field_selector_test.go

Documentation: k8s.io/kubernetes/test/integration/clustertrustbundles

     1  /*
     2  Copyright 2022 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package clustertrustbundles
    18  
    19  import (
    20  	"context"
    21  	"crypto/x509"
    22  	"crypto/x509/pkix"
    23  	"math/big"
    24  	"testing"
    25  
    26  	certsv1alpha1 "k8s.io/api/certificates/v1alpha1"
    27  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    28  	"k8s.io/client-go/kubernetes"
    29  	kubeapiservertesting "k8s.io/kubernetes/cmd/kube-apiserver/app/testing"
    30  	"k8s.io/kubernetes/test/integration/framework"
    31  )
    32  
    33  func TestCTBSignerNameFieldSelector(t *testing.T) {
    34  	ctx := context.Background()
    35  
    36  	server := kubeapiservertesting.StartTestServerOrDie(t, nil, []string{"--feature-gates=ClusterTrustBundle=true"}, framework.SharedEtcd())
    37  	defer server.TearDownFn()
    38  
    39  	client := kubernetes.NewForConfigOrDie(server.ClientConfig)
    40  
    41  	bundle1 := &certsv1alpha1.ClusterTrustBundle{
    42  		ObjectMeta: metav1.ObjectMeta{
    43  			Name: "foo.com:bar:v1",
    44  		},
    45  		Spec: certsv1alpha1.ClusterTrustBundleSpec{
    46  			SignerName: "foo.com/bar",
    47  			TrustBundle: mustMakePEMBlock("CERTIFICATE", nil, mustMakeCertificate(t, &x509.Certificate{
    48  				SerialNumber: big.NewInt(0),
    49  				Subject: pkix.Name{
    50  					CommonName: "root1",
    51  				},
    52  				IsCA:                  true,
    53  				BasicConstraintsValid: true,
    54  			})),
    55  		},
    56  	}
    57  	if _, err := client.CertificatesV1alpha1().ClusterTrustBundles().Create(ctx, bundle1, metav1.CreateOptions{}); err != nil {
    58  		t.Fatalf("Error while creating bundle1: %v", err)
    59  	}
    60  
    61  	bundle2 := &certsv1alpha1.ClusterTrustBundle{
    62  		ObjectMeta: metav1.ObjectMeta{
    63  			Name: "foo.com:bar:v2",
    64  		},
    65  		Spec: certsv1alpha1.ClusterTrustBundleSpec{
    66  			SignerName: "foo.com/bar",
    67  			TrustBundle: mustMakePEMBlock("CERTIFICATE", nil, mustMakeCertificate(t, &x509.Certificate{
    68  				SerialNumber: big.NewInt(0),
    69  				Subject: pkix.Name{
    70  					CommonName: "root2",
    71  				},
    72  				IsCA:                  true,
    73  				BasicConstraintsValid: true,
    74  			})),
    75  		},
    76  	}
    77  	if _, err := client.CertificatesV1alpha1().ClusterTrustBundles().Create(ctx, bundle2, metav1.CreateOptions{}); err != nil {
    78  		t.Fatalf("Error while creating bundle2: %v", err)
    79  	}
    80  
    81  	bundle3 := &certsv1alpha1.ClusterTrustBundle{
    82  		ObjectMeta: metav1.ObjectMeta{
    83  			Name: "baz.com:bar:v1",
    84  		},
    85  		Spec: certsv1alpha1.ClusterTrustBundleSpec{
    86  			SignerName: "baz.com/bar",
    87  			TrustBundle: mustMakePEMBlock("CERTIFICATE", nil, mustMakeCertificate(t, &x509.Certificate{
    88  				SerialNumber: big.NewInt(0),
    89  				Subject: pkix.Name{
    90  					CommonName: "root3",
    91  				},
    92  				IsCA:                  true,
    93  				BasicConstraintsValid: true,
    94  			})),
    95  		},
    96  	}
    97  	if _, err := client.CertificatesV1alpha1().ClusterTrustBundles().Create(ctx, bundle3, metav1.CreateOptions{}); err != nil {
    98  		t.Fatalf("Error while creating bundle3: %v", err)
    99  	}
   100  
   101  	fooList, err := client.CertificatesV1alpha1().ClusterTrustBundles().List(ctx, metav1.ListOptions{FieldSelector: "spec.signerName=foo.com/bar"})
   102  	if err != nil {
   103  		t.Fatalf("Unable to list ClusterTrustBundles with spec.signerName=foo.com/bar")
   104  	}
   105  	if len(fooList.Items) != 2 {
   106  		t.Errorf("Wrong number of items in list for foo.com/bar; got %d, want 2", len(fooList.Items))
   107  	}
   108  	found1 := false
   109  	found2 := false
   110  	for _, ctb := range fooList.Items {
   111  		if ctb.ObjectMeta.Name == "foo.com:bar:v1" {
   112  			found1 = true
   113  		}
   114  		if ctb.ObjectMeta.Name == "foo.com:bar:v2" {
   115  			found2 = true
   116  		}
   117  	}
   118  	if !found1 {
   119  		t.Errorf("Didn't find foo.com:bar:v1 in the list when listing for foo.com/bar")
   120  	}
   121  	if !found2 {
   122  		t.Errorf("Didn't find foo.com:bar:v2 in the list when listing for foo.com/bar")
   123  	}
   124  
   125  	bazList, err := client.CertificatesV1alpha1().ClusterTrustBundles().List(ctx, metav1.ListOptions{FieldSelector: "spec.signerName=baz.com/bar"})
   126  	if err != nil {
   127  		t.Fatalf("Unable to list ClusterTrustBundles with spec.signerName=baz.com/bar")
   128  	}
   129  	if len(bazList.Items) != 1 {
   130  		t.Fatalf("Wrong number of items in list for baz.com/bar; got %d, want 1", len(bazList.Items))
   131  	}
   132  	if bazList.Items[0].ObjectMeta.Name != "baz.com:bar:v1" {
   133  		t.Errorf("Didn't find baz.com:bar:v1 in the list when listing for baz.com/bar")
   134  	}
   135  }
   136
View as plain text