -544,7 +545,8 @@ var _ = Describe("PKI API", func() {
 			Expect(info.PrivateKey).To(BeEmpty())
 			Expect(info.PrivateKeyType).To(BeEmpty())
 			Expect(info.Certificate).NotTo(BeEmpty())
-			Expect(info.CertificateChain).To(Equal(info.Certificate))
+			expectedChain := fmt.Sprintf("%s\n%s", info.Certificate, rootCACert)
+			Expect(info.CertificateChain).To(Equal(expectedChain))
 			Expect(info.IssuingCertificateAuthority).NotTo(BeEmpty())
 			Expect(info.IssuingCertificateAuthority).NotTo(Equal(info.Certificate))
 			Expect(info.IssuingCertificateAuthority).To(Equal(rootCACert))
@@ -570,7 +572,7 @@ var _ = Describe("PKI API", func() {
 			Expect(info2.PrivateKey).To(BeEmpty())
 			Expect(info2.PrivateKeyType).To(BeEmpty())
 			Expect(info2.Certificate).NotTo(BeEmpty())
-			Expect(info2.CertificateChain).To(Equal(fmt.Sprintf("%s\n%s", info2.Certificate, info.Certificate)))
+			Expect(info2.CertificateChain).To(Equal(fmt.Sprintf("%s\n%s\n%s", info2.Certificate, info.Certificate, rootCACert)))
 			Expect(info2.IssuingCertificateAuthority).NotTo(Equal(info2.Certificate))
 			Expect(info2.IssuingCertificateAuthority).To(Equal(info.Certificate))
 
@@ -597,7 +599,8 @@ var _ = Describe("PKI API", func() {
 			Expect(info.PrivateKey).NotTo(BeEmpty())
 			Expect(info.PrivateKeyType).NotTo(BeEmpty())
 			Expect(info.Certificate).NotTo(BeEmpty())
-			Expect(info.CertificateChain).To(Equal(info.Certificate))
+			expectedChain := fmt.Sprintf("%s\n%s", info.Certificate, rootCACert)
+			Expect(info.CertificateChain).To(Equal(expectedChain))
 			Expect(info.IssuingCertificateAuthority).NotTo(BeEmpty())
 			Expect(info.IssuingCertificateAuthority).NotTo(Equal(info.Certificate))
 			Expect(info.IssuingCertificateAuthority).To(Equal(rootCACert))
@@ -625,7 +628,8 @@ var _ = Describe("PKI API", func() {
 			Expect(info.PrivateKey).NotTo(BeEmpty())
 			Expect(info.PrivateKeyType).NotTo(BeEmpty())
 			Expect(info.Certificate).NotTo(BeEmpty())
-			Expect(info.CertificateChain).To(Equal(info.Certificate))
+			expectedChain := fmt.Sprintf("%s\n%s", info.Certificate, rootCACert)
+			Expect(info.CertificateChain).To(Equal(expectedChain))
 			Expect(info.IssuingCertificateAuthority).NotTo(BeEmpty())
 			Expect(info.IssuingCertificateAuthority).NotTo(Equal(info.Certificate))
 			Expect(info.IssuingCertificateAuthority).To(Equal(rootCACert))
@@ -651,7 +655,7 @@ var _ = Describe("PKI API", func() {
 			Expect(info2.PrivateKey).NotTo(BeEmpty())
 			Expect(info2.PrivateKeyType).NotTo(BeEmpty())
 			Expect(info2.Certificate).NotTo(BeEmpty())
-			Expect(info2.CertificateChain).To(Equal(fmt.Sprintf("%s\n%s", info2.Certificate, info.Certificate)))
+			Expect(info2.CertificateChain).To(Equal(fmt.Sprintf("%s\n%s\n%s", info2.Certificate, info.Certificate, rootCACert)))
 			Expect(info2.IssuingCertificateAuthority).NotTo(Equal(info2.Certificate))
 			Expect(info2.IssuingCertificateAuthority).To(Equal(info.Certificate))