istio.io/istio@v0.0.0-20240520182934-d79c90f27776/cni/pkg/install/kubeconfig_test.go (about) 1 // Copyright Istio Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package install 16 17 import ( 18 "os" 19 "path/filepath" 20 "testing" 21 22 "istio.io/istio/cni/pkg/config" 23 testutils "istio.io/istio/pilot/test/util" 24 ) 25 26 const ( 27 k8sServiceHost = "10.96.0.1" 28 k8sServicePort = "443" 29 kubeCAFilepath = "testdata/kube-ca.crt" 30 saToken = "service_account_token_string" 31 ) 32 33 func TestCreateValidKubeconfigFile(t *testing.T) { 34 tmp := t.TempDir() 35 os.WriteFile(filepath.Join(tmp, "token"), []byte(saToken), 0o644) 36 cases := []struct { 37 name string 38 expectedFailure bool 39 k8sServiceProtocol string 40 k8sServiceHost string 41 k8sServicePort string 42 kubeCAFilepath string 43 skipTLSVerify bool 44 }{ 45 { 46 name: "k8s service host not set", 47 expectedFailure: true, 48 }, 49 { 50 name: "k8s service port not set", 51 expectedFailure: true, 52 k8sServiceHost: k8sServiceHost, 53 }, 54 { 55 name: "skip TLS verify", 56 k8sServiceHost: k8sServiceHost, 57 k8sServicePort: k8sServicePort, 58 skipTLSVerify: true, 59 }, 60 { 61 name: "TLS verify", 62 k8sServiceHost: k8sServiceHost, 63 k8sServicePort: k8sServicePort, 64 kubeCAFilepath: kubeCAFilepath, 65 }, 66 } 67 68 for _, c := range cases { 69 t.Run(c.name, func(t *testing.T) { 70 // Create temp directory for files 71 tempDir := t.TempDir() 72 73 cfg := &config.InstallConfig{ 74 MountedCNINetDir: tempDir, 75 KubeCAFile: c.kubeCAFilepath, 76 K8sServiceProtocol: c.k8sServiceProtocol, 77 K8sServiceHost: c.k8sServiceHost, 78 K8sServicePort: c.k8sServicePort, 79 K8sServiceAccountPath: tmp, 80 SkipTLSVerify: c.skipTLSVerify, 81 } 82 result, err := createKubeConfig(cfg) 83 if err != nil { 84 if !c.expectedFailure { 85 t.Fatalf("did not expect failure: %v", err) 86 } 87 // Successful test case expecting failure 88 return 89 } else if c.expectedFailure { 90 t.Fatalf("expected failure") 91 } 92 93 goldenFilepath := "testdata/kubeconfig-tls" 94 if c.skipTLSVerify { 95 goldenFilepath = "testdata/kubeconfig-skip-tls" 96 } 97 98 testutils.CompareContent(t, []byte(result.Full), goldenFilepath) 99 }) 100 } 101 } 102 103 func TestReplaceInvalidKubeconfigFile(t *testing.T) { 104 tmp := t.TempDir() 105 os.WriteFile(filepath.Join(tmp, "token"), []byte(saToken), 0o644) 106 tempDir := t.TempDir() 107 108 cfg := &config.InstallConfig{ 109 MountedCNINetDir: tempDir, 110 KubeCAFile: kubeCAFilepath, 111 K8sServiceHost: k8sServiceHost, 112 K8sServicePort: k8sServicePort, 113 K8sServiceAccountPath: tmp, 114 } 115 // Write out a kubeconfig with one cert 116 result, err := createKubeConfig(cfg) 117 if err != nil { 118 t.Fatalf("did not expect failure: %v", err) 119 } 120 goldenFilepath := "testdata/kubeconfig-tls" 121 testutils.CompareContent(t, []byte(result.Full), goldenFilepath) 122 123 newk8sServiceHost := "50.76.2.1" 124 newCfg := &config.InstallConfig{ 125 MountedCNINetDir: tempDir, 126 KubeCAFile: kubeCAFilepath, 127 K8sServiceHost: newk8sServiceHost, 128 K8sServicePort: k8sServicePort, 129 K8sServiceAccountPath: tmp, 130 } 131 // Write out a kubeconfig with one cert 132 result, err = createKubeConfig(newCfg) 133 if err != nil { 134 t.Fatalf("did not expect failure: %v", err) 135 } 136 goldenNewFilepath := "testdata/kubeconfig-newhost" 137 testutils.CompareContent(t, []byte(result.Full), goldenNewFilepath) 138 } 139 140 func TestCheckNoExistingKubeConfig(t *testing.T) { 141 tmp := t.TempDir() 142 os.WriteFile(filepath.Join(tmp, "token"), []byte(saToken), 0o644) 143 tempDir := t.TempDir() 144 145 cfg := &config.InstallConfig{ 146 MountedCNINetDir: tempDir, 147 KubeCAFile: kubeCAFilepath, 148 K8sServiceHost: k8sServiceHost, 149 K8sServicePort: k8sServicePort, 150 K8sServiceAccountPath: tmp, 151 } 152 153 expectedKC, err := createKubeConfig(cfg) 154 if err != nil { 155 t.Fatalf("expected no error: %+v", err) 156 } 157 err = checkExistingKubeConfigFile(cfg, expectedKC) 158 159 if err == nil { 160 t.Fatalf("expected error, no kubeconfig present") 161 } 162 } 163 164 func TestCheckMismatchedExistingKubeConfig(t *testing.T) { 165 tmp := t.TempDir() 166 os.WriteFile(filepath.Join(tmp, "token"), []byte(saToken), 0o644) 167 tempDir := t.TempDir() 168 169 cfg := &config.InstallConfig{ 170 MountedCNINetDir: tempDir, 171 KubeCAFile: kubeCAFilepath, 172 K8sServiceHost: k8sServiceHost, 173 K8sServicePort: k8sServicePort, 174 K8sServiceAccountPath: tmp, 175 KubeconfigFilename: "dork.cfg", 176 } 177 178 expectedKC, err := createKubeConfig(cfg) 179 if err != nil { 180 t.Fatalf("expected no error: %+v", err) 181 } 182 os.WriteFile(filepath.Join(cfg.MountedCNINetDir, cfg.KubeconfigFilename), []byte(expectedKC.Full), 0o644) 183 184 err = checkExistingKubeConfigFile(cfg, expectedKC) 185 if err != nil { 186 t.Fatalf("expected no error, matching kubeconfig present, got %+v", err) 187 } 188 }