From d1633727ec8a6a0f54f2f72aefa537bd02e15723 Mon Sep 17 00:00:00 2001 From: Daneyon Hansen Date: Tue, 13 Jun 2017 18:16:42 -0700 Subject: [PATCH] Adds IPv6 test cases to kubeadm certs and validation pkgs. --- .../kubeadm/validation/validation_test.go | 135 +++++++++++------- cmd/kubeadm/app/phases/certs/certs_test.go | 38 ++--- 2 files changed, 101 insertions(+), 72 deletions(-) diff --git a/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go b/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go index fb55372eece..e4fe08cf57c 100644 --- a/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go +++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go @@ -152,21 +152,26 @@ func TestValidateAPIServerCertSANs(t *testing.T) { func TestValidateIPFromString(t *testing.T) { var tests = []struct { + name string ip string expected bool }{ - {"", false}, // not valid - {"1234", false}, // not valid - {"1.2", false}, // not valid - {"1.2.3.4/16", false}, // not valid - {"1.2.3.4", true}, // valid - {"16.0.1.1", true}, // valid + {"invalid missing address", "", false}, + {"invalid missing decimal points in IPv4 address", "1234", false}, + {"invalid incomplete IPv4 address", "1.2", false}, + {"invalid IPv4 CIDR provided instead of IPv4 address", "1.2.3.4/16", false}, + {"valid IPv4 address", "1.2.3.4", true}, + {"valid IPv6 address", "2001:db8::1", true}, + {"invalid IPv6 CIDR provided instead of IPv6 address", "2001:db8::1/64", false}, + {"invalid hex character in IPv6 address", "2001:xb8::", false}, + {"invalid use of colons in IPv6 address", "2001::db8::", false}, } for _, rt := range tests { actual := ValidateIPFromString(rt.ip, nil) if (len(actual) == 0) != rt.expected { t.Errorf( - "failed ValidateIPFromString:\n\texpected: %t\n\t actual: %t", + "%s test case failed:\n\texpected: %t\n\t actual: %t", + rt.name, rt.expected, (len(actual) == 0), ) @@ -176,22 +181,27 @@ func TestValidateIPFromString(t *testing.T) { func TestValidateIPNetFromString(t *testing.T) { var tests = []struct { + name string subnet string minaddrs int64 expected bool }{ - {"", 0, false}, // not valid - {"1234", 0, false}, // not valid - {"abc", 0, false}, // not valid - {"1.2.3.4", 0, false}, // ip not valid - {"10.0.0.16/29", 10, false}, // valid, but too small. At least 10 addrs needed - {"10.0.0.16/12", 10, true}, // valid + {"invalid missing CIDR", "", 0, false}, + {"invalid CIDR missing decimal points in IPv4 address and / mask", "1234", 0, false}, + {"invalid CIDR use of letters instead of numbers and / mask", "abc", 0, false}, + {"invalid IPv4 address provided instead of CIDR representation", "1.2.3.4", 0, false}, + {"invalid IPv6 address provided instead of CIDR representation", "2001:db8::1", 0, false}, + {"valid, but IPv4 CIDR too small. At least 10 addresses needed", "10.0.0.16/29", 10, false}, + {"valid, but IPv6 CIDR too small. At least 10 addresses needed", "2001:db8::/125", 10, false}, + {"valid IPv4 CIDR", "10.0.0.16/12", 10, true}, + {"valid IPv6 CIDR", "2001:db8::/98", 10, true}, } for _, rt := range tests { actual := ValidateIPNetFromString(rt.subnet, rt.minaddrs, nil) if (len(actual) == 0) != rt.expected { t.Errorf( - "failed ValidateIPNetFromString:\n\texpected: %t\n\t actual: %t", + "%s test case failed :\n\texpected: %t\n\t actual: %t", + rt.name, rt.expected, (len(actual) == 0), ) @@ -202,54 +212,71 @@ func TestValidateIPNetFromString(t *testing.T) { func TestValidateMasterConfiguration(t *testing.T) { nodename := "valid-nodename" var tests = []struct { + name string s *kubeadm.MasterConfiguration expected bool }{ - {&kubeadm.MasterConfiguration{}, false}, - {&kubeadm.MasterConfiguration{ - AuthorizationModes: []string{"Node", "RBAC"}, - Networking: kubeadm.Networking{ - ServiceSubnet: "10.96.0.1/12", - DNSDomain: "cluster.local", - }, - CertificatesDir: "/some/cert/dir", - NodeName: nodename, - }, false}, - {&kubeadm.MasterConfiguration{ - AuthorizationModes: []string{"Node", "RBAC"}, - Networking: kubeadm.Networking{ - ServiceSubnet: "10.96.0.1/12", - DNSDomain: "cluster.local", - }, - CertificatesDir: "/some/other/cert/dir", - Token: "abcdef.0123456789abcdef", - NodeName: nodename, - }, true}, - {&kubeadm.MasterConfiguration{ - AuthorizationModes: []string{"Node", "RBAC"}, - Networking: kubeadm.Networking{ - ServiceSubnet: "2001:db8::/98", - DNSDomain: "cluster.local", - }, - CertificatesDir: "/some/cert/dir", - NodeName: nodename, - }, false}, - {&kubeadm.MasterConfiguration{ - AuthorizationModes: []string{"Node", "RBAC"}, - Networking: kubeadm.Networking{ - ServiceSubnet: "2001:db8::/98", - DNSDomain: "cluster.local", - }, - CertificatesDir: "/some/other/cert/dir", - Token: "abcdef.0123456789abcdef", - NodeName: nodename, - }, true}, + {"invalid missing master configuration", + &kubeadm.MasterConfiguration{}, false}, + {"invalid missing token with IPv4 service subnet", + &kubeadm.MasterConfiguration{ + AuthorizationModes: []string{"Node", "RBAC"}, + Networking: kubeadm.Networking{ + ServiceSubnet: "10.96.0.1/12", + DNSDomain: "cluster.local", + }, + CertificatesDir: "/some/cert/dir", + NodeName: nodename, + }, false}, + {"invalid missing token with IPv6 service subnet", + &kubeadm.MasterConfiguration{ + AuthorizationModes: []string{"Node", "RBAC"}, + Networking: kubeadm.Networking{ + ServiceSubnet: "2001:db8::1/98", + DNSDomain: "cluster.local", + }, + CertificatesDir: "/some/cert/dir", + NodeName: nodename, + }, false}, + {"invalid missing node name", + &kubeadm.MasterConfiguration{ + AuthorizationModes: []string{"Node", "RBAC"}, + Networking: kubeadm.Networking{ + ServiceSubnet: "10.96.0.1/12", + DNSDomain: "cluster.local", + }, + CertificatesDir: "/some/other/cert/dir", + Token: "abcdef.0123456789abcdef", + }, false}, + {"valid master configuration with IPv4 service subnet", + &kubeadm.MasterConfiguration{ + AuthorizationModes: []string{"Node", "RBAC"}, + Networking: kubeadm.Networking{ + ServiceSubnet: "10.96.0.1/12", + DNSDomain: "cluster.local", + }, + CertificatesDir: "/some/other/cert/dir", + Token: "abcdef.0123456789abcdef", + NodeName: nodename, + }, true}, + {"valid master configuration using IPv6 service subnet", + &kubeadm.MasterConfiguration{ + AuthorizationModes: []string{"Node", "RBAC"}, + Networking: kubeadm.Networking{ + ServiceSubnet: "2001:db8::1/98", + DNSDomain: "cluster.local", + }, + CertificatesDir: "/some/other/cert/dir", + Token: "abcdef.0123456789abcdef", + NodeName: nodename, + }, true}, } for _, rt := range tests { actual := ValidateMasterConfiguration(rt.s) if (len(actual) == 0) != rt.expected { t.Errorf( - "failed ValidateMasterConfiguration:\n\texpected: %t\n\t actual: %t", + "%s test case failed:\n\texpected: %t\n\t actual: %t", + rt.name, rt.expected, (len(actual) == 0), ) diff --git a/cmd/kubeadm/app/phases/certs/certs_test.go b/cmd/kubeadm/app/phases/certs/certs_test.go index d4f03ce6971..7a058373fe6 100644 --- a/cmd/kubeadm/app/phases/certs/certs_test.go +++ b/cmd/kubeadm/app/phases/certs/certs_test.go @@ -37,27 +37,29 @@ func TestNewCACertAndKey(t *testing.T) { func TestNewAPIServerCertAndKey(t *testing.T) { hostname := "valid-hostname" - advertiseIP := "1.2.3.4" - cfg := &kubeadmapi.MasterConfiguration{ - API: kubeadmapi.API{AdvertiseAddress: advertiseIP}, - Networking: kubeadmapi.Networking{ServiceSubnet: "10.96.0.0/12", DNSDomain: "cluster.local"}, - NodeName: "valid-hostname", - } - caCert, caKey, err := NewCACertAndKey() + advertiseAddresses := []string{"1.2.3.4", "1:2:3::4"} + for _, addr := range advertiseAddresses { + cfg := &kubeadmapi.MasterConfiguration{ + API: kubeadmapi.API{AdvertiseAddress: addr}, + Networking: kubeadmapi.Networking{ServiceSubnet: "10.96.0.0/12", DNSDomain: "cluster.local"}, + NodeName: "valid-hostname", + } + caCert, caKey, err := NewCACertAndKey() - apiServerCert, _, err := NewAPIServerCertAndKey(cfg, caCert, caKey) - if err != nil { - t.Fatalf("failed creation of cert and key: %v", err) - } + apiServerCert, _, err := NewAPIServerCertAndKey(cfg, caCert, caKey) + if err != nil { + t.Fatalf("failed creation of cert and key: %v", err) + } - assertIsSignedByCa(t, apiServerCert, caCert) - assertHasServerAuth(t, apiServerCert) + assertIsSignedByCa(t, apiServerCert, caCert) + assertHasServerAuth(t, apiServerCert) - for _, DNSName := range []string{hostname, "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster.local"} { - assertHasDNSNames(t, apiServerCert, DNSName) - } - for _, IPAddress := range []string{"10.96.0.1", advertiseIP} { - assertHasIPAddresses(t, apiServerCert, net.ParseIP(IPAddress)) + for _, DNSName := range []string{hostname, "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster.local"} { + assertHasDNSNames(t, apiServerCert, DNSName) + } + for _, IPAddress := range []string{"10.96.0.1", addr} { + assertHasIPAddresses(t, apiServerCert, net.ParseIP(IPAddress)) + } } }