github.com/openshift/installer@v1.4.17/pkg/agent/monitoraddnodes_test.go (about) 1 package agent 2 3 import ( 4 "testing" 5 6 "github.com/stretchr/testify/assert" 7 certificatesv1 "k8s.io/api/certificates/v1" 8 ) 9 10 func TestDecodedFirstCSRSubjectContainsHostname(t *testing.T) { 11 firstCSRRequestForExtraworker0 := "-----BEGIN CERTIFICATE REQUEST-----\nMIH3MIGdAgEAMDsxFTATBgNVBAoTDHN5c3RlbTpub2RlczEiMCAGA1UEAxMZc3lz\ndGVtOm5vZGU6ZXh0cmF3b3JrZXItMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBGaK3U+3X3lM6tdgjD2b/y7Kysws8xgFW1rNd/wvKEvXzP5+A1K1M38zJiAWqKXP\n5AL2IDklO4GaO7PcRDNPabigADAKBggqhkjOPQQDAgNJADBGAiEA7C33Nym0Go73\nCZY+XOmyqE/IhaBMSwign+fgbPX1ibkCIQDHIfF7QpZReF93IW0v864/yLoXKyXy\nTGygkuR4KtXTDw==\n-----END CERTIFICATE REQUEST-----\n" 12 tests := []struct { 13 name string 14 hostnames []string 15 request string 16 expectedResult bool 17 }{ 18 { 19 name: "request contains hostname", 20 hostnames: []string{"extraworker-0"}, 21 request: firstCSRRequestForExtraworker0, 22 expectedResult: true, 23 }, 24 { 25 name: "request contains hostname using FQDN", 26 hostnames: []string{"extraworker-0.ostest.test.metalkube.org"}, 27 request: firstCSRRequestForExtraworker0, 28 expectedResult: true, 29 }, 30 { 31 name: "request contains hostname when multiple names are resolved", 32 hostnames: []string{"somename", "extraworker-0.ostest.test.metalkube.org"}, 33 request: firstCSRRequestForExtraworker0, 34 expectedResult: true, 35 }, 36 { 37 name: "request does not contain hostname", 38 hostnames: []string{"extraworker-1"}, 39 request: firstCSRRequestForExtraworker0, 40 expectedResult: false, 41 }, 42 { 43 name: "request is empty string", 44 hostnames: []string{"hostname-not-specified"}, 45 request: "", 46 expectedResult: false, 47 }, 48 } 49 for _, tt := range tests { 50 t.Run(tt.name, func(t *testing.T) { 51 containsHostname := containsHostname(decodedFirstCSRSubject([]byte(tt.request)), tt.hostnames) 52 assert.Equal(t, tt.expectedResult, containsHostname) 53 }) 54 } 55 } 56 57 func TestFilterCSRsMatchingHostnames(t *testing.T) { 58 firstCSRRequestForExtraworker0 := "-----BEGIN CERTIFICATE REQUEST-----\nMIH3MIGdAgEAMDsxFTATBgNVBAoTDHN5c3RlbTpub2RlczEiMCAGA1UEAxMZc3lz\ndGVtOm5vZGU6ZXh0cmF3b3JrZXItMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBGaK3U+3X3lM6tdgjD2b/y7Kysws8xgFW1rNd/wvKEvXzP5+A1K1M38zJiAWqKXP\n5AL2IDklO4GaO7PcRDNPabigADAKBggqhkjOPQQDAgNJADBGAiEA7C33Nym0Go73\nCZY+XOmyqE/IhaBMSwign+fgbPX1ibkCIQDHIfF7QpZReF93IW0v864/yLoXKyXy\nTGygkuR4KtXTDw==\n-----END CERTIFICATE REQUEST-----\n" 59 60 tests := []struct { 61 name string 62 csrs *certificatesv1.CertificateSigningRequestList 63 hostnames []string 64 signerName string 65 expectedResult []certificatesv1.CertificateSigningRequest 66 }{ 67 { 68 name: "first CSR filtering", 69 csrs: &certificatesv1.CertificateSigningRequestList{ 70 Items: []certificatesv1.CertificateSigningRequest{ 71 { 72 // should match only this one 73 Spec: certificatesv1.CertificateSigningRequestSpec{ 74 SignerName: firstCSRSignerName, 75 Request: []byte(firstCSRRequestForExtraworker0), 76 }, 77 }, 78 { 79 Spec: certificatesv1.CertificateSigningRequestSpec{ 80 SignerName: "other-request", 81 Request: []byte("other-request"), 82 }, 83 }, 84 }, 85 }, 86 hostnames: []string{"extraworker-0.ostest.test.metalkube.org"}, 87 signerName: "kubernetes.io/kube-apiserver-client-kubelet", 88 expectedResult: []certificatesv1.CertificateSigningRequest{ 89 { 90 Spec: certificatesv1.CertificateSigningRequestSpec{ 91 SignerName: "kubernetes.io/kube-apiserver-client-kubelet", 92 Request: []byte(firstCSRRequestForExtraworker0), 93 }, 94 }, 95 }, 96 }, 97 { 98 name: "second CSR filtering", 99 csrs: &certificatesv1.CertificateSigningRequestList{ 100 Items: []certificatesv1.CertificateSigningRequest{ 101 { 102 // should match only this one 103 Spec: certificatesv1.CertificateSigningRequestSpec{ 104 SignerName: secondCSRSignerName, 105 Username: "system:node:extraworker-0", 106 Request: []byte("something"), 107 }, 108 }, 109 { 110 Spec: certificatesv1.CertificateSigningRequestSpec{ 111 SignerName: secondCSRSignerName, 112 Username: "system:node:extraworker-1", 113 Request: []byte("something"), 114 }, 115 }, 116 { 117 Spec: certificatesv1.CertificateSigningRequestSpec{ 118 SignerName: "other-request", 119 Request: []byte("other-request"), 120 }, 121 }, 122 }, 123 }, 124 hostnames: []string{"extraworker-0.ostest.test.metalkube.org"}, 125 signerName: secondCSRSignerName, 126 expectedResult: []certificatesv1.CertificateSigningRequest{ 127 { 128 Spec: certificatesv1.CertificateSigningRequestSpec{ 129 SignerName: "kubernetes.io/kubelet-serving", 130 Username: "system:node:extraworker-0", 131 Request: []byte("something"), 132 }, 133 }, 134 }, 135 }, 136 { 137 name: "no CSRs should not result in error", 138 csrs: &certificatesv1.CertificateSigningRequestList{ 139 Items: []certificatesv1.CertificateSigningRequest{}, 140 }, 141 hostnames: []string{"extraworker-0.ostest.test.metalkube.org"}, 142 signerName: secondCSRSignerName, 143 expectedResult: []certificatesv1.CertificateSigningRequest{}, 144 }, 145 { 146 name: "no hostnames should not result in error", 147 csrs: &certificatesv1.CertificateSigningRequestList{ 148 Items: []certificatesv1.CertificateSigningRequest{}, 149 }, 150 hostnames: []string{}, 151 signerName: secondCSRSignerName, 152 expectedResult: []certificatesv1.CertificateSigningRequest{}, 153 }, 154 } 155 for _, tt := range tests { 156 t.Run(tt.name, func(t *testing.T) { 157 filteredCSRs := filterCSRsMatchingHostname(tt.signerName, tt.csrs, tt.hostnames) 158 assert.Equal(t, tt.expectedResult, filteredCSRs) 159 }) 160 } 161 }