...

Source file src/k8s.io/kubernetes/pkg/registry/certificates/clustertrustbundle/storage/storage_test.go

Documentation: k8s.io/kubernetes/pkg/registry/certificates/clustertrustbundle/storage 

     1  /*
     2  Copyright 2022 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package storage
    18  
    19  import (
    20  	"strings"
    21  	"testing"
    22  
    23  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    24  	"k8s.io/apimachinery/pkg/fields"
    25  	"k8s.io/apimachinery/pkg/labels"
    26  	"k8s.io/apimachinery/pkg/runtime"
    27  	"k8s.io/apiserver/pkg/registry/generic"
    28  	genericregistrytest "k8s.io/apiserver/pkg/registry/generic/testing"
    29  	etcd3testing "k8s.io/apiserver/pkg/storage/etcd3/testing"
    30  	"k8s.io/kubernetes/pkg/apis/certificates"
    31  	"k8s.io/kubernetes/pkg/registry/registrytest"
    32  )
    33  
    34  const validCert1 = `
    35  -----BEGIN CERTIFICATE-----
    36  MIIDmTCCAoGgAwIBAgIUUW9bIIsHU61w3yQR6amBuVvRFvcwDQYJKoZIhvcNAQEL
    37  BQAwXDELMAkGA1UEBhMCeHgxCjAIBgNVBAgMAXgxCjAIBgNVBAcMAXgxCjAIBgNV
    38  BAoMAXgxCjAIBgNVBAsMAXgxCzAJBgNVBAMMAmNhMRAwDgYJKoZIhvcNAQkBFgF4
    39  MB4XDTIyMTAxODIzNTIyNFoXDTIzMTAxODIzNTIyNFowXDELMAkGA1UEBhMCeHgx
    40  CjAIBgNVBAgMAXgxCjAIBgNVBAcMAXgxCjAIBgNVBAoMAXgxCjAIBgNVBAsMAXgx
    41  CzAJBgNVBAMMAmNhMRAwDgYJKoZIhvcNAQkBFgF4MIIBIjANBgkqhkiG9w0BAQEF
    42  AAOCAQ8AMIIBCgKCAQEA4PeK4SmlsNwpw97gTtjODQytUfyqhBIwdENwJUbc019Y
    43  m3VTCRLCGXjUa22mV6/j7V+mZw114ePFYTiGAH+2dUzWAZOphvtzE5ttPuv6A6Zx
    44  k2J69lNFwJ2fPd7XQIH7pEIXjiEBaszxKZKMsN9+jOGu6iFFAwYLMemFYDbZHuqb
    45  OwdQcSEsy5wO2ANzFRuYzGXuNcS8jYLHftE8g2P+L0wXnV9eW6/lM2ZFxS/nzDJz
    46  qtzrEvQrBsmskTNC8gCRRZ7askp3CVdPKjC90sxAPwhpi8JjJZxSe1Bn/WRHUz82
    47  GFytEIJNx9hJY2GI316zkxgTbsxfRQe4QLJN7sRtpwIDAQABo1MwUTAdBgNVHQ4E
    48  FgQU9FGsI8t+cu68fGkhtvO9FtUd174wHwYDVR0jBBgwFoAU9FGsI8t+cu68fGkh
    49  tvO9FtUd174wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAqDIp
    50  In5h2xZfEZcijT3mjfG8Bo6taxM2biy1M7wEpmDrElmrjMLsflZepcjgkSoVz9hP
    51  cSX/k9ls1zy1H799gcjs+afSpIa1N0nUIxAKF1RHsFa+dvXpSA8YdhUnbEcBnqx0
    52  vN2nDBFpdCSNf+EXNEj12+9ZJm6TLzx22f9vHyRCg4D36X3Rj1FCBWxhf0mSt3ek
    53  5px3H53Xu42MqzZCiJc8/m+IqZHaixZS4bsayssaxif2fNxzAIZhgTygo8P8QGjI
    54  rUmstMbg4PPq62x1yLAxEo+8XCg05saWZs384JE+K1SDqxobm51EROWVwi8jUrNC
    55  9nojtkQ+jDZD+1Stiw==
    56  -----END CERTIFICATE-----
    57  `
    58  
    59  const validCert2 = `
    60  -----BEGIN CERTIFICATE-----
    61  MIIC/jCCAeagAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
    62  cm5ldGVzMB4XDTIyMTAxOTIzMTY0MFoXDTMyMTAxNjIzMTY0MFowFTETMBEGA1UE
    63  AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO+k
    64  zbj35jHIjCd5mxP1FHMwMtvLFPeKUjtaLDP9Bs2jZ97Igmr7NTysn9QZkRP68/XX
    65  j993Y8tOLg71N4vRggWiYP+T9Xfo0uHZJmzADKx5XkuC4Gqv79dUdb8IKfAbX9HB
    66  ffGmWRnZLLTu8Bv/vfyl0CfE64a57DK+CzNJDwdK46CYYUnEH6Wb9finYrMQ+PLG
    67  Oi2c0J4KAYc1WTId5npNwouzf/IMD33PvuXfE7r+/pDbP8u/X03e7U0cc9l7KRxr
    68  3gpRQemCG74yRuy1dd3lJ1YCD8q96xVVZimGebnJ0IHi+lORRa2ix/o3OzW3FaP+
    69  6kzHU6VnBRDr2rAhMh0CAwEAAaNZMFcwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB
    70  /wQFMAMBAf8wHQYDVR0OBBYEFGUVOLM74t1TVoZjifsLl3Rwt1A6MBUGA1UdEQQO
    71  MAyCCmt1YmVybmV0ZXMwDQYJKoZIhvcNAQELBQADggEBANHnPVDemZqRybYPN1as
    72  Ywxi3iT1I3Wma1rZyxTWeIq8Ik0gnyvbtCD1cFB/5QU1xPW09YnmIFM/E73RIeWT
    73  RmCNMgOGmegYxBQRe4UvmwWGJzKNA66c0MBmd2LDHrQlrvdewOCR667Sm9krsGt1
    74  tS/t6N/uBXeRSkXKEDXa+jOpYrV3Oq3IntG6zUeCrVbrH2Bs9Ma5fU00TwK3ylw5
    75  Ww8KzYdQaxxrLaiRRtFcpM9dFH/vwxl1QUa5vjHcmUjxmZunEmXKplATyLT0FXDw
    76  JAo8AuwuuwRh2o+o8SxwzzA+/EBrIREgcv5uIkD352QnfGkEvGu6JOPGZVyd/kVg
    77  KA0=
    78  -----END CERTIFICATE-----
    79  `
    80  
    81  func newStorage(t *testing.T) (*REST, *etcd3testing.EtcdTestServer) {
    82  	etcdStorage, server := registrytest.NewEtcdStorageForResource(t, certificates.SchemeGroupVersion.WithResource("clustertrustbundles").GroupResource())
    83  	restOptions := generic.RESTOptions{
    84  		StorageConfig:           etcdStorage,
    85  		Decorator:               generic.UndecoratedStorage,
    86  		DeleteCollectionWorkers: 1,
    87  		ResourcePrefix:          "clustertrustbundles",
    88  	}
    89  	storage, err := NewREST(restOptions)
    90  	if err != nil {
    91  		t.Fatalf("unexpected error from REST storage: %v", err)
    92  	}
    93  	return storage, server
    94  }
    95  
    96  func TestCreate(t *testing.T) {
    97  	storage, server := newStorage(t)
    98  	defer server.Terminate(t)
    99  	defer storage.Store.DestroyFunc()
   100  
   101  	validBundle := &certificates.ClusterTrustBundle{
   102  		ObjectMeta: metav1.ObjectMeta{
   103  			Name: "ctb1",
   104  		},
   105  		Spec: certificates.ClusterTrustBundleSpec{
   106  			TrustBundle: validCert1,
   107  		},
   108  	}
   109  
   110  	invalidBundle := &certificates.ClusterTrustBundle{
   111  		ObjectMeta: metav1.ObjectMeta{
   112  			Name: "ctb1",
   113  		},
   114  		Spec: certificates.ClusterTrustBundleSpec{
   115  			// Empty TrustBundle is invalid.
   116  		},
   117  	}
   118  
   119  	test := genericregistrytest.New(t, storage.Store)
   120  	test = test.ClusterScope()
   121  
   122  	test.TestCreate(validBundle, invalidBundle)
   123  }
   124  
   125  func TestUpdate(t *testing.T) {
   126  	storage, server := newStorage(t)
   127  	defer server.Terminate(t)
   128  	defer storage.Store.DestroyFunc()
   129  
   130  	test := genericregistrytest.New(t, storage.Store)
   131  	test = test.ClusterScope()
   132  
   133  	test.TestUpdate(
   134  		&certificates.ClusterTrustBundle{
   135  			ObjectMeta: metav1.ObjectMeta{
   136  				Name: "ctb1",
   137  			},
   138  			Spec: certificates.ClusterTrustBundleSpec{
   139  				TrustBundle: validCert1,
   140  			},
   141  		},
   142  		// Valid update
   143  		func(object runtime.Object) runtime.Object {
   144  			bundle := object.(*certificates.ClusterTrustBundle)
   145  			bundle.Spec.TrustBundle = strings.Join([]string{validCert1, validCert2}, "\n")
   146  			return bundle
   147  		},
   148  		// Invalid update
   149  		func(object runtime.Object) runtime.Object {
   150  			bundle := object.(*certificates.ClusterTrustBundle)
   151  			bundle.Spec.TrustBundle = ""
   152  			return bundle
   153  		},
   154  	)
   155  }
   156  
   157  func TestDelete(t *testing.T) {
   158  	storage, server := newStorage(t)
   159  	defer server.Terminate(t)
   160  	defer storage.Store.DestroyFunc()
   161  
   162  	test := genericregistrytest.New(t, storage.Store)
   163  	test = test.ClusterScope()
   164  
   165  	test.TestDelete(
   166  		&certificates.ClusterTrustBundle{
   167  			ObjectMeta: metav1.ObjectMeta{
   168  				Name: "ctb1",
   169  			},
   170  			Spec: certificates.ClusterTrustBundleSpec{
   171  				TrustBundle: validCert1,
   172  			},
   173  		},
   174  	)
   175  }
   176  
   177  func TestGet(t *testing.T) {
   178  	storage, server := newStorage(t)
   179  	defer server.Terminate(t)
   180  	defer storage.Store.DestroyFunc()
   181  
   182  	test := genericregistrytest.New(t, storage.Store)
   183  	test = test.ClusterScope()
   184  
   185  	test.TestGet(
   186  		&certificates.ClusterTrustBundle{
   187  			ObjectMeta: metav1.ObjectMeta{
   188  				Name: "ctb1",
   189  			},
   190  			Spec: certificates.ClusterTrustBundleSpec{
   191  				TrustBundle: validCert1,
   192  			},
   193  		},
   194  	)
   195  }
   196  
   197  func TestList(t *testing.T) {
   198  	storage, server := newStorage(t)
   199  	defer server.Terminate(t)
   200  	defer storage.Store.DestroyFunc()
   201  
   202  	test := genericregistrytest.New(t, storage.Store)
   203  	test = test.ClusterScope()
   204  
   205  	test.TestList(
   206  		&certificates.ClusterTrustBundle{
   207  			ObjectMeta: metav1.ObjectMeta{
   208  				Name: "ctb1",
   209  			},
   210  			Spec: certificates.ClusterTrustBundleSpec{
   211  				TrustBundle: validCert1,
   212  			},
   213  		},
   214  	)
   215  }
   216  
   217  func TestWatch(t *testing.T) {
   218  	storage, server := newStorage(t)
   219  	defer server.Terminate(t)
   220  	defer storage.Store.DestroyFunc()
   221  
   222  	test := genericregistrytest.New(t, storage.Store)
   223  	test = test.ClusterScope()
   224  
   225  	test.TestWatch(
   226  		&certificates.ClusterTrustBundle{
   227  			ObjectMeta: metav1.ObjectMeta{
   228  				Name: "ctb1",
   229  			},
   230  			Spec: certificates.ClusterTrustBundleSpec{
   231  				SignerName:  "k8s.io/foo",
   232  				TrustBundle: validCert1,
   233  			},
   234  		},
   235  		// matching labels
   236  		[]labels.Set{},
   237  		// not matching labels
   238  		[]labels.Set{
   239  			{"foo": "bar"},
   240  		},
   241  		// matching fields
   242  		[]fields.Set{
   243  			{"metadata.name": "ctb1"},
   244  		},
   245  		// not matching fields
   246  		[]fields.Set{
   247  			{"metadata.name": "bar"},
   248  		},
   249  	)
   250  }
   251  

View as plain text