github.com/Azure/aad-pod-identity@v1.8.17/pkg/utils/utils_test.go

github.com/Azure/aad-pod-identity@v1.8.17/pkg/utils/utils_test.go (about)

     1  package utils
     2  
     3  import (
     4  	"os"
     5  	"testing"
     6  )
     7  
     8  func TestRedactClientID(t *testing.T) {
     9  	tests := []struct {
    10  		name     string
    11  		clientID string
    12  		expected string
    13  	}{
    14  		{
    15  			name:     "should redact client id",
    16  			clientID: "aabc0000-a83v-9h4m-000j-2c0a66b0c1f9",
    17  			expected: "aabc##### REDACTED #####c1f9",
    18  		},
    19  	}
    20  
    21  	for _, test := range tests {
    22  		t.Run(test.name, func(t *testing.T) {
    23  			actual := RedactClientID(test.clientID)
    24  			if actual != test.expected {
    25  				t.Fatalf("expected: %s, got %s", test.expected, actual)
    26  			}
    27  		})
    28  	}
    29  }
    30  
    31  func TestIsValidResourceID(t *testing.T) {
    32  	tests := []struct {
    33  		name        string
    34  		resourceID  string
    35  		expectedErr bool
    36  	}{
    37  		{
    38  			name:        "invalid resource id 0",
    39  			resourceID:  "invalidresid",
    40  			expectedErr: true,
    41  		},
    42  		{
    43  			name:        "invalid resource id 1",
    44  			resourceID:  "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/0000/providers/Microsoft.ManagedIdentity/keyvault-identity-0",
    45  			expectedErr: true,
    46  		},
    47  		{
    48  			name:        "valid resource id",
    49  			resourceID:  "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/0000/providers/Microsoft.ManagedIdentity/userAssignedIdentities/keyvault-identity-0",
    50  			expectedErr: false,
    51  		},
    52  	}
    53  
    54  	for _, test := range tests {
    55  		t.Run(test.name, func(t *testing.T) {
    56  			err := ValidateResourceID(test.resourceID)
    57  			actualErr := err != nil
    58  			if actualErr != test.expectedErr {
    59  				t.Fatalf("expected error: %v, got error: %v", test.expectedErr, err)
    60  			}
    61  		})
    62  	}
    63  }
    64  
    65  func TestIsKubenetCNI(t *testing.T) {
    66  	tests := []struct {
    67  		name                 string
    68  		kubeletConfig        string
    69  		expectedIsKubenetCNI bool
    70  	}{
    71  		{
    72  			name: "network plugin cni",
    73  			kubeletConfig: `KUBELET_FLAGS=--address=0.0.0.0 --anonymous-auth=false --authentication-token-webhook=true --authorization-mode=Webhook --azure-container-registry-config=/etc/kubernetes/azure.json --cgroups-per-qos=true --client-ca-file=/etc/kubernetes/certs/ca.crt --cloud-config=/etc/kubernetes/azure.json --cloud-provider=azure --cluster-dns=10.0.0.10 --cluster-domain=cluster.local --dynamic-config-dir=/var/lib/kubelet --enforce-node-allocatable=pods --event-qps=0 --eviction-hard=memory.available<750Mi,nodefs.available<10%,nodefs.inodesFree<5% --feature-gates=RotateKubeletServerCertificate=true --image-gc-high-threshold=85 --image-gc-low-threshold=80 --image-pull-progress-deadline=30m --keep-terminated-pod-volumes=false --kube-reserved=cpu=100m,memory=1638Mi --kubeconfig=/var/lib/kubelet/kubeconfig --max-pods=110 --network-plugin=cni --node-status-update-frequency=10s --non-masquerade-cidr=0.0.0.0/0 --pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:1.3.1 --pod-manifest-path=/etc/kubernetes/manifests --pod-max-pids=-1 --protect-kernel-defaults=true --read-only-port=0 --rotate-certificates=false --streaming-connection-idle-timeout=4h --tls-cert-file=/etc/kubernetes/certs/kubeletserver.crt --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256 --tls-private-key-file=/etc/kubernetes/certs/kubeletserver.key
    74  KUBELET_REGISTER_SCHEDULABLE=true
    75  NETWORK_POLICY=
    76  
    77  KUBELET_NODE_LABELS=kubernetes.azure.com/role=agent,agentpool=agentpool,storageprofile=managed,storagetier=Premium_LRS,kubernetes.azure.com/cluster=MC_aks1016_c00_southcentralus,kubernetes.azure.com/mode=system,kubernetes.azure.com/node-image-version=AKSUbuntu-1604-2020.09.30`,
    78  			expectedIsKubenetCNI: false,
    79  		},
    80  		{
    81  			name: "network plugin kubenet",
    82  			kubeletConfig: `KUBELET_FLAGS=--address=0.0.0.0 --anonymous-auth=false --authentication-token-webhook=true --authorization-mode=Webhook --azure-container-registry-config=/etc/kubernetes/azure.json --cgroups-per-qos=true --client-ca-file=/etc/kubernetes/certs/ca.crt --cloud-config=/etc/kubernetes/azure.json --cloud-provider=azure --cluster-dns=10.0.0.10 --cluster-domain=cluster.local --dynamic-config-dir=/var/lib/kubelet --enforce-node-allocatable=pods --event-qps=0 --eviction-hard=memory.available<750Mi,nodefs.available<10%,nodefs.inodesFree<5% --feature-gates=RotateKubeletServerCertificate=true --image-gc-high-threshold=85 --image-gc-low-threshold=80 --image-pull-progress-deadline=30m --keep-terminated-pod-volumes=false --kube-reserved=cpu=100m,memory=1638Mi --kubeconfig=/var/lib/kubelet/kubeconfig --max-pods=110 --network-plugin=kubenet --node-status-update-frequency=10s --non-masquerade-cidr=0.0.0.0/0 --pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:1.3.1 --pod-manifest-path=/etc/kubernetes/manifests --pod-max-pids=-1 --protect-kernel-defaults=true --read-only-port=0 --rotate-certificates=false --streaming-connection-idle-timeout=4h --tls-cert-file=/etc/kubernetes/certs/kubeletserver.crt --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256 --tls-private-key-file=/etc/kubernetes/certs/kubeletserver.key
    83  KUBELET_REGISTER_SCHEDULABLE=true
    84  NETWORK_POLICY=
    85  
    86  KUBELET_NODE_LABELS=kubernetes.azure.com/role=agent,agentpool=agentpool,storageprofile=managed,storagetier=Premium_LRS,kubernetes.azure.com/cluster=MC_aks1016_c00_southcentralus,kubernetes.azure.com/mode=system,kubernetes.azure.com/node-image-version=AKSUbuntu-1604-2020.09.30`,
    87  			expectedIsKubenetCNI: true,
    88  		},
    89  	}
    90  
    91  	for _, test := range tests {
    92  		t.Run(test.name, func(t *testing.T) {
    93  			tmpFile, err := os.CreateTemp("", "ut")
    94  			if err != nil {
    95  				t.Fatalf("expected err to be nil, got: %+v", err)
    96  			}
    97  			defer os.Remove(tmpFile.Name())
    98  
    99  			_, err = tmpFile.Write([]byte(test.kubeletConfig))
   100  			if err != nil {
   101  				t.Fatalf("expected err to be nil, got: %+v", err)
   102  			}
   103  
   104  			isKubenet, err := IsKubenetCNI(tmpFile.Name())
   105  			if err != nil {
   106  				t.Fatalf("expected err to be nil, got: %+v", err)
   107  			}
   108  			if isKubenet != test.expectedIsKubenetCNI {
   109  				t.Fatalf("expected kubenet CNI to be %v, got: %v", test.expectedIsKubenetCNI, isKubenet)
   110  			}
   111  		})
   112  	}
   113  }