From 2ae12e63452171ec97ea5c2a3c685c997ea921ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arda=20G=C3=BC=C3=A7l=C3=BC?= Date: Tue, 18 May 2021 11:45:40 +0300 Subject: [PATCH 1/2] Add Node IP IPv6 formatting in NodeAuthenticator tests --- test/e2e/auth/node_authn.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/test/e2e/auth/node_authn.go b/test/e2e/auth/node_authn.go index e18a26adac3..47e71eb7aaa 100644 --- a/test/e2e/auth/node_authn.go +++ b/test/e2e/auth/node_authn.go @@ -19,6 +19,7 @@ package auth import ( "context" "fmt" + netutil "k8s.io/utils/net" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -60,6 +61,7 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() { pod := createNodeAuthTestPod(f) for _, nodeIP := range nodeIPs { // Anonymous authentication is disabled by default + nodeIP = getFormattedNodeIP(nodeIP) result := framework.RunHostCmdOrDie(ns, pod.Name, fmt.Sprintf("curl -sIk -o /dev/null -w '%s' https://%s:%v/metrics", "%{http_code}", nodeIP, ports.KubeletPort)) gomega.Expect(result).To(gomega.Or(gomega.Equal("401"), gomega.Equal("403")), "the kubelet's main port 10250 should reject requests with no credentials") } @@ -81,6 +83,7 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() { pod := createNodeAuthTestPod(f) for _, nodeIP := range nodeIPs { + nodeIP = getFormattedNodeIP(nodeIP) result := framework.RunHostCmdOrDie(ns, pod.Name, fmt.Sprintf("curl -sIk -o /dev/null -w '%s' --header \"Authorization: Bearer `%s`\" https://%s:%v/metrics", @@ -92,6 +95,13 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() { }) }) +func getFormattedNodeIP(nodeIP string) string { + if netutil.IsIPv6String(nodeIP) { + return fmt.Sprintf("[%s]", nodeIP) + } + return nodeIP +} + func createNodeAuthTestPod(f *framework.Framework) *v1.Pod { pod := e2epod.NewAgnhostPod(f.Namespace.Name, "agnhost-pod", nil, nil, nil) pod.ObjectMeta.GenerateName = "test-node-authn-" From 0965cad63a2c30fa405d778f5220d8388bed6d8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arda=20G=C3=BC=C3=A7l=C3=BC?= Date: Tue, 18 May 2021 14:49:02 +0300 Subject: [PATCH 2/2] Use builtin JoinHostPort function --- test/e2e/auth/node_authn.go | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/test/e2e/auth/node_authn.go b/test/e2e/auth/node_authn.go index 47e71eb7aaa..6380cc0f138 100644 --- a/test/e2e/auth/node_authn.go +++ b/test/e2e/auth/node_authn.go @@ -19,7 +19,8 @@ package auth import ( "context" "fmt" - netutil "k8s.io/utils/net" + "net" + "strconv" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -61,8 +62,8 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() { pod := createNodeAuthTestPod(f) for _, nodeIP := range nodeIPs { // Anonymous authentication is disabled by default - nodeIP = getFormattedNodeIP(nodeIP) - result := framework.RunHostCmdOrDie(ns, pod.Name, fmt.Sprintf("curl -sIk -o /dev/null -w '%s' https://%s:%v/metrics", "%{http_code}", nodeIP, ports.KubeletPort)) + host := net.JoinHostPort(nodeIP, strconv.Itoa(ports.KubeletPort)) + result := framework.RunHostCmdOrDie(ns, pod.Name, fmt.Sprintf("curl -sIk -o /dev/null -w '%s' https://%s/metrics", "%{http_code}", host)) gomega.Expect(result).To(gomega.Or(gomega.Equal("401"), gomega.Equal("403")), "the kubelet's main port 10250 should reject requests with no credentials") } }) @@ -83,25 +84,18 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() { pod := createNodeAuthTestPod(f) for _, nodeIP := range nodeIPs { - nodeIP = getFormattedNodeIP(nodeIP) + host := net.JoinHostPort(nodeIP, strconv.Itoa(ports.KubeletPort)) result := framework.RunHostCmdOrDie(ns, pod.Name, - fmt.Sprintf("curl -sIk -o /dev/null -w '%s' --header \"Authorization: Bearer `%s`\" https://%s:%v/metrics", + fmt.Sprintf("curl -sIk -o /dev/null -w '%s' --header \"Authorization: Bearer `%s`\" https://%s/metrics", "%{http_code}", "cat /var/run/secrets/kubernetes.io/serviceaccount/token", - nodeIP, ports.KubeletPort)) + host)) gomega.Expect(result).To(gomega.Or(gomega.Equal("401"), gomega.Equal("403")), "the kubelet can delegate ServiceAccount tokens to the API server") } }) }) -func getFormattedNodeIP(nodeIP string) string { - if netutil.IsIPv6String(nodeIP) { - return fmt.Sprintf("[%s]", nodeIP) - } - return nodeIP -} - func createNodeAuthTestPod(f *framework.Framework) *v1.Pod { pod := e2epod.NewAgnhostPod(f.Namespace.Name, "agnhost-pod", nil, nil, nil) pod.ObjectMeta.GenerateName = "test-node-authn-"