github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 13:37:30 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #104416 from liggitt/go117-certificates

Browse Source 
Update unit tests to handle go1.17 certificate parsing error messages
This commit is contained in:
Kubernetes Prow Robot 2021-08-17 17:04:07 -07:00 committed by GitHub
commit f805f5588b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
pkg/apis/certificates/validation/validation_test.go
View File

@ -24,6 +24,7 @@ import (
"encoding/pem" "encoding/pem"
"fmt" "fmt"
"reflect" "reflect"
"regexp"
"strings" "strings"
"testing" "testing"
"time" "time"
@ -895,7 +896,10 @@ func Test_validateCertificateSigningRequestOptions(t *testing.T) {
// options that allow the csr to pass validation // options that allow the csr to pass validation
lenientOpts certificateValidationOptions lenientOpts certificateValidationOptions
// expected errors when validating strictly // regexes matching expected errors when validating strictly
strictRegexes []regexp.Regexp
// expected errors (after filtering out errors matched by strictRegexes) when validating strictly
strictErrs []string strictErrs []string
}{ }{
// valid strict cases // valid strict cases
@ -1048,8 +1052,8 @@ func Test_validateCertificateSigningRequestOptions(t *testing.T) {
Certificate: invalidCertificateNonASN1Data, Certificate: invalidCertificateNonASN1Data,
}, },
}, },
lenientOpts: certificateValidationOptions{allowArbitraryCertificate: true}, lenientOpts: certificateValidationOptions{allowArbitraryCertificate: true},
strictErrs: []string{`status.certificate: Invalid value: "<certificate data>": asn1: structure error: sequence tag mismatch`}, strictRegexes: []regexp.Regexp{*regexp.MustCompile(`status.certificate: Invalid value: "\<certificate data\>": (asn1: structure error: sequence tag mismatch|x509: invalid RDNSequence)`)},
}, },
} }
@ -1065,12 +1069,27 @@ func Test_validateCertificateSigningRequestOptions(t *testing.T) {
for _, err := range validateCertificateSigningRequest(tt.csr, certificateValidationOptions{}) { for _, err := range validateCertificateSigningRequest(tt.csr, certificateValidationOptions{}) {
gotErrs.Insert(err.Error()) gotErrs.Insert(err.Error())
} }
// filter errors matching strictRegexes and ensure every strictRegex matches at least one error
for _, expectedRegex := range tt.strictRegexes {
matched := false
for _, err := range gotErrs.List() {
if expectedRegex.MatchString(err) {
gotErrs.Delete(err)
matched = true
}
}
if !matched {
t.Errorf("missing expected error matching: %s", expectedRegex.String())
}
}
wantErrs := sets.NewString(tt.strictErrs...) wantErrs := sets.NewString(tt.strictErrs...)
for _, missing := range wantErrs.Difference(gotErrs).List() { for _, missing := range wantErrs.Difference(gotErrs).List() {
t.Errorf("missing expected strict error: %s", missing) t.Errorf("missing expected strict error: %s", missing)
} }
for _, unexpected := range gotErrs.Difference(wantErrs).List() { for _, unexpected := range gotErrs.Difference(wantErrs).List() {
t.Errorf("unexpected strict error: %s", unexpected) t.Errorf("unexpected errors: %s", unexpected)
} }
}) })
} }

2
staging/src/k8s.io/apiserver/pkg/util/webhook/webhook_test.go
View File

@ -197,7 +197,7 @@ MIIDGTCCAgGgAwIBAgIUOS2M
}, },
}, },
user: &defaultUser, user: &defaultUser,
errRegex: "unable to load root certificates: failed to parse certificate: asn1: syntax error: data truncated", errRegex: "unable to load root certificates: failed to parse certificate: (asn1: syntax error: data truncated|x509: malformed certificate)",
}, },
{ {
test: "user with invalid client certificate path", test: "user with invalid client certificate path",