Merge pull request #101959 from lunhuijie/run-test5

Add test cases to the LoadClientConfig function

pkg/kubelet/certificate/bootstrap/bootstrap_test.go

@@ -19,6 +19,7 @@ package bootstrap
 import (
 	"context"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"os"
 	"reflect"
@@ -34,9 +35,254 @@ import (
 	certificatesclient "k8s.io/client-go/kubernetes/typed/certificates/v1beta1"
 	restclient "k8s.io/client-go/rest"
 	clienttesting "k8s.io/client-go/testing"
+	"k8s.io/client-go/util/certificate"
 	"k8s.io/client-go/util/keyutil"
 )
 
+func copyFile(src, dst string) (err error) {
+	in, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	defer in.Close()
+	out, err := os.Create(dst)
+	if err != nil {
+		return err
+	}
+	defer func() {
+		cerr := out.Close()
+		if err == nil {
+			err = cerr
+		}
+	}()
+	_, err = io.Copy(out, in)
+	return err
+}
+
+func TestLoadClientConfig(t *testing.T) {
+	//Create a temporary folder under tmp to store the required certificate files and configuration files.
+	fileDir := t.TempDir()
+	//Copy the required certificate file to the temporary directory.
+	copyFile("./testdata/mycertinvalid.crt", fileDir+"/mycertinvalid.crt")
+	copyFile("./testdata/mycertvalid.crt", fileDir+"/mycertvalid.crt")
+	copyFile("./testdata/mycertinvalid.key", fileDir+"/mycertinvalid.key")
+	copyFile("./testdata/mycertvalid.key", fileDir+"/mycertvalid.key")
+	testDataValid := []byte(`
+apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+    certificate-authority: ca-a.crt
+    server: https://cluster-a.com
+  name: cluster-a
+- cluster:
+    server: https://cluster-b.com
+  name: cluster-b
+contexts:
+- context:
+    cluster: cluster-a
+    namespace: ns-a
+    user: user-a
+  name: context-a
+- context:
+    cluster: cluster-b
+    namespace: ns-b
+    user: user-b
+  name: context-b
+current-context: context-b
+users:
+- name: user-a
+  user:
+    client-certificate: mycertvalid.crt
+    client-key: mycertvalid.key
+- name: user-b
+  user:
+    client-certificate: mycertvalid.crt
+    client-key: mycertvalid.key
+
+`)
+	filevalid, err := ioutil.TempFile(fileDir, "kubeconfigvalid")
+	if err != nil {
+		t.Fatal(err)
+	}
+	ioutil.WriteFile(filevalid.Name(), testDataValid, os.FileMode(0755))
+
+	testDataInvalid := []byte(`
+apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+    certificate-authority: ca-a.crt
+    server: https://cluster-a.com
+  name: cluster-a
+- cluster:
+    server: https://cluster-b.com
+  name: cluster-b
+contexts:
+- context:
+    cluster: cluster-a
+    namespace: ns-a
+    user: user-a
+  name: context-a
+- context:
+    cluster: cluster-b
+    namespace: ns-b
+    user: user-b
+  name: context-b
+current-context: context-b
+users:
+- name: user-a
+  user:
+    client-certificate: mycertinvalid.crt
+    client-key: mycertinvalid.key
+- name: user-b
+  user:
+    client-certificate: mycertinvalid.crt
+    client-key: mycertinvalid.key
+
+`)
+	fileinvalid, err := ioutil.TempFile(fileDir, "kubeconfiginvalid")
+	if err != nil {
+		t.Fatal(err)
+	}
+	ioutil.WriteFile(fileinvalid.Name(), testDataInvalid, os.FileMode(0755))
+
+	testDatabootstrap := []byte(`
+apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+    certificate-authority: ca-a.crt
+    server: https://cluster-a.com
+  name: cluster-a
+- cluster:
+    server: https://cluster-b.com
+  name: cluster-b
+contexts:
+- context:
+    cluster: cluster-a
+    namespace: ns-a
+    user: user-a
+  name: context-a
+- context:
+    cluster: cluster-b
+    namespace: ns-b
+    user: user-b
+  name: context-b
+current-context: context-b
+users:
+- name: user-a
+  user:
+   token: mytoken-b
+- name: user-b
+  user:
+   token: mytoken-b
+`)
+	fileboot, err := ioutil.TempFile(fileDir, "kubeconfig")
+	if err != nil {
+		t.Fatal(err)
+	}
+	ioutil.WriteFile(fileboot.Name(), testDatabootstrap, os.FileMode(0755))
+
+	dir, err := ioutil.TempDir(fileDir, "k8s-test-certstore-current")
+	if err != nil {
+		t.Fatalf("Unable to create the test directory %q: %v", dir, err)
+	}
+
+	store, err := certificate.NewFileStore("kubelet-client", dir, dir, "", "")
+	if err != nil {
+		t.Errorf("unable to build bootstrap cert store")
+	}
+
+	tests := []struct {
+		name                 string
+		kubeconfigPath       string
+		bootstrapPath        string
+		certDir              string
+		expectedCertConfig   *restclient.Config
+		expectedClientConfig *restclient.Config
+	}{
+		{
+			name:           "bootstrapPath is empty",
+			kubeconfigPath: filevalid.Name(),
+			bootstrapPath:  "",
+			certDir:        dir,
+			expectedCertConfig: &restclient.Config{
+				Host: "https://cluster-b.com",
+				TLSClientConfig: restclient.TLSClientConfig{
+					CertFile: fileDir + "/mycertvalid.crt",
+					KeyFile:  fileDir + "/mycertvalid.key",
+				},
+				BearerToken: "",
+			},
+			expectedClientConfig: &restclient.Config{
+				Host: "https://cluster-b.com",
+				TLSClientConfig: restclient.TLSClientConfig{
+					CertFile: fileDir + "/mycertvalid.crt",
+					KeyFile:  fileDir + "/mycertvalid.key",
+				},
+				BearerToken: "",
+			},
+		},
+		{
+			name:           "bootstrap path is set and the contents of kubeconfigPath are valid",
+			kubeconfigPath: filevalid.Name(),
+			bootstrapPath:  fileboot.Name(),
+			certDir:        dir,
+			expectedCertConfig: &restclient.Config{
+				Host: "https://cluster-b.com",
+				TLSClientConfig: restclient.TLSClientConfig{
+					CertFile: fileDir + "/mycertvalid.crt",
+					KeyFile:  fileDir + "/mycertvalid.key",
+				},
+				BearerToken: "",
+			},
+			expectedClientConfig: &restclient.Config{
+				Host: "https://cluster-b.com",
+				TLSClientConfig: restclient.TLSClientConfig{
+					CertFile: fileDir + "/mycertvalid.crt",
+					KeyFile:  fileDir + "/mycertvalid.key",
+				},
+				BearerToken: "",
+			},
+		},
+		{
+			name:           "bootstrap path is set and the contents of kubeconfigPath are not valid",
+			kubeconfigPath: fileinvalid.Name(),
+			bootstrapPath:  fileboot.Name(),
+			certDir:        dir,
+			expectedCertConfig: &restclient.Config{
+				Host:            "https://cluster-b.com",
+				TLSClientConfig: restclient.TLSClientConfig{},
+				BearerToken:     "mytoken-b",
+			},
+			expectedClientConfig: &restclient.Config{
+				Host: "https://cluster-b.com",
+				TLSClientConfig: restclient.TLSClientConfig{
+					CertFile: store.CurrentPath(),
+					KeyFile:  store.CurrentPath(),
+				},
+				BearerToken: "",
+			},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			certConfig, clientConfig, err := LoadClientConfig(test.kubeconfigPath, test.bootstrapPath, test.certDir)
+			if err != nil {
+				t.Fatal(err)
+			}
+			if !reflect.DeepEqual(certConfig, test.expectedCertConfig) {
+				t.Errorf("Unexpected certConfig: %s", diff.ObjectDiff(certConfig, test.expectedCertConfig))
+			}
+			if !reflect.DeepEqual(clientConfig, test.expectedClientConfig) {
+				t.Errorf("Unexpected clientConfig: %s", diff.ObjectDiff(clientConfig, test.expectedClientConfig))
+			}
+		})
+	}
+}
+
 func TestLoadRESTClientConfig(t *testing.T) {
 	testData := []byte(`
 apiVersion: v1

pkg/kubelet/certificate/bootstrap/testdata/README.md

@@ -0,0 +1,17 @@
+Keys in this directory are generated for testing purposes only.
+
+In this pr validCert(mycertvalid.crt):
+```
+Validity
+Not Before: Apr 26 23:26:52 2017 GMT
+Not After : Apr 2 23:26:52 2117 GMT
+```
+
+
+
+InvalidCert(mycertinvalid.crt):
+```
+Validity
+Not Before: Dec 16 06:46:25 2014 GMT
+Not After : Dec 16 06:46:25 2015 GMT
+```

pkg/kubelet/certificate/bootstrap/testdata/mycertinvalid.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICpzCCAY8CCQDWu9ClTyE4ADANBgkqhkiG9w0BAQUFADAXMRUwEwYDVQQDDAwi
+a3ViZXJuZXRlcyIwHhcNMTQxMjE2MDY0NjI1WhcNMTUxMjE2MDY0NjI1WjAUMRIw
+EAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCogtUXHT0lvympI8FUU+wxjueCDQmNPtVuaW0LQ0tH1oQwAB7NuFUgPBZsiN8o
+tI3P6EeuBM5nJwy1cP3x630ac1CIqb6zgmRsle15BYRfyVlIXfLYjjcCcMgfRIa/
+FFKAnX46fzL9I3re7ZntTv4XBp6dYm2zEIPureqgpJ369ewBNQ9T5wI+jg+EVryO
+dRFTaihW6Ukz82djEY9HqHHDg0YbiAa918ipPZ4YECDPH2fX1grVxO1AqveTkw2i
+LI/I7aqy4yqZCB1ar1wnrVzqNR0LcOFupFHj5WberwCao1yDd4C/yEK5tre6sq4v
+hwF2II8NFVY7GFQP/V/V5ET7AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAC891nLG
+CiggNRJPOS5rKhUBQa3uCgmsCTuwSf/bSrBMzfTkK5fQsqWvMks+ILYv4q6yGWYj
+eqCeNPetbRDTKAtfyI+J9rKGfmvP/cWMK1TVB7OFYGb31Ra6w05Cg9ngCPHvelBh
+0t4flVjTBv5MaVYpHQlRB+cQre2prd7qkd3hVHrO3Wf1I3VtqYaXQxyleVHq5FBD
+O2zFL2Y1zBb6SUmtK0C1CcUG5rUsasal3FvFkWqeqeN+EkP/7RvMDo4S5JOxbWQp
+OoebfirEQcUhz1duIb5th6UKhsJminFozHo0hRwenvhL5Q5sDiXn+1pcolj1gBzm
+Ivob4OleMUcIGTg=
+-----END CERTIFICATE-----

pkg/kubelet/certificate/bootstrap/testdata/mycertinvalid.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAqILVFx09Jb8pqSPBVFPsMY7ngg0JjT7VbmltC0NLR9aEMAAe
+zbhVIDwWbIjfKLSNz+hHrgTOZycMtXD98et9GnNQiKm+s4JkbJXteQWEX8lZSF3y
+2I43AnDIH0SGvxRSgJ1+On8y/SN63u2Z7U7+FwaenWJtsxCD7q3qoKSd+vXsATUP
+U+cCPo4PhFa8jnURU2ooVulJM/NnYxGPR6hxw4NGG4gGvdfIqT2eGBAgzx9n19YK
+1cTtQKr3k5MNoiyPyO2qsuMqmQgdWq9cJ61c6jUdC3DhbqRR4+Vm3q8AmqNcg3eA
+v8hCuba3urKuL4cBdiCPDRVWOxhUD/1f1eRE+wIDAQABAoIBAQCGv4gSYakh5Ak2
+XYcdHbbDslhh4HcA4XvePKOb3AX4vgsaLx5ytrIrgqETzSdV73tvA3k+KE28ordA
+58fJiduSKR//CG2cMeqIAiPRIJ5H0kR439dvX9mRNApzJmLxrRiEDGyB7nEhhxub
+5DewUfhRBVQU2j6Kb+xwEdaK+tfxcyVCKnloAh2PwBoSXcpK41ii0fvDzPwEuTqc
+LexUxEV2Z9ClxQ2sJ2MLE7x57TQK0Earrph/ew/MDSYfKnay1B5vcXPX8rAiQJdP
+Rc0BgeXV+j5pH+s5zOFMJRXrvI/9m+trr8MCYDrKooyFkk2cmsrxz3HvmJ3+t52s
+jSXd7RKBAoGBANH0eap41oDo4P9ZF/ngAu7l1Yu5Vk6vB7wGJhekavv6dl+lYpw1
+wUlKv32ZHmah8LvrRdyALHQRJ19V6NJiHlVwiJEEyXQWUsJTmvsvb7idEeU861iw
+0bFelJlW7GLCIH/02enWKwMH6oR50Wa1xTbI3CtizbEoWCTnSK5iC1HbAoGBAM13
+kR8vNHhgWKv/AgIYKFrPJjMXmKBfv/jUyKUfcQi9kIZMdaYpN5yPKZIkBIFOVHbG
+suH4/7cVA3ZCfQljY6PGLfZu7QPupvd5KrEbBuKGuIdxrUk6mmLjLEXhoYSAeaw/
+OsYKsGHdhWRstCB4R58jqpVcAr1pytxbx1oBxRNhAoGBAKv/pQBz1/5pSZHGsi6h
+RqXhoYzCu6LgHuz4+JHbv01IRVtbyKoCG6NoWfGR0+bueaHpPyVB16kKOIAQiBh6
+CzGhbC+phUPV2dya01c96D+MZZGv03mn+VFeE0x/ek35jNhmhXLcYgYsoQIALfz/
+ol2cNUpRugKM85Df7Jn3diCLAoGAS8xNRDTU5Yedjq3/nqgs0vtSe0y8KIXKO1C8
+SHYl6/SKyZCRYmAYPPBvhJM2+kDcVgkNWuHR7EebRFhY6kq5KmTk9eGMHIRBIlCX
+2EhBLPZIQudD5xzwcYSfA5SuUkRXHp0g4Ih281OWbyrO9J+KxIGS35DXDetmRA6z
+p1e5zWECgYEAulYIXb4tV8zKxJ+5/lLzeOZxzrvLMWv5YLlygjt5HWtCLl9B02Q7
++zGcMi9O5ASN1cuf5hiQNDvMOQnD5Pywe8/i8zP3QLVDcnlOY83n2Gl3Huh6w3O5
+l+hvRO3LAm0VZSFaJE8WBm45vm09vR0X+69pkcSl/cfyVHygMmhaZSs=
+-----END RSA PRIVATE KEY-----

pkg/kubelet/certificate/bootstrap/testdata/mycertvalid.crt

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICRzCCAfGgAwIBAgIJALMb7ecMIk3MMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
+BAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjEYMBYGA1UE
+CgwPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MRswGQYD
+VQQDDBJ0ZXN0LWNlcnRpZmljYXRlLTAwIBcNMTcwNDI2MjMyNjUyWhgPMjExNzA0
+MDIyMzI2NTJaMH4xCzAJBgNVBAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xDzANBgNV
+BAcMBkxvbmRvbjEYMBYGA1UECgwPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1J
+VCBEZXBhcnRtZW50MRswGQYDVQQDDBJ0ZXN0LWNlcnRpZmljYXRlLTAwXDANBgkq
+hkiG9w0BAQEFAANLADBIAkEAtBMa7NWpv3BVlKTCPGO/LEsguKqWHBtKzweMY2CV
+tAL1rQm913huhxF9w+ai76KQ3MHK5IVnLJjYYA5MzP2H5QIDAQABo1AwTjAdBgNV
+HQ4EFgQU22iy8aWkNSxv0nBxFxerfsvnZVMwHwYDVR0jBBgwFoAU22iy8aWkNSxv
+0nBxFxerfsvnZVMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAANBAEOefGbV
+NcHxklaW06w6OBYJPwpIhCVozC1qdxGX1dg8VkEKzjOzjgqVD30m59OFmSlBmHsl
+nkVA6wyOSDYBf3o=
+-----END CERTIFICATE-----

pkg/kubelet/certificate/bootstrap/testdata/mycertvalid.key

@@ -0,0 +1,10 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBUwIBADANBgkqhkiG9w0BAQEFAASCAT0wggE5AgEAAkEAtBMa7NWpv3BVlKTC
+PGO/LEsguKqWHBtKzweMY2CVtAL1rQm913huhxF9w+ai76KQ3MHK5IVnLJjYYA5M
+zP2H5QIDAQABAkAS9BfXab3OKpK3bIgNNyp+DQJKrZnTJ4Q+OjsqkpXvNltPJosf
+G8GsiKu/vAt4HGqI3eU77NvRI+mL4MnHRmXBAiEA3qM4FAtKSRBbcJzPxxLEUSwg
+XSCcosCktbkXvpYrS30CIQDPDxgqlwDEJQ0uKuHkZI38/SPWWqfUmkecwlbpXABK
+iQIgZX08DA8VfvcA5/Xj1Zjdey9FVY6POLXen6RPiabE97UCICp6eUW7ht+2jjar
+e35EltCRCjoejRHTuN9TC0uCoVipAiAXaJIx/Q47vGwiw6Y8KXsNU6y54gTbOSxX
+54LzHNk/+Q==
+-----END RSA PRIVATE KEY-----