From 0e925f266f78d72ed05a5a2fe48faa5e2a87d107 Mon Sep 17 00:00:00 2001
From: Jordan Liggitt <liggitt@google.com>
Date: Tue, 17 Aug 2021 11:24:03 -0400
Subject: [PATCH] Update unit tests to handle go1.17 certificate parsing error
 messages

---
 .../validation/validation_test.go             | 27 ++++++++++++++++---
 .../pkg/util/webhook/webhook_test.go          |  2 +-
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/pkg/apis/certificates/validation/validation_test.go b/pkg/apis/certificates/validation/validation_test.go
index 8ef876d895c..fa36767d754 100644
--- a/pkg/apis/certificates/validation/validation_test.go
+++ b/pkg/apis/certificates/validation/validation_test.go
@@ -24,6 +24,7 @@ import (
 	"encoding/pem"
 	"fmt"
 	"reflect"
+	"regexp"
 	"strings"
 	"testing"
 	"time"
@@ -895,7 +896,10 @@ func Test_validateCertificateSigningRequestOptions(t *testing.T) {
 		// options that allow the csr to pass validation
 		lenientOpts certificateValidationOptions
 
-		// expected errors when validating strictly
+		// regexes matching expected errors when validating strictly
+		strictRegexes []regexp.Regexp
+
+		// expected errors (after filtering out errors matched by strictRegexes) when validating strictly
 		strictErrs []string
 	}{
 		// valid strict cases
@@ -1048,8 +1052,8 @@ func Test_validateCertificateSigningRequestOptions(t *testing.T) {
 					Certificate: invalidCertificateNonASN1Data,
 				},
 			},
-			lenientOpts: certificateValidationOptions{allowArbitraryCertificate: true},
-			strictErrs:  []string{`status.certificate: Invalid value: "<certificate data>": asn1: structure error: sequence tag mismatch`},
+			lenientOpts:   certificateValidationOptions{allowArbitraryCertificate: true},
+			strictRegexes: []regexp.Regexp{*regexp.MustCompile(`status.certificate: Invalid value: "\<certificate data\>": (asn1: structure error: sequence tag mismatch|x509: invalid RDNSequence)`)},
 		},
 	}
 
@@ -1065,12 +1069,27 @@ func Test_validateCertificateSigningRequestOptions(t *testing.T) {
 			for _, err := range validateCertificateSigningRequest(tt.csr, certificateValidationOptions{}) {
 				gotErrs.Insert(err.Error())
 			}
+
+			// filter errors matching strictRegexes and ensure every strictRegex matches at least one error
+			for _, expectedRegex := range tt.strictRegexes {
+				matched := false
+				for _, err := range gotErrs.List() {
+					if expectedRegex.MatchString(err) {
+						gotErrs.Delete(err)
+						matched = true
+					}
+				}
+				if !matched {
+					t.Errorf("missing expected error matching: %s", expectedRegex.String())
+				}
+			}
+
 			wantErrs := sets.NewString(tt.strictErrs...)
 			for _, missing := range wantErrs.Difference(gotErrs).List() {
 				t.Errorf("missing expected strict error: %s", missing)
 			}
 			for _, unexpected := range gotErrs.Difference(wantErrs).List() {
-				t.Errorf("unexpected strict error: %s", unexpected)
+				t.Errorf("unexpected errors: %s", unexpected)
 			}
 		})
 	}
diff --git a/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook_test.go b/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook_test.go
index d2019849eea..475c7e3cfdb 100644
--- a/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook_test.go
@@ -197,7 +197,7 @@ MIIDGTCCAgGgAwIBAgIUOS2M
 				},
 			},
 			user:     &defaultUser,
-			errRegex: "unable to load root certificates: failed to parse certificate: asn1: syntax error: data truncated",
+			errRegex: "unable to load root certificates: failed to parse certificate: (asn1: syntax error: data truncated|x509: malformed certificate)",
 		},
 		{
 			test:    "user with invalid client certificate path",