diff --git a/pkg/server/handlers/handlers_test.go b/pkg/server/handlers/handlers_test.go index 83c14bffdb..8eda088c33 100644 --- a/pkg/server/handlers/handlers_test.go +++ b/pkg/server/handlers/handlers_test.go @@ -46,12 +46,12 @@ func Test_UnitHandlers(t *testing.T) { genericFailures := []sub{ { - name: "anonymous", + name: "000 anonymous", match: func(_ *config.Control) types.GomegaMatcher { return HaveHTTPStatus(http.StatusForbidden) }, }, { - name: "bad basic", + name: "001 bad basic", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("server", control.AgentToken) }, @@ -59,7 +59,7 @@ func Test_UnitHandlers(t *testing.T) { return HaveHTTPStatus(http.StatusUnauthorized) }, }, { - name: "valid cert but untrusted CA", + name: "002 valid cert but untrusted CA", prepare: func(control *config.Control, req *http.Request) { withNewClientCert(req, control.Runtime.ServerCA, control.Runtime.ServerCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ CommonName: "system:node:" + control.ServerNodeName, @@ -71,7 +71,7 @@ func Test_UnitHandlers(t *testing.T) { return HaveHTTPStatus(http.StatusUnauthorized) }, }, { - name: "valid cert but no RBAC", + name: "003 valid cert but no RBAC", prepare: func(control *config.Control, req *http.Request) { withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ CommonName: "system:monitoring", @@ -107,7 +107,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/serving-kubelet.crt", subs: append(genericFailures, sub{ - name: "valid basic but missing headers", + name: "100 valid basic but missing headers", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("node", control.AgentToken) }, @@ -116,7 +116,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert but missing headers", + name: "101 valid cert but missing headers", prepare: func(control *config.Control, req *http.Request) { withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ CommonName: "system:node:" + control.ServerNodeName, @@ -129,7 +129,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert but wrong node name", + name: "102 valid cert but wrong node name", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -144,7 +144,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert but nonexistent node", + name: "103 valid cert but nonexistent node", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", "nonexistent") req.Header.Add("k3s-Node-Password", "password") @@ -159,18 +159,21 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid basic legacy key", + name: "104 valid basic legacy key", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") req.SetBasicAuth("node", control.AgentToken) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return And( + HaveHTTPStatus(http.StatusOK), + HaveHTTPBody(ContainSubstring("PRIVATE KEY")), + ) }, }, sub{ - name: "valid cert legacy key", + name: "105 valid cert legacy key", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -181,11 +184,14 @@ func Test_UnitHandlers(t *testing.T) { }) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return And( + HaveHTTPStatus(http.StatusOK), + HaveHTTPBody(ContainSubstring("PRIVATE KEY")), + ) }, }, sub{ - name: "valid basic legacy key deferred local password", + name: "106 valid basic legacy key deferred local password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -200,7 +206,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert legacy key deferred local password", + name: "107 valid cert legacy key deferred local password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -219,7 +225,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid basic different node", + name: "108 valid basic different node", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", "k3s-agent-1") req.Header.Add("k3s-Node-Password", "password") @@ -230,7 +236,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid basic bad node password", + name: "109 valid basic bad node password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", "k3s-agent-1") req.Header.Add("k3s-Node-Password", "invalid-password") @@ -246,7 +252,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/serving-kubelet.crt", subs: append(genericFailures, sub{ - name: "valid basic client key but bad password", + name: "200 valid basic client key but bad password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -254,11 +260,14 @@ func Test_UnitHandlers(t *testing.T) { req.SetBasicAuth("node", control.AgentToken) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return And( + HaveHTTPStatus(http.StatusOK), + HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))), + ) }, }, sub{ - name: "valid cert client key", + name: "201 valid cert client key", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -270,11 +279,14 @@ func Test_UnitHandlers(t *testing.T) { }) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return And( + HaveHTTPStatus(http.StatusOK), + HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))), + ) }, }, sub{ - name: "valid basic client key but bad password", + name: "203 valid basic client key but bad password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "invalid-password") @@ -282,11 +294,11 @@ func Test_UnitHandlers(t *testing.T) { req.SetBasicAuth("node", control.AgentToken) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return HaveHTTPStatus(http.StatusForbidden) }, }, sub{ - name: "valid cert client key but bad password", + name: "204 valid cert client key but bad password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "invalid-password") @@ -298,11 +310,11 @@ func Test_UnitHandlers(t *testing.T) { }) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return HaveHTTPStatus(http.StatusForbidden) }, }, sub{ - name: "valid basic client key but bad deferred local password", + name: "205 valid basic client key but bad deferred local password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "invalid-password") @@ -315,7 +327,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert client key but bad deferred local password", + name: "206 valid cert client key but bad deferred local password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "invalid-password") @@ -350,7 +362,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/serving-kubelet.crt", subs: append(genericFailures, sub{ - name: "valid basic but missing headers", + name: "300 valid basic but missing headers", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("node", control.AgentToken) }, @@ -359,7 +371,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert but missing headers", + name: "301 valid cert but missing headers", prepare: func(control *config.Control, req *http.Request) { withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ CommonName: "system:node:" + control.ServerNodeName, @@ -372,7 +384,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert but wrong node name", + name: "302 valid cert but wrong node name", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -387,7 +399,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert but nonexistent node", + name: "303 valid cert but nonexistent node", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", "nonexistent") req.Header.Add("k3s-Node-Password", "password") @@ -402,18 +414,21 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid basic legacy key", + name: "304 valid basic legacy key", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") req.SetBasicAuth("node", control.AgentToken) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return And( + HaveHTTPStatus(http.StatusOK), + HaveHTTPBody(ContainSubstring("PRIVATE KEY")), + ) }, }, sub{ - name: "valid cert legacy key", + name: "305 valid cert legacy key", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -424,11 +439,14 @@ func Test_UnitHandlers(t *testing.T) { }) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return And( + HaveHTTPStatus(http.StatusOK), + HaveHTTPBody(ContainSubstring("PRIVATE KEY")), + ) }, }, sub{ - name: "valid basic legacy key deferred local password", + name: "306 valid basic legacy key deferred local password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -443,7 +461,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert legacy key deferred local password", + name: "307 valid cert legacy key deferred local password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -462,7 +480,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid basic different node", + name: "308 valid basic different node", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", "k3s-agent-1") req.Header.Add("k3s-Node-Password", "password") @@ -473,7 +491,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid basic bad node password", + name: "309 valid basic bad node password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", "k3s-agent-1") req.Header.Add("k3s-Node-Password", "invalid-password") @@ -489,7 +507,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/serving-kubelet.crt", subs: append(genericFailures, sub{ - name: "valid basic client key but bad password", + name: "400 valid basic client key but bad password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -497,11 +515,14 @@ func Test_UnitHandlers(t *testing.T) { req.SetBasicAuth("node", control.AgentToken) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return And( + HaveHTTPStatus(http.StatusOK), + HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))), + ) }, }, sub{ - name: "valid cert client key", + name: "401 valid cert client key", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -513,11 +534,14 @@ func Test_UnitHandlers(t *testing.T) { }) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return And( + HaveHTTPStatus(http.StatusOK), + HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))), + ) }, }, sub{ - name: "valid basic client key but bad password", + name: "402 valid basic client key but bad password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "invalid-password") @@ -525,11 +549,11 @@ func Test_UnitHandlers(t *testing.T) { req.SetBasicAuth("node", control.AgentToken) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return HaveHTTPStatus(http.StatusForbidden) }, }, sub{ - name: "valid cert client key but bad password", + name: "403 valid cert client key but bad password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "invalid-password") @@ -541,11 +565,11 @@ func Test_UnitHandlers(t *testing.T) { }) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return HaveHTTPStatus(http.StatusForbidden) }, }, sub{ - name: "valid basic client key but bad deferred local password", + name: "404 valid basic client key but bad deferred local password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "invalid-password") @@ -558,7 +582,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert client key but bad deferred local password", + name: "405 valid cert client key but bad deferred local password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "invalid-password") @@ -589,7 +613,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/serving-kubelet.crt", subs: append(genericFailures, sub{ - name: "valid basic but missing headers", + name: "500 valid basic but missing headers", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("node", control.AgentToken) }, @@ -598,7 +622,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert but missing headers", + name: "501 valid cert but missing headers", prepare: func(control *config.Control, req *http.Request) { withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ CommonName: "system:node:" + control.ServerNodeName, @@ -611,7 +635,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert but wrong node name", + name: "502 valid cert but wrong node name", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -626,7 +650,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert but nonexistent node", + name: "503 valid cert but nonexistent node", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", "nonexistent") req.Header.Add("k3s-Node-Password", "password") @@ -641,18 +665,21 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid basic legacy key", + name: "504 valid basic legacy key", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") req.SetBasicAuth("node", control.AgentToken) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return And( + HaveHTTPStatus(http.StatusOK), + HaveHTTPBody(ContainSubstring("PRIVATE KEY")), + ) }, }, sub{ - name: "valid cert legacy key", + name: "505 valid cert legacy key", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -663,11 +690,14 @@ func Test_UnitHandlers(t *testing.T) { }) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return And( + HaveHTTPStatus(http.StatusOK), + HaveHTTPBody(ContainSubstring("PRIVATE KEY")), + ) }, }, sub{ - name: "valid basic legacy key deferred local password", + name: "506 valid basic legacy key deferred local password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -682,7 +712,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert legacy key deferred local password", + name: "507 valid cert legacy key deferred local password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -701,7 +731,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid basic different node", + name: "508 valid basic different node", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", "k3s-agent-1") req.Header.Add("k3s-Node-Password", "password") @@ -712,7 +742,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid basic bad node password", + name: "509 valid basic bad node password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", "k3s-agent-1") req.Header.Add("k3s-Node-Password", "invalid-password") @@ -728,7 +758,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/serving-kubelet.crt", subs: append(genericFailures, sub{ - name: "valid basic client key but bad password", + name: "600 valid basic client key but bad password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -736,11 +766,14 @@ func Test_UnitHandlers(t *testing.T) { req.SetBasicAuth("node", control.AgentToken) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return And( + HaveHTTPStatus(http.StatusOK), + HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))), + ) }, }, sub{ - name: "valid cert client key", + name: "601 valid cert client key", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -752,11 +785,14 @@ func Test_UnitHandlers(t *testing.T) { }) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return And( + HaveHTTPStatus(http.StatusOK), + HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))), + ) }, }, sub{ - name: "valid basic client key but bad password", + name: "602 valid basic client key but bad password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "invalid-password") @@ -764,11 +800,14 @@ func Test_UnitHandlers(t *testing.T) { req.SetBasicAuth("node", control.AgentToken) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return And( + HaveHTTPStatus(http.StatusOK), + HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))), + ) }, }, sub{ - name: "valid cert client key but bad password", + name: "603 valid cert client key but bad password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "invalid-password") @@ -780,11 +819,14 @@ func Test_UnitHandlers(t *testing.T) { }) }, match: func(_ *config.Control) types.GomegaMatcher { - return HaveHTTPStatus(http.StatusServiceUnavailable) + return And( + HaveHTTPStatus(http.StatusOK), + HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))), + ) }, }, sub{ - name: "valid basic client key but bad deferred local password", + name: "604 valid basic client key but bad deferred local password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "invalid-password") @@ -800,7 +842,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert client key but bad deferred local password", + name: "605 valid cert client key but bad deferred local password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "invalid-password") @@ -834,7 +876,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/serving-kubelet.crt", subs: append(genericFailures, sub{ - name: "valid basic but missing headers", + name: "700 valid basic but missing headers", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("node", control.AgentToken) }, @@ -843,7 +885,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert but missing headers", + name: "701 valid cert but missing headers", prepare: func(control *config.Control, req *http.Request) { withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ CommonName: "system:node:" + control.ServerNodeName, @@ -856,7 +898,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert but wrong node name", + name: "702 valid cert but wrong node name", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -871,7 +913,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert but nonexistent node", + name: "703 valid cert but nonexistent node", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", "nonexistent") req.Header.Add("k3s-Node-Password", "password") @@ -886,7 +928,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid basic legacy key", + name: "704 valid basic legacy key", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -900,7 +942,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert legacy key", + name: "705 valid cert legacy key", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -918,7 +960,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid basic different node", + name: "706 valid basic different node", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", "k3s-agent-1") req.Header.Add("k3s-Node-Password", "password") @@ -932,7 +974,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid basic bad node password", + name: "707 valid basic bad node password", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", "k3s-agent-1") req.Header.Add("k3s-Node-Password", "invalid-password") @@ -950,7 +992,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/serving-kubelet.crt", subs: append(genericFailures, sub{ - name: "valid basic client key", + name: "800 valid basic client key", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -965,7 +1007,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert client key", + name: "801 valid cert client key", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -989,7 +1031,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/client-kubelet.crt", subs: append(genericFailures, sub{ - name: "valid basic but missing headers", + name: "900 valid basic but missing headers", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("node", control.AgentToken) }, @@ -998,7 +1040,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert but missing headers", + name: "901 valid cert but missing headers", prepare: func(control *config.Control, req *http.Request) { withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ CommonName: "system:node:" + control.ServerNodeName, @@ -1011,7 +1053,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid basic legacy key", + name: "902 valid basic legacy key", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -1025,7 +1067,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert legacy key", + name: "903 valid cert legacy key", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -1048,7 +1090,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/client-kubelet.crt", subs: append(genericFailures, sub{ - name: "valid basic client key", + name: "A00 valid basic client key", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -1063,7 +1105,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert client key", + name: "A01 valid cert client key", prepare: func(control *config.Control, req *http.Request) { req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Password", "password") @@ -1089,7 +1131,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/client-kube-proxy.crt", subs: append(genericFailures, sub{ - name: "valid basic legacy key", + name: "B00 valid basic legacy key", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("node", control.AgentToken) }, @@ -1101,7 +1143,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert legacy key", + name: "B01 valid cert legacy key", prepare: func(control *config.Control, req *http.Request) { withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ CommonName: "system:node:" + control.ServerNodeName, @@ -1122,7 +1164,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/client-kube-proxy.crt", subs: append(genericFailures, sub{ - name: "valid basic client key", + name: "C00 valid basic client key", prepare: func(control *config.Control, req *http.Request) { withCertificateRequest(req) req.SetBasicAuth("node", control.AgentToken) @@ -1135,7 +1177,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert client key", + name: "C01 valid cert client key", prepare: func(control *config.Control, req *http.Request) { withCertificateRequest(req) withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ @@ -1157,7 +1199,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/client-k3s-controller.crt", subs: append(genericFailures, sub{ - name: "valid basic legacy key", + name: "D00 valid basic legacy key", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("node", control.AgentToken) }, @@ -1169,7 +1211,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert legacy key", + name: "D01 valid cert legacy key", prepare: func(control *config.Control, req *http.Request) { withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ CommonName: "system:node:" + control.ServerNodeName, @@ -1190,7 +1232,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/client-k3s-controller.crt", subs: append(genericFailures, sub{ - name: "valid basic client key", + name: "E00 valid basic client key", prepare: func(control *config.Control, req *http.Request) { withCertificateRequest(req) req.SetBasicAuth("node", control.AgentToken) @@ -1203,7 +1245,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert client key", + name: "E01 valid cert client key", prepare: func(control *config.Control, req *http.Request) { withCertificateRequest(req) withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ @@ -1225,7 +1267,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/client-ca.crt", subs: append(genericFailures, sub{ - name: "valid basic", + name: "F00 valid basic", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("node", control.AgentToken) }, @@ -1238,7 +1280,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert", + name: "F01 valid cert", prepare: func(control *config.Control, req *http.Request) { withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ CommonName: "system:node:" + control.ServerNodeName, @@ -1260,7 +1302,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/server-ca.crt", subs: append(genericFailures, sub{ - name: "valid basic", + name: "G00 valid basic", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("node", control.AgentToken) }, @@ -1273,7 +1315,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert", + name: "G01 valid cert", prepare: func(control *config.Control, req *http.Request) { withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ CommonName: "system:node:" + control.ServerNodeName, @@ -1295,7 +1337,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/apiservers", subs: append(genericFailures, sub{ - name: "valid basic", + name: "G00 valid basic", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("node", control.AgentToken) }, @@ -1307,7 +1349,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert", + name: "G01 valid cert", prepare: func(control *config.Control, req *http.Request) { withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ CommonName: "system:node:" + control.ServerNodeName, @@ -1328,7 +1370,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/config", subs: append(genericFailures, sub{ - name: "valid basic", + name: "H00 valid basic", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("node", control.AgentToken) }, @@ -1340,7 +1382,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert", + name: "H01 valid cert", prepare: func(control *config.Control, req *http.Request) { withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ CommonName: "system:node:" + control.ServerNodeName, @@ -1361,7 +1403,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/readyz", subs: append(genericFailures, sub{ - name: "valid basic", + name: "I00 valid basic", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("node", control.AgentToken) }, @@ -1373,7 +1415,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, sub{ - name: "valid cert", + name: "I01 valid cert", prepare: func(control *config.Control, req *http.Request) { withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ CommonName: "system:node:" + control.ServerNodeName, @@ -1396,7 +1438,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/connect", subs: append(genericFailures, sub{ - name: "valid cert", + name: "J00 valid cert", prepare: func(control *config.Control, req *http.Request) { withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ CommonName: "system:node:" + control.ServerNodeName, @@ -1416,7 +1458,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/encrypt/status", subs: append(genericFailures, sub{ - name: "valid basic", + name: "K00 valid basic", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("server", control.Token) }, @@ -1430,7 +1472,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/encrypt/config", subs: append(genericFailures, sub{ - name: "valid basic", + name: "L00 valid basic", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("server", control.Token) }, @@ -1444,7 +1486,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/cert/cacerts", subs: append(genericFailures, sub{ - name: "valid basic", + name: "M00 valid basic", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("server", control.Token) }, @@ -1458,7 +1500,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/server-bootstrap", subs: append(genericFailures, sub{ - name: "valid basic", + name: "N00 valid basic", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("server", control.Token) }, @@ -1475,7 +1517,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/v1-k3s/token", subs: append(genericFailures, sub{ - name: "valid basic", + name: "O00 valid basic", prepare: func(control *config.Control, req *http.Request) { req.SetBasicAuth("server", control.Token) }, @@ -1491,7 +1533,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/", subs: append(genericFailures, sub{ - name: "valid cert", + name: "P00 valid cert", prepare: func(control *config.Control, req *http.Request) { withClientCert(req, control.Runtime.ClientKubeAPICert) }, @@ -1507,7 +1549,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/ping", subs: []sub{ { - name: "anonymous", + name: "Q00 anonymous", match: func(_ *config.Control) types.GomegaMatcher { return And( HaveHTTPStatus(http.StatusOK), @@ -1521,7 +1563,7 @@ func Test_UnitHandlers(t *testing.T) { path: "/cacerts", subs: []sub{ { - name: "anonymous", + name: "R00 anonymous", match: func(control *config.Control) types.GomegaMatcher { certs, _ := os.ReadFile(control.Runtime.ServerCA) return And(