constellation/joinservice/internal/kubeadm/kubeadm_test.go
2022-09-22 09:10:19 +02:00

174 lines
5.6 KiB
Go

/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/
package kubeadm
import (
"path/filepath"
"testing"
"time"
"github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/spf13/afero"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"go.uber.org/goleak"
"k8s.io/client-go/kubernetes/fake"
kubeconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
)
func TestMain(m *testing.M) {
goleak.VerifyTestMain(m)
}
func TestGetJoinToken(t *testing.T) {
validConf := `apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1EVXpNREE0TWpJd01Gb1hEVE15TURVeU56QTRNakl3TUZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTmV5CnNubVJQbDYxaXZGWWRIUjFJUjdyRS9PNjNSOVhpVERwM1V4T2tMQzdMaW94bFA0SmRINzdHMUJ4Y2NCSjVISDIKZHBUTklzcjNxMEZ3ckdtK1JVYzdoRjBmZjgwdUtyUVVMN3UrYWlIRU5HSExVSFVnc3V4Tmd1bUxRdnlrRTUzNQp4dWRVSWpVV0g5M3NuRU5GempuWkRZM09SWVdNQ253OVlxMk5CZDdBRktKY1o3WDc3U1I3eStNK3czdGkvQlZpCmNtR1BvRW1WTTV3V0VReFQwYlpxNjcxTXltcmhEenFwbEZ2dkpranFIdVp6dUFhZ0pXWW9nejNsYjZLbCtmdmgKTjBjbFBDMjJyUUJJY01JWDVHdG40bzJ5U2JvQnBoRWNEWkx6TjIyU0tZZ2ViSGQwOU9lcktWdGw5bDl6cmQvVApBWm5jOTNQVCtvWTFsSmdldUE4Q0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZOVmNPNUZZY2NUTVN1SHpJWFZMYlppUnZRVVZNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBTDBsRERnbEsvY1JCNHVoQXJBRwpRSDhOeGtCSnhGNXYrVWMyZVFGa3dRTlB5SkU3QTRMV2p1eEVLN25meWVrTk91c2N2Wm1DQzVJNFhVZHAzb0ptCnZzSVlsN2YvMEFaMUt3d1RvQSt3cFF2QVB1NHlhM251MkZkMC9DVkViazNUZTV1MzRmQkxvL0YzK0Q2dFZLb2gKbVpGYmdoVjdMZms5SlQ4UzZjbGxyYjZkT3dCdGViUDBMQWZJd0hWaDBZNEsyY0thc3ZtU2xtMktpRXdURlBrbgpTSkNWWnI1aUJ3eGFadk1mYlpEaDk1bGZCbEtCVkdMNm5CcWs2TEpKM0VVd0tocTFGZEoyT0lSTkF0em14Z0R3CnNkOWd0SE4rK0pUcnhDa0ZBUTdwVWptdXBjZmpDOWhRRk1HOTRzTzk5elhZd2svTEdhV3FlS0pBYlRiNVdoRWcKYU5ZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://127.0.0.1:16443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes`
missingCA := `apiVersion: v1
kind: Config
clusters:
- cluster:
server: https://127.0.0.1:16443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes`
testCases := map[string]struct {
adminConf string
wantErr bool
}{
"success": {
adminConf: validConf,
},
"no certificate-authority-data": {
adminConf: missingCA,
wantErr: true,
},
"no cluster config": {
adminConf: `apiVersion: v1
kind: Config`,
wantErr: true,
},
"invalid config": {
adminConf: "not a config",
wantErr: true,
},
"config does not exist": {
wantErr: true,
},
}
for name, tc := range testCases {
t.Run(name, func(t *testing.T) {
assert := assert.New(t)
require := require.New(t)
client := &Kubeadm{
log: logger.NewTest(t),
file: file.NewHandler(afero.NewMemMapFs()),
client: fake.NewSimpleClientset(),
}
if tc.adminConf != "" {
require.NoError(client.file.Write(constants.CoreOSAdminConfFilename, []byte(tc.adminConf), file.OptNone))
}
res, err := client.GetJoinToken(time.Minute)
if tc.wantErr {
assert.Error(err)
} else {
assert.NoError(err)
assert.NotNil(res)
}
})
}
}
func TestGetControlPlaneCertificatesAndKeys(t *testing.T) {
someData := []byte{0x1, 0x2, 0x3}
testCases := map[string]struct {
preExistingFiles map[string][]byte
wantErr bool
}{
"success": {
preExistingFiles: map[string][]byte{
kubeconstants.CAKeyName: someData,
kubeconstants.ServiceAccountPrivateKeyName: someData,
kubeconstants.FrontProxyCAKeyName: someData,
kubeconstants.EtcdCAKeyName: someData,
kubeconstants.CACertName: someData,
kubeconstants.ServiceAccountPublicKeyName: someData,
kubeconstants.FrontProxyCACertName: someData,
kubeconstants.EtcdCACertName: someData,
},
},
"missing key": {
preExistingFiles: map[string][]byte{
kubeconstants.CACertName: someData,
kubeconstants.ServiceAccountPublicKeyName: someData,
kubeconstants.FrontProxyCACertName: someData,
kubeconstants.EtcdCACertName: someData,
},
wantErr: true,
},
"missing cert": {
preExistingFiles: map[string][]byte{
kubeconstants.CAKeyName: someData,
kubeconstants.ServiceAccountPrivateKeyName: someData,
kubeconstants.FrontProxyCAKeyName: someData,
kubeconstants.EtcdCAKeyName: someData,
},
wantErr: true,
},
}
for name, tc := range testCases {
t.Run(name, func(t *testing.T) {
assert := assert.New(t)
require := require.New(t)
client := &Kubeadm{
log: logger.NewTest(t),
file: file.NewHandler(afero.NewMemMapFs()),
client: fake.NewSimpleClientset(),
}
for filename, content := range tc.preExistingFiles {
require.NoError(client.file.Write(
filepath.Join(kubeconstants.KubernetesDir, kubeconstants.DefaultCertificateDir, filename),
content,
file.OptNone,
))
}
files, err := client.GetControlPlaneCertificatesAndKeys()
if tc.wantErr {
assert.Error(err)
} else {
assert.NoError(err)
assert.NotNil(files)
}
})
}
}