mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-10-30 21:30:16 +00:00
123 lines
2.8 KiB
Go
123 lines
2.8 KiB
Go
/*
|
|
Copyright 2018 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package serviceaccount
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"k8s.io/api/core/v1"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
)
|
|
|
|
func TestIsServiceAccountToken(t *testing.T) {
|
|
|
|
secretIns := &v1.Secret{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: "token-secret-1",
|
|
Namespace: "default",
|
|
UID: "23456",
|
|
ResourceVersion: "1",
|
|
Annotations: map[string]string{
|
|
v1.ServiceAccountNameKey: "default",
|
|
v1.ServiceAccountUIDKey: "12345",
|
|
},
|
|
},
|
|
Type: v1.SecretTypeServiceAccountToken,
|
|
Data: map[string][]byte{
|
|
"token": []byte("ABC"),
|
|
"ca.crt": []byte("CA Data"),
|
|
"namespace": []byte("default"),
|
|
},
|
|
}
|
|
|
|
secretTypeMistmatch := &v1.Secret{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: "token-secret-2",
|
|
Namespace: "default",
|
|
UID: "23456",
|
|
ResourceVersion: "1",
|
|
Annotations: map[string]string{
|
|
v1.ServiceAccountNameKey: "default",
|
|
v1.ServiceAccountUIDKey: "12345",
|
|
},
|
|
},
|
|
Type: v1.SecretTypeOpaque,
|
|
}
|
|
|
|
saIns := &v1.ServiceAccount{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: "default",
|
|
UID: "12345",
|
|
Namespace: "default",
|
|
ResourceVersion: "1",
|
|
},
|
|
}
|
|
|
|
saInsNameNotEqual := &v1.ServiceAccount{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: "non-default",
|
|
UID: "12345",
|
|
Namespace: "default",
|
|
ResourceVersion: "1",
|
|
},
|
|
}
|
|
|
|
saInsUIDNotEqual := &v1.ServiceAccount{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: "default",
|
|
UID: "67890",
|
|
Namespace: "default",
|
|
ResourceVersion: "1",
|
|
},
|
|
}
|
|
|
|
tests := map[string]struct {
|
|
secret *v1.Secret
|
|
sa *v1.ServiceAccount
|
|
expect bool
|
|
}{
|
|
"correct service account": {
|
|
secret: secretIns,
|
|
sa: saIns,
|
|
expect: true,
|
|
},
|
|
"service account name not equal": {
|
|
secret: secretIns,
|
|
sa: saInsNameNotEqual,
|
|
expect: false,
|
|
},
|
|
"service account uid not equal": {
|
|
secret: secretIns,
|
|
sa: saInsUIDNotEqual,
|
|
expect: false,
|
|
},
|
|
"service account type not equal": {
|
|
secret: secretTypeMistmatch,
|
|
sa: saIns,
|
|
expect: false,
|
|
},
|
|
}
|
|
|
|
for k, v := range tests {
|
|
actual := IsServiceAccountToken(v.secret, v.sa)
|
|
if actual != v.expect {
|
|
t.Errorf("%s failed, expected %t but received %t", k, v.expect, actual)
|
|
}
|
|
}
|
|
|
|
}
|