cxdy
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 6 additions & 0 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 7 additions & 1 deletion b/‎.gitignore‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎Makefile‎
Lines changed: 10 additions & 1 deletion b/‎Makefile‎
Lines changed: 10 additions & 1 deletion
diff --git a/‎docs/testing.md‎
Lines changed: 155 additions & 24 deletions b/‎docs/testing.md‎
Lines changed: 155 additions & 24 deletions
@@ -25,6 +25,12 @@ jobs:
       - name: Build
         run: make build
 
+      - name: Run unit tests
+        run: go test -v -race -coverprofile=coverage.txt -covermode=atomic ./...
+
+      - name: Run integration tests
+        run: go test -v -tags=integration ./integration_test.go
+
       - name: Test certificate and kubeconfig
         run: |
           cd test/files
 
@@ -5,4 +5,10 @@ dist/
 test/files/certs
 test/files/certsSibling
 test/files/kubeConfigSibling
-run.sh
+run.sh
+
+# Output of the go coverage tool
+*.xml
+*.html
+*.txt
+*.out
@@ -9,6 +9,14 @@ $(GORELEASER):
 build: $(GORELEASER)
 	$(GORELEASER) build --skip-validate --rm-dist
 
+test:
+	go test -v -race -coverprofile=coverage.txt -covermode=atomic ./...
+
+test-integration:
+	go test -v -tags=integration ./integration_test.go
+
+test-all: test test-integration
+
 release-snapshot: $(GORELEASER)
 	$(GORELEASER) release --snapshot --skip-publish --rm-dist
 
@@ -17,5 +25,6 @@ release: $(GORELEASER)
 
 clean:
 	rm -rf dist
+	rm -f coverage.txt
 
-.PHONY: all build release-snapshot release clean
+.PHONY: all build test test-integration test-all release-snapshot release clean
@@ -1,43 +1,174 @@
 # Testing
 
-cert-exporter testing is fairly simple.  The [./test.sh](../test/files/test.sh) in the test directory will generate some certs and kubeconfigs, run the application against the files and curl the prometheus metrics to confirm they are accurate.  It takes one parameter which is the number of days to expire the test certs in.
+cert-exporter uses both Go's built-in testing framework for unit tests and bash scripts for end-to-end integration testing.
+
+## Running Tests
+
+### Unit Tests
+
+Run all unit tests with:
+
+```bash
+make test
+```
+
+Or directly with Go:
+
+```bash
+go test -v -race ./...
+```
+
+Unit tests cover:
+- Certificate parsing (PEM and PKCS12 formats)
+- Certificate exporter functionality
+- Kubeconfig parsing and certificate extraction
+- File-based certificate checking
+- Metric generation and labels
+- Error handling
+
+### Integration Tests (Go)
+
+Integration tests require a Kubernetes cluster with KUBECONFIG set:
+
+```bash
+make test-integration
+```
+
+Or directly with Go:
+
+```bash
+go test -v -tags=integration ./integration_test.go
+```
+
+Integration tests cover:
+- End-to-end certificate monitoring
+- Kubernetes secret checking
+- ConfigMap certificate extraction
+- Real Prometheus metric collection
+
+### Integration Tests (Bash)
+
+#### File-based Certificate Testing
+
+The [test/files/test.sh](../test/files/test.sh) script generates test certificates and kubeconfigs, runs the application against the files, and curls the prometheus metrics to confirm they are accurate. It takes one parameter which is the number of days to expire the test certs in.
 
 Example:
 
+```bash
+cd test/files
+./test.sh 100
+```
+
+Output:
 ```
-# ./test.sh
 ** Testing Certs and kubeconfig in the same dir
 cert_exporter_error_total 0
 TEST SUCCESS: cert_exporter_cert_expires_in_seconds{filename="certs/client.crt",issuer="root",nodename="master0"}
 TEST SUCCESS: cert_exporter_cert_expires_in_seconds{filename="certs/root.crt",issuer="root",nodename="master0"}
 TEST SUCCESS: cert_exporter_cert_expires_in_seconds{filename="certs/server.crt",issuer="root",nodename="master0"}
 TEST SUCCESS: cert_exporter_kubeconfig_expires_in_seconds{filename="certs/kubeconfig",name="cluster1",nodename="master0",type="cluster"}
-TEST SUCCESS: cert_exporter_kubeconfig_expires_in_seconds{filename="certs/kubeconfig",name="cluster2",nodename="master0",type="cluster"}
-TEST SUCCESS: cert_exporter_kubeconfig_expires_in_seconds{filename="certs/kubeconfig",name="user1",nodename="master0",type="user"}
-TEST SUCCESS: cert_exporter_kubeconfig_expires_in_seconds{filename="certs/kubeconfig",name="user2",nodename="master0",type="user"}
-** Testing Certs and kubeconfig in sibling dirs
-cert_exporter_error_total 0
-TEST SUCCESS: cert_exporter_cert_expires_in_seconds{filename="certsSibling/client.crt",issuer="root",nodename="master0"}
-TEST SUCCESS: cert_exporter_cert_expires_in_seconds{filename="certsSibling/root.crt",issuer="root",nodename="master0"}
-TEST SUCCESS: cert_exporter_cert_expires_in_seconds{filename="certsSibling/server.crt",issuer="root",nodename="master0"}
-TEST SUCCESS: cert_exporter_kubeconfig_expires_in_seconds{filename="kubeConfigSibling/kubeconfig",name="cluster1",nodename="master0",type="cluster"}
-TEST SUCCESS: cert_exporter_kubeconfig_expires_in_seconds{filename="kubeConfigSibling/kubeconfig",name="cluster2",nodename="master0",type="cluster"}
-TEST SUCCESS: cert_exporter_kubeconfig_expires_in_seconds{filename="kubeConfigSibling/kubeconfig",name="user1",nodename="master0",type="user"}
-TEST SUCCESS: cert_exporter_kubeconfig_expires_in_seconds{filename="kubeConfigSibling/kubeconfig",name="user2",nodename="master0",type="user"}
-** Testing Error metric increments
-E0707 09:25:59.470115   56712 periodicCertChecker.go:47] Error on certs/client.crt: Failed to parse as a pem
-cert_exporter_error_total 1
-# ./testCleanup.sh
+...
 ```
 
-It's not great, but it gets the job done.  There could definitely be some work put into this.
-
-### Dependencies
-
+Dependencies:
 - bash
 - openssl
 - curl
 
-### cert-manager testing
+#### cert-manager Testing
+
+The [test/cert-manager/test.sh](../test/cert-manager/test.sh) script does basic testing of cert-manager created certificates in a Kubernetes cluster.
+
+Requirements:
+- kind (Kubernetes in Docker)
+- kubectl
+- A built cert-exporter binary
+
+Example:
+
+```bash
+cd test/cert-manager
+./test.sh
+```
+
+This will:
+1. Create a kind cluster
+2. Install cert-manager
+3. Create test certificates, secrets, configmaps, and webhooks
+4. Run cert-exporter against these resources
+5. Validate the exported metrics
+6. Clean up the cluster
+
+### All Tests
+
+Run both unit and integration tests:
+
+```bash
+make test-all
+```
+
+## Test Coverage
+
+Generate a coverage report:
+
+```bash
+go test -coverprofile=coverage.txt -covermode=atomic ./...
+go tool cover -html=coverage.txt
+```
+
+## Test Organization
+
+- **Unit tests**: Located alongside source files (e.g., `certExporter_test.go`)
+- **Integration tests**: Located in `integration_test.go` at the root
+- **Test utilities**: Located in `internal/testutil/`
+  - `certs.go` - Certificate generation helpers
+  - `kubeconfig.go` - Kubeconfig file builders
+
+## Writing Tests
+
+When adding new functionality:
+
+1. Add unit tests for individual components
+2. Add integration tests for end-to-end flows
+3. Ensure tests use the test utilities in `internal/testutil/`
+4. Use `t.TempDir()` for temporary files
+5. Initialize metrics with `metrics.Init(true)` to avoid conflicts
+
+### Example Unit Test
+
+```go
+func TestCertExporter_ExportMetrics(t *testing.T) {
+    metrics.Init(true)
+
+    tmpDir := testutil.CreateTempCertDir(t)
+    certFile := filepath.Join(tmpDir, "test.crt")
+
+    cert := testutil.GenerateCertificate(t, testutil.CertConfig{
+        CommonName:   "test-cert",
+        Organization: "test-org",
+        Country:      "US",
+        Province:     "CA",
+        Days:         30,
+    })
+
+    testutil.WriteCertToFile(t, cert.CertPEM, certFile)
+
+    exporter := &CertExporter{}
+    err := exporter.ExportMetrics(certFile, "test-node")
+
+    if err != nil {
+        t.Fatalf("ExportMetrics() failed: %v", err)
+    }
+
+    // Verify metrics...
+}
+```
+
+## Continuous Integration
+
+Tests run automatically in GitHub Actions on:
+- Pull requests
+- Pushes to master
+- Tag releases
 
-`./test/cert-manager-v1/test.sh` do really basic testing of cert-manager created certs.
+The CI pipeline runs both unit and integration tests to ensure quality.