github.com/ali-iotechsys/cli@v20.10.0+incompatible/cli/context/kubernetes/endpoint_test.go (about) 1 package kubernetes 2 3 import ( 4 "io/ioutil" 5 "os" 6 "testing" 7 8 "github.com/docker/cli/cli/context" 9 "github.com/docker/cli/cli/context/store" 10 "gotest.tools/v3/assert" 11 "k8s.io/client-go/tools/clientcmd" 12 clientcmdapi "k8s.io/client-go/tools/clientcmd/api" 13 ) 14 15 func testEndpoint(server, defaultNamespace string, ca, cert, key []byte, skipTLSVerify bool) Endpoint { 16 var tlsData *context.TLSData 17 if ca != nil || cert != nil || key != nil { 18 tlsData = &context.TLSData{ 19 CA: ca, 20 Cert: cert, 21 Key: key, 22 } 23 } 24 return Endpoint{ 25 EndpointMeta: EndpointMeta{ 26 EndpointMetaBase: context.EndpointMetaBase{ 27 Host: server, 28 SkipTLSVerify: skipTLSVerify, 29 }, 30 DefaultNamespace: defaultNamespace, 31 }, 32 TLSData: tlsData, 33 } 34 } 35 36 var testStoreCfg = store.NewConfig( 37 func() interface{} { 38 return &map[string]interface{}{} 39 }, 40 store.EndpointTypeGetter(KubernetesEndpoint, func() interface{} { return &EndpointMeta{} }), 41 ) 42 43 func TestSaveLoadContexts(t *testing.T) { 44 storeDir, err := ioutil.TempDir("", "test-load-save-k8-context") 45 assert.NilError(t, err) 46 defer os.RemoveAll(storeDir) 47 store := store.New(storeDir, testStoreCfg) 48 assert.NilError(t, save(store, testEndpoint("https://test", "test", nil, nil, nil, false), "raw-notls")) 49 assert.NilError(t, save(store, testEndpoint("https://test", "test", nil, nil, nil, true), "raw-notls-skip")) 50 assert.NilError(t, save(store, testEndpoint("https://test", "test", []byte("ca"), []byte("cert"), []byte("key"), true), "raw-tls")) 51 52 kcFile, err := ioutil.TempFile(os.TempDir(), "test-load-save-k8-context") 53 assert.NilError(t, err) 54 defer os.Remove(kcFile.Name()) 55 defer kcFile.Close() 56 cfg := clientcmdapi.NewConfig() 57 cfg.AuthInfos["user"] = clientcmdapi.NewAuthInfo() 58 cfg.Contexts["context1"] = clientcmdapi.NewContext() 59 cfg.Clusters["cluster1"] = clientcmdapi.NewCluster() 60 cfg.Contexts["context2"] = clientcmdapi.NewContext() 61 cfg.Clusters["cluster2"] = clientcmdapi.NewCluster() 62 cfg.AuthInfos["user"].ClientCertificateData = []byte("cert") 63 cfg.AuthInfos["user"].ClientKeyData = []byte("key") 64 cfg.Clusters["cluster1"].Server = "https://server1" 65 cfg.Clusters["cluster1"].InsecureSkipTLSVerify = true 66 cfg.Clusters["cluster2"].Server = "https://server2" 67 cfg.Clusters["cluster2"].CertificateAuthorityData = []byte("ca") 68 cfg.Contexts["context1"].AuthInfo = "user" 69 cfg.Contexts["context1"].Cluster = "cluster1" 70 cfg.Contexts["context1"].Namespace = "namespace1" 71 cfg.Contexts["context2"].AuthInfo = "user" 72 cfg.Contexts["context2"].Cluster = "cluster2" 73 cfg.Contexts["context2"].Namespace = "namespace2" 74 cfg.CurrentContext = "context1" 75 cfgData, err := clientcmd.Write(*cfg) 76 assert.NilError(t, err) 77 _, err = kcFile.Write(cfgData) 78 assert.NilError(t, err) 79 kcFile.Close() 80 81 epDefault, err := FromKubeConfig(kcFile.Name(), "", "") 82 assert.NilError(t, err) 83 epContext2, err := FromKubeConfig(kcFile.Name(), "context2", "namespace-override") 84 assert.NilError(t, err) 85 assert.NilError(t, save(store, epDefault, "embed-default-context")) 86 assert.NilError(t, save(store, epContext2, "embed-context2")) 87 88 rawNoTLSMeta, err := store.GetMetadata("raw-notls") 89 assert.NilError(t, err) 90 rawNoTLSSkipMeta, err := store.GetMetadata("raw-notls-skip") 91 assert.NilError(t, err) 92 rawTLSMeta, err := store.GetMetadata("raw-tls") 93 assert.NilError(t, err) 94 embededDefaultMeta, err := store.GetMetadata("embed-default-context") 95 assert.NilError(t, err) 96 embededContext2Meta, err := store.GetMetadata("embed-context2") 97 assert.NilError(t, err) 98 99 rawNoTLS := EndpointFromContext(rawNoTLSMeta) 100 rawNoTLSSkip := EndpointFromContext(rawNoTLSSkipMeta) 101 rawTLS := EndpointFromContext(rawTLSMeta) 102 embededDefault := EndpointFromContext(embededDefaultMeta) 103 embededContext2 := EndpointFromContext(embededContext2Meta) 104 105 rawNoTLSEP, err := rawNoTLS.WithTLSData(store, "raw-notls") 106 assert.NilError(t, err) 107 checkClientConfig(t, rawNoTLSEP, "https://test", "test", nil, nil, nil, false) 108 rawNoTLSSkipEP, err := rawNoTLSSkip.WithTLSData(store, "raw-notls-skip") 109 assert.NilError(t, err) 110 checkClientConfig(t, rawNoTLSSkipEP, "https://test", "test", nil, nil, nil, true) 111 rawTLSEP, err := rawTLS.WithTLSData(store, "raw-tls") 112 assert.NilError(t, err) 113 checkClientConfig(t, rawTLSEP, "https://test", "test", []byte("ca"), []byte("cert"), []byte("key"), true) 114 embededDefaultEP, err := embededDefault.WithTLSData(store, "embed-default-context") 115 assert.NilError(t, err) 116 checkClientConfig(t, embededDefaultEP, "https://server1", "namespace1", nil, []byte("cert"), []byte("key"), true) 117 embededContext2EP, err := embededContext2.WithTLSData(store, "embed-context2") 118 assert.NilError(t, err) 119 checkClientConfig(t, embededContext2EP, "https://server2", "namespace-override", []byte("ca"), []byte("cert"), []byte("key"), false) 120 } 121 122 func checkClientConfig(t *testing.T, ep Endpoint, server, namespace string, ca, cert, key []byte, skipTLSVerify bool) { 123 config := ep.KubernetesConfig() 124 cfg, err := config.ClientConfig() 125 assert.NilError(t, err) 126 ns, _, _ := config.Namespace() 127 assert.Equal(t, server, cfg.Host) 128 assert.Equal(t, namespace, ns) 129 assert.DeepEqual(t, ca, cfg.CAData) 130 assert.DeepEqual(t, cert, cfg.CertData) 131 assert.DeepEqual(t, key, cfg.KeyData) 132 assert.Equal(t, skipTLSVerify, cfg.Insecure) 133 } 134 135 func save(s store.Writer, ep Endpoint, name string) error { 136 meta := store.Metadata{ 137 Endpoints: map[string]interface{}{ 138 KubernetesEndpoint: ep.EndpointMeta, 139 }, 140 Name: name, 141 } 142 if err := s.CreateOrUpdate(meta); err != nil { 143 return err 144 } 145 return s.ResetEndpointTLSMaterial(name, KubernetesEndpoint, ep.TLSData.ToStoreTLSData()) 146 } 147 148 func TestSaveLoadGKEConfig(t *testing.T) { 149 storeDir, err := ioutil.TempDir("", t.Name()) 150 assert.NilError(t, err) 151 defer os.RemoveAll(storeDir) 152 store := store.New(storeDir, testStoreCfg) 153 cfg, err := clientcmd.LoadFromFile("testdata/gke-kubeconfig") 154 assert.NilError(t, err) 155 clientCfg := clientcmd.NewDefaultClientConfig(*cfg, &clientcmd.ConfigOverrides{}) 156 expectedCfg, err := clientCfg.ClientConfig() 157 assert.NilError(t, err) 158 ep, err := FromKubeConfig("testdata/gke-kubeconfig", "", "") 159 assert.NilError(t, err) 160 assert.NilError(t, save(store, ep, "gke-context")) 161 persistedMetadata, err := store.GetMetadata("gke-context") 162 assert.NilError(t, err) 163 persistedEPMeta := EndpointFromContext(persistedMetadata) 164 assert.Check(t, persistedEPMeta != nil) 165 persistedEP, err := persistedEPMeta.WithTLSData(store, "gke-context") 166 assert.NilError(t, err) 167 persistedCfg := persistedEP.KubernetesConfig() 168 actualCfg, err := persistedCfg.ClientConfig() 169 assert.NilError(t, err) 170 assert.DeepEqual(t, expectedCfg.AuthProvider, actualCfg.AuthProvider) 171 } 172 173 func TestSaveLoadEKSConfig(t *testing.T) { 174 storeDir, err := ioutil.TempDir("", t.Name()) 175 assert.NilError(t, err) 176 defer os.RemoveAll(storeDir) 177 store := store.New(storeDir, testStoreCfg) 178 cfg, err := clientcmd.LoadFromFile("testdata/eks-kubeconfig") 179 assert.NilError(t, err) 180 clientCfg := clientcmd.NewDefaultClientConfig(*cfg, &clientcmd.ConfigOverrides{}) 181 expectedCfg, err := clientCfg.ClientConfig() 182 assert.NilError(t, err) 183 ep, err := FromKubeConfig("testdata/eks-kubeconfig", "", "") 184 assert.NilError(t, err) 185 assert.NilError(t, save(store, ep, "eks-context")) 186 persistedMetadata, err := store.GetMetadata("eks-context") 187 assert.NilError(t, err) 188 persistedEPMeta := EndpointFromContext(persistedMetadata) 189 assert.Check(t, persistedEPMeta != nil) 190 persistedEP, err := persistedEPMeta.WithTLSData(store, "eks-context") 191 assert.NilError(t, err) 192 persistedCfg := persistedEP.KubernetesConfig() 193 actualCfg, err := persistedCfg.ClientConfig() 194 assert.NilError(t, err) 195 assert.DeepEqual(t, expectedCfg.ExecProvider, actualCfg.ExecProvider) 196 } 197 198 func TestSaveLoadK3SConfig(t *testing.T) { 199 storeDir, err := ioutil.TempDir("", t.Name()) 200 assert.NilError(t, err) 201 defer os.RemoveAll(storeDir) 202 store := store.New(storeDir, testStoreCfg) 203 cfg, err := clientcmd.LoadFromFile("testdata/k3s-kubeconfig") 204 assert.NilError(t, err) 205 clientCfg := clientcmd.NewDefaultClientConfig(*cfg, &clientcmd.ConfigOverrides{}) 206 expectedCfg, err := clientCfg.ClientConfig() 207 assert.NilError(t, err) 208 ep, err := FromKubeConfig("testdata/k3s-kubeconfig", "", "") 209 assert.NilError(t, err) 210 assert.NilError(t, save(store, ep, "k3s-context")) 211 persistedMetadata, err := store.GetMetadata("k3s-context") 212 assert.NilError(t, err) 213 persistedEPMeta := EndpointFromContext(persistedMetadata) 214 assert.Check(t, persistedEPMeta != nil) 215 persistedEP, err := persistedEPMeta.WithTLSData(store, "k3s-context") 216 assert.NilError(t, err) 217 persistedCfg := persistedEP.KubernetesConfig() 218 actualCfg, err := persistedCfg.ClientConfig() 219 assert.NilError(t, err) 220 assert.Check(t, len(actualCfg.Username) > 0) 221 assert.Check(t, len(actualCfg.Password) > 0) 222 assert.Equal(t, expectedCfg.Username, actualCfg.Username) 223 assert.Equal(t, expectedCfg.Password, actualCfg.Password) 224 }