all_transformation_test.go

Documentation: k8s.io/kubernetes/test/integration/controlplane/transformation

     1  /*
     2  Copyright 2022 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package transformation
    18  
    19  import (
    20  	"context"
    21  	"testing"
    22  	"time"
    23  
    24  	apiextensionsclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
    25  	"k8s.io/apimachinery/pkg/api/meta"
    26  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    27  	"k8s.io/apimachinery/pkg/runtime/schema"
    28  	"k8s.io/client-go/dynamic"
    29  	"k8s.io/kubernetes/test/integration/etcd"
    30  )
    31  
    32  func createResources(t *testing.T, test *transformTest,
    33  	group,
    34  	version,
    35  	kind,
    36  	resource,
    37  	name,
    38  	namespace string,
    39  ) {
    40  	switch resource {
    41  	case "pods":
    42  		_, err := test.createPod(namespace, dynamic.NewForConfigOrDie(test.kubeAPIServer.ClientConfig))
    43  		if err != nil {
    44  			t.Fatalf("Failed to create test pod, error: %v, name: %s, ns: %s", err, name, namespace)
    45  		}
    46  	case "configmaps":
    47  		_, err := test.createConfigMap(name, namespace)
    48  		if err != nil {
    49  			t.Fatalf("Failed to create test configmap, error: %v, name: %s, ns: %s", err, name, namespace)
    50  		}
    51  	default:
    52  		ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
    53  		t.Cleanup(cancel)
    54  
    55  		gvr := schema.GroupVersionResource{Group: group, Version: version, Resource: resource}
    56  		data := etcd.GetEtcdStorageData()[gvr]
    57  		stub := data.Stub
    58  		dynamicClient, obj, err := etcd.JSONToUnstructured(stub, namespace, &meta.RESTMapping{
    59  			Resource:         gvr,
    60  			GroupVersionKind: gvr.GroupVersion().WithKind(kind),
    61  			Scope:            meta.RESTScopeRoot,
    62  		}, dynamic.NewForConfigOrDie(test.kubeAPIServer.ClientConfig))
    63  		if err != nil {
    64  			t.Fatal(err)
    65  		}
    66  		_, err = dynamicClient.Create(ctx, obj, metav1.CreateOptions{})
    67  		if err != nil {
    68  			t.Fatal(err)
    69  		}
    70  		if _, err := dynamicClient.Get(ctx, obj.GetName(), metav1.GetOptions{}); err != nil {
    71  			t.Fatalf("object should exist: %v", err)
    72  		}
    73  	}
    74  }
    75  
    76  func TestEncryptSupportedForAllResourceTypes(t *testing.T) {
    77  	// check resources provided by the three servers that we have wired together
    78  	// - pods and configmaps from KAS
    79  	// - CRDs and CRs from API extensions
    80  	// - API services from aggregator
    81  	encryptionConfig := `
    82  kind: EncryptionConfiguration
    83  apiVersion: apiserver.config.k8s.io/v1
    84  resources:
    85  - resources:
    86    - pods
    87    - configmaps
    88    - customresourcedefinitions.apiextensions.k8s.io
    89    - pandas.awesome.bears.com
    90    - apiservices.apiregistration.k8s.io
    91    providers:
    92    - aescbc:
    93        keys:
    94        - name: key1
    95          secret: c2VjcmV0IGlzIHNlY3VyZQ==
    96  `
    97  	test, err := newTransformTest(t, encryptionConfig, false, "", nil)
    98  	if err != nil {
    99  		t.Fatalf("failed to start Kube API Server with encryptionConfig\n %s, error: %v", encryptionConfig, err)
   100  	}
   101  	t.Cleanup(test.cleanUp)
   102  
   103  	// the storage registry for CRs is dynamic so create one to exercise the wiring
   104  	etcd.CreateTestCRDs(t, apiextensionsclientset.NewForConfigOrDie(test.kubeAPIServer.ClientConfig), false, etcd.GetCustomResourceDefinitionData()...)
   105  
   106  	for _, tt := range []struct {
   107  		group     string
   108  		version   string
   109  		kind      string
   110  		resource  string
   111  		name      string
   112  		namespace string
   113  	}{
   114  		{"", "v1", "ConfigMap", "configmaps", "cm1", testNamespace},
   115  		{"apiextensions.k8s.io", "v1", "CustomResourceDefinition", "customresourcedefinitions", "pandas.awesome.bears.com", ""},
   116  		{"awesome.bears.com", "v1", "Panda", "pandas", "cr3panda", ""},
   117  		{"apiregistration.k8s.io", "v1", "APIService", "apiservices", "as2.foo.com", ""},
   118  		{"", "v1", "Pod", "pods", "pod1", testNamespace},
   119  	} {
   120  		tt := tt
   121  		t.Run(tt.resource, func(t *testing.T) {
   122  			t.Parallel()
   123  
   124  			createResources(t, test, tt.group, tt.version, tt.kind, tt.resource, tt.name, tt.namespace)
   125  			test.runResource(t, unSealWithCBCTransformer, aesCBCPrefix, tt.group, tt.version, tt.resource, tt.name, tt.namespace)
   126  		})
   127  	}
   128  }
   129
View as plain text