github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-12 21:36:24 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #116881 from ritazh/kms-test-fix

Browse Source 
kmsv2: test cleanup
This commit is contained in:
Kubernetes Prow Robot 2023-04-11 19:16:31 -07:00 committed by GitHub
commit 66c78653f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 76 additions and 359 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/grpc_service_unix_test.go
View File

@ -66,14 +66,7 @@ func TestKMSPluginLateStart(t *testing.T) {
defer destroyService(service) defer destroyService(service)
time.Sleep(callTimeout / 2) time.Sleep(callTimeout / 2)
f, err := mock.NewBase64Plugin(s.path) _ = mock.NewBase64Plugin(t, s.path)
if err != nil {
t.Fatalf("failed to start test KMS provider server, error: %v", err)
}
if err := f.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
defer f.CleanUp()
data := []byte("test data") data := []byte("test data")
_, err = service.Encrypt(data) _, err = service.Encrypt(data)
@ -158,16 +151,8 @@ func TestTimeouts(t *testing.T) {
// Simulating delayed start of kms-plugin, kube-apiserver is up before the plugin, if requested by the testcase. // Simulating delayed start of kms-plugin, kube-apiserver is up before the plugin, if requested by the testcase.
time.Sleep(tt.pluginDelay) time.Sleep(tt.pluginDelay)
f, err := mock.NewBase64Plugin(socketName.path) _ = mock.NewBase64Plugin(t, socketName.path)
if err != nil {
t.Errorf("failed to construct test KMS provider server, error: %v", err)
return
}
if err := f.Start(); err != nil {
t.Errorf("Failed to start test KMS provider server, error: %v", err)
return
}
defer f.CleanUp()
kmsPluginWG.Done() kmsPluginWG.Done()
// Keeping plugin up to process requests. // Keeping plugin up to process requests.
testCompletedWG.Wait() testCompletedWG.Wait()
@ -206,13 +191,7 @@ func TestIntermittentConnectionLoss(t *testing.T) {
encryptErr error encryptErr error
) )
// Start KMS Plugin // Start KMS Plugin
f, err := mock.NewBase64Plugin(endpoint.path) f := mock.NewBase64Plugin(t, endpoint.path)
if err != nil {
t.Fatalf("failed to start test KMS provider server, error: %v", err)
}
if err := f.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
ctx := testContext(t) ctx := testContext(t)
@ -228,10 +207,10 @@ func TestIntermittentConnectionLoss(t *testing.T) {
t.Fatalf("failed when execute encrypt, error: %v", err) t.Fatalf("failed when execute encrypt, error: %v", err)
} }
t.Log("Connected to KMSPlugin") t.Log("Connected to KMSPlugin")
f.CleanUp()
// Stop KMS Plugin - simulating connection loss // Stop KMS Plugin - simulating connection loss
t.Log("KMS Plugin is stopping") t.Log("KMS Plugin is stopping")
f.CleanUp()
time.Sleep(2 * time.Second) time.Sleep(2 * time.Second)
wg1.Add(1) wg1.Add(1)
@ -250,14 +229,7 @@ func TestIntermittentConnectionLoss(t *testing.T) {
wg1.Wait() wg1.Wait()
time.Sleep(blackOut) time.Sleep(blackOut)
// Start KMS Plugin // Start KMS Plugin
f, err = mock.NewBase64Plugin(endpoint.path) _ = mock.NewBase64Plugin(t, endpoint.path)
if err != nil {
t.Fatalf("failed to start test KMS provider server, error: %v", err)
}
if err := f.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
defer f.CleanUp()
t.Log("Restarted KMS Plugin") t.Log("Restarted KMS Plugin")
wg2.Wait() wg2.Wait()
@ -274,15 +246,8 @@ func TestUnsupportedVersion(t *testing.T) {
wantErr := fmt.Errorf(versionErrorf, ver, kmsapiVersion) wantErr := fmt.Errorf(versionErrorf, ver, kmsapiVersion)
endpoint := newEndpoint() endpoint := newEndpoint()
f, err := mock.NewBase64Plugin(endpoint.path) f := mock.NewBase64Plugin(t, endpoint.path)
if err != nil {
t.Fatalf("failed to start test KMS provider server, error: %ver", err)
}
f.SetVersion(ver) f.SetVersion(ver)
if err := f.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
defer f.CleanUp()
ctx := testContext(t) ctx := testContext(t)
@ -318,14 +283,7 @@ func TestGRPCService(t *testing.T) {
t.Parallel() t.Parallel()
// Start a test gRPC server. // Start a test gRPC server.
endpoint := newEndpoint() endpoint := newEndpoint()
f, err := mock.NewBase64Plugin(endpoint.path) _ = mock.NewBase64Plugin(t, endpoint.path)
if err != nil {
t.Fatalf("failed to construct test KMS provider server, error: %v", err)
}
if err := f.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
defer f.CleanUp()
ctx := testContext(t) ctx := testContext(t)
@ -359,14 +317,7 @@ func TestGRPCServiceConcurrentAccess(t *testing.T) {
t.Parallel() t.Parallel()
// Start a test gRPC server. // Start a test gRPC server.
endpoint := newEndpoint() endpoint := newEndpoint()
f, err := mock.NewBase64Plugin(endpoint.path) _ = mock.NewBase64Plugin(t, endpoint.path)
if err != nil {
t.Fatalf("failed to start test KMS provider server, error: %v", err)
}
if err := f.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
defer f.CleanUp()
ctx := testContext(t) ctx := testContext(t)
@ -416,14 +367,7 @@ func destroyService(service Service) {
func TestInvalidConfiguration(t *testing.T) { func TestInvalidConfiguration(t *testing.T) {
t.Parallel() t.Parallel()
// Start a test gRPC server. // Start a test gRPC server.
f, err := mock.NewBase64Plugin(newEndpoint().path) _ = mock.NewBase64Plugin(t, newEndpoint().path)
if err != nil {
t.Fatalf("failed to start test KMS provider server, error: %v", err)
}
if err := f.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
defer f.CleanUp()
ctx := testContext(t) ctx := testContext(t)

72
staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/grpc_service_unix_test.go
View File

@ -69,14 +69,7 @@ func TestKMSPluginLateStart(t *testing.T) {
defer destroyService(service) defer destroyService(service)
time.Sleep(callTimeout / 2) time.Sleep(callTimeout / 2)
f, err := mock.NewBase64Plugin(s.path) _ = mock.NewBase64Plugin(t, s.path)
if err != nil {
t.Fatalf("failed to start test KMS provider server, error: %v", err)
}
if err := f.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
defer f.CleanUp()
data := []byte("test data") data := []byte("test data")
uid := string(uuid.NewUUID()) uid := string(uuid.NewUUID())
@ -162,16 +155,7 @@ func TestTimeouts(t *testing.T) {
// Simulating delayed start of kms-plugin, kube-apiserver is up before the plugin, if requested by the testcase. // Simulating delayed start of kms-plugin, kube-apiserver is up before the plugin, if requested by the testcase.
time.Sleep(tt.pluginDelay) time.Sleep(tt.pluginDelay)
f, err := mock.NewBase64Plugin(socketName.path) _ = mock.NewBase64Plugin(t, socketName.path)
if err != nil {
t.Errorf("failed to construct test KMS provider server, error: %v", err)
return
}
if err := f.Start(); err != nil {
t.Errorf("Failed to start test KMS provider server, error: %v", err)
return
}
defer f.CleanUp()
kmsPluginWG.Done() kmsPluginWG.Done()
// Keeping plugin up to process requests. // Keeping plugin up to process requests.
testCompletedWG.Wait() testCompletedWG.Wait()
@ -211,13 +195,7 @@ func TestIntermittentConnectionLoss(t *testing.T) {
encryptErr error encryptErr error
) )
// Start KMS Plugin // Start KMS Plugin
f, err := mock.NewBase64Plugin(endpoint.path) f := mock.NewBase64Plugin(t, endpoint.path)
if err != nil {
t.Fatalf("failed to start test KMS provider server, error: %v", err)
}
if err := f.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
ctx := testContext(t) ctx := testContext(t)
@ -255,14 +233,7 @@ func TestIntermittentConnectionLoss(t *testing.T) {
wg1.Wait() wg1.Wait()
time.Sleep(blackOut) time.Sleep(blackOut)
// Start KMS Plugin // Start KMS Plugin
f, err = mock.NewBase64Plugin(endpoint.path) _ = mock.NewBase64Plugin(t, endpoint.path)
if err != nil {
t.Fatalf("failed to start test KMS provider server, error: %v", err)
}
if err := f.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
defer f.CleanUp()
t.Log("Restarted KMS Plugin") t.Log("Restarted KMS Plugin")
wg2.Wait() wg2.Wait()
@ -277,14 +248,7 @@ func TestGRPCService(t *testing.T) {
t.Parallel() t.Parallel()
// Start a test gRPC server. // Start a test gRPC server.
endpoint := newEndpoint() endpoint := newEndpoint()
f, err := mock.NewBase64Plugin(endpoint.path) _ = mock.NewBase64Plugin(t, endpoint.path)
if err != nil {
t.Fatalf("failed to construct test KMS provider server, error: %v", err)
}
if err := f.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
defer f.CleanUp()
ctx := testContext(t) ctx := testContext(t)
@ -320,14 +284,7 @@ func TestGRPCServiceConcurrentAccess(t *testing.T) {
t.Parallel() t.Parallel()
// Start a test gRPC server. // Start a test gRPC server.
endpoint := newEndpoint() endpoint := newEndpoint()
f, err := mock.NewBase64Plugin(endpoint.path) _ = mock.NewBase64Plugin(t, endpoint.path)
if err != nil {
t.Fatalf("failed to start test KMS provider server, error: %v", err)
}
if err := f.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
defer f.CleanUp()
ctx := testContext(t) ctx := testContext(t)
@ -379,14 +336,7 @@ func destroyService(service kmsservice.Service) {
func TestInvalidConfiguration(t *testing.T) { func TestInvalidConfiguration(t *testing.T) {
t.Parallel() t.Parallel()
// Start a test gRPC server. // Start a test gRPC server.
f, err := mock.NewBase64Plugin(newEndpoint().path) _ = mock.NewBase64Plugin(t, newEndpoint().path)
if err != nil {
t.Fatalf("failed to start test KMS provider server, error: %v", err)
}
if err := f.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
defer f.CleanUp()
ctx := testContext(t) ctx := testContext(t)
@ -410,13 +360,7 @@ func TestInvalidConfiguration(t *testing.T) {
func TestKMSOperationsMetric(t *testing.T) { func TestKMSOperationsMetric(t *testing.T) {
endpoint := newEndpoint() endpoint := newEndpoint()
f, err := mock.NewBase64Plugin(endpoint.path) _ = mock.NewBase64Plugin(t, endpoint.path)
if err != nil {
t.Fatalf("failed to start test KMS provider server, error: %v", err)
}
if err := f.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
ctx := testContext(t) ctx := testContext(t)

32
staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/testing/v1beta1/kms_plugin_mock.go
View File

@ -25,9 +25,8 @@ import (
"fmt" "fmt"
"net" "net"
"os" "os"
"runtime"
"strings"
"sync" "sync"
"testing"
"time" "time"
"google.golang.org/grpc" "google.golang.org/grpc"
@ -60,7 +59,7 @@ type Base64Plugin struct {
} }
// NewBase64Plugin is a constructor for Base64Plugin. // NewBase64Plugin is a constructor for Base64Plugin.
func NewBase64Plugin(socketPath string) (*Base64Plugin, error) { func NewBase64Plugin(t *testing.T, socketPath string) *Base64Plugin {
server := grpc.NewServer() server := grpc.NewServer()
result := &Base64Plugin{ result := &Base64Plugin{
grpcServer: server, grpcServer: server,
@ -70,19 +69,26 @@ func NewBase64Plugin(socketPath string) (*Base64Plugin, error) {
} }
kmsapi.RegisterKeyManagementServiceServer(server, result) kmsapi.RegisterKeyManagementServiceServer(server, result)
return result, nil if err := result.start(); err != nil {
t.Fatalf("failed to start KMS plugin, err: %v", err)
}
t.Cleanup(result.CleanUp)
if err := waitForBase64PluginToBeUp(result); err != nil {
t.Fatalf("failed to start KMS plugin: err: %v", err)
}
return result
} }
// WaitForBase64PluginToBeUp waits until the plugin is ready to serve requests. // waitForBase64PluginToBeUp waits until the plugin is ready to serve requests.
func WaitForBase64PluginToBeUp(plugin *Base64Plugin) error { func waitForBase64PluginToBeUp(plugin *Base64Plugin) error {
var gRPCErr error var gRPCErr error
pollErr := wait.PollImmediate(1*time.Second, wait.ForeverTestTimeout, func() (bool, error) { pollErr := wait.PollImmediate(1*time.Second, wait.ForeverTestTimeout, func() (bool, error) {
_, gRPCErr = plugin.Encrypt(context.Background(), &kmsapi.EncryptRequest{Plain: []byte("foo")}) _, gRPCErr = plugin.Encrypt(context.Background(), &kmsapi.EncryptRequest{Plain: []byte("foo")})
return gRPCErr == nil, nil return gRPCErr == nil, nil
}) })
if pollErr == wait.ErrWaitTimeout { if pollErr != nil {
return fmt.Errorf("failed to start kms-plugin, error: %v", gRPCErr) return fmt.Errorf("failed to start KMS plugin, gRPC error: %v, poll error: %v", gRPCErr, pollErr)
} }
return nil return nil
@ -98,8 +104,8 @@ func (s *Base64Plugin) SetVersion(ver string) {
s.ver = ver s.ver = ver
} }
// Start starts plugin's gRPC service. // start starts plugin's gRPC service.
func (s *Base64Plugin) Start() error { func (s *Base64Plugin) start() error {
var err error var err error
s.listener, err = net.Listen(unixProtocol, s.socketPath) s.listener, err = net.Listen(unixProtocol, s.socketPath)
if err != nil { if err != nil {
@ -114,10 +120,8 @@ func (s *Base64Plugin) Start() error {
// CleanUp stops gRPC server and the underlying listener. // CleanUp stops gRPC server and the underlying listener.
func (s *Base64Plugin) CleanUp() { func (s *Base64Plugin) CleanUp() {
s.grpcServer.Stop() s.grpcServer.Stop()
s.listener.Close() _ = s.listener.Close()
if !strings.HasPrefix(s.socketPath, "@") || runtime.GOOS != "linux" { _ = os.Remove(s.socketPath)
os.Remove(s.socketPath)
}
} }
// EnterFailedState places the plugin into failed state. // EnterFailedState places the plugin into failed state.

37
staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/testing/v2/kms_plugin_mock.go
View File

@ -25,9 +25,8 @@ import (
"fmt" "fmt"
"net" "net"
"os" "os"
"runtime"
"strings"
"sync" "sync"
"testing"
"time" "time"
"google.golang.org/grpc" "google.golang.org/grpc"
@ -61,7 +60,7 @@ type Base64Plugin struct {
} }
// NewBase64Plugin is a constructor for Base64Plugin. // NewBase64Plugin is a constructor for Base64Plugin.
func NewBase64Plugin(socketPath string) (*Base64Plugin, error) { func NewBase64Plugin(t *testing.T, socketPath string) *Base64Plugin {
server := grpc.NewServer() server := grpc.NewServer()
result := &Base64Plugin{ result := &Base64Plugin{
grpcServer: server, grpcServer: server,
@ -72,11 +71,19 @@ func NewBase64Plugin(socketPath string) (*Base64Plugin, error) {
} }
kmsapi.RegisterKeyManagementServiceServer(server, result) kmsapi.RegisterKeyManagementServiceServer(server, result)
return result, nil
if err := result.start(); err != nil {
t.Fatalf("failed to start KMS plugin, err: %v", err)
}
t.Cleanup(result.CleanUp)
if err := waitForBase64PluginToBeUp(result); err != nil {
t.Fatalf("failed to start KMS plugin: err: %v", err)
}
return result
} }
// WaitForBase64PluginToBeUp waits until the plugin is ready to serve requests. // waitForBase64PluginToBeUp waits until the plugin is ready to serve requests.
func WaitForBase64PluginToBeUp(plugin *Base64Plugin) error { func waitForBase64PluginToBeUp(plugin *Base64Plugin) error {
var gRPCErr error var gRPCErr error
var resp *kmsapi.StatusResponse var resp *kmsapi.StatusResponse
pollErr := wait.PollImmediate(1*time.Second, wait.ForeverTestTimeout, func() (bool, error) { pollErr := wait.PollImmediate(1*time.Second, wait.ForeverTestTimeout, func() (bool, error) {
@ -84,14 +91,14 @@ func WaitForBase64PluginToBeUp(plugin *Base64Plugin) error {
return gRPCErr == nil && resp.Healthz == "ok", nil return gRPCErr == nil && resp.Healthz == "ok", nil
}) })
if pollErr == wait.ErrWaitTimeout { if pollErr != nil {
return fmt.Errorf("failed to start kms-plugin, error: %v", gRPCErr) return fmt.Errorf("failed to start kms-plugin, gRPC error: %v, poll error: %v", gRPCErr, pollErr)
} }
return nil return nil
} }
// WaitForBase64PluginToBeUpdated waits until the plugin updates keyID. // waitForBase64PluginToBeUpdated waits until the plugin updates keyID.
func WaitForBase64PluginToBeUpdated(plugin *Base64Plugin) error { func WaitForBase64PluginToBeUpdated(plugin *Base64Plugin) error {
var gRPCErr error var gRPCErr error
var resp *kmsapi.StatusResponse var resp *kmsapi.StatusResponse
@ -103,7 +110,7 @@ func WaitForBase64PluginToBeUpdated(plugin *Base64Plugin) error {
}) })
if updatePollErr != nil { if updatePollErr != nil {
return fmt.Errorf("failed to update keyID for kmsv2-plugin, error: %w", gRPCErr) return fmt.Errorf("failed to update keyID for kmsv2-plugin, gRPC error: %w, updatePoll error: %w", gRPCErr, updatePollErr)
} }
return nil return nil
@ -119,8 +126,8 @@ func (s *Base64Plugin) SetVersion(ver string) {
s.ver = ver s.ver = ver
} }
// Start starts plugin's gRPC service. // start starts plugin's gRPC service.
func (s *Base64Plugin) Start() error { func (s *Base64Plugin) start() error {
var err error var err error
s.listener, err = net.Listen(unixProtocol, s.socketPath) s.listener, err = net.Listen(unixProtocol, s.socketPath)
if err != nil { if err != nil {
@ -135,10 +142,8 @@ func (s *Base64Plugin) Start() error {
// CleanUp stops gRPC server and the underlying listener. // CleanUp stops gRPC server and the underlying listener.
func (s *Base64Plugin) CleanUp() { func (s *Base64Plugin) CleanUp() {
s.grpcServer.Stop() s.grpcServer.Stop()
s.listener.Close() _ = s.listener.Close()
if !strings.HasPrefix(s.socketPath, "@") || runtime.GOOS != "linux" { _ = os.Remove(s.socketPath)
os.Remove(s.socketPath)
}
} }
// EnterFailedState places the plugin into failed state. // EnterFailedState places the plugin into failed state.

148
test/integration/controlplane/transformation/kms_transformation_test.go
View File

@ -132,17 +132,7 @@ resources:
endpoint: unix:///@kms-provider.sock endpoint: unix:///@kms-provider.sock
` `
providerName := "kms-provider" providerName := "kms-provider"
pluginMock, err := mock.NewBase64Plugin("@kms-provider.sock") pluginMock := mock.NewBase64Plugin(t, "@kms-provider.sock")
if err != nil {
t.Fatalf("failed to create mock of KMS Plugin: %v", err)
}
go pluginMock.Start()
if err := mock.WaitForBase64PluginToBeUp(pluginMock); err != nil {
t.Fatalf("Failed start plugin, err: %v", err)
}
defer pluginMock.CleanUp()
test, err := newTransformTest(t, encryptionConfig, false, "") test, err := newTransformTest(t, encryptionConfig, false, "")
if err != nil { if err != nil {
t.Fatalf("failed to start KUBE API Server with encryptionConfig\n %s, error: %v", encryptionConfig, err) t.Fatalf("failed to start KUBE API Server with encryptionConfig\n %s, error: %v", encryptionConfig, err)
@ -317,17 +307,7 @@ resources:
cachesize: 1000 cachesize: 1000
endpoint: unix:///@kms-provider.sock endpoint: unix:///@kms-provider.sock
` `
pluginMock, err := mock.NewBase64Plugin("@kms-provider.sock") _ = mock.NewBase64Plugin(t, "@kms-provider.sock")
if err != nil {
t.Fatalf("failed to create mock of KMS Plugin: %v", err)
}
go pluginMock.Start()
if err := mock.WaitForBase64PluginToBeUp(pluginMock); err != nil {
t.Fatalf("Failed start plugin, err: %v", err)
}
defer pluginMock.CleanUp()
var restarted bool var restarted bool
test, err := newTransformTest(t, encryptionConfig, true, "") test, err := newTransformTest(t, encryptionConfig, true, "")
if err != nil { if err != nil {
@ -383,17 +363,7 @@ resources:
- identity: {} - identity: {}
` `
// start new KMS Plugin // start new KMS Plugin
newPluginMock, err := mock.NewBase64Plugin("@new-kms-provider.sock") _ = mock.NewBase64Plugin(t, "@new-kms-provider.sock")
if err != nil {
t.Fatalf("failed to create mock of KMS Plugin: %v", err)
}
go newPluginMock.Start()
if err := mock.WaitForBase64PluginToBeUp(newPluginMock); err != nil {
t.Fatalf("Failed start plugin, err: %v", err)
}
defer newPluginMock.CleanUp()
// update encryption config // update encryption config
if err := os.WriteFile(path.Join(test.configDir, encryptionConfigFileName), []byte(encryptionConfigWithNewProvider), 0644); err != nil { if err := os.WriteFile(path.Join(test.configDir, encryptionConfigFileName), []byte(encryptionConfigWithNewProvider), 0644); err != nil {
t.Fatalf("failed to update encryption config, err: %v", err) t.Fatalf("failed to update encryption config, err: %v", err)
@ -558,17 +528,7 @@ resources:
` `
t.Run("encrypt all resources", func(t *testing.T) { t.Run("encrypt all resources", func(t *testing.T) {
pluginMock, err := mock.NewBase64Plugin("@encrypt-all-kms-provider.sock") _ = mock.NewBase64Plugin(t, "@encrypt-all-kms-provider.sock")
if err != nil {
t.Fatalf("failed to create mock of KMS Plugin: %v", err)
}
go pluginMock.Start()
if err := mock.WaitForBase64PluginToBeUp(pluginMock); err != nil {
t.Fatalf("Failed start plugin, err: %v", err)
}
defer pluginMock.CleanUp()
defer featuregatetesting.SetFeatureGateDuringTest(t, feature.DefaultFeatureGate, "AllAlpha", true)() defer featuregatetesting.SetFeatureGateDuringTest(t, feature.DefaultFeatureGate, "AllAlpha", true)()
defer featuregatetesting.SetFeatureGateDuringTest(t, feature.DefaultFeatureGate, "AllBeta", true)() defer featuregatetesting.SetFeatureGateDuringTest(t, feature.DefaultFeatureGate, "AllBeta", true)()
test, err := newTransformTest(t, encryptionConfig, false, "") test, err := newTransformTest(t, encryptionConfig, false, "")
@ -679,27 +639,8 @@ resources:
cachesize: 1000 cachesize: 1000
endpoint: unix:///@encrypt-all-kms-provider.sock endpoint: unix:///@encrypt-all-kms-provider.sock
` `
pluginMock, err := mock.NewBase64Plugin("@kms-provider.sock") _ = mock.NewBase64Plugin(t, "@kms-provider.sock")
if err != nil { _ = mock.NewBase64Plugin(t, "@encrypt-all-kms-provider.sock")
t.Fatalf("failed to create mock of KMS Plugin: %v", err)
}
go pluginMock.Start()
if err := mock.WaitForBase64PluginToBeUp(pluginMock); err != nil {
t.Fatalf("Failed start plugin, err: %v", err)
}
defer pluginMock.CleanUp()
encryptAllPluginMock, err := mock.NewBase64Plugin("@encrypt-all-kms-provider.sock")
if err != nil {
t.Fatalf("failed to create mock of KMS Plugin: %v", err)
}
go encryptAllPluginMock.Start()
if err := mock.WaitForBase64PluginToBeUp(pluginMock); err != nil {
t.Fatalf("Failed start plugin, err: %v", err)
}
defer encryptAllPluginMock.CleanUp()
test, err := newTransformTest(t, encryptionConfig, false, "") test, err := newTransformTest(t, encryptionConfig, false, "")
if err != nil { if err != nil {
@ -841,16 +782,7 @@ resources:
endpoint: unix:///@kms-provider.sock endpoint: unix:///@kms-provider.sock
timeout: 1s timeout: 1s
` `
pluginMock, err := mock.NewBase64Plugin("@kms-provider.sock") _ = mock.NewBase64Plugin(t, "@kms-provider.sock")
if err != nil {
t.Fatalf("failed to create mock of KMS Plugin: %v", err)
}
go pluginMock.Start()
if err := mock.WaitForBase64PluginToBeUp(pluginMock); err != nil {
t.Fatalf("Failed start plugin, err: %v", err)
}
defer pluginMock.CleanUp()
test, err := newTransformTest(t, encryptionConfig, true, "") test, err := newTransformTest(t, encryptionConfig, true, "")
if err != nil { if err != nil {
@ -895,17 +827,7 @@ resources:
- identity: {} - identity: {}
` `
// start new KMS Plugin // start new KMS Plugin
newPluginMock, err := mock.NewBase64Plugin("@new-kms-provider.sock") _ = mock.NewBase64Plugin(t, "@new-kms-provider.sock")
if err != nil {
t.Fatalf("failed to create mock of KMS Plugin: %v", err)
}
go newPluginMock.Start()
if err := mock.WaitForBase64PluginToBeUp(newPluginMock); err != nil {
t.Fatalf("Failed start plugin, err: %v", err)
}
defer newPluginMock.CleanUp()
// update encryption config // update encryption config
if err := tc.updateFile(filepath.Join(test.configDir, encryptionConfigFileName), encryptionConfigWithNewProvider); err != nil { if err := tc.updateFile(filepath.Join(test.configDir, encryptionConfigFileName), encryptionConfigWithNewProvider); err != nil {
t.Fatalf("failed to update encryption config, err: %v", err) t.Fatalf("failed to update encryption config, err: %v", err)
@ -1024,34 +946,12 @@ resources:
endpoint: unix:///@kms-provider-2.sock endpoint: unix:///@kms-provider-2.sock
` `
pluginMock1, err := mock.NewBase64Plugin("@kms-provider-1.sock") pluginMock1 := mock.NewBase64Plugin(t, "@kms-provider-1.sock")
if err != nil { pluginMock2 := mock.NewBase64Plugin(t, "@kms-provider-2.sock")
t.Fatalf("failed to create mock of KMS Plugin #1: %v", err)
}
if err := pluginMock1.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
defer pluginMock1.CleanUp()
if err := mock.WaitForBase64PluginToBeUp(pluginMock1); err != nil {
t.Fatalf("Failed to start plugin #1, err: %v", err)
}
pluginMock2, err := mock.NewBase64Plugin("@kms-provider-2.sock")
if err != nil {
t.Fatalf("Failed to create mock of KMS Plugin #2: err: %v", err)
}
if err := pluginMock2.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
defer pluginMock2.CleanUp()
if err := mock.WaitForBase64PluginToBeUp(pluginMock2); err != nil {
t.Fatalf("Failed to start KMS Plugin #2: err: %v", err)
}
test, err := newTransformTest(t, encryptionConfig, false, "") test, err := newTransformTest(t, encryptionConfig, false, "")
if err != nil { if err != nil {
t.Fatalf("Failed to start kube-apiserver, error: %v", err) t.Fatalf("failed to start kube-apiserver, error: %v", err)
} }
defer test.cleanUp() defer test.cleanUp()
@ -1102,30 +1002,8 @@ resources:
endpoint: unix:///@kms-provider-2.sock endpoint: unix:///@kms-provider-2.sock
` `
pluginMock1, err := mock.NewBase64Plugin("@kms-provider-1.sock") pluginMock1 := mock.NewBase64Plugin(t, "@kms-provider-1.sock")
if err != nil { pluginMock2 := mock.NewBase64Plugin(t, "@kms-provider-2.sock")
t.Fatalf("failed to create mock of KMS Plugin #1: %v", err)
}
if err := pluginMock1.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
defer pluginMock1.CleanUp()
if err := mock.WaitForBase64PluginToBeUp(pluginMock1); err != nil {
t.Fatalf("Failed to start plugin #1, err: %v", err)
}
pluginMock2, err := mock.NewBase64Plugin("@kms-provider-2.sock")
if err != nil {
t.Fatalf("Failed to create mock of KMS Plugin #2: err: %v", err)
}
if err := pluginMock2.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
defer pluginMock2.CleanUp()
if err := mock.WaitForBase64PluginToBeUp(pluginMock2); err != nil {
t.Fatalf("Failed to start KMS Plugin #2: err: %v", err)
}
test, err := newTransformTest(t, encryptionConfig, true, "") test, err := newTransformTest(t, encryptionConfig, true, "")
if err != nil { if err != nil {

70
test/integration/controlplane/transformation/kmsv2_transformation_test.go
View File

@ -139,16 +139,7 @@ resources:
` `
providerName := "kms-provider" providerName := "kms-provider"
pluginMock, err := kmsv2mock.NewBase64Plugin("@kms-provider.sock") pluginMock := kmsv2mock.NewBase64Plugin(t, "@kms-provider.sock")
if err != nil {
t.Fatalf("failed to create mock of KMSv2 Plugin: %v", err)
}
go pluginMock.Start()
if err := kmsv2mock.WaitForBase64PluginToBeUp(pluginMock); err != nil {
t.Fatalf("Failed start plugin, err: %v", err)
}
defer pluginMock.CleanUp()
test, err := newTransformTest(t, encryptionConfig, false, "") test, err := newTransformTest(t, encryptionConfig, false, "")
if err != nil { if err != nil {
@ -242,16 +233,7 @@ resources:
name: kms-provider name: kms-provider
endpoint: unix:///@kms-provider.sock endpoint: unix:///@kms-provider.sock
` `
pluginMock, err := kmsv2mock.NewBase64Plugin("@kms-provider.sock") pluginMock := kmsv2mock.NewBase64Plugin(t, "@kms-provider.sock")
if err != nil {
t.Fatalf("failed to create mock of KMSv2 Plugin: %v", err)
}
go pluginMock.Start()
if err := kmsv2mock.WaitForBase64PluginToBeUp(pluginMock); err != nil {
t.Fatalf("Failed start plugin, err: %v", err)
}
defer pluginMock.CleanUp()
test, err := newTransformTest(t, encryptionConfig, false, "") test, err := newTransformTest(t, encryptionConfig, false, "")
if err != nil { if err != nil {
@ -433,16 +415,7 @@ resources:
name: kms-provider name: kms-provider
endpoint: unix:///@kms-provider.sock endpoint: unix:///@kms-provider.sock
` `
pluginMock, err := kmsv2mock.NewBase64Plugin("@kms-provider.sock") _ = kmsv2mock.NewBase64Plugin(t, "@kms-provider.sock")
if err != nil {
t.Fatalf("failed to create mock of KMSv2 Plugin: %v", err)
}
go pluginMock.Start()
if err := kmsv2mock.WaitForBase64PluginToBeUp(pluginMock); err != nil {
t.Fatalf("Failed start plugin, err: %v", err)
}
defer pluginMock.CleanUp()
test, err := newTransformTest(t, encryptionConfig, false, "") test, err := newTransformTest(t, encryptionConfig, false, "")
if err != nil { if err != nil {
@ -557,30 +530,8 @@ resources:
endpoint: unix:///@kms-provider-2.sock endpoint: unix:///@kms-provider-2.sock
` `
pluginMock1, err := kmsv2mock.NewBase64Plugin("@kms-provider-1.sock") pluginMock1 := kmsv2mock.NewBase64Plugin(t, "@kms-provider-1.sock")
if err != nil { pluginMock2 := kmsv2mock.NewBase64Plugin(t, "@kms-provider-2.sock")
t.Fatalf("failed to create mock of KMS Plugin #1: %v", err)
}
if err := pluginMock1.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
defer pluginMock1.CleanUp()
if err := kmsv2mock.WaitForBase64PluginToBeUp(pluginMock1); err != nil {
t.Fatalf("Failed to start plugin #1, err: %v", err)
}
pluginMock2, err := kmsv2mock.NewBase64Plugin("@kms-provider-2.sock")
if err != nil {
t.Fatalf("Failed to create mock of KMS Plugin #2: err: %v", err)
}
if err := pluginMock2.Start(); err != nil {
t.Fatalf("Failed to start kms-plugin, err: %v", err)
}
defer pluginMock2.CleanUp()
if err := kmsv2mock.WaitForBase64PluginToBeUp(pluginMock2); err != nil {
t.Fatalf("Failed to start KMS Plugin #2: err: %v", err)
}
test, err := newTransformTest(t, encryptionConfig, false, "") test, err := newTransformTest(t, encryptionConfig, false, "")
if err != nil { if err != nil {
@ -658,16 +609,7 @@ resources:
endpoint: unix:///@kms-provider.sock endpoint: unix:///@kms-provider.sock
` `
pluginMock, err := kmsv2mock.NewBase64Plugin("@kms-provider.sock") _ = kmsv2mock.NewBase64Plugin(t, "@kms-provider.sock")
if err != nil {
t.Fatalf("failed to create mock of KMSv2 Plugin: %v", err)
}
go pluginMock.Start()
if err := kmsv2mock.WaitForBase64PluginToBeUp(pluginMock); err != nil {
t.Fatalf("Failed start plugin, err: %v", err)
}
t.Cleanup(pluginMock.CleanUp)
test, err := newTransformTest(t, encryptionConfig, false, "") test, err := newTransformTest(t, encryptionConfig, false, "")
if err != nil { if err != nil {