k8s.io/kubernetes@v1.29.3/pkg/controller/bootstrap/tokencleaner_test.go

k8s.io/kubernetes@v1.29.3/pkg/controller/bootstrap/tokencleaner_test.go (about)

     1  /*
     2  Copyright 2016 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package bootstrap
    18  
    19  import (
    20  	"context"
    21  	"testing"
    22  	"time"
    23  
    24  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    25  	"k8s.io/apimachinery/pkg/runtime/schema"
    26  	"k8s.io/apimachinery/pkg/util/wait"
    27  	"k8s.io/client-go/informers"
    28  	coreinformers "k8s.io/client-go/informers/core/v1"
    29  	"k8s.io/client-go/kubernetes/fake"
    30  	core "k8s.io/client-go/testing"
    31  	api "k8s.io/kubernetes/pkg/apis/core"
    32  )
    33  
    34  func newTokenCleaner() (*TokenCleaner, *fake.Clientset, coreinformers.SecretInformer, error) {
    35  	options := DefaultTokenCleanerOptions()
    36  	cl := fake.NewSimpleClientset()
    37  	informerFactory := informers.NewSharedInformerFactory(cl, options.SecretResync)
    38  	secrets := informerFactory.Core().V1().Secrets()
    39  	tcc, err := NewTokenCleaner(cl, secrets, options)
    40  	if err != nil {
    41  		return nil, nil, nil, err
    42  	}
    43  	return tcc, cl, secrets, nil
    44  }
    45  
    46  func TestCleanerNoExpiration(t *testing.T) {
    47  	cleaner, cl, secrets, err := newTokenCleaner()
    48  	if err != nil {
    49  		t.Fatalf("error creating TokenCleaner: %v", err)
    50  	}
    51  
    52  	secret := newTokenSecret("tokenID", "tokenSecret")
    53  	secrets.Informer().GetIndexer().Add(secret)
    54  
    55  	cleaner.evalSecret(context.TODO(), secret)
    56  
    57  	expected := []core.Action{}
    58  
    59  	verifyActions(t, expected, cl.Actions())
    60  }
    61  
    62  func TestCleanerExpired(t *testing.T) {
    63  	cleaner, cl, secrets, err := newTokenCleaner()
    64  	if err != nil {
    65  		t.Fatalf("error creating TokenCleaner: %v", err)
    66  	}
    67  
    68  	secret := newTokenSecret("tokenID", "tokenSecret")
    69  	addSecretExpiration(secret, timeString(-time.Hour))
    70  	secrets.Informer().GetIndexer().Add(secret)
    71  
    72  	cleaner.evalSecret(context.TODO(), secret)
    73  
    74  	expected := []core.Action{
    75  		core.NewDeleteActionWithOptions(
    76  			schema.GroupVersionResource{Version: "v1", Resource: "secrets"},
    77  			api.NamespaceSystem,
    78  			secret.ObjectMeta.Name,
    79  			metav1.DeleteOptions{
    80  				Preconditions: metav1.NewUIDPreconditions(string(secret.UID)),
    81  			}),
    82  	}
    83  
    84  	verifyActions(t, expected, cl.Actions())
    85  }
    86  
    87  func TestCleanerNotExpired(t *testing.T) {
    88  	cleaner, cl, secrets, err := newTokenCleaner()
    89  	if err != nil {
    90  		t.Fatalf("error creating TokenCleaner: %v", err)
    91  	}
    92  
    93  	secret := newTokenSecret("tokenID", "tokenSecret")
    94  	addSecretExpiration(secret, timeString(time.Hour))
    95  	secrets.Informer().GetIndexer().Add(secret)
    96  
    97  	cleaner.evalSecret(context.TODO(), secret)
    98  
    99  	expected := []core.Action{}
   100  
   101  	verifyActions(t, expected, cl.Actions())
   102  }
   103  
   104  func TestCleanerExpiredAt(t *testing.T) {
   105  	cleaner, cl, secrets, err := newTokenCleaner()
   106  	if err != nil {
   107  		t.Fatalf("error creating TokenCleaner: %v", err)
   108  	}
   109  
   110  	secret := newTokenSecret("tokenID", "tokenSecret")
   111  	addSecretExpiration(secret, timeString(2*time.Second))
   112  	secrets.Informer().GetIndexer().Add(secret)
   113  	cleaner.enqueueSecrets(secret)
   114  	expected := []core.Action{}
   115  	verifyFunc := func() {
   116  		cleaner.processNextWorkItem(context.TODO())
   117  		verifyActions(t, expected, cl.Actions())
   118  	}
   119  	// token has not expired currently
   120  	verifyFunc()
   121  
   122  	if cleaner.queue.Len() != 0 {
   123  		t.Errorf("not using the queue, the length should be 0, now: %v", cleaner.queue.Len())
   124  	}
   125  
   126  	var conditionFunc = func() (bool, error) {
   127  		if cleaner.queue.Len() == 1 {
   128  			return true, nil
   129  		}
   130  		return false, nil
   131  	}
   132  
   133  	err = wait.Poll(100*time.Millisecond, wait.ForeverTestTimeout, conditionFunc)
   134  	if err != nil {
   135  		t.Fatalf("secret is put back into the queue, the queue length should be 1, error: %v\n", err)
   136  	}
   137  
   138  	// secret was eventually deleted
   139  	expected = []core.Action{
   140  		core.NewDeleteActionWithOptions(
   141  			schema.GroupVersionResource{Version: "v1", Resource: "secrets"},
   142  			api.NamespaceSystem,
   143  			secret.ObjectMeta.Name,
   144  			metav1.DeleteOptions{
   145  				Preconditions: metav1.NewUIDPreconditions(string(secret.UID)),
   146  			}),
   147  	}
   148  	verifyFunc()
   149  }