From f946aa887b5f83c7ded1bc6cbf64ea335fd893eb Mon Sep 17 00:00:00 2001 From: Alex Robinson Date: Wed, 18 Feb 2015 13:40:21 -0800 Subject: [PATCH] Migrate the certs.sh e2e test to ginkgo. Issue #4185. --- hack/e2e-suite/certs.sh | 51 ------------------------------ hack/ginkgo-e2e.sh | 7 +++++ test/e2e/certs.go | 69 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 76 insertions(+), 51 deletions(-) delete mode 100755 hack/e2e-suite/certs.sh create mode 100644 test/e2e/certs.go diff --git a/hack/e2e-suite/certs.sh b/hack/e2e-suite/certs.sh deleted file mode 100755 index fb1574be20d..00000000000 --- a/hack/e2e-suite/certs.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - -# Copyright 2014 Google Inc. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Launches a container and verifies it can be reached. Assumes that -# we're being called by hack/e2e-test.sh (we use some env vars it sets up). - -set -o errexit -set -o nounset -set -o pipefail - -KUBE_ROOT=$(dirname "${BASH_SOURCE}")/../.. - -: ${KUBE_VERSION_ROOT:=${KUBE_ROOT}} -: ${KUBECTL:="${KUBE_VERSION_ROOT}/cluster/kubectl.sh"} -: ${KUBE_CONFIG_FILE:="config-test.sh"} - -export KUBECTL KUBE_CONFIG_FILE - -source "${KUBE_ROOT}/cluster/kube-env.sh" -source "${KUBE_VERSION_ROOT}/cluster/${KUBERNETES_PROVIDER}/util.sh" - -prepare-e2e - -if [[ "${KUBERNETES_PROVIDER}" != "gce" ]] && [[ "${KUBERNETES_PROVIDER}" != "gke" ]]; then - echo "WARNING: Skipping certs.sh for cloud provider: ${KUBERNETES_PROVIDER}." - exit 0 -fi - -# Set KUBE_MASTER -detect-master - -# IMPORTANT: there are upstream things that rely on these files. -# Do *not* fix this test by changing this path, unless you _really_ know -# what you are doing. -for file in kubecfg.key kubecfg.crt ca.crt; do - echo "Checking for ${file}" - "${GCLOUD}" compute ssh --zone="${ZONE}" "${KUBE_MASTER}" --command "ls /srv/kubernetes/${file}" -done diff --git a/hack/ginkgo-e2e.sh b/hack/ginkgo-e2e.sh index b6a32f62dc4..9c2aa6dbd9e 100755 --- a/hack/ginkgo-e2e.sh +++ b/hack/ginkgo-e2e.sh @@ -32,6 +32,8 @@ source "${KUBE_VERSION_ROOT}/cluster/${KUBERNETES_PROVIDER}/util.sh" prepare-e2e detect-master >/dev/null +# Export the master name to make it available to the ginkgo tests. +export KUBE_MASTER # Detect the OS name/arch so that we can find our binary case "$(uname -s)" in @@ -91,10 +93,15 @@ elif [[ "${KUBERNETES_PROVIDER}" == "gke" ]]; then "--auth_config=${cfg_dir}/kubernetes_auth" "--cert_dir=${cfg_dir}" ) + # Export the project and zone env vars to make them available to the tests. + export PROJECT + export ZONE elif [[ "${KUBERNETES_PROVIDER}" == "gce" ]]; then auth_config=( "--auth_config=${HOME}/.kube/${PROJECT}_${INSTANCE_PREFIX}/kubernetes_auth" ) + export PROJECT + export ZONE else auth_config=() fi diff --git a/test/e2e/certs.go b/test/e2e/certs.go new file mode 100644 index 00000000000..b20a7eb26dd --- /dev/null +++ b/test/e2e/certs.go @@ -0,0 +1,69 @@ +/* +Copyright 2015 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package e2e + +import ( + "fmt" + "os" + "os/exec" + + "github.com/GoogleCloudPlatform/kubernetes/pkg/client" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("MasterCerts", func() { + var c *client.Client + + BeforeEach(func() { + var err error + c, err = loadClient() + Expect(err).NotTo(HaveOccurred()) + }) + + It("should have all expected certs on the master", func() { + if testContext.provider != "gce" && testContext.provider != "gke" { + By(fmt.Sprintf("Skipping MasterCerts test for cloud provider %s (only supported for gce and gke)", testContext.provider)) + return + } + + // gcloud requires the project, zone and master VM name, it can't SSH + // based only on the host IP. Unfortunately, you can't SSH into a GCE VM + // without using gcloud SSH or doing out-of-band configuration. + project := os.Getenv("PROJECT") + if project == "" { + Fail(fmt.Sprintf("Error getting PROJECT environment variable")) + } + zone := os.Getenv("ZONE") + if zone == "" { + Fail(fmt.Sprintf("Error getting ZONE environment variable")) + } + master := os.Getenv("KUBE_MASTER") + if master == "" { + Fail(fmt.Sprintf("Error getting KUBE_MASTER environment variable")) + } + + for _, certFile := range []string{"kubecfg.key", "kubecfg.crt", "ca.crt"} { + cmd := exec.Command("gcloud", "compute", "ssh", "--project", project, "--zone", zone, + master, "--command", fmt.Sprintf("ls /srv/kubernetes/%s", certFile)) + if _, err := cmd.CombinedOutput(); err != nil { + Fail(fmt.Sprintf("Error checking for cert file %s on master: %v", certFile, err)) + } + } + }) +})