apiextensions-apiserver: use self-signed cert fixtures in testserver

2025-07-22 19:31:44 +00:00 · 2018-07-06 12:39:00 +02:00 · 2018-07-06 12:39:00 +02:00 · 0dda53526a
commit 0dda53526a
parent c1c564fd4d
4 changed files with 78 additions and 3 deletions
--- a/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/BUILD
+++ b/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/BUILD
@ -8,6 +8,7 @@ load(
 go_library(
    name = "go_default_library",
    srcs = ["server.go"],
+    data = glob(["testdata/**"]),
    importmap = "k8s.io/kubernetes/vendor/k8s.io/apiextensions-apiserver/pkg/cmd/server",
    importpath = "k8s.io/apiextensions-apiserver/pkg/cmd/server",
    deps = [
--- a/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/testing/testdata/localhost_127.0.0.1_localhost.crt
+++ b/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/testing/testdata/localhost_127.0.0.1_localhost.crt
@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIDGjCCAgKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQDDBdsb2Nh
+bGhvc3QtY2FAMTUzMTQ2ODA4NTAgFw0xODA3MTMwNjQ4MDVaGA8yMTE4MDYxOTA2
+NDgwNVowHzEdMBsGA1UEAwwUbG9jYWxob3N0QDE1MzE0NjgwODYwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC9Qfx1YAEp+wrSIjbinWw3pWIDbf57Lut
+fXgS84ilZpc7M2zeu1QrPyhCedL/gPP0QxKbPS6AR5R/DibH4RWcujL6CU5FB0Y9
+on+IpN/Iml2XzgGiU82gTkJg185VgWwDaHOPKvUF9N1GpvxcSvRsNGoiBJ/LlE4N
+hxyUQ0V/lAalYxYybxgl8/xghWMkGnQc3YKWKqGmtBaaax3xvMzamxpWPphoLG07
+YZfAf0Q7vslVMmlslRmx9OpJFvRnkelbXoHHx73umbMiFp28njY8NK2dqXwb6Z8
+0BCezppCKYpbjnupOIDAAE0KvjzhhzSS68ZgukiBZOcUlnWLzL39AgMBAAGjXDBa
+MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8E
+AjAAMCUGA1UdEQQeMByCCWxvY2FsaG9zdIIJbG9jYWxob3N0hwR/AAABMA0GCSqG
+SIb3DQEBCwUAA4IBAQBm9Z15QxsRqoaRDh/ELA93eE9105gwrXrR3AK/iKuJyxIc
+/SXVbpAaYHArMrUzaZs0GXEzgW31tZn8D3dgFy8XdZxk1ztaFTm+QTnFRogMNB8A
+kvpq7jwTa44c7G0wuNO2nATMu2Ifi/nSdQadTxzmZacSrevN/zcjmvSoV4VFkKO5
+VBnr7e1ruffxAaVAzrRraplpZvuJzlcvqTYAME8fq8H9QidvaXF6yIbEPwwUHK67
+8W4rXn9Zp6NDuQhH0eNPAGlEAaYuyCJvJZeM68ootMi7Uh6RJOTDw1HIdekYEr1/
+FAg4+rH/9Gi+o/LXsBmYXabO+GjsOwfezv3THDnw
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC5DCCAcygAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQDDBdsb2Nh
+bGhvc3QtY2FAMTUzMTQ2ODA4NTAgFw0xODA3MTMwNjQ4MDVaGA8yMTE4MDYxOTA2
+NDgwNVowIjEgMB4GA1UEAwwXbG9jYWxob3N0LWNhQDE1MzE0NjgwODUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFDtkZLlseubpzPQr1IT3xE28/1cDM
+3UB2vp+pbiwvkmHvfm9RxMmDZbYWqXL5beCG/ladHaJ0RW4f3sBPzxDzUP1zFM94
+iYDZmVA0f7ZvtijuiUrwc6TP21ctX5TlN2YYoh4Er+aZ6E5MQIMAxkP+w1lwyYmj
+oxopD1wf/4cmZgv9axZV1zR5MrpyVboQa4mQRUoMlLQFE0erMc0yIJsIVWXx9yS7
+9dzhEXC2WPYnPHh6AYSQZBdzumj5HdZhOQhL/UOWq6AJGP1p7l0uXPArmDG0g9pS
+aFxAQx6IxtdSUOZFBlel/p+iOab3H8eoNkgCPMXmrM3WZLW7Uy5Onx6LAgMBAAGj
+IzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQC0BaURRhpRbORaOiZJFeQR0gCD9goggXNj+cPh8yYol2GNBdLfed6x
+B6ZxGW2Y14pOjo2Ba5FdZyzfOenjhkqhUujQSMxKjkWxX03blLjPEvLo/Wi6TLnp
+H3Qmm/Gq1GAxmkZUaovcE71/zpZ/lJLWVVxz21wxcGQIA30DUKgdycfOvWdYkYGf
+tnsXpY4yIyHvKvfeIbxo8doBnoRvYd4a7QyY0zw/Q3qaCdINo9zKJYV0CnpSZhKy
+5RLcrlfvXttEYryP57RWP9GYJMNmiovGcbls4pOwZMNueUx5qEzIbC9lsfyt13Bc
+oZ1lk1TqzwJERoALmgT0ccp7LRxIV90P
+-----END CERTIFICATE-----
--- a/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/testing/testdata/localhost_127.0.0.1_localhost.key
+++ b/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/testing/testdata/localhost_127.0.0.1_localhost.key
@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEAwvUH8dWABKfsK0iI24p1sN6ViA23+ey7rX14EvOIpWaXOzNs
+3rtUKz8oQnnS/4Dz9EMSmz0ugEeUfw4mx+EVnLoy+glORQdGPaJ/iKTfyJpdl84B
+olPNoE5CYNfOVYFsA2hzjyr1BfTdRqb8XEr0bDRqIgSfy5RODYcclENFf5QGpWMW
+Mm8YJfP8YIVjJBp0HN2CliqhprQWmmsd8bzM2psaVj6YaCxtO/mGXwH9EO77JVTJ
+pbJUZsfTqSRb0Z5HpW16Bx8e97pmzIhadvJ42PDStnal8G+mfNAQns6aQimKW457
+qTiAwABNCr484Yc0kuvGYLpIgWTnFJZ1i8y9/QIDAQABAoIBAQC3rgioLpEI0fVO
+6m4W+iLcWznjD5nQnNxOHrJsmIqb20aM/myKhVBN1pll2EWVeLdf4Xm8TS5sqgQc
+mQast0KXgU7aCL53ht0E4P7rjPtSky2vAubDO9W2PUWI3IqIQQG1TEnkD4L+868v
+C9EkW3JiKBf+qQCs27OWR0AD6EWoZfc9NT5AVnL1aTwKnLpSt80umXUMmR5c4ddT
+58FO9JgZCzHbcoAyosf4v8fiz588zjBDRRienHourxmUnsKJrIyCMrygBpQ7wIcO
+R86e+PuQ+toeSbldq8EfN/XoY0POUvLL/zu6HkbZLhOEjEHQMkMRCMtmLCjuU+sy
+TwdRl0xBAoGBAOtC+kqh5eYgQAYtvPaW/XQwrang+G2xIYd/OTXzIlU2T3sTPrDo
+IEkwsXwAeKcJx+Z7XcipSG5l1s5QZbc+GIARmJ0DrAwLkDhlwz8RssxBY4q64Jtn
+FWRm6CBJkPDq4t16ZbXDdUleXAaqbvxTTnPZMz2o1XHEDpUcPG29MnF1AoGBANQk
+hh44qY3IUxRwp6ZoNHVRz7oJC2JLj1++QNoLXX/8LWTXd49RZpI7Byk2lEXl7clf
+3rErBuWElrxxuikOahEdzkjKSZq4RSKj1lNpy14spBRo7O9Q+GrJgcr3tcuyT6ri
+sXOo6ET5bG72j+uVzv/QbuyCS8elZQHifBIi58FpAoGBAIXsQ8TWcqPUuf2KbeZF
+v5Qz3bg1y9XNnpOedbfjZyjw2L/sDaTxDuf7Ix2+uvADnlry4UlILGZD7MrXc3+j
+hpjo62J+Y6MbtgaUz1eIwKqLkpm3lgKA5OmZtwwiNLMgUvLXKS0WTh7s6yAUR0e2
+OJO0EfpIsPCpNc/mGfQyXpO9AoGBANEVblo63mGvHrL2lUWdTpaSm3lvkJjAf/6N
+NL2yleSeVt8cvemzALT/GH+2G00I4OOoaYOUNKfhle8E58WvPzq/daCoPwMOupT5
+hTORAa8/sDetclgsJaqaECJLIhIxG/QAmYS05LeWXRjASfiXHf1jIPBZOvb6PCMv
+Zbk6TdCBAoGBAIxT9W5FhHl+uUpuHIuFvCUg0AoERk9dUPXVEz1C1lqsYfetZ0uz
+wh9KtFq2puWrez+K4o04LoInXHFeb34Hx/9SRDCTawmMicuLxivbTm4yjG2RsShl
+nbq376nyawu9rcjM3F5ucYLiGHmQOPYWSOvGr2QhGgFgzXiBQ1RcAYdH
+-----END RSA PRIVATE KEY-----
--- a/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/testing/testserver.go
+++ b/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/testing/testserver.go
@ -21,6 +21,8 @@ import (
 	"io/ioutil"
 	"net"
 	"os"
+	"path"
+	"runtime"
 	"time"

 	"github.com/spf13/pflag"
@ -109,11 +111,19 @@ func StartTestServer(t Logger, instanceOptions *TestServerInstanceOptions, custo
 	s := options.NewCustomResourceDefinitionsServerOptions(os.Stdout, os.Stderr)
 	s.AddFlags(fs)

-	s.RecommendedOptions.SecureServing.Listener, s.RecommendedOptions.SecureServing.BindPort, err = createListenerOnFreePort()
+	s.RecommendedOptions.SecureServing.Listener, s.RecommendedOptions.SecureServing.BindPort, err = createLocalhostListenerOnFreePort()
 	if err != nil {
 		return result, fmt.Errorf("failed to create listener: %v", err)
 	}
 	s.RecommendedOptions.SecureServing.ServerCert.CertDirectory = result.TmpDir
+	s.RecommendedOptions.SecureServing.ExternalAddress = s.RecommendedOptions.SecureServing.Listener.Addr().(*net.TCPAddr).IP // use listener addr although it is a loopback device
+
+	_, thisFile, _, ok := runtime.Caller(0)
+	if !ok {
+		return result, fmt.Errorf("failed to get current file")
+	}
+	s.RecommendedOptions.SecureServing.ServerCert.FixtureDirectory = path.Join(path.Dir(thisFile), "testdata")
+
 	if storageConfig != nil {
 		s.RecommendedOptions.Etcd.StorageConfig = *storageConfig
 	}
@ -184,8 +194,8 @@ func StartTestServerOrDie(t Logger, instanceOptions *TestServerInstanceOptions,
 	return nil
 }

-func createListenerOnFreePort() (net.Listener, int, error) {
-	ln, err := net.Listen("tcp", ":0")
+func createLocalhostListenerOnFreePort() (net.Listener, int, error) {
+	ln, err := net.Listen("tcp", "127.0.0.1:0")
 	if err != nil {
 		return nil, 0, err
 	}