diff --git a/cmd/kubeadm/app/cmd/BUILD b/cmd/kubeadm/app/cmd/BUILD index 8c8e3a8e2d4..bdbbfc695db 100644 --- a/cmd/kubeadm/app/cmd/BUILD +++ b/cmd/kubeadm/app/cmd/BUILD @@ -90,6 +90,11 @@ go_test( deps = [ "//cmd/kubeadm/app/constants:go_default_library", "//cmd/kubeadm/app/preflight:go_default_library", + "//vendor/k8s.io/api/core/v1:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library", + "//vendor/k8s.io/client-go/kubernetes/fake:go_default_library", + "//vendor/k8s.io/client-go/testing:go_default_library", "//vendor/k8s.io/utils/exec:go_default_library", "//vendor/k8s.io/utils/exec/testing:go_default_library", ], diff --git a/cmd/kubeadm/app/cmd/token_test.go b/cmd/kubeadm/app/cmd/token_test.go index 2db9cd9e0b6..c3a344d1691 100644 --- a/cmd/kubeadm/app/cmd/token_test.go +++ b/cmd/kubeadm/app/cmd/token_test.go @@ -20,6 +20,12 @@ import ( "bytes" "regexp" "testing" + + "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/client-go/kubernetes/fake" + core "k8s.io/client-go/testing" ) const ( @@ -44,3 +50,82 @@ func TestRunGenerateToken(t *testing.T) { t.Errorf("RunGenerateToken's output did not match expected regex; wanted: [%s], got: [%s]", TokenExpectedRegex, output) } } + +func TestRunCreateToken(t *testing.T) { + var buf bytes.Buffer + fakeClient := &fake.Clientset{} + fakeClient.AddReactor("get", "secrets", func(action core.Action) (handled bool, ret runtime.Object, err error) { + return true, nil, errors.NewNotFound(v1.Resource("secrets"), "foo") + }) + + testCases := []struct { + name string + token string + usages []string + extraGroups []string + expectedError bool + }{ + { + name: "valid: empty token", + token: "", + usages: []string{"signing", "authentication"}, + extraGroups: []string{"system:bootstrappers:foo"}, + expectedError: false, + }, + { + name: "valid: non-empty token", + token: "abcdef.1234567890123456", + usages: []string{"signing", "authentication"}, + extraGroups: []string{"system:bootstrappers:foo"}, + expectedError: false, + }, + { + name: "valid: no extraGroups", + token: "abcdef.1234567890123456", + usages: []string{"signing", "authentication"}, + extraGroups: []string{}, + expectedError: false, + }, + { + name: "invalid: incorrect token", + token: "123456.AABBCCDDEEFFGGHH", + usages: []string{"signing", "authentication"}, + extraGroups: []string{}, + expectedError: true, + }, + { + name: "invalid: incorrect extraGroups", + token: "abcdef.1234567890123456", + usages: []string{"signing", "authentication"}, + extraGroups: []string{"foo"}, + expectedError: true, + }, + { + name: "invalid: specifying --groups when --usages doesn't include authentication", + token: "abcdef.1234567890123456", + usages: []string{"signing"}, + extraGroups: []string{"foo"}, + expectedError: true, + }, + { + name: "invalid: partially incorrect usages", + token: "abcdef.1234567890123456", + usages: []string{"foo", "authentication"}, + extraGroups: []string{"system:bootstrappers:foo"}, + expectedError: true, + }, + { + name: "invalid: all incorrect usages", + token: "abcdef.1234567890123456", + usages: []string{"foo", "bar"}, + extraGroups: []string{"system:bootstrappers:foo"}, + expectedError: true, + }, + } + for _, tc := range testCases { + err := RunCreateToken(&buf, fakeClient, tc.token, 0, tc.usages, tc.extraGroups, "", false, "") + if (err != nil) != tc.expectedError { + t.Errorf("Test case %s: RunCreateToken expected error: %v, saw: %v", tc.name, tc.expectedError, (err != nil)) + } + } +}