k8s.io/kubernetes@v1.29.3/pkg/controller/bootstrap/bootstrapsigner_test.go (about) 1 /* 2 Copyright 2016 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package bootstrap 18 19 import ( 20 "context" 21 "testing" 22 23 v1 "k8s.io/api/core/v1" 24 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 25 "k8s.io/apimachinery/pkg/runtime/schema" 26 "k8s.io/client-go/informers" 27 coreinformers "k8s.io/client-go/informers/core/v1" 28 "k8s.io/client-go/kubernetes/fake" 29 core "k8s.io/client-go/testing" 30 bootstrapapi "k8s.io/cluster-bootstrap/token/api" 31 api "k8s.io/kubernetes/pkg/apis/core" 32 "k8s.io/kubernetes/pkg/controller" 33 ) 34 35 const testTokenID = "abc123" 36 37 func newSigner() (*Signer, *fake.Clientset, coreinformers.SecretInformer, coreinformers.ConfigMapInformer, error) { 38 options := DefaultSignerOptions() 39 cl := fake.NewSimpleClientset() 40 informers := informers.NewSharedInformerFactory(fake.NewSimpleClientset(), controller.NoResyncPeriodFunc()) 41 secrets := informers.Core().V1().Secrets() 42 configMaps := informers.Core().V1().ConfigMaps() 43 bsc, err := NewSigner(cl, secrets, configMaps, options) 44 if err != nil { 45 return nil, nil, nil, nil, err 46 } 47 return bsc, cl, secrets, configMaps, nil 48 } 49 50 func newConfigMap(tokenID, signature string) *v1.ConfigMap { 51 ret := &v1.ConfigMap{ 52 ObjectMeta: metav1.ObjectMeta{ 53 Namespace: metav1.NamespacePublic, 54 Name: bootstrapapi.ConfigMapClusterInfo, 55 ResourceVersion: "1", 56 }, 57 Data: map[string]string{ 58 bootstrapapi.KubeConfigKey: "payload", 59 }, 60 } 61 if len(tokenID) > 0 { 62 ret.Data[bootstrapapi.JWSSignatureKeyPrefix+tokenID] = signature 63 } 64 return ret 65 } 66 67 func TestNoConfigMap(t *testing.T) { 68 signer, cl, _, _, err := newSigner() 69 if err != nil { 70 t.Fatalf("error creating Signer: %v", err) 71 } 72 signer.signConfigMap(context.TODO()) 73 verifyActions(t, []core.Action{}, cl.Actions()) 74 } 75 76 func TestSimpleSign(t *testing.T) { 77 signer, cl, secrets, configMaps, err := newSigner() 78 if err != nil { 79 t.Fatalf("error creating Signer: %v", err) 80 } 81 82 cm := newConfigMap("", "") 83 configMaps.Informer().GetIndexer().Add(cm) 84 85 secret := newTokenSecret(testTokenID, "tokenSecret") 86 addSecretSigningUsage(secret, "true") 87 secrets.Informer().GetIndexer().Add(secret) 88 89 signer.signConfigMap(context.TODO()) 90 91 expected := []core.Action{ 92 core.NewUpdateAction(schema.GroupVersionResource{Version: "v1", Resource: "configmaps"}, 93 api.NamespacePublic, 94 newConfigMap(testTokenID, "eyJhbGciOiJIUzI1NiIsImtpZCI6ImFiYzEyMyJ9..QSxpUG7Q542CirTI2ECPSZjvBOJURUW5a7XqFpNI958")), 95 } 96 97 verifyActions(t, expected, cl.Actions()) 98 } 99 100 func TestNoSignNeeded(t *testing.T) { 101 signer, cl, secrets, configMaps, err := newSigner() 102 if err != nil { 103 t.Fatalf("error creating Signer: %v", err) 104 } 105 106 cm := newConfigMap(testTokenID, "eyJhbGciOiJIUzI1NiIsImtpZCI6ImFiYzEyMyJ9..QSxpUG7Q542CirTI2ECPSZjvBOJURUW5a7XqFpNI958") 107 configMaps.Informer().GetIndexer().Add(cm) 108 109 secret := newTokenSecret(testTokenID, "tokenSecret") 110 addSecretSigningUsage(secret, "true") 111 secrets.Informer().GetIndexer().Add(secret) 112 113 signer.signConfigMap(context.TODO()) 114 115 verifyActions(t, []core.Action{}, cl.Actions()) 116 } 117 118 func TestUpdateSignature(t *testing.T) { 119 signer, cl, secrets, configMaps, err := newSigner() 120 if err != nil { 121 t.Fatalf("error creating Signer: %v", err) 122 } 123 124 cm := newConfigMap(testTokenID, "old signature") 125 configMaps.Informer().GetIndexer().Add(cm) 126 127 secret := newTokenSecret(testTokenID, "tokenSecret") 128 addSecretSigningUsage(secret, "true") 129 secrets.Informer().GetIndexer().Add(secret) 130 131 signer.signConfigMap(context.TODO()) 132 133 expected := []core.Action{ 134 core.NewUpdateAction(schema.GroupVersionResource{Version: "v1", Resource: "configmaps"}, 135 api.NamespacePublic, 136 newConfigMap(testTokenID, "eyJhbGciOiJIUzI1NiIsImtpZCI6ImFiYzEyMyJ9..QSxpUG7Q542CirTI2ECPSZjvBOJURUW5a7XqFpNI958")), 137 } 138 139 verifyActions(t, expected, cl.Actions()) 140 } 141 142 func TestRemoveSignature(t *testing.T) { 143 signer, cl, _, configMaps, err := newSigner() 144 if err != nil { 145 t.Fatalf("error creating Signer: %v", err) 146 } 147 148 cm := newConfigMap(testTokenID, "old signature") 149 configMaps.Informer().GetIndexer().Add(cm) 150 151 signer.signConfigMap(context.TODO()) 152 153 expected := []core.Action{ 154 core.NewUpdateAction(schema.GroupVersionResource{Version: "v1", Resource: "configmaps"}, 155 api.NamespacePublic, 156 newConfigMap("", "")), 157 } 158 159 verifyActions(t, expected, cl.Actions()) 160 }