mirror of https://github.com/k3s-io/k3s
Update tests
Also add an ordinal to subtests so its easier to figure out which one is failing Signed-off-by: Brad Davidson <brad.davidson@rancher.com>master
Brad Davidson
Brad Davidson
parent
29a5739b7e
commit
976b23d432
|
|
@ -46,12 +46,12 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
|
||||
genericFailures := []sub{
|
||||
{
|
||||
name: "anonymous",
|
||||
name: "000 anonymous",
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusForbidden)
|
||||
},
|
||||
}, {
|
||||
name: "bad basic",
|
||||
name: "001 bad basic",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("server", control.AgentToken)
|
||||
},
|
||||
|
|
@ -59,7 +59,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
return HaveHTTPStatus(http.StatusUnauthorized)
|
||||
},
|
||||
}, {
|
||||
name: "valid cert but untrusted CA",
|
||||
name: "002 valid cert but untrusted CA",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withNewClientCert(req, control.Runtime.ServerCA, control.Runtime.ServerCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
|
||||
CommonName: "system:node:" + control.ServerNodeName,
|
||||
|
|
@ -71,7 +71,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
return HaveHTTPStatus(http.StatusUnauthorized)
|
||||
},
|
||||
}, {
|
||||
name: "valid cert but no RBAC",
|
||||
name: "003 valid cert but no RBAC",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
|
||||
CommonName: "system:monitoring",
|
||||
|
|
@ -107,7 +107,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/serving-kubelet.crt",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic but missing headers",
|
||||
name: "100 valid basic but missing headers",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
|
|
@ -116,7 +116,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert but missing headers",
|
||||
name: "101 valid cert but missing headers",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
|
||||
CommonName: "system:node:" + control.ServerNodeName,
|
||||
|
|
@ -129,7 +129,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert but wrong node name",
|
||||
name: "102 valid cert but wrong node name",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -144,7 +144,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert but nonexistent node",
|
||||
name: "103 valid cert but nonexistent node",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", "nonexistent")
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -159,18 +159,21 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic legacy key",
|
||||
name: "104 valid basic legacy key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return And(
|
||||
HaveHTTPStatus(http.StatusOK),
|
||||
HaveHTTPBody(ContainSubstring("PRIVATE KEY")),
|
||||
)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert legacy key",
|
||||
name: "105 valid cert legacy key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -181,11 +184,14 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
})
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return And(
|
||||
HaveHTTPStatus(http.StatusOK),
|
||||
HaveHTTPBody(ContainSubstring("PRIVATE KEY")),
|
||||
)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic legacy key deferred local password",
|
||||
name: "106 valid basic legacy key deferred local password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -200,7 +206,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert legacy key deferred local password",
|
||||
name: "107 valid cert legacy key deferred local password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -219,7 +225,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic different node",
|
||||
name: "108 valid basic different node",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", "k3s-agent-1")
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -230,7 +236,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic bad node password",
|
||||
name: "109 valid basic bad node password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", "k3s-agent-1")
|
||||
req.Header.Add("k3s-Node-Password", "invalid-password")
|
||||
|
|
@ -246,7 +252,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/serving-kubelet.crt",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic client key but bad password",
|
||||
name: "200 valid basic client key but bad password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -254,11 +260,14 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return And(
|
||||
HaveHTTPStatus(http.StatusOK),
|
||||
HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))),
|
||||
)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert client key",
|
||||
name: "201 valid cert client key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -270,11 +279,14 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
})
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return And(
|
||||
HaveHTTPStatus(http.StatusOK),
|
||||
HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))),
|
||||
)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic client key but bad password",
|
||||
name: "203 valid basic client key but bad password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "invalid-password")
|
||||
|
|
@ -282,11 +294,11 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return HaveHTTPStatus(http.StatusForbidden)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert client key but bad password",
|
||||
name: "204 valid cert client key but bad password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "invalid-password")
|
||||
|
|
@ -298,11 +310,11 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
})
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return HaveHTTPStatus(http.StatusForbidden)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic client key but bad deferred local password",
|
||||
name: "205 valid basic client key but bad deferred local password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "invalid-password")
|
||||
|
|
@ -315,7 +327,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert client key but bad deferred local password",
|
||||
name: "206 valid cert client key but bad deferred local password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "invalid-password")
|
||||
|
|
@ -350,7 +362,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/serving-kubelet.crt",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic but missing headers",
|
||||
name: "300 valid basic but missing headers",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
|
|
@ -359,7 +371,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert but missing headers",
|
||||
name: "301 valid cert but missing headers",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
|
||||
CommonName: "system:node:" + control.ServerNodeName,
|
||||
|
|
@ -372,7 +384,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert but wrong node name",
|
||||
name: "302 valid cert but wrong node name",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -387,7 +399,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert but nonexistent node",
|
||||
name: "303 valid cert but nonexistent node",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", "nonexistent")
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -402,18 +414,21 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic legacy key",
|
||||
name: "304 valid basic legacy key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return And(
|
||||
HaveHTTPStatus(http.StatusOK),
|
||||
HaveHTTPBody(ContainSubstring("PRIVATE KEY")),
|
||||
)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert legacy key",
|
||||
name: "305 valid cert legacy key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -424,11 +439,14 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
})
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return And(
|
||||
HaveHTTPStatus(http.StatusOK),
|
||||
HaveHTTPBody(ContainSubstring("PRIVATE KEY")),
|
||||
)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic legacy key deferred local password",
|
||||
name: "306 valid basic legacy key deferred local password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -443,7 +461,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert legacy key deferred local password",
|
||||
name: "307 valid cert legacy key deferred local password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -462,7 +480,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic different node",
|
||||
name: "308 valid basic different node",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", "k3s-agent-1")
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -473,7 +491,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic bad node password",
|
||||
name: "309 valid basic bad node password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", "k3s-agent-1")
|
||||
req.Header.Add("k3s-Node-Password", "invalid-password")
|
||||
|
|
@ -489,7 +507,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/serving-kubelet.crt",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic client key but bad password",
|
||||
name: "400 valid basic client key but bad password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -497,11 +515,14 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return And(
|
||||
HaveHTTPStatus(http.StatusOK),
|
||||
HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))),
|
||||
)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert client key",
|
||||
name: "401 valid cert client key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -513,11 +534,14 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
})
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return And(
|
||||
HaveHTTPStatus(http.StatusOK),
|
||||
HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))),
|
||||
)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic client key but bad password",
|
||||
name: "402 valid basic client key but bad password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "invalid-password")
|
||||
|
|
@ -525,11 +549,11 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return HaveHTTPStatus(http.StatusForbidden)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert client key but bad password",
|
||||
name: "403 valid cert client key but bad password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "invalid-password")
|
||||
|
|
@ -541,11 +565,11 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
})
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return HaveHTTPStatus(http.StatusForbidden)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic client key but bad deferred local password",
|
||||
name: "404 valid basic client key but bad deferred local password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "invalid-password")
|
||||
|
|
@ -558,7 +582,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert client key but bad deferred local password",
|
||||
name: "405 valid cert client key but bad deferred local password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "invalid-password")
|
||||
|
|
@ -589,7 +613,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/serving-kubelet.crt",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic but missing headers",
|
||||
name: "500 valid basic but missing headers",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
|
|
@ -598,7 +622,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert but missing headers",
|
||||
name: "501 valid cert but missing headers",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
|
||||
CommonName: "system:node:" + control.ServerNodeName,
|
||||
|
|
@ -611,7 +635,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert but wrong node name",
|
||||
name: "502 valid cert but wrong node name",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -626,7 +650,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert but nonexistent node",
|
||||
name: "503 valid cert but nonexistent node",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", "nonexistent")
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -641,18 +665,21 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic legacy key",
|
||||
name: "504 valid basic legacy key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return And(
|
||||
HaveHTTPStatus(http.StatusOK),
|
||||
HaveHTTPBody(ContainSubstring("PRIVATE KEY")),
|
||||
)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert legacy key",
|
||||
name: "505 valid cert legacy key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -663,11 +690,14 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
})
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return And(
|
||||
HaveHTTPStatus(http.StatusOK),
|
||||
HaveHTTPBody(ContainSubstring("PRIVATE KEY")),
|
||||
)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic legacy key deferred local password",
|
||||
name: "506 valid basic legacy key deferred local password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -682,7 +712,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert legacy key deferred local password",
|
||||
name: "507 valid cert legacy key deferred local password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -701,7 +731,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic different node",
|
||||
name: "508 valid basic different node",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", "k3s-agent-1")
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -712,7 +742,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic bad node password",
|
||||
name: "509 valid basic bad node password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", "k3s-agent-1")
|
||||
req.Header.Add("k3s-Node-Password", "invalid-password")
|
||||
|
|
@ -728,7 +758,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/serving-kubelet.crt",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic client key but bad password",
|
||||
name: "600 valid basic client key but bad password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -736,11 +766,14 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return And(
|
||||
HaveHTTPStatus(http.StatusOK),
|
||||
HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))),
|
||||
)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert client key",
|
||||
name: "601 valid cert client key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -752,11 +785,14 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
})
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return And(
|
||||
HaveHTTPStatus(http.StatusOK),
|
||||
HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))),
|
||||
)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic client key but bad password",
|
||||
name: "602 valid basic client key but bad password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "invalid-password")
|
||||
|
|
@ -764,11 +800,14 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return And(
|
||||
HaveHTTPStatus(http.StatusOK),
|
||||
HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))),
|
||||
)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert client key but bad password",
|
||||
name: "603 valid cert client key but bad password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "invalid-password")
|
||||
|
|
@ -780,11 +819,14 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
})
|
||||
},
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return HaveHTTPStatus(http.StatusServiceUnavailable)
|
||||
return And(
|
||||
HaveHTTPStatus(http.StatusOK),
|
||||
HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))),
|
||||
)
|
||||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic client key but bad deferred local password",
|
||||
name: "604 valid basic client key but bad deferred local password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "invalid-password")
|
||||
|
|
@ -800,7 +842,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert client key but bad deferred local password",
|
||||
name: "605 valid cert client key but bad deferred local password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "invalid-password")
|
||||
|
|
@ -834,7 +876,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/serving-kubelet.crt",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic but missing headers",
|
||||
name: "700 valid basic but missing headers",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
|
|
@ -843,7 +885,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert but missing headers",
|
||||
name: "701 valid cert but missing headers",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
|
||||
CommonName: "system:node:" + control.ServerNodeName,
|
||||
|
|
@ -856,7 +898,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert but wrong node name",
|
||||
name: "702 valid cert but wrong node name",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -871,7 +913,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert but nonexistent node",
|
||||
name: "703 valid cert but nonexistent node",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", "nonexistent")
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -886,7 +928,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic legacy key",
|
||||
name: "704 valid basic legacy key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -900,7 +942,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert legacy key",
|
||||
name: "705 valid cert legacy key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -918,7 +960,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic different node",
|
||||
name: "706 valid basic different node",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", "k3s-agent-1")
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -932,7 +974,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic bad node password",
|
||||
name: "707 valid basic bad node password",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", "k3s-agent-1")
|
||||
req.Header.Add("k3s-Node-Password", "invalid-password")
|
||||
|
|
@ -950,7 +992,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/serving-kubelet.crt",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic client key",
|
||||
name: "800 valid basic client key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -965,7 +1007,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert client key",
|
||||
name: "801 valid cert client key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -989,7 +1031,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/client-kubelet.crt",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic but missing headers",
|
||||
name: "900 valid basic but missing headers",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
|
|
@ -998,7 +1040,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert but missing headers",
|
||||
name: "901 valid cert but missing headers",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
|
||||
CommonName: "system:node:" + control.ServerNodeName,
|
||||
|
|
@ -1011,7 +1053,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid basic legacy key",
|
||||
name: "902 valid basic legacy key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -1025,7 +1067,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert legacy key",
|
||||
name: "903 valid cert legacy key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -1048,7 +1090,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/client-kubelet.crt",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic client key",
|
||||
name: "A00 valid basic client key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -1063,7 +1105,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert client key",
|
||||
name: "A01 valid cert client key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.Header.Add("k3s-Node-Name", control.ServerNodeName)
|
||||
req.Header.Add("k3s-Node-Password", "password")
|
||||
|
|
@ -1089,7 +1131,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/client-kube-proxy.crt",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic legacy key",
|
||||
name: "B00 valid basic legacy key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
|
|
@ -1101,7 +1143,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert legacy key",
|
||||
name: "B01 valid cert legacy key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
|
||||
CommonName: "system:node:" + control.ServerNodeName,
|
||||
|
|
@ -1122,7 +1164,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/client-kube-proxy.crt",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic client key",
|
||||
name: "C00 valid basic client key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withCertificateRequest(req)
|
||||
req.SetBasicAuth("node", control.AgentToken)
|
||||
|
|
@ -1135,7 +1177,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert client key",
|
||||
name: "C01 valid cert client key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withCertificateRequest(req)
|
||||
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
|
||||
|
|
@ -1157,7 +1199,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/client-k3s-controller.crt",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic legacy key",
|
||||
name: "D00 valid basic legacy key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
|
|
@ -1169,7 +1211,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert legacy key",
|
||||
name: "D01 valid cert legacy key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
|
||||
CommonName: "system:node:" + control.ServerNodeName,
|
||||
|
|
@ -1190,7 +1232,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/client-k3s-controller.crt",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic client key",
|
||||
name: "E00 valid basic client key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withCertificateRequest(req)
|
||||
req.SetBasicAuth("node", control.AgentToken)
|
||||
|
|
@ -1203,7 +1245,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert client key",
|
||||
name: "E01 valid cert client key",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withCertificateRequest(req)
|
||||
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
|
||||
|
|
@ -1225,7 +1267,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/client-ca.crt",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic",
|
||||
name: "F00 valid basic",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
|
|
@ -1238,7 +1280,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert",
|
||||
name: "F01 valid cert",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
|
||||
CommonName: "system:node:" + control.ServerNodeName,
|
||||
|
|
@ -1260,7 +1302,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/server-ca.crt",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic",
|
||||
name: "G00 valid basic",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
|
|
@ -1273,7 +1315,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert",
|
||||
name: "G01 valid cert",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
|
||||
CommonName: "system:node:" + control.ServerNodeName,
|
||||
|
|
@ -1295,7 +1337,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/apiservers",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic",
|
||||
name: "G00 valid basic",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
|
|
@ -1307,7 +1349,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert",
|
||||
name: "G01 valid cert",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
|
||||
CommonName: "system:node:" + control.ServerNodeName,
|
||||
|
|
@ -1328,7 +1370,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/config",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic",
|
||||
name: "H00 valid basic",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
|
|
@ -1340,7 +1382,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert",
|
||||
name: "H01 valid cert",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
|
||||
CommonName: "system:node:" + control.ServerNodeName,
|
||||
|
|
@ -1361,7 +1403,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/readyz",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic",
|
||||
name: "I00 valid basic",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("node", control.AgentToken)
|
||||
},
|
||||
|
|
@ -1373,7 +1415,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
},
|
||||
},
|
||||
sub{
|
||||
name: "valid cert",
|
||||
name: "I01 valid cert",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
|
||||
CommonName: "system:node:" + control.ServerNodeName,
|
||||
|
|
@ -1396,7 +1438,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/connect",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid cert",
|
||||
name: "J00 valid cert",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
|
||||
CommonName: "system:node:" + control.ServerNodeName,
|
||||
|
|
@ -1416,7 +1458,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/encrypt/status",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic",
|
||||
name: "K00 valid basic",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("server", control.Token)
|
||||
},
|
||||
|
|
@ -1430,7 +1472,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/encrypt/config",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic",
|
||||
name: "L00 valid basic",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("server", control.Token)
|
||||
},
|
||||
|
|
@ -1444,7 +1486,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/cert/cacerts",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic",
|
||||
name: "M00 valid basic",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("server", control.Token)
|
||||
},
|
||||
|
|
@ -1458,7 +1500,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/server-bootstrap",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic",
|
||||
name: "N00 valid basic",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("server", control.Token)
|
||||
},
|
||||
|
|
@ -1475,7 +1517,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/v1-k3s/token",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid basic",
|
||||
name: "O00 valid basic",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
req.SetBasicAuth("server", control.Token)
|
||||
},
|
||||
|
|
@ -1491,7 +1533,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/",
|
||||
subs: append(genericFailures,
|
||||
sub{
|
||||
name: "valid cert",
|
||||
name: "P00 valid cert",
|
||||
prepare: func(control *config.Control, req *http.Request) {
|
||||
withClientCert(req, control.Runtime.ClientKubeAPICert)
|
||||
},
|
||||
|
|
@ -1507,7 +1549,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/ping",
|
||||
subs: []sub{
|
||||
{
|
||||
name: "anonymous",
|
||||
name: "Q00 anonymous",
|
||||
match: func(_ *config.Control) types.GomegaMatcher {
|
||||
return And(
|
||||
HaveHTTPStatus(http.StatusOK),
|
||||
|
|
@ -1521,7 +1563,7 @@ func Test_UnitHandlers(t *testing.T) {
|
|||
path: "/cacerts",
|
||||
subs: []sub{
|
||||
{
|
||||
name: "anonymous",
|
||||
name: "R00 anonymous",
|
||||
match: func(control *config.Control) types.GomegaMatcher {
|
||||
certs, _ := os.ReadFile(control.Runtime.ServerCA)
|
||||
return And(
|
||||
|
|
|
|||
Loading…
Reference in New Issue