k8s.io/kubernetes@v1.29.3/pkg/registry/certificates/clustertrustbundle/storage/storage_test.go (about) 1 /* 2 Copyright 2022 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package storage 18 19 import ( 20 "strings" 21 "testing" 22 23 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 24 "k8s.io/apimachinery/pkg/fields" 25 "k8s.io/apimachinery/pkg/labels" 26 "k8s.io/apimachinery/pkg/runtime" 27 "k8s.io/apiserver/pkg/registry/generic" 28 genericregistrytest "k8s.io/apiserver/pkg/registry/generic/testing" 29 etcd3testing "k8s.io/apiserver/pkg/storage/etcd3/testing" 30 "k8s.io/kubernetes/pkg/apis/certificates" 31 "k8s.io/kubernetes/pkg/registry/registrytest" 32 ) 33 34 const validCert1 = ` 35 -----BEGIN CERTIFICATE----- 36 MIIDmTCCAoGgAwIBAgIUUW9bIIsHU61w3yQR6amBuVvRFvcwDQYJKoZIhvcNAQEL 37 BQAwXDELMAkGA1UEBhMCeHgxCjAIBgNVBAgMAXgxCjAIBgNVBAcMAXgxCjAIBgNV 38 BAoMAXgxCjAIBgNVBAsMAXgxCzAJBgNVBAMMAmNhMRAwDgYJKoZIhvcNAQkBFgF4 39 MB4XDTIyMTAxODIzNTIyNFoXDTIzMTAxODIzNTIyNFowXDELMAkGA1UEBhMCeHgx 40 CjAIBgNVBAgMAXgxCjAIBgNVBAcMAXgxCjAIBgNVBAoMAXgxCjAIBgNVBAsMAXgx 41 CzAJBgNVBAMMAmNhMRAwDgYJKoZIhvcNAQkBFgF4MIIBIjANBgkqhkiG9w0BAQEF 42 AAOCAQ8AMIIBCgKCAQEA4PeK4SmlsNwpw97gTtjODQytUfyqhBIwdENwJUbc019Y 43 m3VTCRLCGXjUa22mV6/j7V+mZw114ePFYTiGAH+2dUzWAZOphvtzE5ttPuv6A6Zx 44 k2J69lNFwJ2fPd7XQIH7pEIXjiEBaszxKZKMsN9+jOGu6iFFAwYLMemFYDbZHuqb 45 OwdQcSEsy5wO2ANzFRuYzGXuNcS8jYLHftE8g2P+L0wXnV9eW6/lM2ZFxS/nzDJz 46 qtzrEvQrBsmskTNC8gCRRZ7askp3CVdPKjC90sxAPwhpi8JjJZxSe1Bn/WRHUz82 47 GFytEIJNx9hJY2GI316zkxgTbsxfRQe4QLJN7sRtpwIDAQABo1MwUTAdBgNVHQ4E 48 FgQU9FGsI8t+cu68fGkhtvO9FtUd174wHwYDVR0jBBgwFoAU9FGsI8t+cu68fGkh 49 tvO9FtUd174wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAqDIp 50 In5h2xZfEZcijT3mjfG8Bo6taxM2biy1M7wEpmDrElmrjMLsflZepcjgkSoVz9hP 51 cSX/k9ls1zy1H799gcjs+afSpIa1N0nUIxAKF1RHsFa+dvXpSA8YdhUnbEcBnqx0 52 vN2nDBFpdCSNf+EXNEj12+9ZJm6TLzx22f9vHyRCg4D36X3Rj1FCBWxhf0mSt3ek 53 5px3H53Xu42MqzZCiJc8/m+IqZHaixZS4bsayssaxif2fNxzAIZhgTygo8P8QGjI 54 rUmstMbg4PPq62x1yLAxEo+8XCg05saWZs384JE+K1SDqxobm51EROWVwi8jUrNC 55 9nojtkQ+jDZD+1Stiw== 56 -----END CERTIFICATE----- 57 ` 58 59 const validCert2 = ` 60 -----BEGIN CERTIFICATE----- 61 MIIC/jCCAeagAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl 62 cm5ldGVzMB4XDTIyMTAxOTIzMTY0MFoXDTMyMTAxNjIzMTY0MFowFTETMBEGA1UE 63 AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO+k 64 zbj35jHIjCd5mxP1FHMwMtvLFPeKUjtaLDP9Bs2jZ97Igmr7NTysn9QZkRP68/XX 65 j993Y8tOLg71N4vRggWiYP+T9Xfo0uHZJmzADKx5XkuC4Gqv79dUdb8IKfAbX9HB 66 ffGmWRnZLLTu8Bv/vfyl0CfE64a57DK+CzNJDwdK46CYYUnEH6Wb9finYrMQ+PLG 67 Oi2c0J4KAYc1WTId5npNwouzf/IMD33PvuXfE7r+/pDbP8u/X03e7U0cc9l7KRxr 68 3gpRQemCG74yRuy1dd3lJ1YCD8q96xVVZimGebnJ0IHi+lORRa2ix/o3OzW3FaP+ 69 6kzHU6VnBRDr2rAhMh0CAwEAAaNZMFcwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB 70 /wQFMAMBAf8wHQYDVR0OBBYEFGUVOLM74t1TVoZjifsLl3Rwt1A6MBUGA1UdEQQO 71 MAyCCmt1YmVybmV0ZXMwDQYJKoZIhvcNAQELBQADggEBANHnPVDemZqRybYPN1as 72 Ywxi3iT1I3Wma1rZyxTWeIq8Ik0gnyvbtCD1cFB/5QU1xPW09YnmIFM/E73RIeWT 73 RmCNMgOGmegYxBQRe4UvmwWGJzKNA66c0MBmd2LDHrQlrvdewOCR667Sm9krsGt1 74 tS/t6N/uBXeRSkXKEDXa+jOpYrV3Oq3IntG6zUeCrVbrH2Bs9Ma5fU00TwK3ylw5 75 Ww8KzYdQaxxrLaiRRtFcpM9dFH/vwxl1QUa5vjHcmUjxmZunEmXKplATyLT0FXDw 76 JAo8AuwuuwRh2o+o8SxwzzA+/EBrIREgcv5uIkD352QnfGkEvGu6JOPGZVyd/kVg 77 KA0= 78 -----END CERTIFICATE----- 79 ` 80 81 func newStorage(t *testing.T) (*REST, *etcd3testing.EtcdTestServer) { 82 etcdStorage, server := registrytest.NewEtcdStorageForResource(t, certificates.SchemeGroupVersion.WithResource("clustertrustbundles").GroupResource()) 83 restOptions := generic.RESTOptions{ 84 StorageConfig: etcdStorage, 85 Decorator: generic.UndecoratedStorage, 86 DeleteCollectionWorkers: 1, 87 ResourcePrefix: "clustertrustbundles", 88 } 89 storage, err := NewREST(restOptions) 90 if err != nil { 91 t.Fatalf("unexpected error from REST storage: %v", err) 92 } 93 return storage, server 94 } 95 96 func TestCreate(t *testing.T) { 97 storage, server := newStorage(t) 98 defer server.Terminate(t) 99 defer storage.Store.DestroyFunc() 100 101 validBundle := &certificates.ClusterTrustBundle{ 102 ObjectMeta: metav1.ObjectMeta{ 103 Name: "ctb1", 104 }, 105 Spec: certificates.ClusterTrustBundleSpec{ 106 TrustBundle: validCert1, 107 }, 108 } 109 110 invalidBundle := &certificates.ClusterTrustBundle{ 111 ObjectMeta: metav1.ObjectMeta{ 112 Name: "ctb1", 113 }, 114 Spec: certificates.ClusterTrustBundleSpec{ 115 // Empty TrustBundle is invalid. 116 }, 117 } 118 119 test := genericregistrytest.New(t, storage.Store) 120 test = test.ClusterScope() 121 122 test.TestCreate(validBundle, invalidBundle) 123 } 124 125 func TestUpdate(t *testing.T) { 126 storage, server := newStorage(t) 127 defer server.Terminate(t) 128 defer storage.Store.DestroyFunc() 129 130 test := genericregistrytest.New(t, storage.Store) 131 test = test.ClusterScope() 132 133 test.TestUpdate( 134 &certificates.ClusterTrustBundle{ 135 ObjectMeta: metav1.ObjectMeta{ 136 Name: "ctb1", 137 }, 138 Spec: certificates.ClusterTrustBundleSpec{ 139 TrustBundle: validCert1, 140 }, 141 }, 142 // Valid update 143 func(object runtime.Object) runtime.Object { 144 bundle := object.(*certificates.ClusterTrustBundle) 145 bundle.Spec.TrustBundle = strings.Join([]string{validCert1, validCert2}, "\n") 146 return bundle 147 }, 148 // Invalid update 149 func(object runtime.Object) runtime.Object { 150 bundle := object.(*certificates.ClusterTrustBundle) 151 bundle.Spec.TrustBundle = "" 152 return bundle 153 }, 154 ) 155 } 156 157 func TestDelete(t *testing.T) { 158 storage, server := newStorage(t) 159 defer server.Terminate(t) 160 defer storage.Store.DestroyFunc() 161 162 test := genericregistrytest.New(t, storage.Store) 163 test = test.ClusterScope() 164 165 test.TestDelete( 166 &certificates.ClusterTrustBundle{ 167 ObjectMeta: metav1.ObjectMeta{ 168 Name: "ctb1", 169 }, 170 Spec: certificates.ClusterTrustBundleSpec{ 171 TrustBundle: validCert1, 172 }, 173 }, 174 ) 175 } 176 177 func TestGet(t *testing.T) { 178 storage, server := newStorage(t) 179 defer server.Terminate(t) 180 defer storage.Store.DestroyFunc() 181 182 test := genericregistrytest.New(t, storage.Store) 183 test = test.ClusterScope() 184 185 test.TestGet( 186 &certificates.ClusterTrustBundle{ 187 ObjectMeta: metav1.ObjectMeta{ 188 Name: "ctb1", 189 }, 190 Spec: certificates.ClusterTrustBundleSpec{ 191 TrustBundle: validCert1, 192 }, 193 }, 194 ) 195 } 196 197 func TestList(t *testing.T) { 198 storage, server := newStorage(t) 199 defer server.Terminate(t) 200 defer storage.Store.DestroyFunc() 201 202 test := genericregistrytest.New(t, storage.Store) 203 test = test.ClusterScope() 204 205 test.TestList( 206 &certificates.ClusterTrustBundle{ 207 ObjectMeta: metav1.ObjectMeta{ 208 Name: "ctb1", 209 }, 210 Spec: certificates.ClusterTrustBundleSpec{ 211 TrustBundle: validCert1, 212 }, 213 }, 214 ) 215 } 216 217 func TestWatch(t *testing.T) { 218 storage, server := newStorage(t) 219 defer server.Terminate(t) 220 defer storage.Store.DestroyFunc() 221 222 test := genericregistrytest.New(t, storage.Store) 223 test = test.ClusterScope() 224 225 test.TestWatch( 226 &certificates.ClusterTrustBundle{ 227 ObjectMeta: metav1.ObjectMeta{ 228 Name: "ctb1", 229 }, 230 Spec: certificates.ClusterTrustBundleSpec{ 231 SignerName: "k8s.io/foo", 232 TrustBundle: validCert1, 233 }, 234 }, 235 // matching labels 236 []labels.Set{}, 237 // not matching labels 238 []labels.Set{ 239 {"foo": "bar"}, 240 }, 241 // matching fields 242 []fields.Set{ 243 {"metadata.name": "ctb1"}, 244 }, 245 // not matching fields 246 []fields.Set{ 247 {"metadata.name": "bar"}, 248 }, 249 ) 250 }