From 47fdbd97d353291e3436af9481d34dd49910c8a4 Mon Sep 17 00:00:00 2001 From: TommyStarK Date: Thu, 10 Nov 2022 16:20:20 +0100 Subject: [PATCH] cmd/kube-apiserver/app/options: Improving test coverage Signed-off-by: TommyStarK --- .../app/options/validation_test.go | 110 ++++++++++++++++-- 1 file changed, 102 insertions(+), 8 deletions(-) diff --git a/cmd/kube-apiserver/app/options/validation_test.go b/cmd/kube-apiserver/app/options/validation_test.go index e77517e372a..48611881732 100644 --- a/cmd/kube-apiserver/app/options/validation_test.go +++ b/cmd/kube-apiserver/app/options/validation_test.go @@ -22,7 +22,10 @@ import ( "testing" utilnet "k8s.io/apimachinery/pkg/util/net" + kubeapiserveradmission "k8s.io/apiserver/pkg/admission" genericoptions "k8s.io/apiserver/pkg/server/options" + basemetrics "k8s.io/component-base/metrics" + kubeoptions "k8s.io/kubernetes/pkg/kubeapiserver/options" netutils "k8s.io/utils/net" ) @@ -89,7 +92,11 @@ func TestClusterServiceIPRange(t *testing.T) { expectErrors: true, options: makeOptionsWithCIDRs("10.0.0.0/16", "3000::/64"), }, - + { + name: "more than two entries", + expectErrors: true, + options: makeOptionsWithCIDRs("10.0.0.0/16,244.0.0.0/16", "3000::/108"), + }, /* success cases */ { name: "valid primary", @@ -106,11 +113,6 @@ func TestClusterServiceIPRange(t *testing.T) { expectErrors: false, options: makeOptionsWithCIDRs("10.0.0.0/16", "3000::/108"), }, - { - name: "valid v6-v4 dual stack", - expectErrors: false, - options: makeOptionsWithCIDRs("3000::/108", "10.0.0.0/16"), - }, } for _, tc := range testCases { @@ -218,7 +220,7 @@ func TestValidateMaxCIDRRange(t *testing.T) { expectErrors: false, }, { - name: "ipv4 cidr to big", + name: "ipv4 cidr too big", cidr: *getIPnetFromCIDR("10.92.0.0/8"), maxCIDRBits: 20, cidrFlag: "--service-cluster-ip-range", @@ -226,7 +228,7 @@ func TestValidateMaxCIDRRange(t *testing.T) { expectErrors: true, }, { - name: "ipv6 cidr to big", + name: "ipv6 cidr too big", cidr: *getIPnetFromCIDR("3000::/64"), maxCIDRBits: 20, cidrFlag: "--service-cluster-ip-range", @@ -279,6 +281,10 @@ func TestValidateAPIPriorityAndFairness(t *testing.T) { runtimeConfig: "flowcontrol.apiserver.k8s.io/v1beta3=false", errShouldContain: conflict, }, + { + runtimeConfig: "flowcontrol.apiserver.k8s.io/v1beta3=true", + errShouldContain: "", + }, } for _, test := range tests { @@ -301,3 +307,91 @@ func TestValidateAPIPriorityAndFairness(t *testing.T) { }) } } + +func TestValidateServerRunOptions(t *testing.T) { + cidrOpts := makeOptionsWithCIDRs("10.0.0.0/16", "3000::/64") + nodePortOpts := makeOptionsWithPort(-1, 30065, 1) + + testCases := []struct { + name string + options *ServerRunOptions + expectErrors bool + }{ + { + name: "validate master count equal 0", + expectErrors: true, + options: &ServerRunOptions{ + MasterCount: 0, + GenericServerRunOptions: &genericoptions.ServerRunOptions{}, + Etcd: &genericoptions.EtcdOptions{}, + SecureServing: &genericoptions.SecureServingOptionsWithLoopback{}, + Audit: &genericoptions.AuditOptions{}, + Admission: &kubeoptions.AdmissionOptions{ + GenericAdmission: &genericoptions.AdmissionOptions{ + EnablePlugins: []string{"foo"}, + Plugins: kubeapiserveradmission.NewPlugins(), + }, + PluginNames: []string{"foo"}, + }, + Authentication: &kubeoptions.BuiltInAuthenticationOptions{ + APIAudiences: []string{"bar"}, + ServiceAccounts: &kubeoptions.ServiceAccountAuthenticationOptions{ + Issuers: []string{"baz"}, + }, + }, + Authorization: &kubeoptions.BuiltInAuthorizationOptions{}, + APIEnablement: genericoptions.NewAPIEnablementOptions(), + Metrics: &basemetrics.Options{}, + ServiceClusterIPRanges: cidrOpts.ServiceClusterIPRanges, + PrimaryServiceClusterIPRange: cidrOpts.PrimaryServiceClusterIPRange, + SecondaryServiceClusterIPRange: cidrOpts.SecondaryServiceClusterIPRange, + ServiceNodePortRange: nodePortOpts.ServiceNodePortRange, + KubernetesServiceNodePort: nodePortOpts.KubernetesServiceNodePort, + ServiceAccountSigningKeyFile: "", + }, + }, + { + name: "validate token request enable not attempted", + expectErrors: true, + options: &ServerRunOptions{ + MasterCount: 1, + GenericServerRunOptions: &genericoptions.ServerRunOptions{}, + Etcd: &genericoptions.EtcdOptions{}, + SecureServing: &genericoptions.SecureServingOptionsWithLoopback{}, + Audit: &genericoptions.AuditOptions{}, + Admission: &kubeoptions.AdmissionOptions{ + GenericAdmission: &genericoptions.AdmissionOptions{ + EnablePlugins: []string{""}, + Plugins: kubeapiserveradmission.NewPlugins(), + }, + PluginNames: []string{""}, + }, + Authentication: &kubeoptions.BuiltInAuthenticationOptions{ + ServiceAccounts: &kubeoptions.ServiceAccountAuthenticationOptions{}, + }, + Authorization: &kubeoptions.BuiltInAuthorizationOptions{}, + APIEnablement: genericoptions.NewAPIEnablementOptions(), + Metrics: &basemetrics.Options{}, + ServiceClusterIPRanges: cidrOpts.ServiceClusterIPRanges, + PrimaryServiceClusterIPRange: cidrOpts.PrimaryServiceClusterIPRange, + SecondaryServiceClusterIPRange: cidrOpts.SecondaryServiceClusterIPRange, + ServiceNodePortRange: nodePortOpts.ServiceNodePortRange, + KubernetesServiceNodePort: nodePortOpts.KubernetesServiceNodePort, + ServiceAccountSigningKeyFile: "", + }, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + errs := tc.options.Validate() + if len(errs) > 0 && !tc.expectErrors { + t.Errorf("expected no errors, errors found %+v", errs) + } + + if len(errs) == 0 && tc.expectErrors { + t.Errorf("expected errors, no errors found") + } + }) + } +}