bootstrapsigner_test.go

Documentation: k8s.io/kubernetes/pkg/controller/bootstrap

     1  /*
     2  Copyright 2016 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package bootstrap
    18  
    19  import (
    20  	"context"
    21  	"testing"
    22  
    23  	v1 "k8s.io/api/core/v1"
    24  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    25  	"k8s.io/apimachinery/pkg/runtime/schema"
    26  	"k8s.io/client-go/informers"
    27  	coreinformers "k8s.io/client-go/informers/core/v1"
    28  	"k8s.io/client-go/kubernetes/fake"
    29  	core "k8s.io/client-go/testing"
    30  	bootstrapapi "k8s.io/cluster-bootstrap/token/api"
    31  	api "k8s.io/kubernetes/pkg/apis/core"
    32  	"k8s.io/kubernetes/pkg/controller"
    33  )
    34  
    35  const testTokenID = "abc123"
    36  
    37  func newSigner() (*Signer, *fake.Clientset, coreinformers.SecretInformer, coreinformers.ConfigMapInformer, error) {
    38  	options := DefaultSignerOptions()
    39  	cl := fake.NewSimpleClientset()
    40  	informers := informers.NewSharedInformerFactory(fake.NewSimpleClientset(), controller.NoResyncPeriodFunc())
    41  	secrets := informers.Core().V1().Secrets()
    42  	configMaps := informers.Core().V1().ConfigMaps()
    43  	bsc, err := NewSigner(cl, secrets, configMaps, options)
    44  	if err != nil {
    45  		return nil, nil, nil, nil, err
    46  	}
    47  	return bsc, cl, secrets, configMaps, nil
    48  }
    49  
    50  func newConfigMap(tokenID, signature string) *v1.ConfigMap {
    51  	ret := &v1.ConfigMap{
    52  		ObjectMeta: metav1.ObjectMeta{
    53  			Namespace:       metav1.NamespacePublic,
    54  			Name:            bootstrapapi.ConfigMapClusterInfo,
    55  			ResourceVersion: "1",
    56  		},
    57  		Data: map[string]string{
    58  			bootstrapapi.KubeConfigKey: "payload",
    59  		},
    60  	}
    61  	if len(tokenID) > 0 {
    62  		ret.Data[bootstrapapi.JWSSignatureKeyPrefix+tokenID] = signature
    63  	}
    64  	return ret
    65  }
    66  
    67  func TestNoConfigMap(t *testing.T) {
    68  	signer, cl, _, _, err := newSigner()
    69  	if err != nil {
    70  		t.Fatalf("error creating Signer: %v", err)
    71  	}
    72  	signer.signConfigMap(context.TODO())
    73  	verifyActions(t, []core.Action{}, cl.Actions())
    74  }
    75  
    76  func TestSimpleSign(t *testing.T) {
    77  	signer, cl, secrets, configMaps, err := newSigner()
    78  	if err != nil {
    79  		t.Fatalf("error creating Signer: %v", err)
    80  	}
    81  
    82  	cm := newConfigMap("", "")
    83  	configMaps.Informer().GetIndexer().Add(cm)
    84  
    85  	secret := newTokenSecret(testTokenID, "tokenSecret")
    86  	addSecretSigningUsage(secret, "true")
    87  	secrets.Informer().GetIndexer().Add(secret)
    88  
    89  	signer.signConfigMap(context.TODO())
    90  
    91  	expected := []core.Action{
    92  		core.NewUpdateAction(schema.GroupVersionResource{Version: "v1", Resource: "configmaps"},
    93  			api.NamespacePublic,
    94  			newConfigMap(testTokenID, "eyJhbGciOiJIUzI1NiIsImtpZCI6ImFiYzEyMyJ9..QSxpUG7Q542CirTI2ECPSZjvBOJURUW5a7XqFpNI958")),
    95  	}
    96  
    97  	verifyActions(t, expected, cl.Actions())
    98  }
    99  
   100  func TestNoSignNeeded(t *testing.T) {
   101  	signer, cl, secrets, configMaps, err := newSigner()
   102  	if err != nil {
   103  		t.Fatalf("error creating Signer: %v", err)
   104  	}
   105  
   106  	cm := newConfigMap(testTokenID, "eyJhbGciOiJIUzI1NiIsImtpZCI6ImFiYzEyMyJ9..QSxpUG7Q542CirTI2ECPSZjvBOJURUW5a7XqFpNI958")
   107  	configMaps.Informer().GetIndexer().Add(cm)
   108  
   109  	secret := newTokenSecret(testTokenID, "tokenSecret")
   110  	addSecretSigningUsage(secret, "true")
   111  	secrets.Informer().GetIndexer().Add(secret)
   112  
   113  	signer.signConfigMap(context.TODO())
   114  
   115  	verifyActions(t, []core.Action{}, cl.Actions())
   116  }
   117  
   118  func TestUpdateSignature(t *testing.T) {
   119  	signer, cl, secrets, configMaps, err := newSigner()
   120  	if err != nil {
   121  		t.Fatalf("error creating Signer: %v", err)
   122  	}
   123  
   124  	cm := newConfigMap(testTokenID, "old signature")
   125  	configMaps.Informer().GetIndexer().Add(cm)
   126  
   127  	secret := newTokenSecret(testTokenID, "tokenSecret")
   128  	addSecretSigningUsage(secret, "true")
   129  	secrets.Informer().GetIndexer().Add(secret)
   130  
   131  	signer.signConfigMap(context.TODO())
   132  
   133  	expected := []core.Action{
   134  		core.NewUpdateAction(schema.GroupVersionResource{Version: "v1", Resource: "configmaps"},
   135  			api.NamespacePublic,
   136  			newConfigMap(testTokenID, "eyJhbGciOiJIUzI1NiIsImtpZCI6ImFiYzEyMyJ9..QSxpUG7Q542CirTI2ECPSZjvBOJURUW5a7XqFpNI958")),
   137  	}
   138  
   139  	verifyActions(t, expected, cl.Actions())
   140  }
   141  
   142  func TestRemoveSignature(t *testing.T) {
   143  	signer, cl, _, configMaps, err := newSigner()
   144  	if err != nil {
   145  		t.Fatalf("error creating Signer: %v", err)
   146  	}
   147  
   148  	cm := newConfigMap(testTokenID, "old signature")
   149  	configMaps.Informer().GetIndexer().Add(cm)
   150  
   151  	signer.signConfigMap(context.TODO())
   152  
   153  	expected := []core.Action{
   154  		core.NewUpdateAction(schema.GroupVersionResource{Version: "v1", Resource: "configmaps"},
   155  			api.NamespacePublic,
   156  			newConfigMap("", "")),
   157  	}
   158  
   159  	verifyActions(t, expected, cl.Actions())
   160  }
   161
View as plain text