secrets_test.go

Documentation: k8s.io/cluster-bootstrap/util/secrets

     1  /*
     2  Copyright 2019 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package secrets
    18  
    19  import (
    20  	"reflect"
    21  	"testing"
    22  
    23  	"k8s.io/api/core/v1"
    24  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    25  	bootstrapapi "k8s.io/cluster-bootstrap/token/api"
    26  )
    27  
    28  func TestGetSecretString(t *testing.T) {
    29  	var tests = []struct {
    30  		name        string
    31  		secret      *v1.Secret
    32  		key         string
    33  		expectedVal string
    34  	}{
    35  		{
    36  			name: "existing key",
    37  			secret: &v1.Secret{
    38  				ObjectMeta: metav1.ObjectMeta{Name: "foo"},
    39  				Data: map[string][]byte{
    40  					"foo": []byte("bar"),
    41  				},
    42  			},
    43  			key:         "foo",
    44  			expectedVal: "bar",
    45  		},
    46  		{
    47  			name: "non-existing key",
    48  			secret: &v1.Secret{
    49  				ObjectMeta: metav1.ObjectMeta{Name: "foo"},
    50  				Data: map[string][]byte{
    51  					"foo": []byte("bar"),
    52  				},
    53  			},
    54  			key:         "baz",
    55  			expectedVal: "",
    56  		},
    57  		{
    58  			name: "no data",
    59  			secret: &v1.Secret{
    60  				ObjectMeta: metav1.ObjectMeta{Name: "foo"},
    61  			},
    62  			key:         "foo",
    63  			expectedVal: "",
    64  		},
    65  	}
    66  	for _, rt := range tests {
    67  		t.Run(rt.name, func(t *testing.T) {
    68  			actual := GetData(rt.secret, rt.key)
    69  			if actual != rt.expectedVal {
    70  				t.Errorf(
    71  					"failed getSecretString:\n\texpected: %s\n\t  actual: %s",
    72  					rt.expectedVal,
    73  					actual,
    74  				)
    75  			}
    76  		})
    77  	}
    78  }
    79  
    80  func TestParseSecretName(t *testing.T) {
    81  	tokenID, ok := ParseName("bootstrap-token-abc123")
    82  	if !ok {
    83  		t.Error("ParseName should accept valid name")
    84  	}
    85  	if tokenID != "abc123" {
    86  		t.Error("ParseName should return token ID")
    87  	}
    88  
    89  	_, ok = ParseName("")
    90  	if ok {
    91  		t.Error("ParseName should reject blank name")
    92  	}
    93  
    94  	_, ok = ParseName("abc123")
    95  	if ok {
    96  		t.Error("ParseName should reject with no prefix")
    97  	}
    98  
    99  	_, ok = ParseName("bootstrap-token-")
   100  	if ok {
   101  		t.Error("ParseName should reject no token ID")
   102  	}
   103  
   104  	_, ok = ParseName("bootstrap-token-abc")
   105  	if ok {
   106  		t.Error("ParseName should reject short token ID")
   107  	}
   108  
   109  	_, ok = ParseName("bootstrap-token-abc123ghi")
   110  	if ok {
   111  		t.Error("ParseName should reject long token ID")
   112  	}
   113  
   114  	_, ok = ParseName("bootstrap-token-ABC123")
   115  	if ok {
   116  		t.Error("ParseName should reject invalid token ID")
   117  	}
   118  }
   119  
   120  func TestGetGroups(t *testing.T) {
   121  	tests := []struct {
   122  		name         string
   123  		secret       *v1.Secret
   124  		expectResult []string
   125  		expectError  bool
   126  	}{
   127  		{
   128  			name: "not set",
   129  			secret: &v1.Secret{
   130  				ObjectMeta: metav1.ObjectMeta{Name: "test"},
   131  				Data:       map[string][]byte{},
   132  			},
   133  			expectResult: []string{"system:bootstrappers"},
   134  		},
   135  		{
   136  			name: "set to empty value",
   137  			secret: &v1.Secret{
   138  				ObjectMeta: metav1.ObjectMeta{Name: "test"},
   139  				Data: map[string][]byte{
   140  					bootstrapapi.BootstrapTokenExtraGroupsKey: []byte(""),
   141  				},
   142  			},
   143  			expectResult: []string{"system:bootstrappers"},
   144  		},
   145  		{
   146  			name: "invalid prefix",
   147  			secret: &v1.Secret{
   148  				ObjectMeta: metav1.ObjectMeta{Name: "test"},
   149  				Data: map[string][]byte{
   150  					bootstrapapi.BootstrapTokenExtraGroupsKey: []byte("foo"),
   151  				},
   152  			},
   153  			expectError: true,
   154  		},
   155  		{
   156  			name: "valid",
   157  			secret: &v1.Secret{
   158  				ObjectMeta: metav1.ObjectMeta{Name: "test"},
   159  				Data: map[string][]byte{
   160  					bootstrapapi.BootstrapTokenExtraGroupsKey: []byte("system:bootstrappers:foo,system:bootstrappers:bar,system:bootstrappers:bar"),
   161  				},
   162  			},
   163  			// expect the results in deduplicated, sorted order
   164  			expectResult: []string{
   165  				"system:bootstrappers",
   166  				"system:bootstrappers:bar",
   167  				"system:bootstrappers:foo",
   168  			},
   169  		},
   170  	}
   171  	for _, test := range tests {
   172  		result, err := GetGroups(test.secret)
   173  		if test.expectError {
   174  			if err == nil {
   175  				t.Errorf("test %q expected an error, but didn't get one (result: %#v)", test.name, result)
   176  			}
   177  			continue
   178  		}
   179  		if err != nil {
   180  			t.Errorf("test %q return an unexpected error: %v", test.name, err)
   181  			continue
   182  		}
   183  		if !reflect.DeepEqual(result, test.expectResult) {
   184  			t.Errorf("test %q expected %#v, got %#v", test.name, test.expectResult, result)
   185  		}
   186  	}
   187  }
   188
View as plain text