k3s/tests/integration/cacertrotation/cacertrotation_int_test.go

109 lines
3.5 KiB
Go
Raw Normal View History

package ca_cert_rotation_test
import (
"fmt"
"strings"
"testing"
testutil "github.com/k3s-io/k3s/tests/integration"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
)
const tmpdDataDir = "/tmp/cacertrotationtest"
var server, server2 *testutil.K3sServer
var serverArgs = []string{"--cluster-init", "-t", "test", "-d", tmpdDataDir}
var certHash, caCertHash string
var testLock int
var _ = BeforeSuite(func() {
if !testutil.IsExistingServer() {
var err error
testLock, err = testutil.K3sTestLock()
Expect(err).ToNot(HaveOccurred())
server, err = testutil.K3sStartServer(serverArgs...)
Expect(err).ToNot(HaveOccurred())
}
})
var _ = Describe("ca certificate rotation", Ordered, func() {
BeforeEach(func() {
if testutil.IsExistingServer() && !testutil.ServerArgsPresent(serverArgs) {
Skip("Test needs k3s server with: " + strings.Join(serverArgs, " "))
}
})
When("a new server is created", func() {
It("starts up with no problems", func() {
Eventually(func() error {
return testutil.K3sDefaultDeployments()
}, "180s", "5s").Should(Succeed())
})
It("get certificate hash", func() {
// get md5sum of the CA certs
var err error
caCertHash, err = testutil.RunCommand("md5sum " + tmpdDataDir + "/server/tls/client-ca.crt | cut -f 1 -d' '")
Expect(err).ToNot(HaveOccurred())
certHash, err = testutil.RunCommand("md5sum " + tmpdDataDir + "/server/tls/serving-kube-apiserver.crt | cut -f 1 -d' '")
Expect(err).ToNot(HaveOccurred())
})
It("generates updated ca-certificates", func() {
cmd := fmt.Sprintf("DATA_DIR=%s ../../../contrib/util/rotate-default-ca-certs.sh", tmpdDataDir)
By("running command: " + cmd)
res, err := testutil.RunCommand(cmd)
By("checking command results: " + res)
Expect(err).ToNot(HaveOccurred())
})
It("certificate rotate-ca", func() {
res, err := testutil.K3sCmd("certificate", "rotate-ca", "-d", tmpdDataDir, "--path", tmpdDataDir+"/server/rotate-ca")
By("checking command results: " + res)
Expect(err).ToNot(HaveOccurred())
})
It("stop k3s", func() {
Expect(testutil.K3sKillServer(server)).To(Succeed())
})
It("start k3s server", func() {
var err error
server2, err = testutil.K3sStartServer(serverArgs...)
Expect(err).ToNot(HaveOccurred())
})
It("starts up with no problems", func() {
Eventually(func() error {
return testutil.K3sDefaultDeployments()
}, "360s", "5s").Should(Succeed())
})
It("get certificate hash", func() {
// get md5sum of the CA certs
var err error
caCertHashAfter, err := testutil.RunCommand("md5sum " + tmpdDataDir + "/server/tls/client-ca.crt | cut -f 1 -d' '")
Expect(err).ToNot(HaveOccurred())
certHashAfter, err := testutil.RunCommand("md5sum " + tmpdDataDir + "/server/tls/serving-kube-apiserver.crt | cut -f 1 -d' '")
Expect(err).ToNot(HaveOccurred())
Expect(certHash).To(Not(Equal(certHashAfter)))
Expect(caCertHash).To(Not(Equal(caCertHashAfter)))
})
})
})
var failed bool
var _ = AfterEach(func() {
failed = failed || CurrentSpecReport().Failed()
})
var _ = AfterSuite(func() {
if !testutil.IsExistingServer() {
if failed {
testutil.K3sSaveLog(server, false)
}
Expect(testutil.K3sKillServer(server)).To(Succeed())
Expect(testutil.K3sCleanup(-1, "")).To(Succeed())
Expect(testutil.K3sKillServer(server2)).To(Succeed())
Expect(testutil.K3sCleanup(testLock, tmpdDataDir)).To(Succeed())
}
})
func Test_IntegrationCertRotation(t *testing.T) {
RegisterFailHandler(Fail)
RunSpecs(t, "CA Cert rotation Suite")
}