test: update PolicyServer secrets integration test

Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
kubewarden · Jun 21, 2024 · fef8105 · fef8105
1 parent f49bbe7
commit fef8105
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 1 deletion.
diff --git a/controllers/policyserver_controller_test.go b/controllers/policyserver_controller_test.go
@@ -599,9 +599,24 @@ var _ = Describe("PolicyServer controller", func() {
 			}).Should(Succeed())
 		})
 
-		It("should create secret with owner reference", func() {
+		It("should create the policy server secrets", func() {
 			policyServer := policyServerFactory(policyServerName)
 			createPolicyServerAndWaitForItsService(policyServer)
+
+			Eventually(func() error {
+				secret, err := getTestPolicyServerCASecret()
+				if err != nil {
+					return err
+				}
+
+				By("creating a secret containing the CA certificate and key")
+				Expect(secret.Data).To(HaveKey(constants.PolicyServerCARootCACert))
+				Expect(secret.Data).To(HaveKey(constants.PolicyServerCARootPemName))
+				Expect(secret.Data).To(HaveKey(constants.PolicyServerCARootPrivateKeyCertName))
+
+				return nil
+			}).Should(Succeed())
+
 			Eventually(func() error {
 				secret, err := getTestPolicyServerSecret(policyServerName)
 				if err != nil {
@@ -611,6 +626,12 @@ var _ = Describe("PolicyServer controller", func() {
 				if err != nil {
 					return err
 				}
+
+				By("creating a secret containing the TLS certificate and key")
+				Expect(secret.Data).To(HaveKey(constants.PolicyServerTLSCert))
+				Expect(secret.Data).To(HaveKey(constants.PolicyServerTLSKey))
+
+				By("setting the secret owner reference")
 				Expect(secret.OwnerReferences).To(ContainElement(
 					MatchFields(IgnoreExtras, Fields{
 						"UID":        Equal(policyServer.GetUID()),

diff --git a/controllers/utils_test.go b/controllers/utils_test.go
@@ -164,6 +164,14 @@ func getTestPolicyServerService(policyServerName string) (*corev1.Service, error
 	return &service, nil
 }
 
+func getTestPolicyServerCASecret() (*corev1.Secret, error) {
+	secret := corev1.Secret{}
+	if err := reconciler.APIReader.Get(ctx, client.ObjectKey{Name: constants.PolicyServerCARootSecretName, Namespace: DeploymentsNamespace}, &secret); err != nil {
+		return nil, errors.Join(errors.New("could not find the PolicyServer CA secret"), err)
+	}
+	return &secret, nil
+}
+
 func getTestPolicyServerSecret(policyServerName string) (*corev1.Secret, error) {
 	secretName := getPolicyServerNameWithPrefix(policyServerName)
 	secret := corev1.Secret{}