1
16
17 package transformation
18
19 import (
20 "context"
21 "testing"
22 "time"
23
24 apiextensionsclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
25 "k8s.io/apimachinery/pkg/api/meta"
26 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
27 "k8s.io/apimachinery/pkg/runtime/schema"
28 "k8s.io/client-go/dynamic"
29 "k8s.io/kubernetes/test/integration/etcd"
30 )
31
32 func createResources(t *testing.T, test *transformTest,
33 group,
34 version,
35 kind,
36 resource,
37 name,
38 namespace string,
39 ) {
40 switch resource {
41 case "pods":
42 _, err := test.createPod(namespace, dynamic.NewForConfigOrDie(test.kubeAPIServer.ClientConfig))
43 if err != nil {
44 t.Fatalf("Failed to create test pod, error: %v, name: %s, ns: %s", err, name, namespace)
45 }
46 case "configmaps":
47 _, err := test.createConfigMap(name, namespace)
48 if err != nil {
49 t.Fatalf("Failed to create test configmap, error: %v, name: %s, ns: %s", err, name, namespace)
50 }
51 default:
52 ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
53 t.Cleanup(cancel)
54
55 gvr := schema.GroupVersionResource{Group: group, Version: version, Resource: resource}
56 data := etcd.GetEtcdStorageData()[gvr]
57 stub := data.Stub
58 dynamicClient, obj, err := etcd.JSONToUnstructured(stub, namespace, &meta.RESTMapping{
59 Resource: gvr,
60 GroupVersionKind: gvr.GroupVersion().WithKind(kind),
61 Scope: meta.RESTScopeRoot,
62 }, dynamic.NewForConfigOrDie(test.kubeAPIServer.ClientConfig))
63 if err != nil {
64 t.Fatal(err)
65 }
66 _, err = dynamicClient.Create(ctx, obj, metav1.CreateOptions{})
67 if err != nil {
68 t.Fatal(err)
69 }
70 if _, err := dynamicClient.Get(ctx, obj.GetName(), metav1.GetOptions{}); err != nil {
71 t.Fatalf("object should exist: %v", err)
72 }
73 }
74 }
75
76 func TestEncryptSupportedForAllResourceTypes(t *testing.T) {
77
78
79
80
81 encryptionConfig := `
82 kind: EncryptionConfiguration
83 apiVersion: apiserver.config.k8s.io/v1
84 resources:
85 - resources:
86 - pods
87 - configmaps
88 - customresourcedefinitions.apiextensions.k8s.io
89 - pandas.awesome.bears.com
90 - apiservices.apiregistration.k8s.io
91 providers:
92 - aescbc:
93 keys:
94 - name: key1
95 secret: c2VjcmV0IGlzIHNlY3VyZQ==
96 `
97 test, err := newTransformTest(t, encryptionConfig, false, "", nil)
98 if err != nil {
99 t.Fatalf("failed to start Kube API Server with encryptionConfig\n %s, error: %v", encryptionConfig, err)
100 }
101 t.Cleanup(test.cleanUp)
102
103
104 etcd.CreateTestCRDs(t, apiextensionsclientset.NewForConfigOrDie(test.kubeAPIServer.ClientConfig), false, etcd.GetCustomResourceDefinitionData()...)
105
106 for _, tt := range []struct {
107 group string
108 version string
109 kind string
110 resource string
111 name string
112 namespace string
113 }{
114 {"", "v1", "ConfigMap", "configmaps", "cm1", testNamespace},
115 {"apiextensions.k8s.io", "v1", "CustomResourceDefinition", "customresourcedefinitions", "pandas.awesome.bears.com", ""},
116 {"awesome.bears.com", "v1", "Panda", "pandas", "cr3panda", ""},
117 {"apiregistration.k8s.io", "v1", "APIService", "apiservices", "as2.foo.com", ""},
118 {"", "v1", "Pod", "pods", "pod1", testNamespace},
119 } {
120 tt := tt
121 t.Run(tt.resource, func(t *testing.T) {
122 t.Parallel()
123
124 createResources(t, test, tt.group, tt.version, tt.kind, tt.resource, tt.name, tt.namespace)
125 test.runResource(t, unSealWithCBCTransformer, aesCBCPrefix, tt.group, tt.version, tt.resource, tt.name, tt.namespace)
126 })
127 }
128 }
129
View as plain text