k8s.io/kubernetes@v1.29.3/test/e2e_kubeadm/kubeadm_config_test.go (about) 1 /* 2 Copyright 2019 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package kubeadm 18 19 import ( 20 "context" 21 22 "gopkg.in/yaml.v2" 23 authv1 "k8s.io/api/authorization/v1" 24 rbacv1 "k8s.io/api/rbac/v1" 25 clientset "k8s.io/client-go/kubernetes" 26 "k8s.io/kubernetes/test/e2e/framework" 27 admissionapi "k8s.io/pod-security-admission/api" 28 29 "github.com/onsi/ginkgo/v2" 30 "github.com/onsi/gomega" 31 ) 32 33 const ( 34 kubeadmConfigName = "kubeadm-config" 35 kubeadmConfigRoleName = "kubeadm:nodes-kubeadm-config" 36 kubeadmConfigRoleBindingName = kubeadmConfigRoleName 37 kubeadmConfigClusterConfigurationConfigMapKey = "ClusterConfiguration" 38 ) 39 40 var ( 41 kubeadmConfigConfigMapResource = &authv1.ResourceAttributes{ 42 Namespace: kubeSystemNamespace, 43 Name: kubeadmConfigName, 44 Resource: "configmaps", 45 Verb: "get", 46 } 47 ) 48 49 // Define container for all the test specification aimed at verifying 50 // that kubeadm creates the cluster-info ConfigMap, that it is properly configured 51 // and that all the related RBAC rules are in place 52 var _ = Describe("kubeadm-config ConfigMap", func() { 53 54 // Get an instance of the k8s test framework 55 f := framework.NewDefaultFramework("kubeadm-config") 56 f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged 57 58 // Tests in this container are not expected to create new objects in the cluster 59 // so we are disabling the creation of a namespace in order to get a faster execution 60 f.SkipNamespaceCreation = true 61 62 ginkgo.It("should exist and be properly configured", func(ctx context.Context) { 63 cm := GetConfigMap(f.ClientSet, kubeSystemNamespace, kubeadmConfigName) 64 65 gomega.Expect(cm.Data).To(gomega.HaveKey(kubeadmConfigClusterConfigurationConfigMapKey)) 66 }) 67 68 ginkgo.It("should have related Role and RoleBinding", func(ctx context.Context) { 69 ExpectRole(f.ClientSet, kubeSystemNamespace, kubeadmConfigRoleName) 70 ExpectRoleBinding(f.ClientSet, kubeSystemNamespace, kubeadmConfigRoleBindingName) 71 }) 72 73 ginkgo.It("should be accessible for bootstrap tokens", func(ctx context.Context) { 74 ExpectSubjectHasAccessToResource(f.ClientSet, 75 rbacv1.GroupKind, bootstrapTokensGroup, 76 kubeadmConfigConfigMapResource, 77 ) 78 }) 79 80 ginkgo.It("should be accessible for nodes", func(ctx context.Context) { 81 ExpectSubjectHasAccessToResource(f.ClientSet, 82 rbacv1.GroupKind, nodesGroup, 83 kubeadmConfigConfigMapResource, 84 ) 85 }) 86 }) 87 88 func getClusterConfiguration(c clientset.Interface) map[interface{}]interface{} { 89 cm := GetConfigMap(c, kubeSystemNamespace, kubeadmConfigName) 90 91 gomega.Expect(cm.Data).To(gomega.HaveKey(kubeadmConfigClusterConfigurationConfigMapKey)) 92 93 return unmarshalYaml(cm.Data[kubeadmConfigClusterConfigurationConfigMapKey]) 94 } 95 96 func unmarshalYaml(data string) map[interface{}]interface{} { 97 m := make(map[interface{}]interface{}) 98 err := yaml.Unmarshal([]byte(data), &m) 99 if err != nil { 100 framework.Failf("error parsing %s ConfigMap: %v", kubeadmConfigName, err) 101 } 102 return m 103 }