github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-10-30 21:30:16 +00:00
Code Issues Projects Releases Wiki Activity
Files
cd91e59f7c351fce47c064a5162c2cb79075159c
kubernetes/cmd/kube-controller-manager/app/certificates_test.go

310 lines
12 KiB
Go
Raw Blame History

/*
Copyright 2020 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package app
import (
"testing"
"time"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
csrsigningconfig "k8s.io/kubernetes/pkg/controller/certificates/signer/config"
)
func TestCertSpecified(t *testing.T) {
allConfig := csrsigningconfig.CSRSigningControllerConfiguration{
ClusterSigningCertFile: "/cluster-signing-cert",
ClusterSigningKeyFile: "/cluster-signing-key",
ClusterSigningDuration: metav1.Duration{Duration: 10 * time.Hour},
KubeletServingSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
CertFile: "/cluster-signing-kubelet-serving/cert-file",
KeyFile: "/cluster-signing-kubelet-serving/key-file",
},
KubeletClientSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
CertFile: "/cluster-signing-kubelet-client/cert-file",
KeyFile: "/cluster-signing-kubelet-client/key-file",
},
KubeAPIServerClientSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
CertFile: "/cluster-signing-kube-apiserver-client/cert-file",
KeyFile: "/cluster-signing-kube-apiserver-client/key-file",
},
LegacyUnknownSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
CertFile: "/cluster-signing-legacy-unknown/cert-file",
KeyFile: "/cluster-signing-legacy-unknown/key-file",
},
}
defaultOnly := csrsigningconfig.CSRSigningControllerConfiguration{
ClusterSigningCertFile: "/cluster-signing-cert",
ClusterSigningKeyFile: "/cluster-signing-key",
ClusterSigningDuration: metav1.Duration{Duration: 10 * time.Hour},
}
specifiedOnly := csrsigningconfig.CSRSigningControllerConfiguration{
KubeletServingSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
CertFile: "/cluster-signing-kubelet-serving/cert-file",
KeyFile: "/cluster-signing-kubelet-serving/key-file",
},
KubeletClientSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
CertFile: "/cluster-signing-kubelet-client/cert-file",
KeyFile: "/cluster-signing-kubelet-client/key-file",
},
KubeAPIServerClientSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
CertFile: "/cluster-signing-kube-apiserver-client/cert-file",
KeyFile: "/cluster-signing-kube-apiserver-client/key-file",
},
LegacyUnknownSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
CertFile: "/cluster-signing-legacy-unknown/cert-file",
KeyFile: "/cluster-signing-legacy-unknown/key-file",
},
}
halfASpecified := csrsigningconfig.CSRSigningControllerConfiguration{
ClusterSigningCertFile: "/cluster-signing-cert",
ClusterSigningKeyFile: "/cluster-signing-key",
ClusterSigningDuration: metav1.Duration{Duration: 10 * time.Hour},
KubeletServingSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
CertFile: "/cluster-signing-kubelet-serving/cert-file",
KeyFile: "/cluster-signing-kubelet-serving/key-file",
},
KubeletClientSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
CertFile: "/cluster-signing-kubelet-client/cert-file",
KeyFile: "/cluster-signing-kubelet-client/key-file",
},
}
halfBSpecified := csrsigningconfig.CSRSigningControllerConfiguration{
ClusterSigningCertFile: "/cluster-signing-cert",
ClusterSigningKeyFile: "/cluster-signing-key",
ClusterSigningDuration: metav1.Duration{Duration: 10 * time.Hour},
KubeAPIServerClientSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
CertFile: "/cluster-signing-kube-apiserver-client/cert-file",
KeyFile: "/cluster-signing-kube-apiserver-client/key-file",
},
LegacyUnknownSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
CertFile: "/cluster-signing-legacy-unknown/cert-file",
KeyFile: "/cluster-signing-legacy-unknown/key-file",
},
}
tests := []struct {
name string
config csrsigningconfig.CSRSigningControllerConfiguration
specifiedFn func(config csrsigningconfig.CSRSigningControllerConfiguration) bool
expectedSpecified bool
filesFn func(config csrsigningconfig.CSRSigningControllerConfiguration) (string, string)
expectedCert string
expectedKey string
}{
{
name: "allConfig-KubeletServingSignerFilesSpecified",
config: allConfig,
specifiedFn: areKubeletServingSignerFilesSpecified,
expectedSpecified: true,
filesFn: getKubeletServingSignerFiles,
expectedCert: "/cluster-signing-kubelet-serving/cert-file",
expectedKey: "/cluster-signing-kubelet-serving/key-file",
},
{
name: "defaultOnly-KubeletServingSignerFilesSpecified",
config: defaultOnly,
specifiedFn: areKubeletServingSignerFilesSpecified,
expectedSpecified: false,
filesFn: getKubeletServingSignerFiles,
expectedCert: "/cluster-signing-cert",
expectedKey: "/cluster-signing-key",
},
{
name: "specifiedOnly-KubeletServingSignerFilesSpecified",
config: specifiedOnly,
specifiedFn: areKubeletServingSignerFilesSpecified,
expectedSpecified: true,
filesFn: getKubeletServingSignerFiles,
expectedCert: "/cluster-signing-kubelet-serving/cert-file",
expectedKey: "/cluster-signing-kubelet-serving/key-file",
},
{
name: "halfASpecified-KubeletServingSignerFilesSpecified",
config: halfASpecified,
specifiedFn: areKubeletServingSignerFilesSpecified,
expectedSpecified: true,
filesFn: getKubeletServingSignerFiles,
expectedCert: "/cluster-signing-kubelet-serving/cert-file",
expectedKey: "/cluster-signing-kubelet-serving/key-file",
},
{
name: "halfBSpecified-KubeletServingSignerFilesSpecified",
config: halfBSpecified,
specifiedFn: areKubeletServingSignerFilesSpecified,
expectedSpecified: false,
filesFn: getKubeletServingSignerFiles,
expectedCert: "",
expectedKey: "",
},
{
name: "allConfig-KubeletClientSignerFiles",
config: allConfig,
specifiedFn: areKubeletClientSignerFilesSpecified,
expectedSpecified: true,
filesFn: getKubeletClientSignerFiles,
expectedCert: "/cluster-signing-kubelet-client/cert-file",
expectedKey: "/cluster-signing-kubelet-client/key-file",
},
{
name: "defaultOnly-KubeletClientSignerFiles",
config: defaultOnly,
specifiedFn: areKubeletClientSignerFilesSpecified,
expectedSpecified: false,
filesFn: getKubeletClientSignerFiles,
expectedCert: "/cluster-signing-cert",
expectedKey: "/cluster-signing-key",
},
{
name: "specifiedOnly-KubeletClientSignerFiles",
config: specifiedOnly,
specifiedFn: areKubeletClientSignerFilesSpecified,
expectedSpecified: true,
filesFn: getKubeletClientSignerFiles,
expectedCert: "/cluster-signing-kubelet-client/cert-file",
expectedKey: "/cluster-signing-kubelet-client/key-file",
},
{
name: "halfASpecified-KubeletClientSignerFiles",
config: halfASpecified,
specifiedFn: areKubeletClientSignerFilesSpecified,
expectedSpecified: true,
filesFn: getKubeletClientSignerFiles,
expectedCert: "/cluster-signing-kubelet-client/cert-file",
expectedKey: "/cluster-signing-kubelet-client/key-file",
},
{
name: "halfBSpecified-KubeletClientSignerFiles",
config: halfBSpecified,
specifiedFn: areKubeletClientSignerFilesSpecified,
expectedSpecified: false,
filesFn: getKubeletClientSignerFiles,
expectedCert: "",
expectedKey: "",
},
{
name: "allConfig-KubeletClientSignerFiles",
config: allConfig,
specifiedFn: areKubeAPIServerClientSignerFilesSpecified,
expectedSpecified: true,
filesFn: getKubeAPIServerClientSignerFiles,
expectedCert: "/cluster-signing-kube-apiserver-client/cert-file",
expectedKey: "/cluster-signing-kube-apiserver-client/key-file",
},
{
name: "defaultOnly-KubeletClientSignerFiles",
config: defaultOnly,
specifiedFn: areKubeAPIServerClientSignerFilesSpecified,
expectedSpecified: false,
filesFn: getKubeAPIServerClientSignerFiles,
expectedCert: "/cluster-signing-cert",
expectedKey: "/cluster-signing-key",
},
{
name: "specifiedOnly-KubeletClientSignerFiles",
config: specifiedOnly,
specifiedFn: areKubeAPIServerClientSignerFilesSpecified,
expectedSpecified: true,
filesFn: getKubeAPIServerClientSignerFiles,
expectedCert: "/cluster-signing-kube-apiserver-client/cert-file",
expectedKey: "/cluster-signing-kube-apiserver-client/key-file",
},
{
name: "halfASpecified-KubeletClientSignerFiles",
config: halfASpecified,
specifiedFn: areKubeAPIServerClientSignerFilesSpecified,
expectedSpecified: false,
filesFn: getKubeAPIServerClientSignerFiles,
expectedCert: "",
expectedKey: "",
},
{
name: "halfBSpecified-KubeletClientSignerFiles",
config: halfBSpecified,
specifiedFn: areKubeAPIServerClientSignerFilesSpecified,
expectedSpecified: true,
filesFn: getKubeAPIServerClientSignerFiles,
expectedCert: "/cluster-signing-kube-apiserver-client/cert-file",
expectedKey: "/cluster-signing-kube-apiserver-client/key-file",
},
{
name: "allConfig-LegacyUnknownSignerFiles",
config: allConfig,
specifiedFn: areLegacyUnknownSignerFilesSpecified,
expectedSpecified: true,
filesFn: getLegacyUnknownSignerFiles,
expectedCert: "/cluster-signing-legacy-unknown/cert-file",
expectedKey: "/cluster-signing-legacy-unknown/key-file",
},
{
name: "defaultOnly-LegacyUnknownSignerFiles",
config: defaultOnly,
specifiedFn: areLegacyUnknownSignerFilesSpecified,
expectedSpecified: false,
filesFn: getLegacyUnknownSignerFiles,
expectedCert: "/cluster-signing-cert",
expectedKey: "/cluster-signing-key",
},
{
name: "specifiedOnly-LegacyUnknownSignerFiles",
config: specifiedOnly,
specifiedFn: areLegacyUnknownSignerFilesSpecified,
expectedSpecified: true,
filesFn: getLegacyUnknownSignerFiles,
expectedCert: "/cluster-signing-legacy-unknown/cert-file",
expectedKey: "/cluster-signing-legacy-unknown/key-file",
},
{
name: "halfASpecified-LegacyUnknownSignerFiles",
config: halfASpecified,
specifiedFn: areLegacyUnknownSignerFilesSpecified,
expectedSpecified: false,
filesFn: getLegacyUnknownSignerFiles,
expectedCert: "",
expectedKey: "",
},
{
name: "halfBSpecified-LegacyUnknownSignerFiles",
config: halfBSpecified,
specifiedFn: areLegacyUnknownSignerFilesSpecified,
expectedSpecified: true,
filesFn: getLegacyUnknownSignerFiles,
expectedCert: "/cluster-signing-legacy-unknown/cert-file",
expectedKey: "/cluster-signing-legacy-unknown/key-file",
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
actualSpecified := test.specifiedFn(test.config)
if actualSpecified != test.expectedSpecified {
t.Error(actualSpecified)
}
actualCert, actualKey := test.filesFn(test.config)
if actualCert != test.expectedCert {
t.Error(actualCert)
}
if actualKey != test.expectedKey {
t.Error(actualKey)
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink