diff --git a/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/clusterinfo_test.go b/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/clusterinfo_test.go index e926523fa52..7bc4120a338 100644 --- a/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/clusterinfo_test.go +++ b/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/clusterinfo_test.go @@ -17,15 +17,20 @@ limitations under the License. package clusterinfo import ( + "context" "os" "testing" "text/template" + rbac "k8s.io/api/rbac/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apiserver/pkg/authentication/user" clientsetfake "k8s.io/client-go/kubernetes/fake" core "k8s.io/client-go/testing" + bootstrapapi "k8s.io/cluster-bootstrap/token/api" ) var testConfigTempl = template.Must(template.New("test").Parse(`apiVersion: v1 @@ -47,25 +52,31 @@ users: func TestCreateBootstrapConfigMapIfNotExists(t *testing.T) { tests := []struct { name string + fileExist bool createErr error - updateErr error expectErr bool }{ { "successful case should have no error", - nil, + true, nil, false, }, { - "if both create and update errors, return error", + "if configmap already exists, return error", + true, apierrors.NewAlreadyExists(schema.GroupResource{Resource: "configmaps"}, "test"), - apierrors.NewUnauthorized("go away!"), true, }, { "unexpected error should be returned", + true, apierrors.NewUnauthorized("go away!"), + true, + }, + { + "if the file does not exist, return error", + false, nil, true, }, @@ -102,7 +113,11 @@ func TestCreateBootstrapConfigMapIfNotExists(t *testing.T) { }) } - err := CreateBootstrapConfigMapIfNotExists(client, file.Name()) + fileName := file.Name() + if !tc.fileExist { + fileName = "notexistfile" + } + err := CreateBootstrapConfigMapIfNotExists(client, fileName) if tc.expectErr && err == nil { t.Errorf("CreateBootstrapConfigMapIfNotExists(%s) wanted error, got nil", tc.name) } else if !tc.expectErr && err != nil { @@ -112,3 +127,71 @@ func TestCreateBootstrapConfigMapIfNotExists(t *testing.T) { } } } + +func TestCreateClusterInfoRBACRules(t *testing.T) { + tests := []struct { + name string + client *clientsetfake.Clientset + }{ + { + name: "the RBAC rules already exist", + client: newMockClientForTest(t), + }, + { + name: "the RBAC rules do not exist", + client: clientsetfake.NewSimpleClientset(), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if err := CreateClusterInfoRBACRules(tt.client); err != nil { + t.Errorf("CreateClusterInfoRBACRules() hits unexpected error: %v", err) + } + }) + } +} + +func newMockClientForTest(t *testing.T) *clientsetfake.Clientset { + client := clientsetfake.NewSimpleClientset() + + _, err := client.RbacV1().Roles(metav1.NamespacePublic).Create(context.TODO(), &rbac.Role{ + ObjectMeta: metav1.ObjectMeta{ + Name: BootstrapSignerClusterRoleName, + Namespace: metav1.NamespacePublic, + }, + Rules: []rbac.PolicyRule{ + { + Verbs: []string{"get"}, + APIGroups: []string{""}, + Resources: []string{"Secret"}, + ResourceNames: []string{bootstrapapi.ConfigMapClusterInfo}, + }, + }, + }, metav1.CreateOptions{}) + if err != nil { + t.Fatalf("error creating role: %v", err) + } + + _, err = client.RbacV1().RoleBindings(metav1.NamespacePublic).Create(context.TODO(), &rbac.RoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: BootstrapSignerClusterRoleName, + Namespace: metav1.NamespacePublic, + }, + RoleRef: rbac.RoleRef{ + APIGroup: rbac.GroupName, + Kind: "Role", + Name: BootstrapSignerClusterRoleName, + }, + Subjects: []rbac.Subject{ + { + Kind: rbac.UserKind, + Name: user.Anonymous, + }, + }, + }, metav1.CreateOptions{}) + if err != nil { + t.Fatalf("error creating rolebinding: %v", err) + } + + return client +}