mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 19:31:44 +00:00
cosmetic - test/integration/examples/apiserver_test.go - put test functions first
The file is too big, test functions should be put first for clarity.
This commit is contained in:
parent
5a15ae03f2
commit
18f4fa0f1a
@ -237,176 +237,6 @@ func TestAggregatedAPIServer(t *testing.T) {
|
||||
})
|
||||
}
|
||||
|
||||
func prepareAggregatedWardleAPIServer(ctx context.Context, t *testing.T, namespace string) (*kastesting.TestServer, *sampleserver.WardleServerOptions, int) {
|
||||
// makes the kube-apiserver very responsive. it's normally a minute
|
||||
dynamiccertificates.FileRefreshDuration = 1 * time.Second
|
||||
|
||||
// we need the wardle port information first to set up the service resolver
|
||||
listener, wardlePort, err := genericapiserveroptions.CreateListener("tcp", "127.0.0.1:0", net.ListenConfig{})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
// endpoints cannot have loopback IPs so we need to override the resolver itself
|
||||
t.Cleanup(app.SetServiceResolverForTests(staticURLServiceResolver(fmt.Sprintf("https://127.0.0.1:%d", wardlePort))))
|
||||
|
||||
testServer := kastesting.StartTestServerOrDie(t, &kastesting.TestServerInstanceOptions{EnableCertAuth: true, BinaryVersion: "1.32"}, nil, framework.SharedEtcd())
|
||||
t.Cleanup(func() { testServer.TearDownFn() })
|
||||
|
||||
kubeClient := client.NewForConfigOrDie(getKubeConfig(testServer))
|
||||
|
||||
// create the bare minimum resources required to be able to get the API service into an available state
|
||||
_, err = kubeClient.CoreV1().Namespaces().Create(ctx, &corev1.Namespace{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: namespace,
|
||||
},
|
||||
}, metav1.CreateOptions{})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
_, err = kubeClient.CoreV1().Services(namespace).Create(ctx, &corev1.Service{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "api",
|
||||
},
|
||||
Spec: corev1.ServiceSpec{
|
||||
ExternalName: "needs-to-be-non-empty",
|
||||
Type: corev1.ServiceTypeExternalName,
|
||||
},
|
||||
}, metav1.CreateOptions{})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
wardleOptions := sampleserver.NewWardleServerOptions(os.Stdout, os.Stderr)
|
||||
// ensure this is a SAN on the generated cert for service FQDN
|
||||
wardleOptions.AlternateDNS = []string{
|
||||
fmt.Sprintf("api.%s.svc", namespace),
|
||||
}
|
||||
wardleOptions.RecommendedOptions.SecureServing.Listener = listener
|
||||
wardleOptions.RecommendedOptions.SecureServing.BindAddress = netutils.ParseIPSloppy("127.0.0.1")
|
||||
|
||||
return testServer, wardleOptions, wardlePort
|
||||
}
|
||||
|
||||
func runPreparedWardleServer(
|
||||
ctx context.Context,
|
||||
t *testing.T,
|
||||
wardleOptions *sampleserver.WardleServerOptions,
|
||||
certDir string,
|
||||
wardlePort int,
|
||||
flunderBanningFeatureGate bool,
|
||||
emulationVersion string,
|
||||
kubeConfig *rest.Config,
|
||||
) *rest.Config {
|
||||
|
||||
// start the wardle server to prove we can aggregate it
|
||||
wardleToKASKubeConfigFile := writeKubeConfigForWardleServerToKASConnection(t, rest.CopyConfig(kubeConfig))
|
||||
t.Cleanup(func() { os.Remove(wardleToKASKubeConfigFile) })
|
||||
|
||||
go func() {
|
||||
args := []string{
|
||||
"--authentication-kubeconfig", wardleToKASKubeConfigFile,
|
||||
"--authorization-kubeconfig", wardleToKASKubeConfigFile,
|
||||
"--etcd-servers", framework.GetEtcdURL(),
|
||||
"--cert-dir", certDir,
|
||||
"--kubeconfig", wardleToKASKubeConfigFile,
|
||||
"--emulated-version", fmt.Sprintf("wardle=%s", emulationVersion),
|
||||
}
|
||||
if flunderBanningFeatureGate {
|
||||
args = append(args, "--feature-gates", "wardle:BanFlunder=true")
|
||||
}
|
||||
wardleCmd := sampleserver.NewCommandStartWardleServer(ctx, wardleOptions)
|
||||
wardleCmd.SetArgs(args)
|
||||
if err := wardleCmd.Execute(); err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
}()
|
||||
|
||||
directWardleClientConfig, err := waitForWardleRunning(ctx, t, kubeConfig, certDir, wardlePort)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
return directWardleClientConfig
|
||||
}
|
||||
|
||||
func waitForWardleAPIServiceReady(ctx context.Context, t *testing.T, kubeConfig *rest.Config, wardleCertDir string, namespace string) {
|
||||
kubeClient := client.NewForConfigOrDie(kubeConfig)
|
||||
aggregatorClient := aggregatorclient.NewForConfigOrDie(kubeConfig)
|
||||
|
||||
wardleCA, err := os.ReadFile(wardleCAFilePath(wardleCertDir))
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
_, err = aggregatorClient.ApiregistrationV1().APIServices().Create(ctx, &apiregistrationv1.APIService{
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "v1alpha1.wardle.example.com"},
|
||||
Spec: apiregistrationv1.APIServiceSpec{
|
||||
Service: &apiregistrationv1.ServiceReference{
|
||||
Namespace: namespace,
|
||||
Name: "api",
|
||||
},
|
||||
Group: "wardle.example.com",
|
||||
Version: "v1alpha1",
|
||||
CABundle: wardleCA,
|
||||
GroupPriorityMinimum: 200,
|
||||
VersionPriority: 200,
|
||||
},
|
||||
}, metav1.CreateOptions{})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// wait for the API service to be available
|
||||
err = wait.Poll(time.Second, wait.ForeverTestTimeout, func() (done bool, err error) {
|
||||
apiService, err := aggregatorClient.ApiregistrationV1().APIServices().Get(ctx, "v1alpha1.wardle.example.com", metav1.GetOptions{})
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
var available bool
|
||||
for _, condition := range apiService.Status.Conditions {
|
||||
if condition.Type == apiregistrationv1.Available && condition.Status == apiregistrationv1.ConditionTrue {
|
||||
available = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !available {
|
||||
t.Log("api service is not available", apiService.Status.Conditions)
|
||||
return false, nil
|
||||
}
|
||||
|
||||
// make sure discovery is healthy overall
|
||||
_, _, err = kubeClient.Discovery().ServerGroupsAndResources()
|
||||
if err != nil {
|
||||
t.Log("discovery failed", err)
|
||||
return false, nil
|
||||
}
|
||||
|
||||
// make sure we have the wardle resources in discovery
|
||||
apiResources, err := kubeClient.Discovery().ServerResourcesForGroupVersion("wardle.example.com/v1alpha1")
|
||||
if err != nil {
|
||||
t.Log("wardle discovery failed", err)
|
||||
return false, nil
|
||||
}
|
||||
if len(apiResources.APIResources) != 2 {
|
||||
t.Log("wardle discovery has wrong resources", apiResources.APIResources)
|
||||
return false, nil
|
||||
}
|
||||
resources := make([]string, 0, 2)
|
||||
for _, resource := range apiResources.APIResources {
|
||||
resource := resource
|
||||
resources = append(resources, resource.Name)
|
||||
}
|
||||
sort.Strings(resources)
|
||||
if !reflect.DeepEqual([]string{"fischers", "flunders"}, resources) {
|
||||
return false, fmt.Errorf("unexpected resources: %v", resources)
|
||||
}
|
||||
|
||||
return true, nil
|
||||
})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func testAggregatedAPIServer(t *testing.T, flunderBanningFeatureGate bool, emulationVersion string) {
|
||||
const testNamespace = "kube-wardle"
|
||||
|
||||
@ -580,55 +410,6 @@ func testAggregatedAPIServer(t *testing.T, flunderBanningFeatureGate bool, emula
|
||||
}
|
||||
}
|
||||
|
||||
func getKubeConfig(testServer *kastesting.TestServer) *rest.Config {
|
||||
kubeClientConfig := rest.CopyConfig(testServer.ClientConfig)
|
||||
// force json because everything speaks it
|
||||
kubeClientConfig.ContentType = ""
|
||||
kubeClientConfig.AcceptContentTypes = ""
|
||||
|
||||
return kubeClientConfig
|
||||
}
|
||||
|
||||
func waitForWardleRunning(ctx context.Context, t *testing.T, wardleToKASKubeConfig *rest.Config, wardleCertDir string, wardlePort int) (*rest.Config, error) {
|
||||
directWardleClientConfig := rest.AnonymousClientConfig(rest.CopyConfig(wardleToKASKubeConfig))
|
||||
directWardleClientConfig.CAFile = wardleCAFilePath(wardleCertDir)
|
||||
directWardleClientConfig.CAData = nil
|
||||
directWardleClientConfig.ServerName = ""
|
||||
directWardleClientConfig.BearerToken = wardleToKASKubeConfig.BearerToken
|
||||
var wardleClient client.Interface
|
||||
lastHealthContent := []byte{}
|
||||
var lastHealthErr error
|
||||
err := wait.PollImmediate(100*time.Millisecond, 10*time.Second, func() (done bool, err error) {
|
||||
if _, err := os.Stat(directWardleClientConfig.CAFile); os.IsNotExist(err) { // wait until the file trust is created
|
||||
lastHealthErr = err
|
||||
return false, nil
|
||||
}
|
||||
directWardleClientConfig.Host = fmt.Sprintf("https://127.0.0.1:%d", wardlePort)
|
||||
wardleClient, err = client.NewForConfig(directWardleClientConfig)
|
||||
if err != nil {
|
||||
// this happens because we race the API server start
|
||||
t.Log(err)
|
||||
return false, nil
|
||||
}
|
||||
healthStatus := 0
|
||||
result := wardleClient.Discovery().RESTClient().Get().AbsPath("/healthz").Do(ctx).StatusCode(&healthStatus)
|
||||
lastHealthContent, lastHealthErr = result.Raw()
|
||||
if healthStatus != http.StatusOK {
|
||||
return false, nil
|
||||
}
|
||||
return true, nil
|
||||
})
|
||||
if err != nil {
|
||||
t.Log(string(lastHealthContent))
|
||||
t.Log(lastHealthErr)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return directWardleClientConfig, nil
|
||||
}
|
||||
|
||||
func wardleCAFilePath(wardleCertDir string) string { return path.Join(wardleCertDir, "apiserver.crt") }
|
||||
|
||||
func TestAggregatedAPIServerRejectRedirectResponse(t *testing.T) {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
|
||||
t.Cleanup(cancel)
|
||||
@ -743,6 +524,225 @@ func TestAggregatedAPIServerRejectRedirectResponse(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func prepareAggregatedWardleAPIServer(ctx context.Context, t *testing.T, namespace string) (*kastesting.TestServer, *sampleserver.WardleServerOptions, int) {
|
||||
// makes the kube-apiserver very responsive. it's normally a minute
|
||||
dynamiccertificates.FileRefreshDuration = 1 * time.Second
|
||||
|
||||
// we need the wardle port information first to set up the service resolver
|
||||
listener, wardlePort, err := genericapiserveroptions.CreateListener("tcp", "127.0.0.1:0", net.ListenConfig{})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
// endpoints cannot have loopback IPs so we need to override the resolver itself
|
||||
t.Cleanup(app.SetServiceResolverForTests(staticURLServiceResolver(fmt.Sprintf("https://127.0.0.1:%d", wardlePort))))
|
||||
|
||||
testServer := kastesting.StartTestServerOrDie(t, &kastesting.TestServerInstanceOptions{EnableCertAuth: true, BinaryVersion: "1.32"}, nil, framework.SharedEtcd())
|
||||
t.Cleanup(func() { testServer.TearDownFn() })
|
||||
|
||||
kubeClient := client.NewForConfigOrDie(getKubeConfig(testServer))
|
||||
|
||||
// create the bare minimum resources required to be able to get the API service into an available state
|
||||
_, err = kubeClient.CoreV1().Namespaces().Create(ctx, &corev1.Namespace{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: namespace,
|
||||
},
|
||||
}, metav1.CreateOptions{})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
_, err = kubeClient.CoreV1().Services(namespace).Create(ctx, &corev1.Service{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "api",
|
||||
},
|
||||
Spec: corev1.ServiceSpec{
|
||||
ExternalName: "needs-to-be-non-empty",
|
||||
Type: corev1.ServiceTypeExternalName,
|
||||
},
|
||||
}, metav1.CreateOptions{})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
wardleOptions := sampleserver.NewWardleServerOptions(os.Stdout, os.Stderr)
|
||||
// ensure this is a SAN on the generated cert for service FQDN
|
||||
wardleOptions.AlternateDNS = []string{
|
||||
fmt.Sprintf("api.%s.svc", namespace),
|
||||
}
|
||||
wardleOptions.RecommendedOptions.SecureServing.Listener = listener
|
||||
wardleOptions.RecommendedOptions.SecureServing.BindAddress = netutils.ParseIPSloppy("127.0.0.1")
|
||||
|
||||
return testServer, wardleOptions, wardlePort
|
||||
}
|
||||
|
||||
func runPreparedWardleServer(
|
||||
ctx context.Context,
|
||||
t *testing.T,
|
||||
wardleOptions *sampleserver.WardleServerOptions,
|
||||
certDir string,
|
||||
wardlePort int,
|
||||
flunderBanningFeatureGate bool,
|
||||
emulationVersion string,
|
||||
kubeConfig *rest.Config,
|
||||
) *rest.Config {
|
||||
|
||||
// start the wardle server to prove we can aggregate it
|
||||
wardleToKASKubeConfigFile := writeKubeConfigForWardleServerToKASConnection(t, rest.CopyConfig(kubeConfig))
|
||||
t.Cleanup(func() { os.Remove(wardleToKASKubeConfigFile) })
|
||||
|
||||
go func() {
|
||||
args := []string{
|
||||
"--authentication-kubeconfig", wardleToKASKubeConfigFile,
|
||||
"--authorization-kubeconfig", wardleToKASKubeConfigFile,
|
||||
"--etcd-servers", framework.GetEtcdURL(),
|
||||
"--cert-dir", certDir,
|
||||
"--kubeconfig", wardleToKASKubeConfigFile,
|
||||
"--emulated-version", fmt.Sprintf("wardle=%s", emulationVersion),
|
||||
}
|
||||
if flunderBanningFeatureGate {
|
||||
args = append(args, "--feature-gates", "wardle:BanFlunder=true")
|
||||
}
|
||||
wardleCmd := sampleserver.NewCommandStartWardleServer(ctx, wardleOptions)
|
||||
wardleCmd.SetArgs(args)
|
||||
if err := wardleCmd.Execute(); err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
}()
|
||||
|
||||
directWardleClientConfig, err := waitForWardleRunning(ctx, t, kubeConfig, certDir, wardlePort)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
return directWardleClientConfig
|
||||
}
|
||||
|
||||
func waitForWardleAPIServiceReady(ctx context.Context, t *testing.T, kubeConfig *rest.Config, wardleCertDir string, namespace string) {
|
||||
kubeClient := client.NewForConfigOrDie(kubeConfig)
|
||||
aggregatorClient := aggregatorclient.NewForConfigOrDie(kubeConfig)
|
||||
|
||||
wardleCA, err := os.ReadFile(wardleCAFilePath(wardleCertDir))
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
_, err = aggregatorClient.ApiregistrationV1().APIServices().Create(ctx, &apiregistrationv1.APIService{
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "v1alpha1.wardle.example.com"},
|
||||
Spec: apiregistrationv1.APIServiceSpec{
|
||||
Service: &apiregistrationv1.ServiceReference{
|
||||
Namespace: namespace,
|
||||
Name: "api",
|
||||
},
|
||||
Group: "wardle.example.com",
|
||||
Version: "v1alpha1",
|
||||
CABundle: wardleCA,
|
||||
GroupPriorityMinimum: 200,
|
||||
VersionPriority: 200,
|
||||
},
|
||||
}, metav1.CreateOptions{})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// wait for the API service to be available
|
||||
err = wait.Poll(time.Second, wait.ForeverTestTimeout, func() (done bool, err error) {
|
||||
apiService, err := aggregatorClient.ApiregistrationV1().APIServices().Get(ctx, "v1alpha1.wardle.example.com", metav1.GetOptions{})
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
var available bool
|
||||
for _, condition := range apiService.Status.Conditions {
|
||||
if condition.Type == apiregistrationv1.Available && condition.Status == apiregistrationv1.ConditionTrue {
|
||||
available = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !available {
|
||||
t.Log("api service is not available", apiService.Status.Conditions)
|
||||
return false, nil
|
||||
}
|
||||
|
||||
// make sure discovery is healthy overall
|
||||
_, _, err = kubeClient.Discovery().ServerGroupsAndResources()
|
||||
if err != nil {
|
||||
t.Log("discovery failed", err)
|
||||
return false, nil
|
||||
}
|
||||
|
||||
// make sure we have the wardle resources in discovery
|
||||
apiResources, err := kubeClient.Discovery().ServerResourcesForGroupVersion("wardle.example.com/v1alpha1")
|
||||
if err != nil {
|
||||
t.Log("wardle discovery failed", err)
|
||||
return false, nil
|
||||
}
|
||||
if len(apiResources.APIResources) != 2 {
|
||||
t.Log("wardle discovery has wrong resources", apiResources.APIResources)
|
||||
return false, nil
|
||||
}
|
||||
resources := make([]string, 0, 2)
|
||||
for _, resource := range apiResources.APIResources {
|
||||
resource := resource
|
||||
resources = append(resources, resource.Name)
|
||||
}
|
||||
sort.Strings(resources)
|
||||
if !reflect.DeepEqual([]string{"fischers", "flunders"}, resources) {
|
||||
return false, fmt.Errorf("unexpected resources: %v", resources)
|
||||
}
|
||||
|
||||
return true, nil
|
||||
})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func getKubeConfig(testServer *kastesting.TestServer) *rest.Config {
|
||||
kubeClientConfig := rest.CopyConfig(testServer.ClientConfig)
|
||||
// force json because everything speaks it
|
||||
kubeClientConfig.ContentType = ""
|
||||
kubeClientConfig.AcceptContentTypes = ""
|
||||
|
||||
return kubeClientConfig
|
||||
}
|
||||
|
||||
func waitForWardleRunning(ctx context.Context, t *testing.T, wardleToKASKubeConfig *rest.Config, wardleCertDir string, wardlePort int) (*rest.Config, error) {
|
||||
directWardleClientConfig := rest.AnonymousClientConfig(rest.CopyConfig(wardleToKASKubeConfig))
|
||||
directWardleClientConfig.CAFile = wardleCAFilePath(wardleCertDir)
|
||||
directWardleClientConfig.CAData = nil
|
||||
directWardleClientConfig.ServerName = ""
|
||||
directWardleClientConfig.BearerToken = wardleToKASKubeConfig.BearerToken
|
||||
var wardleClient client.Interface
|
||||
lastHealthContent := []byte{}
|
||||
var lastHealthErr error
|
||||
err := wait.PollImmediate(100*time.Millisecond, 10*time.Second, func() (done bool, err error) {
|
||||
if _, err := os.Stat(directWardleClientConfig.CAFile); os.IsNotExist(err) { // wait until the file trust is created
|
||||
lastHealthErr = err
|
||||
return false, nil
|
||||
}
|
||||
directWardleClientConfig.Host = fmt.Sprintf("https://127.0.0.1:%d", wardlePort)
|
||||
wardleClient, err = client.NewForConfig(directWardleClientConfig)
|
||||
if err != nil {
|
||||
// this happens because we race the API server start
|
||||
t.Log(err)
|
||||
return false, nil
|
||||
}
|
||||
healthStatus := 0
|
||||
result := wardleClient.Discovery().RESTClient().Get().AbsPath("/healthz").Do(ctx).StatusCode(&healthStatus)
|
||||
lastHealthContent, lastHealthErr = result.Raw()
|
||||
if healthStatus != http.StatusOK {
|
||||
return false, nil
|
||||
}
|
||||
return true, nil
|
||||
})
|
||||
if err != nil {
|
||||
t.Log(string(lastHealthContent))
|
||||
t.Log(lastHealthErr)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return directWardleClientConfig, nil
|
||||
}
|
||||
|
||||
func wardleCAFilePath(wardleCertDir string) string { return path.Join(wardleCertDir, "apiserver.crt") }
|
||||
|
||||
func writeKubeConfigForWardleServerToKASConnection(t *testing.T, kubeClientConfig *rest.Config) string {
|
||||
// write a kubeconfig out for starting other API servers with delegated auth. remember, no in-cluster config
|
||||
// the loopback client config uses a loopback cert with different SNI. We need to use the "real"
|
||||
|
Loading…
Reference in New Issue
Block a user