Source file src/k8s.io/kubernetes/cmd/kube-controller-manager/app/certificates_test.go

Documentation: k8s.io/kubernetes/cmd/kube-controller-manager/app

     1  /*
     2  Copyright 2020 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package app
    18  
    19  import (
    20  	"testing"
    21  	"time"
    22  
    23  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    24  	csrsigningconfig "k8s.io/kubernetes/pkg/controller/certificates/signer/config"
    25  )
    26  
    27  func TestCertSpecified(t *testing.T) {
    28  	allConfig := csrsigningconfig.CSRSigningControllerConfiguration{
    29  		ClusterSigningCertFile: "/cluster-signing-cert",
    30  		ClusterSigningKeyFile:  "/cluster-signing-key",
    31  		ClusterSigningDuration: metav1.Duration{Duration: 10 * time.Hour},
    32  		KubeletServingSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
    33  			CertFile: "/cluster-signing-kubelet-serving/cert-file",
    34  			KeyFile:  "/cluster-signing-kubelet-serving/key-file",
    35  		},
    36  		KubeletClientSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
    37  			CertFile: "/cluster-signing-kubelet-client/cert-file",
    38  			KeyFile:  "/cluster-signing-kubelet-client/key-file",
    39  		},
    40  		KubeAPIServerClientSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
    41  			CertFile: "/cluster-signing-kube-apiserver-client/cert-file",
    42  			KeyFile:  "/cluster-signing-kube-apiserver-client/key-file",
    43  		},
    44  		LegacyUnknownSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
    45  			CertFile: "/cluster-signing-legacy-unknown/cert-file",
    46  			KeyFile:  "/cluster-signing-legacy-unknown/key-file",
    47  		},
    48  	}
    49  	defaultOnly := csrsigningconfig.CSRSigningControllerConfiguration{
    50  		ClusterSigningCertFile: "/cluster-signing-cert",
    51  		ClusterSigningKeyFile:  "/cluster-signing-key",
    52  		ClusterSigningDuration: metav1.Duration{Duration: 10 * time.Hour},
    53  	}
    54  	specifiedOnly := csrsigningconfig.CSRSigningControllerConfiguration{
    55  		KubeletServingSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
    56  			CertFile: "/cluster-signing-kubelet-serving/cert-file",
    57  			KeyFile:  "/cluster-signing-kubelet-serving/key-file",
    58  		},
    59  		KubeletClientSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
    60  			CertFile: "/cluster-signing-kubelet-client/cert-file",
    61  			KeyFile:  "/cluster-signing-kubelet-client/key-file",
    62  		},
    63  		KubeAPIServerClientSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
    64  			CertFile: "/cluster-signing-kube-apiserver-client/cert-file",
    65  			KeyFile:  "/cluster-signing-kube-apiserver-client/key-file",
    66  		},
    67  		LegacyUnknownSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
    68  			CertFile: "/cluster-signing-legacy-unknown/cert-file",
    69  			KeyFile:  "/cluster-signing-legacy-unknown/key-file",
    70  		},
    71  	}
    72  	halfASpecified := csrsigningconfig.CSRSigningControllerConfiguration{
    73  		ClusterSigningCertFile: "/cluster-signing-cert",
    74  		ClusterSigningKeyFile:  "/cluster-signing-key",
    75  		ClusterSigningDuration: metav1.Duration{Duration: 10 * time.Hour},
    76  		KubeletServingSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
    77  			CertFile: "/cluster-signing-kubelet-serving/cert-file",
    78  			KeyFile:  "/cluster-signing-kubelet-serving/key-file",
    79  		},
    80  		KubeletClientSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
    81  			CertFile: "/cluster-signing-kubelet-client/cert-file",
    82  			KeyFile:  "/cluster-signing-kubelet-client/key-file",
    83  		},
    84  	}
    85  	halfBSpecified := csrsigningconfig.CSRSigningControllerConfiguration{
    86  		ClusterSigningCertFile: "/cluster-signing-cert",
    87  		ClusterSigningKeyFile:  "/cluster-signing-key",
    88  		ClusterSigningDuration: metav1.Duration{Duration: 10 * time.Hour},
    89  		KubeAPIServerClientSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
    90  			CertFile: "/cluster-signing-kube-apiserver-client/cert-file",
    91  			KeyFile:  "/cluster-signing-kube-apiserver-client/key-file",
    92  		},
    93  		LegacyUnknownSignerConfiguration: csrsigningconfig.CSRSigningConfiguration{
    94  			CertFile: "/cluster-signing-legacy-unknown/cert-file",
    95  			KeyFile:  "/cluster-signing-legacy-unknown/key-file",
    96  		},
    97  	}
    98  
    99  	tests := []struct {
   100  		name              string
   101  		config            csrsigningconfig.CSRSigningControllerConfiguration
   102  		specifiedFn       func(config csrsigningconfig.CSRSigningControllerConfiguration) bool
   103  		expectedSpecified bool
   104  		filesFn           func(config csrsigningconfig.CSRSigningControllerConfiguration) (string, string)
   105  		expectedCert      string
   106  		expectedKey       string
   107  	}{
   108  		{
   109  			name:              "allConfig-KubeletServingSignerFilesSpecified",
   110  			config:            allConfig,
   111  			specifiedFn:       areKubeletServingSignerFilesSpecified,
   112  			expectedSpecified: true,
   113  			filesFn:           getKubeletServingSignerFiles,
   114  			expectedCert:      "/cluster-signing-kubelet-serving/cert-file",
   115  			expectedKey:       "/cluster-signing-kubelet-serving/key-file",
   116  		},
   117  		{
   118  			name:              "defaultOnly-KubeletServingSignerFilesSpecified",
   119  			config:            defaultOnly,
   120  			specifiedFn:       areKubeletServingSignerFilesSpecified,
   121  			expectedSpecified: false,
   122  			filesFn:           getKubeletServingSignerFiles,
   123  			expectedCert:      "/cluster-signing-cert",
   124  			expectedKey:       "/cluster-signing-key",
   125  		},
   126  		{
   127  			name:              "specifiedOnly-KubeletServingSignerFilesSpecified",
   128  			config:            specifiedOnly,
   129  			specifiedFn:       areKubeletServingSignerFilesSpecified,
   130  			expectedSpecified: true,
   131  			filesFn:           getKubeletServingSignerFiles,
   132  			expectedCert:      "/cluster-signing-kubelet-serving/cert-file",
   133  			expectedKey:       "/cluster-signing-kubelet-serving/key-file",
   134  		},
   135  		{
   136  			name:              "halfASpecified-KubeletServingSignerFilesSpecified",
   137  			config:            halfASpecified,
   138  			specifiedFn:       areKubeletServingSignerFilesSpecified,
   139  			expectedSpecified: true,
   140  			filesFn:           getKubeletServingSignerFiles,
   141  			expectedCert:      "/cluster-signing-kubelet-serving/cert-file",
   142  			expectedKey:       "/cluster-signing-kubelet-serving/key-file",
   143  		},
   144  		{
   145  			name:              "halfBSpecified-KubeletServingSignerFilesSpecified",
   146  			config:            halfBSpecified,
   147  			specifiedFn:       areKubeletServingSignerFilesSpecified,
   148  			expectedSpecified: false,
   149  			filesFn:           getKubeletServingSignerFiles,
   150  			expectedCert:      "",
   151  			expectedKey:       "",
   152  		},
   153  
   154  		{
   155  			name:              "allConfig-KubeletClientSignerFiles",
   156  			config:            allConfig,
   157  			specifiedFn:       areKubeletClientSignerFilesSpecified,
   158  			expectedSpecified: true,
   159  			filesFn:           getKubeletClientSignerFiles,
   160  			expectedCert:      "/cluster-signing-kubelet-client/cert-file",
   161  			expectedKey:       "/cluster-signing-kubelet-client/key-file",
   162  		},
   163  		{
   164  			name:              "defaultOnly-KubeletClientSignerFiles",
   165  			config:            defaultOnly,
   166  			specifiedFn:       areKubeletClientSignerFilesSpecified,
   167  			expectedSpecified: false,
   168  			filesFn:           getKubeletClientSignerFiles,
   169  			expectedCert:      "/cluster-signing-cert",
   170  			expectedKey:       "/cluster-signing-key",
   171  		},
   172  		{
   173  			name:              "specifiedOnly-KubeletClientSignerFiles",
   174  			config:            specifiedOnly,
   175  			specifiedFn:       areKubeletClientSignerFilesSpecified,
   176  			expectedSpecified: true,
   177  			filesFn:           getKubeletClientSignerFiles,
   178  			expectedCert:      "/cluster-signing-kubelet-client/cert-file",
   179  			expectedKey:       "/cluster-signing-kubelet-client/key-file",
   180  		},
   181  		{
   182  			name:              "halfASpecified-KubeletClientSignerFiles",
   183  			config:            halfASpecified,
   184  			specifiedFn:       areKubeletClientSignerFilesSpecified,
   185  			expectedSpecified: true,
   186  			filesFn:           getKubeletClientSignerFiles,
   187  			expectedCert:      "/cluster-signing-kubelet-client/cert-file",
   188  			expectedKey:       "/cluster-signing-kubelet-client/key-file",
   189  		},
   190  		{
   191  			name:              "halfBSpecified-KubeletClientSignerFiles",
   192  			config:            halfBSpecified,
   193  			specifiedFn:       areKubeletClientSignerFilesSpecified,
   194  			expectedSpecified: false,
   195  			filesFn:           getKubeletClientSignerFiles,
   196  			expectedCert:      "",
   197  			expectedKey:       "",
   198  		},
   199  
   200  		{
   201  			name:              "allConfig-KubeletClientSignerFiles",
   202  			config:            allConfig,
   203  			specifiedFn:       areKubeAPIServerClientSignerFilesSpecified,
   204  			expectedSpecified: true,
   205  			filesFn:           getKubeAPIServerClientSignerFiles,
   206  			expectedCert:      "/cluster-signing-kube-apiserver-client/cert-file",
   207  			expectedKey:       "/cluster-signing-kube-apiserver-client/key-file",
   208  		},
   209  		{
   210  			name:              "defaultOnly-KubeletClientSignerFiles",
   211  			config:            defaultOnly,
   212  			specifiedFn:       areKubeAPIServerClientSignerFilesSpecified,
   213  			expectedSpecified: false,
   214  			filesFn:           getKubeAPIServerClientSignerFiles,
   215  			expectedCert:      "/cluster-signing-cert",
   216  			expectedKey:       "/cluster-signing-key",
   217  		},
   218  		{
   219  			name:              "specifiedOnly-KubeletClientSignerFiles",
   220  			config:            specifiedOnly,
   221  			specifiedFn:       areKubeAPIServerClientSignerFilesSpecified,
   222  			expectedSpecified: true,
   223  			filesFn:           getKubeAPIServerClientSignerFiles,
   224  			expectedCert:      "/cluster-signing-kube-apiserver-client/cert-file",
   225  			expectedKey:       "/cluster-signing-kube-apiserver-client/key-file",
   226  		},
   227  		{
   228  			name:              "halfASpecified-KubeletClientSignerFiles",
   229  			config:            halfASpecified,
   230  			specifiedFn:       areKubeAPIServerClientSignerFilesSpecified,
   231  			expectedSpecified: false,
   232  			filesFn:           getKubeAPIServerClientSignerFiles,
   233  			expectedCert:      "",
   234  			expectedKey:       "",
   235  		},
   236  		{
   237  			name:              "halfBSpecified-KubeletClientSignerFiles",
   238  			config:            halfBSpecified,
   239  			specifiedFn:       areKubeAPIServerClientSignerFilesSpecified,
   240  			expectedSpecified: true,
   241  			filesFn:           getKubeAPIServerClientSignerFiles,
   242  			expectedCert:      "/cluster-signing-kube-apiserver-client/cert-file",
   243  			expectedKey:       "/cluster-signing-kube-apiserver-client/key-file",
   244  		},
   245  
   246  		{
   247  			name:              "allConfig-LegacyUnknownSignerFiles",
   248  			config:            allConfig,
   249  			specifiedFn:       areLegacyUnknownSignerFilesSpecified,
   250  			expectedSpecified: true,
   251  			filesFn:           getLegacyUnknownSignerFiles,
   252  			expectedCert:      "/cluster-signing-legacy-unknown/cert-file",
   253  			expectedKey:       "/cluster-signing-legacy-unknown/key-file",
   254  		},
   255  		{
   256  			name:              "defaultOnly-LegacyUnknownSignerFiles",
   257  			config:            defaultOnly,
   258  			specifiedFn:       areLegacyUnknownSignerFilesSpecified,
   259  			expectedSpecified: false,
   260  			filesFn:           getLegacyUnknownSignerFiles,
   261  			expectedCert:      "/cluster-signing-cert",
   262  			expectedKey:       "/cluster-signing-key",
   263  		},
   264  		{
   265  			name:              "specifiedOnly-LegacyUnknownSignerFiles",
   266  			config:            specifiedOnly,
   267  			specifiedFn:       areLegacyUnknownSignerFilesSpecified,
   268  			expectedSpecified: true,
   269  			filesFn:           getLegacyUnknownSignerFiles,
   270  			expectedCert:      "/cluster-signing-legacy-unknown/cert-file",
   271  			expectedKey:       "/cluster-signing-legacy-unknown/key-file",
   272  		},
   273  		{
   274  			name:              "halfASpecified-LegacyUnknownSignerFiles",
   275  			config:            halfASpecified,
   276  			specifiedFn:       areLegacyUnknownSignerFilesSpecified,
   277  			expectedSpecified: false,
   278  			filesFn:           getLegacyUnknownSignerFiles,
   279  			expectedCert:      "",
   280  			expectedKey:       "",
   281  		},
   282  		{
   283  			name:              "halfBSpecified-LegacyUnknownSignerFiles",
   284  			config:            halfBSpecified,
   285  			specifiedFn:       areLegacyUnknownSignerFilesSpecified,
   286  			expectedSpecified: true,
   287  			filesFn:           getLegacyUnknownSignerFiles,
   288  			expectedCert:      "/cluster-signing-legacy-unknown/cert-file",
   289  			expectedKey:       "/cluster-signing-legacy-unknown/key-file",
   290  		},
   291  	}
   292  
   293  	for _, test := range tests {
   294  		t.Run(test.name, func(t *testing.T) {
   295  			actualSpecified := test.specifiedFn(test.config)
   296  			if actualSpecified != test.expectedSpecified {
   297  				t.Error(actualSpecified)
   298  			}
   299  
   300  			actualCert, actualKey := test.filesFn(test.config)
   301  			if actualCert != test.expectedCert {
   302  				t.Error(actualCert)
   303  			}
   304  			if actualKey != test.expectedKey {
   305  				t.Error(actualKey)
   306  			}
   307  		})
   308  	}
   309  }
   310  

View as plain text