djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix a mistake from the previous commit

Browse Source 
- Got the order of multiple return values backwards, which was caught
  by the integration tests
This commit is contained in:
Ryan Richard 2020-08-10 19:34:45 -07:00
parent 626fc6aa8d
commit 8034ef24ff
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
internal/controller/apicerts/certs_manager.go
View File

@ -101,7 +101,7 @@ func (c *certsManagerController) Sync(ctx controller.Context) error {
}
// Write the CA's public key bundle and the serving certs to a secret.
tlsPrivateKeyPEM, tlsCertChainPEM, err := certauthority.ToPEM(aggregatedAPIServerTLSCert)
tlsCertChainPEM, tlsPrivateKeyPEM, err := certauthority.ToPEM(aggregatedAPIServerTLSCert)
if err != nil {
return fmt.Errorf("could not PEM encode serving certificate: %w", err)
}

7
internal/controller/apicerts/certs_manager_test.go
View File

@ -31,6 +31,8 @@ import (
placeholderv1alpha1 "github.com/suzerain-io/placeholder-name/kubernetes/1.19/api/apis/placeholder/v1alpha1"
)
// TODO test that it uses controller.WithInitialEvent correctly
func TestManagerControllerInformerFilters(t *testing.T) {
spec.Run(t, "informer filters", func(t *testing.T, when spec.G, it spec.S) {
const installedInNamespace = "some-namespace"
@ -211,7 +213,7 @@ func TestManagerControllerSync(t *testing.T) {
roots := x509.NewCertPool()
ok := roots.AppendCertsFromPEM([]byte(actualCACert))
r.True(ok)
block, _ := pem.Decode([]byte(actualPrivateKey))
block, _ := pem.Decode([]byte(actualCertChain))
r.NotNil(block)
parsedCert, err := x509.ParseCertificate(block.Bytes)
r.NoError(err)
@ -226,7 +228,8 @@ func TestManagerControllerSync(t *testing.T) {
r.WithinDuration(time.Now(), parsedCert.NotBefore, time.Minute*2)
r.WithinDuration(time.Now().Add(24*365*time.Hour), parsedCert.NotAfter, time.Minute*2)
// TODO How can we validate the tlsCertificateChain?
// TODO How can we validate that the actualPrivateKey is correct and works with the other cert values?
// Maybe start a test http server using these certs and then make a request to it using the actualCACert?
// Make sure we updated the APIService caBundle and left it otherwise unchanged
r.Len(aggregatorAPIClient.Actions(), 2)