cert-exporter uses both Go's built-in testing framework for unit tests and bash scripts for end-to-end integration testing.
Run all unit tests with:
make testOr directly with Go:
go test -v -race ./...Unit tests cover:
- Certificate parsing (PEM and PKCS12 formats)
- Certificate exporter functionality
- Kubeconfig parsing and certificate extraction
- File-based certificate checking
- Metric generation and labels
- Error handling
Integration tests require a Kubernetes cluster with KUBECONFIG set:
make test-integrationOr directly with Go:
go test -v -tags=integration ./integration_test.goIntegration tests cover:
- End-to-end certificate monitoring
- Kubernetes secret checking
- ConfigMap certificate extraction
- Real Prometheus metric collection
The test/files/test.sh script generates test certificates and kubeconfigs, runs the application against the files, and curls the prometheus metrics to confirm they are accurate. It takes one parameter which is the number of days to expire the test certs in.
Example:
cd test/files
./test.sh 100Output:
** Testing Certs and kubeconfig in the same dir
cert_exporter_error_total 0
TEST SUCCESS: cert_exporter_cert_expires_in_seconds{filename="certs/client.crt",issuer="root",nodename="master0"}
TEST SUCCESS: cert_exporter_cert_expires_in_seconds{filename="certs/root.crt",issuer="root",nodename="master0"}
TEST SUCCESS: cert_exporter_cert_expires_in_seconds{filename="certs/server.crt",issuer="root",nodename="master0"}
TEST SUCCESS: cert_exporter_kubeconfig_expires_in_seconds{filename="certs/kubeconfig",name="cluster1",nodename="master0",type="cluster"}
...
Dependencies:
- bash
- openssl
- curl
The test/cert-manager/test.sh script does basic testing of cert-manager created certificates in a Kubernetes cluster.
Requirements:
- kind (Kubernetes in Docker)
- kubectl
- A built cert-exporter binary
Example:
cd test/cert-manager
./test.shThis will:
- Create a kind cluster
- Install cert-manager
- Create test certificates, secrets, configmaps, and webhooks
- Run cert-exporter against these resources
- Validate the exported metrics
- Clean up the cluster
Run both unit and integration tests:
make test-allGenerate a coverage report:
go test -coverprofile=coverage.txt -covermode=atomic ./...
go tool cover -html=coverage.txt- Unit tests: Located alongside source files (e.g.,
certExporter_test.go) - Integration tests: Located in
integration_test.goat the root - Test utilities: Located in
internal/testutil/certs.go- Certificate generation helperskubeconfig.go- Kubeconfig file builders
When adding new functionality:
- Add unit tests for individual components
- Add integration tests for end-to-end flows
- Ensure tests use the test utilities in
internal/testutil/ - Use
t.TempDir()for temporary files - Initialize metrics with
metrics.Init(true)to avoid conflicts
func TestCertExporter_ExportMetrics(t *testing.T) {
metrics.Init(true)
tmpDir := testutil.CreateTempCertDir(t)
certFile := filepath.Join(tmpDir, "test.crt")
cert := testutil.GenerateCertificate(t, testutil.CertConfig{
CommonName: "test-cert",
Organization: "test-org",
Country: "US",
Province: "CA",
Days: 30,
})
testutil.WriteCertToFile(t, cert.CertPEM, certFile)
exporter := &CertExporter{}
err := exporter.ExportMetrics(certFile, "test-node")
if err != nil {
t.Fatalf("ExportMetrics() failed: %v", err)
}
// Verify metrics...
}Tests run automatically in GitHub Actions on:
- Pull requests
- Pushes to master
- Tag releases
The CI pipeline runs both unit and integration tests to ensure quality.