Merge "Unit tests for cluster check-certificate-expiration
command"
This commit is contained in:
commit
4aa3abd8b0
128
pkg/cluster/checkexpiration/checkexpiration_test.go
Normal file
128
pkg/cluster/checkexpiration/checkexpiration_test.go
Normal file
@ -0,0 +1,128 @@
|
||||
/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
https://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package checkexpiration_test
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
|
||||
"opendev.org/airship/airshipctl/pkg/cluster/checkexpiration"
|
||||
"opendev.org/airship/airshipctl/pkg/config"
|
||||
"opendev.org/airship/airshipctl/pkg/k8s/client"
|
||||
"opendev.org/airship/airshipctl/pkg/k8s/client/fake"
|
||||
"opendev.org/airship/airshipctl/testutil"
|
||||
)
|
||||
|
||||
type testCase struct {
|
||||
name string
|
||||
expiryThreshold int
|
||||
nodeTestFile string
|
||||
kubeconfTestFile string
|
||||
tlsSecretTestFile string
|
||||
nodeExpirationYear string
|
||||
expectedExpiringNodeCount int
|
||||
expectedExpiringKubeConfigCount int
|
||||
expectedExpiringTLSSecretCount int
|
||||
}
|
||||
|
||||
var (
|
||||
testCases = []*testCase{
|
||||
{
|
||||
name: "empty-expect-error",
|
||||
expectedExpiringNodeCount: 0,
|
||||
expectedExpiringKubeConfigCount: 0,
|
||||
expectedExpiringTLSSecretCount: 0,
|
||||
},
|
||||
{
|
||||
name: "node-cert-expiring",
|
||||
nodeTestFile: nodeFile,
|
||||
nodeExpirationYear: "2021",
|
||||
expiryThreshold: testThreshold, // 20 years
|
||||
expectedExpiringNodeCount: 1,
|
||||
},
|
||||
{
|
||||
name: "node-cert-not-expiring",
|
||||
nodeExpirationYear: "2025",
|
||||
nodeTestFile: nodeFile,
|
||||
expiryThreshold: 10,
|
||||
expectedExpiringNodeCount: 0,
|
||||
},
|
||||
{
|
||||
name: "all-certs-not-expiring",
|
||||
nodeExpirationYear: "2025",
|
||||
nodeTestFile: nodeFile,
|
||||
tlsSecretTestFile: tlsSecretFile,
|
||||
kubeconfTestFile: kubeconfFile,
|
||||
expiryThreshold: 1,
|
||||
expectedExpiringNodeCount: 0,
|
||||
expectedExpiringKubeConfigCount: 0,
|
||||
expectedExpiringTLSSecretCount: 0,
|
||||
},
|
||||
{
|
||||
name: "all-certs-expiring",
|
||||
nodeExpirationYear: "2021",
|
||||
nodeTestFile: nodeFile,
|
||||
tlsSecretTestFile: tlsSecretFile,
|
||||
kubeconfTestFile: kubeconfFile,
|
||||
expiryThreshold: testThreshold,
|
||||
expectedExpiringNodeCount: 1,
|
||||
expectedExpiringKubeConfigCount: 1,
|
||||
expectedExpiringTLSSecretCount: 1,
|
||||
},
|
||||
}
|
||||
)
|
||||
|
||||
func TestCheckExpiration(t *testing.T) {
|
||||
for _, testCase := range testCases {
|
||||
cfg, _ := testutil.InitConfig(t)
|
||||
settings := func() (*config.Config, error) {
|
||||
return cfg, nil
|
||||
}
|
||||
|
||||
var objects []runtime.Object
|
||||
|
||||
if testCase.nodeExpirationYear != "" && testCase.nodeTestFile != "" {
|
||||
objects = append(objects, getNodeObject(t, testCase.nodeTestFile, testCase.nodeExpirationYear))
|
||||
}
|
||||
|
||||
if testCase.tlsSecretTestFile != "" {
|
||||
objects = append(objects, getSecretObject(t, testCase.tlsSecretTestFile))
|
||||
}
|
||||
|
||||
if testCase.kubeconfTestFile != "" {
|
||||
objects = append(objects, getSecretObject(t, testCase.kubeconfTestFile))
|
||||
}
|
||||
|
||||
ra := fake.WithTypedObjects(objects...)
|
||||
|
||||
clientFactory := func(_ string, _ string) (client.Interface, error) {
|
||||
return fake.NewClient(ra), nil
|
||||
}
|
||||
|
||||
store, err := checkexpiration.NewStore(settings, clientFactory, "", "", testCase.expiryThreshold)
|
||||
assert.NoError(t, err)
|
||||
|
||||
expirationInfo := store.GetExpiringCertificates()
|
||||
|
||||
assert.Len(t, expirationInfo.Kubeconfs, testCase.expectedExpiringKubeConfigCount)
|
||||
|
||||
assert.Len(t, expirationInfo.TLSSecrets, testCase.expectedExpiringTLSSecretCount)
|
||||
|
||||
assert.Len(t, expirationInfo.NodeCerts, testCase.expectedExpiringNodeCount)
|
||||
}
|
||||
}
|
@ -17,6 +17,7 @@ package checkexpiration_test
|
||||
import (
|
||||
"bytes"
|
||||
"io/ioutil"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
@ -34,7 +35,11 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
testThreshold = 5000
|
||||
testThreshold = 7200
|
||||
|
||||
nodeFile = "testdata/node.yaml"
|
||||
kubeconfFile = "testdata/kubeconfig.yaml"
|
||||
tlsSecretFile = "testdata/tls-secret.yaml" //nolint:gosec
|
||||
|
||||
expectedJSONOutput = ` {
|
||||
"tlsSecrets": [
|
||||
@ -179,9 +184,9 @@ func TestRunE(t *testing.T) {
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.testCaseName, func(t *testing.T) {
|
||||
objects := []runtime.Object{
|
||||
getSecretObject(t, "testdata/tls-secret.yaml"),
|
||||
getSecretObject(t, "testdata/kubeconfig.yaml"),
|
||||
getNodeObject(t, "testdata/node.yaml"),
|
||||
getSecretObject(t, tlsSecretFile),
|
||||
getSecretObject(t, kubeconfFile),
|
||||
getNodeObject(t, nodeFile, "2021"),
|
||||
}
|
||||
ra := fake.WithTypedObjects(objects...)
|
||||
|
||||
@ -223,13 +228,16 @@ func getSecretObject(t *testing.T, fileName string) *v1.Secret {
|
||||
return secret
|
||||
}
|
||||
|
||||
func getNodeObject(t *testing.T, fileName string) *v1.Node {
|
||||
func getNodeObject(t *testing.T, fileName string, expirationYear string) *v1.Node {
|
||||
t.Helper()
|
||||
|
||||
object := readObjectFromFile(t, fileName)
|
||||
node, ok := object.(*v1.Node)
|
||||
require.True(t, ok)
|
||||
|
||||
node.Annotations["cert-expiration"] = strings.ReplaceAll(node.Annotations["cert-expiration"],
|
||||
"{{year}}", expirationYear)
|
||||
|
||||
return node
|
||||
}
|
||||
|
||||
|
@ -2,5 +2,5 @@ apiVersion: v1
|
||||
kind: Node
|
||||
metadata:
|
||||
annotations:
|
||||
cert-expiration: "{ admin.conf: Aug 06, 2021 12:36 UTC },{ apiserver: Aug 06, 2021 12:36 UTC },{ apiserver-etcd-client: Aug 06, 2021 12:36 UTC },{ apiserver-kubelet-client: Aug 06, 2021 12:36 UTC },{ controller-manager.conf: Aug 06, 2021 12:36 UTC },{ etcd-healthcheck-client: Aug 06, 2021 12:36 UTC },{ etcd-peer: Aug 06, 2021 12:36 UTC },{ etcd-server: Aug 06, 2021 12:36 UTC },{ front-proxy-client: Aug 06, 2021 12:36 UTC },{ scheduler.conf: Aug 06, 2021 12:36 UTC },{ ca: Aug 04, 2021 12:36 UTC },{ etcd-ca: Aug 04, 2021 12:36 UTC },{ front-proxy-ca: Aug 04, 2021 12:36 UTC }"
|
||||
cert-expiration: "{ admin.conf: Aug 06, {{year}} 12:36 UTC },{ apiserver: Aug 06, {{year}} 12:36 UTC },{ apiserver-etcd-client: Aug 06, {{year}} 12:36 UTC },{ apiserver-kubelet-client: Aug 06, {{year}} 12:36 UTC },{ controller-manager.conf: Aug 06, {{year}} 12:36 UTC },{ etcd-healthcheck-client: Aug 06, {{year}} 12:36 UTC },{ etcd-peer: Aug 06, {{year}} 12:36 UTC },{ etcd-server: Aug 06, {{year}} 12:36 UTC },{ front-proxy-client: Aug 06, {{year}} 12:36 UTC },{ scheduler.conf: Aug 06, {{year}} 12:36 UTC },{ ca: Aug 04, {{year}} 12:36 UTC },{ etcd-ca: Aug 04, {{year}} 12:36 UTC },{ front-proxy-ca: Aug 04, {{year}} 12:36 UTC }"
|
||||
name: test-node
|
Loading…
Reference in New Issue
Block a user