From ce08fd59767a851208092966d6f286e6747d035f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=81=E6=B5=A9=2010284789?= Date: Sat, 10 Apr 2021 09:00:05 +0000 Subject: [PATCH] Add test cases to the LoadClientConfig function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 刁浩 10284789 --- .../certificate/bootstrap/bootstrap_test.go | 246 ++++++++++++++++++ .../certificate/bootstrap/testdata/README.md | 17 ++ .../bootstrap/testdata/mycertinvalid.crt | 17 ++ .../bootstrap/testdata/mycertinvalid.key | 27 ++ .../bootstrap/testdata/mycertvalid.crt | 15 ++ .../bootstrap/testdata/mycertvalid.key | 10 + 6 files changed, 332 insertions(+) create mode 100644 pkg/kubelet/certificate/bootstrap/testdata/README.md create mode 100644 pkg/kubelet/certificate/bootstrap/testdata/mycertinvalid.crt create mode 100644 pkg/kubelet/certificate/bootstrap/testdata/mycertinvalid.key create mode 100644 pkg/kubelet/certificate/bootstrap/testdata/mycertvalid.crt create mode 100644 pkg/kubelet/certificate/bootstrap/testdata/mycertvalid.key diff --git a/pkg/kubelet/certificate/bootstrap/bootstrap_test.go b/pkg/kubelet/certificate/bootstrap/bootstrap_test.go index afd2cf7851f..af80fdfad7f 100644 --- a/pkg/kubelet/certificate/bootstrap/bootstrap_test.go +++ b/pkg/kubelet/certificate/bootstrap/bootstrap_test.go @@ -19,6 +19,7 @@ package bootstrap import ( "context" "fmt" + "io" "io/ioutil" "os" "reflect" @@ -34,9 +35,254 @@ import ( certificatesclient "k8s.io/client-go/kubernetes/typed/certificates/v1beta1" restclient "k8s.io/client-go/rest" clienttesting "k8s.io/client-go/testing" + "k8s.io/client-go/util/certificate" "k8s.io/client-go/util/keyutil" ) +func copyFile(src, dst string) (err error) { + in, err := os.Open(src) + if err != nil { + return err + } + defer in.Close() + out, err := os.Create(dst) + if err != nil { + return err + } + defer func() { + cerr := out.Close() + if err == nil { + err = cerr + } + }() + _, err = io.Copy(out, in) + return err +} + +func TestLoadClientConfig(t *testing.T) { + //Create a temporary folder under tmp to store the required certificate files and configuration files. + fileDir := t.TempDir() + //Copy the required certificate file to the temporary directory. + copyFile("./testdata/mycertinvalid.crt", fileDir+"/mycertinvalid.crt") + copyFile("./testdata/mycertvalid.crt", fileDir+"/mycertvalid.crt") + copyFile("./testdata/mycertinvalid.key", fileDir+"/mycertinvalid.key") + copyFile("./testdata/mycertvalid.key", fileDir+"/mycertvalid.key") + testDataValid := []byte(` +apiVersion: v1 +kind: Config +clusters: +- cluster: + certificate-authority: ca-a.crt + server: https://cluster-a.com + name: cluster-a +- cluster: + server: https://cluster-b.com + name: cluster-b +contexts: +- context: + cluster: cluster-a + namespace: ns-a + user: user-a + name: context-a +- context: + cluster: cluster-b + namespace: ns-b + user: user-b + name: context-b +current-context: context-b +users: +- name: user-a + user: + client-certificate: mycertvalid.crt + client-key: mycertvalid.key +- name: user-b + user: + client-certificate: mycertvalid.crt + client-key: mycertvalid.key + +`) + filevalid, err := ioutil.TempFile(fileDir, "kubeconfigvalid") + if err != nil { + t.Fatal(err) + } + ioutil.WriteFile(filevalid.Name(), testDataValid, os.FileMode(0755)) + + testDataInvalid := []byte(` +apiVersion: v1 +kind: Config +clusters: +- cluster: + certificate-authority: ca-a.crt + server: https://cluster-a.com + name: cluster-a +- cluster: + server: https://cluster-b.com + name: cluster-b +contexts: +- context: + cluster: cluster-a + namespace: ns-a + user: user-a + name: context-a +- context: + cluster: cluster-b + namespace: ns-b + user: user-b + name: context-b +current-context: context-b +users: +- name: user-a + user: + client-certificate: mycertinvalid.crt + client-key: mycertinvalid.key +- name: user-b + user: + client-certificate: mycertinvalid.crt + client-key: mycertinvalid.key + +`) + fileinvalid, err := ioutil.TempFile(fileDir, "kubeconfiginvalid") + if err != nil { + t.Fatal(err) + } + ioutil.WriteFile(fileinvalid.Name(), testDataInvalid, os.FileMode(0755)) + + testDatabootstrap := []byte(` +apiVersion: v1 +kind: Config +clusters: +- cluster: + certificate-authority: ca-a.crt + server: https://cluster-a.com + name: cluster-a +- cluster: + server: https://cluster-b.com + name: cluster-b +contexts: +- context: + cluster: cluster-a + namespace: ns-a + user: user-a + name: context-a +- context: + cluster: cluster-b + namespace: ns-b + user: user-b + name: context-b +current-context: context-b +users: +- name: user-a + user: + token: mytoken-b +- name: user-b + user: + token: mytoken-b +`) + fileboot, err := ioutil.TempFile(fileDir, "kubeconfig") + if err != nil { + t.Fatal(err) + } + ioutil.WriteFile(fileboot.Name(), testDatabootstrap, os.FileMode(0755)) + + dir, err := ioutil.TempDir(fileDir, "k8s-test-certstore-current") + if err != nil { + t.Fatalf("Unable to create the test directory %q: %v", dir, err) + } + + store, err := certificate.NewFileStore("kubelet-client", dir, dir, "", "") + if err != nil { + t.Errorf("unable to build bootstrap cert store") + } + + tests := []struct { + name string + kubeconfigPath string + bootstrapPath string + certDir string + expectedCertConfig *restclient.Config + expectedClientConfig *restclient.Config + }{ + { + name: "bootstrapPath is empty", + kubeconfigPath: filevalid.Name(), + bootstrapPath: "", + certDir: dir, + expectedCertConfig: &restclient.Config{ + Host: "https://cluster-b.com", + TLSClientConfig: restclient.TLSClientConfig{ + CertFile: fileDir + "/mycertvalid.crt", + KeyFile: fileDir + "/mycertvalid.key", + }, + BearerToken: "", + }, + expectedClientConfig: &restclient.Config{ + Host: "https://cluster-b.com", + TLSClientConfig: restclient.TLSClientConfig{ + CertFile: fileDir + "/mycertvalid.crt", + KeyFile: fileDir + "/mycertvalid.key", + }, + BearerToken: "", + }, + }, + { + name: "bootstrap path is set and the contents of kubeconfigPath are valid", + kubeconfigPath: filevalid.Name(), + bootstrapPath: fileboot.Name(), + certDir: dir, + expectedCertConfig: &restclient.Config{ + Host: "https://cluster-b.com", + TLSClientConfig: restclient.TLSClientConfig{ + CertFile: fileDir + "/mycertvalid.crt", + KeyFile: fileDir + "/mycertvalid.key", + }, + BearerToken: "", + }, + expectedClientConfig: &restclient.Config{ + Host: "https://cluster-b.com", + TLSClientConfig: restclient.TLSClientConfig{ + CertFile: fileDir + "/mycertvalid.crt", + KeyFile: fileDir + "/mycertvalid.key", + }, + BearerToken: "", + }, + }, + { + name: "bootstrap path is set and the contents of kubeconfigPath are not valid", + kubeconfigPath: fileinvalid.Name(), + bootstrapPath: fileboot.Name(), + certDir: dir, + expectedCertConfig: &restclient.Config{ + Host: "https://cluster-b.com", + TLSClientConfig: restclient.TLSClientConfig{}, + BearerToken: "mytoken-b", + }, + expectedClientConfig: &restclient.Config{ + Host: "https://cluster-b.com", + TLSClientConfig: restclient.TLSClientConfig{ + CertFile: store.CurrentPath(), + KeyFile: store.CurrentPath(), + }, + BearerToken: "", + }, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + certConfig, clientConfig, err := LoadClientConfig(test.kubeconfigPath, test.bootstrapPath, test.certDir) + if err != nil { + t.Fatal(err) + } + if !reflect.DeepEqual(certConfig, test.expectedCertConfig) { + t.Errorf("Unexpected certConfig: %s", diff.ObjectDiff(certConfig, test.expectedCertConfig)) + } + if !reflect.DeepEqual(clientConfig, test.expectedClientConfig) { + t.Errorf("Unexpected clientConfig: %s", diff.ObjectDiff(clientConfig, test.expectedClientConfig)) + } + }) + } +} + func TestLoadRESTClientConfig(t *testing.T) { testData := []byte(` apiVersion: v1 diff --git a/pkg/kubelet/certificate/bootstrap/testdata/README.md b/pkg/kubelet/certificate/bootstrap/testdata/README.md new file mode 100644 index 00000000000..5c26ac4f517 --- /dev/null +++ b/pkg/kubelet/certificate/bootstrap/testdata/README.md @@ -0,0 +1,17 @@ +Keys in this directory are generated for testing purposes only. + +In this pr validCert(mycertvalid.crt): +``` +Validity +Not Before: Apr 26 23:26:52 2017 GMT +Not After : Apr 2 23:26:52 2117 GMT +``` + + + +InvalidCert(mycertinvalid.crt): +``` +Validity +Not Before: Dec 16 06:46:25 2014 GMT +Not After : Dec 16 06:46:25 2015 GMT +``` \ No newline at end of file diff --git a/pkg/kubelet/certificate/bootstrap/testdata/mycertinvalid.crt b/pkg/kubelet/certificate/bootstrap/testdata/mycertinvalid.crt new file mode 100644 index 00000000000..a98e44be9cb --- /dev/null +++ b/pkg/kubelet/certificate/bootstrap/testdata/mycertinvalid.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpzCCAY8CCQDWu9ClTyE4ADANBgkqhkiG9w0BAQUFADAXMRUwEwYDVQQDDAwi +a3ViZXJuZXRlcyIwHhcNMTQxMjE2MDY0NjI1WhcNMTUxMjE2MDY0NjI1WjAUMRIw +EAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCogtUXHT0lvympI8FUU+wxjueCDQmNPtVuaW0LQ0tH1oQwAB7NuFUgPBZsiN8o +tI3P6EeuBM5nJwy1cP3x630ac1CIqb6zgmRsle15BYRfyVlIXfLYjjcCcMgfRIa/ +FFKAnX46fzL9I3re7ZntTv4XBp6dYm2zEIPureqgpJ369ewBNQ9T5wI+jg+EVryO +dRFTaihW6Ukz82djEY9HqHHDg0YbiAa918ipPZ4YECDPH2fX1grVxO1AqveTkw2i +LI/I7aqy4yqZCB1ar1wnrVzqNR0LcOFupFHj5WberwCao1yDd4C/yEK5tre6sq4v +hwF2II8NFVY7GFQP/V/V5ET7AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAC891nLG +CiggNRJPOS5rKhUBQa3uCgmsCTuwSf/bSrBMzfTkK5fQsqWvMks+ILYv4q6yGWYj +eqCeNPetbRDTKAtfyI+J9rKGfmvP/cWMK1TVB7OFYGb31Ra6w05Cg9ngCPHvelBh +0t4flVjTBv5MaVYpHQlRB+cQre2prd7qkd3hVHrO3Wf1I3VtqYaXQxyleVHq5FBD +O2zFL2Y1zBb6SUmtK0C1CcUG5rUsasal3FvFkWqeqeN+EkP/7RvMDo4S5JOxbWQp +OoebfirEQcUhz1duIb5th6UKhsJminFozHo0hRwenvhL5Q5sDiXn+1pcolj1gBzm +Ivob4OleMUcIGTg= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/pkg/kubelet/certificate/bootstrap/testdata/mycertinvalid.key b/pkg/kubelet/certificate/bootstrap/testdata/mycertinvalid.key new file mode 100644 index 00000000000..e3355ad7c98 --- /dev/null +++ b/pkg/kubelet/certificate/bootstrap/testdata/mycertinvalid.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAqILVFx09Jb8pqSPBVFPsMY7ngg0JjT7VbmltC0NLR9aEMAAe +zbhVIDwWbIjfKLSNz+hHrgTOZycMtXD98et9GnNQiKm+s4JkbJXteQWEX8lZSF3y +2I43AnDIH0SGvxRSgJ1+On8y/SN63u2Z7U7+FwaenWJtsxCD7q3qoKSd+vXsATUP +U+cCPo4PhFa8jnURU2ooVulJM/NnYxGPR6hxw4NGG4gGvdfIqT2eGBAgzx9n19YK +1cTtQKr3k5MNoiyPyO2qsuMqmQgdWq9cJ61c6jUdC3DhbqRR4+Vm3q8AmqNcg3eA +v8hCuba3urKuL4cBdiCPDRVWOxhUD/1f1eRE+wIDAQABAoIBAQCGv4gSYakh5Ak2 +XYcdHbbDslhh4HcA4XvePKOb3AX4vgsaLx5ytrIrgqETzSdV73tvA3k+KE28ordA +58fJiduSKR//CG2cMeqIAiPRIJ5H0kR439dvX9mRNApzJmLxrRiEDGyB7nEhhxub +5DewUfhRBVQU2j6Kb+xwEdaK+tfxcyVCKnloAh2PwBoSXcpK41ii0fvDzPwEuTqc +LexUxEV2Z9ClxQ2sJ2MLE7x57TQK0Earrph/ew/MDSYfKnay1B5vcXPX8rAiQJdP +Rc0BgeXV+j5pH+s5zOFMJRXrvI/9m+trr8MCYDrKooyFkk2cmsrxz3HvmJ3+t52s +jSXd7RKBAoGBANH0eap41oDo4P9ZF/ngAu7l1Yu5Vk6vB7wGJhekavv6dl+lYpw1 +wUlKv32ZHmah8LvrRdyALHQRJ19V6NJiHlVwiJEEyXQWUsJTmvsvb7idEeU861iw +0bFelJlW7GLCIH/02enWKwMH6oR50Wa1xTbI3CtizbEoWCTnSK5iC1HbAoGBAM13 +kR8vNHhgWKv/AgIYKFrPJjMXmKBfv/jUyKUfcQi9kIZMdaYpN5yPKZIkBIFOVHbG +suH4/7cVA3ZCfQljY6PGLfZu7QPupvd5KrEbBuKGuIdxrUk6mmLjLEXhoYSAeaw/ +OsYKsGHdhWRstCB4R58jqpVcAr1pytxbx1oBxRNhAoGBAKv/pQBz1/5pSZHGsi6h +RqXhoYzCu6LgHuz4+JHbv01IRVtbyKoCG6NoWfGR0+bueaHpPyVB16kKOIAQiBh6 +CzGhbC+phUPV2dya01c96D+MZZGv03mn+VFeE0x/ek35jNhmhXLcYgYsoQIALfz/ +ol2cNUpRugKM85Df7Jn3diCLAoGAS8xNRDTU5Yedjq3/nqgs0vtSe0y8KIXKO1C8 +SHYl6/SKyZCRYmAYPPBvhJM2+kDcVgkNWuHR7EebRFhY6kq5KmTk9eGMHIRBIlCX +2EhBLPZIQudD5xzwcYSfA5SuUkRXHp0g4Ih281OWbyrO9J+KxIGS35DXDetmRA6z +p1e5zWECgYEAulYIXb4tV8zKxJ+5/lLzeOZxzrvLMWv5YLlygjt5HWtCLl9B02Q7 ++zGcMi9O5ASN1cuf5hiQNDvMOQnD5Pywe8/i8zP3QLVDcnlOY83n2Gl3Huh6w3O5 +l+hvRO3LAm0VZSFaJE8WBm45vm09vR0X+69pkcSl/cfyVHygMmhaZSs= +-----END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/pkg/kubelet/certificate/bootstrap/testdata/mycertvalid.crt b/pkg/kubelet/certificate/bootstrap/testdata/mycertvalid.crt new file mode 100644 index 00000000000..a854db36abb --- /dev/null +++ b/pkg/kubelet/certificate/bootstrap/testdata/mycertvalid.crt @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICRzCCAfGgAwIBAgIJALMb7ecMIk3MMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV +BAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjEYMBYGA1UE +CgwPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MRswGQYD +VQQDDBJ0ZXN0LWNlcnRpZmljYXRlLTAwIBcNMTcwNDI2MjMyNjUyWhgPMjExNzA0 +MDIyMzI2NTJaMH4xCzAJBgNVBAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xDzANBgNV +BAcMBkxvbmRvbjEYMBYGA1UECgwPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1J +VCBEZXBhcnRtZW50MRswGQYDVQQDDBJ0ZXN0LWNlcnRpZmljYXRlLTAwXDANBgkq +hkiG9w0BAQEFAANLADBIAkEAtBMa7NWpv3BVlKTCPGO/LEsguKqWHBtKzweMY2CV +tAL1rQm913huhxF9w+ai76KQ3MHK5IVnLJjYYA5MzP2H5QIDAQABo1AwTjAdBgNV +HQ4EFgQU22iy8aWkNSxv0nBxFxerfsvnZVMwHwYDVR0jBBgwFoAU22iy8aWkNSxv +0nBxFxerfsvnZVMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAANBAEOefGbV +NcHxklaW06w6OBYJPwpIhCVozC1qdxGX1dg8VkEKzjOzjgqVD30m59OFmSlBmHsl +nkVA6wyOSDYBf3o= +-----END CERTIFICATE----- diff --git a/pkg/kubelet/certificate/bootstrap/testdata/mycertvalid.key b/pkg/kubelet/certificate/bootstrap/testdata/mycertvalid.key new file mode 100644 index 00000000000..28a6ccd1757 --- /dev/null +++ b/pkg/kubelet/certificate/bootstrap/testdata/mycertvalid.key @@ -0,0 +1,10 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBUwIBADANBgkqhkiG9w0BAQEFAASCAT0wggE5AgEAAkEAtBMa7NWpv3BVlKTC +PGO/LEsguKqWHBtKzweMY2CVtAL1rQm913huhxF9w+ai76KQ3MHK5IVnLJjYYA5M +zP2H5QIDAQABAkAS9BfXab3OKpK3bIgNNyp+DQJKrZnTJ4Q+OjsqkpXvNltPJosf +G8GsiKu/vAt4HGqI3eU77NvRI+mL4MnHRmXBAiEA3qM4FAtKSRBbcJzPxxLEUSwg +XSCcosCktbkXvpYrS30CIQDPDxgqlwDEJQ0uKuHkZI38/SPWWqfUmkecwlbpXABK +iQIgZX08DA8VfvcA5/Xj1Zjdey9FVY6POLXen6RPiabE97UCICp6eUW7ht+2jjar +e35EltCRCjoejRHTuN9TC0uCoVipAiAXaJIx/Q47vGwiw6Y8KXsNU6y54gTbOSxX +54LzHNk/+Q== +-----END RSA PRIVATE KEY-----