Merge "Unit tests for cluster check-certificate-expiration
command"
This commit is contained in:
commit
4aa3abd8b0
128
pkg/cluster/checkexpiration/checkexpiration_test.go
Normal file
128
pkg/cluster/checkexpiration/checkexpiration_test.go
Normal file
@ -0,0 +1,128 @@
|
|||||||
|
/*
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package checkexpiration_test
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
|
||||||
|
"k8s.io/apimachinery/pkg/runtime"
|
||||||
|
|
||||||
|
"opendev.org/airship/airshipctl/pkg/cluster/checkexpiration"
|
||||||
|
"opendev.org/airship/airshipctl/pkg/config"
|
||||||
|
"opendev.org/airship/airshipctl/pkg/k8s/client"
|
||||||
|
"opendev.org/airship/airshipctl/pkg/k8s/client/fake"
|
||||||
|
"opendev.org/airship/airshipctl/testutil"
|
||||||
|
)
|
||||||
|
|
||||||
|
type testCase struct {
|
||||||
|
name string
|
||||||
|
expiryThreshold int
|
||||||
|
nodeTestFile string
|
||||||
|
kubeconfTestFile string
|
||||||
|
tlsSecretTestFile string
|
||||||
|
nodeExpirationYear string
|
||||||
|
expectedExpiringNodeCount int
|
||||||
|
expectedExpiringKubeConfigCount int
|
||||||
|
expectedExpiringTLSSecretCount int
|
||||||
|
}
|
||||||
|
|
||||||
|
var (
|
||||||
|
testCases = []*testCase{
|
||||||
|
{
|
||||||
|
name: "empty-expect-error",
|
||||||
|
expectedExpiringNodeCount: 0,
|
||||||
|
expectedExpiringKubeConfigCount: 0,
|
||||||
|
expectedExpiringTLSSecretCount: 0,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "node-cert-expiring",
|
||||||
|
nodeTestFile: nodeFile,
|
||||||
|
nodeExpirationYear: "2021",
|
||||||
|
expiryThreshold: testThreshold, // 20 years
|
||||||
|
expectedExpiringNodeCount: 1,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "node-cert-not-expiring",
|
||||||
|
nodeExpirationYear: "2025",
|
||||||
|
nodeTestFile: nodeFile,
|
||||||
|
expiryThreshold: 10,
|
||||||
|
expectedExpiringNodeCount: 0,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "all-certs-not-expiring",
|
||||||
|
nodeExpirationYear: "2025",
|
||||||
|
nodeTestFile: nodeFile,
|
||||||
|
tlsSecretTestFile: tlsSecretFile,
|
||||||
|
kubeconfTestFile: kubeconfFile,
|
||||||
|
expiryThreshold: 1,
|
||||||
|
expectedExpiringNodeCount: 0,
|
||||||
|
expectedExpiringKubeConfigCount: 0,
|
||||||
|
expectedExpiringTLSSecretCount: 0,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "all-certs-expiring",
|
||||||
|
nodeExpirationYear: "2021",
|
||||||
|
nodeTestFile: nodeFile,
|
||||||
|
tlsSecretTestFile: tlsSecretFile,
|
||||||
|
kubeconfTestFile: kubeconfFile,
|
||||||
|
expiryThreshold: testThreshold,
|
||||||
|
expectedExpiringNodeCount: 1,
|
||||||
|
expectedExpiringKubeConfigCount: 1,
|
||||||
|
expectedExpiringTLSSecretCount: 1,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestCheckExpiration(t *testing.T) {
|
||||||
|
for _, testCase := range testCases {
|
||||||
|
cfg, _ := testutil.InitConfig(t)
|
||||||
|
settings := func() (*config.Config, error) {
|
||||||
|
return cfg, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
var objects []runtime.Object
|
||||||
|
|
||||||
|
if testCase.nodeExpirationYear != "" && testCase.nodeTestFile != "" {
|
||||||
|
objects = append(objects, getNodeObject(t, testCase.nodeTestFile, testCase.nodeExpirationYear))
|
||||||
|
}
|
||||||
|
|
||||||
|
if testCase.tlsSecretTestFile != "" {
|
||||||
|
objects = append(objects, getSecretObject(t, testCase.tlsSecretTestFile))
|
||||||
|
}
|
||||||
|
|
||||||
|
if testCase.kubeconfTestFile != "" {
|
||||||
|
objects = append(objects, getSecretObject(t, testCase.kubeconfTestFile))
|
||||||
|
}
|
||||||
|
|
||||||
|
ra := fake.WithTypedObjects(objects...)
|
||||||
|
|
||||||
|
clientFactory := func(_ string, _ string) (client.Interface, error) {
|
||||||
|
return fake.NewClient(ra), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
store, err := checkexpiration.NewStore(settings, clientFactory, "", "", testCase.expiryThreshold)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
expirationInfo := store.GetExpiringCertificates()
|
||||||
|
|
||||||
|
assert.Len(t, expirationInfo.Kubeconfs, testCase.expectedExpiringKubeConfigCount)
|
||||||
|
|
||||||
|
assert.Len(t, expirationInfo.TLSSecrets, testCase.expectedExpiringTLSSecretCount)
|
||||||
|
|
||||||
|
assert.Len(t, expirationInfo.NodeCerts, testCase.expectedExpiringNodeCount)
|
||||||
|
}
|
||||||
|
}
|
@ -17,6 +17,7 @@ package checkexpiration_test
|
|||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
@ -34,7 +35,11 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
testThreshold = 5000
|
testThreshold = 7200
|
||||||
|
|
||||||
|
nodeFile = "testdata/node.yaml"
|
||||||
|
kubeconfFile = "testdata/kubeconfig.yaml"
|
||||||
|
tlsSecretFile = "testdata/tls-secret.yaml" //nolint:gosec
|
||||||
|
|
||||||
expectedJSONOutput = ` {
|
expectedJSONOutput = ` {
|
||||||
"tlsSecrets": [
|
"tlsSecrets": [
|
||||||
@ -179,9 +184,9 @@ func TestRunE(t *testing.T) {
|
|||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.testCaseName, func(t *testing.T) {
|
t.Run(tt.testCaseName, func(t *testing.T) {
|
||||||
objects := []runtime.Object{
|
objects := []runtime.Object{
|
||||||
getSecretObject(t, "testdata/tls-secret.yaml"),
|
getSecretObject(t, tlsSecretFile),
|
||||||
getSecretObject(t, "testdata/kubeconfig.yaml"),
|
getSecretObject(t, kubeconfFile),
|
||||||
getNodeObject(t, "testdata/node.yaml"),
|
getNodeObject(t, nodeFile, "2021"),
|
||||||
}
|
}
|
||||||
ra := fake.WithTypedObjects(objects...)
|
ra := fake.WithTypedObjects(objects...)
|
||||||
|
|
||||||
@ -223,13 +228,16 @@ func getSecretObject(t *testing.T, fileName string) *v1.Secret {
|
|||||||
return secret
|
return secret
|
||||||
}
|
}
|
||||||
|
|
||||||
func getNodeObject(t *testing.T, fileName string) *v1.Node {
|
func getNodeObject(t *testing.T, fileName string, expirationYear string) *v1.Node {
|
||||||
t.Helper()
|
t.Helper()
|
||||||
|
|
||||||
object := readObjectFromFile(t, fileName)
|
object := readObjectFromFile(t, fileName)
|
||||||
node, ok := object.(*v1.Node)
|
node, ok := object.(*v1.Node)
|
||||||
require.True(t, ok)
|
require.True(t, ok)
|
||||||
|
|
||||||
|
node.Annotations["cert-expiration"] = strings.ReplaceAll(node.Annotations["cert-expiration"],
|
||||||
|
"{{year}}", expirationYear)
|
||||||
|
|
||||||
return node
|
return node
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2,5 +2,5 @@ apiVersion: v1
|
|||||||
kind: Node
|
kind: Node
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
cert-expiration: "{ admin.conf: Aug 06, 2021 12:36 UTC },{ apiserver: Aug 06, 2021 12:36 UTC },{ apiserver-etcd-client: Aug 06, 2021 12:36 UTC },{ apiserver-kubelet-client: Aug 06, 2021 12:36 UTC },{ controller-manager.conf: Aug 06, 2021 12:36 UTC },{ etcd-healthcheck-client: Aug 06, 2021 12:36 UTC },{ etcd-peer: Aug 06, 2021 12:36 UTC },{ etcd-server: Aug 06, 2021 12:36 UTC },{ front-proxy-client: Aug 06, 2021 12:36 UTC },{ scheduler.conf: Aug 06, 2021 12:36 UTC },{ ca: Aug 04, 2021 12:36 UTC },{ etcd-ca: Aug 04, 2021 12:36 UTC },{ front-proxy-ca: Aug 04, 2021 12:36 UTC }"
|
cert-expiration: "{ admin.conf: Aug 06, {{year}} 12:36 UTC },{ apiserver: Aug 06, {{year}} 12:36 UTC },{ apiserver-etcd-client: Aug 06, {{year}} 12:36 UTC },{ apiserver-kubelet-client: Aug 06, {{year}} 12:36 UTC },{ controller-manager.conf: Aug 06, {{year}} 12:36 UTC },{ etcd-healthcheck-client: Aug 06, {{year}} 12:36 UTC },{ etcd-peer: Aug 06, {{year}} 12:36 UTC },{ etcd-server: Aug 06, {{year}} 12:36 UTC },{ front-proxy-client: Aug 06, {{year}} 12:36 UTC },{ scheduler.conf: Aug 06, {{year}} 12:36 UTC },{ ca: Aug 04, {{year}} 12:36 UTC },{ etcd-ca: Aug 04, {{year}} 12:36 UTC },{ front-proxy-ca: Aug 04, {{year}} 12:36 UTC }"
|
||||||
name: test-node
|
name: test-node
|
Loading…
Reference in New Issue
Block a user