github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Move some test functions into test utils

pull/58/head
liz 2018-11-19 14:29:19 -05:00
parent 8848740f6d
commit 9e8228f14a
No known key found for this signature in database
GPG Key ID: F95E0D7E9E2AD497
2 changed files with 145 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

164
cmd/kubeadm/app/phases/certs/certs_test.go
View File

@ -37,27 +37,6 @@ import (
certstestutil "k8s.io/kubernetes/cmd/kubeadm/test/certs" certstestutil "k8s.io/kubernetes/cmd/kubeadm/test/certs"
) )
func createCACert(t *testing.T) (*x509.Certificate, *rsa.PrivateKey) {
certCfg := &certutil.Config{CommonName: "kubernetes"}
cert, key, err := NewCACertAndKey(certCfg)
if err != nil {
t.Fatalf("couldn't create CA: %v", err)
}
return cert, key
}
func createTestCert(t *testing.T, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey) {
cert, key, err := pkiutil.NewCertAndKey(caCert, caKey,
&certutil.Config{
CommonName: "testCert",
Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
})
if err != nil {
t.Fatalf("couldn't create test cert: %v", err)
}
return cert, key
}
func createTestCSR(t *testing.T) (*x509.CertificateRequest, *rsa.PrivateKey) { func createTestCSR(t *testing.T) (*x509.CertificateRequest, *rsa.PrivateKey) {
csr, key, err := pkiutil.NewCSRAndKey( csr, key, err := pkiutil.NewCSRAndKey(
&certutil.Config{ &certutil.Config{
@ -71,8 +50,8 @@ func createTestCSR(t *testing.T) (*x509.CertificateRequest, *rsa.PrivateKey) {
} }
func TestWriteCertificateAuthorithyFilesIfNotExist(t *testing.T) { func TestWriteCertificateAuthorithyFilesIfNotExist(t *testing.T) {
setupCert, setupKey := createCACert(t) setupCert, setupKey := certstestutil.CreateCACert(t)
caCert, caKey := createCACert(t) caCert, caKey := certstestutil.CreateCACert(t)
var tests = []struct { var tests = []struct {
setupFunc func(pkiDir string) error setupFunc func(pkiDir string) error
@ -97,7 +76,7 @@ func TestWriteCertificateAuthorithyFilesIfNotExist(t *testing.T) {
}, },
{ // cert exists, but it is not a ca > err { // cert exists, but it is not a ca > err
setupFunc: func(pkiDir string) error { setupFunc: func(pkiDir string) error {
cert, key := createTestCert(t, setupCert, setupKey) cert, key := certstestutil.CreateTestCert(t, setupCert, setupKey)
return writeCertificateFilesIfNotExist(pkiDir, "dummy", setupCert, cert, key) return writeCertificateFilesIfNotExist(pkiDir, "dummy", setupCert, cert, key)
}, },
expectedError: true, expectedError: true,
@ -147,9 +126,9 @@ func TestWriteCertificateAuthorithyFilesIfNotExist(t *testing.T) {
func TestWriteCertificateFilesIfNotExist(t *testing.T) { func TestWriteCertificateFilesIfNotExist(t *testing.T) {
caCert, caKey := createCACert(t) caCert, caKey := certstestutil.CreateCACert(t)
setupCert, setupKey := createTestCert(t, caCert, caKey) setupCert, setupKey := certstestutil.CreateTestCert(t, caCert, caKey)
cert, key := createTestCert(t, caCert, caKey) cert, key := certstestutil.CreateTestCert(t, caCert, caKey)
var tests = []struct { var tests = []struct {
setupFunc func(pkiDir string) error setupFunc func(pkiDir string) error
@ -174,8 +153,8 @@ func TestWriteCertificateFilesIfNotExist(t *testing.T) {
}, },
{ // cert exists, is signed by another ca > err { // cert exists, is signed by another ca > err
setupFunc: func(pkiDir string) error { setupFunc: func(pkiDir string) error {
anotherCaCert, anotherCaKey := createCACert(t) anotherCaCert, anotherCaKey := certstestutil.CreateCACert(t)
anotherCert, anotherKey := createTestCert(t, anotherCaCert, anotherCaKey) anotherCert, anotherKey := certstestutil.CreateTestCert(t, anotherCaCert, anotherCaKey)
return writeCertificateFilesIfNotExist(pkiDir, "dummy", anotherCaCert, anotherCert, anotherKey) return writeCertificateFilesIfNotExist(pkiDir, "dummy", anotherCaCert, anotherCert, anotherKey)
}, },
@ -375,18 +354,18 @@ func TestNewCACertAndKey(t *testing.T) {
} }
func TestSharedCertificateExists(t *testing.T) { func TestSharedCertificateExists(t *testing.T) {
caCert, caKey := createCACert(t) caCert, caKey := certstestutil.CreateCACert(t)
_, key := createTestCert(t, caCert, caKey) _, key := certstestutil.CreateTestCert(t, caCert, caKey)
publicKey := &key.PublicKey publicKey := &key.PublicKey
var tests = []struct { var tests = []struct {
name string name string
files pkiFiles files certstestutil.PKIFiles
expectedError bool expectedError bool
}{ }{
{ {
name: "success", name: "success",
files: pkiFiles{ files: certstestutil.PKIFiles{
"ca.crt": caCert, "ca.crt": caCert,
"ca.key": caKey, "ca.key": caKey,
"front-proxy-ca.crt": caCert, "front-proxy-ca.crt": caCert,
@ -399,7 +378,7 @@ func TestSharedCertificateExists(t *testing.T) {
}, },
{ {
name: "missing ca.crt", name: "missing ca.crt",
files: pkiFiles{ files: certstestutil.PKIFiles{
"ca.key": caKey, "ca.key": caKey,
"front-proxy-ca.crt": caCert, "front-proxy-ca.crt": caCert,
"front-proxy-ca.key": caKey, "front-proxy-ca.key": caKey,
@ -412,7 +391,7 @@ func TestSharedCertificateExists(t *testing.T) {
}, },
{ {
name: "missing sa.key", name: "missing sa.key",
files: pkiFiles{ files: certstestutil.PKIFiles{
"ca.crt": caCert, "ca.crt": caCert,
"ca.key": caKey, "ca.key": caKey,
"front-proxy-ca.crt": caCert, "front-proxy-ca.crt": caCert,
@ -425,7 +404,7 @@ func TestSharedCertificateExists(t *testing.T) {
}, },
{ {
name: "missing front-proxy.crt", name: "missing front-proxy.crt",
files: pkiFiles{ files: certstestutil.PKIFiles{
"ca.crt": caCert, "ca.crt": caCert,
"ca.key": caKey, "ca.key": caKey,
"front-proxy-ca.key": caKey, "front-proxy-ca.key": caKey,
@ -438,7 +417,7 @@ func TestSharedCertificateExists(t *testing.T) {
}, },
{ {
name: "missing etcd/ca.crt", name: "missing etcd/ca.crt",
files: pkiFiles{ files: certstestutil.PKIFiles{
"ca.crt": caCert, "ca.crt": caCert,
"ca.key": caKey, "ca.key": caKey,
"front-proxy-ca.key": caKey, "front-proxy-ca.key": caKey,
@ -464,7 +443,7 @@ func TestSharedCertificateExists(t *testing.T) {
} }
// created expected keys // created expected keys
writePKIFiles(t, tmpdir, test.files) certstestutil.WritePKIFiles(t, tmpdir, test.files)
// executes create func // executes create func
ret, err := SharedCertificateExists(cfg) ret, err := SharedCertificateExists(cfg)
@ -482,80 +461,24 @@ func TestSharedCertificateExists(t *testing.T) {
} }
func TestCreatePKIAssetsWithSparseCerts(t *testing.T) { func TestCreatePKIAssetsWithSparseCerts(t *testing.T) {
caCert, caKey := createCACert(t) for _, test := range certstestutil.GetSparseCertTestCases(t) {
fpCACert, fpCAKey := createCACert(t) t.Run(test.Name, func(t *testing.T) {
etcdCACert, etcdCAKey := createCACert(t)
fpCert, fpKey := createTestCert(t, fpCACert, fpCAKey)
tests := []struct {
name string
files pkiFiles
expectError bool
}{
{
name: "nothing present",
},
{
name: "CAs already exist",
files: pkiFiles{
"ca.crt": caCert,
"ca.key": caKey,
"front-proxy-ca.crt": fpCACert,
"front-proxy-ca.key": fpCAKey,
"etcd/ca.crt": etcdCACert,
"etcd/ca.key": etcdCAKey,
},
},
{
name: "CA certs only",
files: pkiFiles{
"ca.crt": caCert,
"front-proxy-ca.crt": fpCACert,
"etcd/ca.crt": etcdCACert,
},
expectError: true,
},
{
name: "FrontProxyCA with certs",
files: pkiFiles{
"ca.crt": caCert,
"ca.key": caKey,
"front-proxy-ca.crt": fpCACert,
"front-proxy-client.crt": fpCert,
"front-proxy-client.key": fpKey,
"etcd/ca.crt": etcdCACert,
"etcd/ca.key": etcdCAKey,
},
},
{
name: "FrontProxy certs missing CA",
files: pkiFiles{
"front-proxy-client.crt": fpCert,
"front-proxy-client.key": fpKey,
},
expectError: true,
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
tmpdir := testutil.SetupTempDir(t) tmpdir := testutil.SetupTempDir(t)
defer os.RemoveAll(tmpdir) defer os.RemoveAll(tmpdir)
cfg := testutil.GetDefaultInternalConfig(t) cfg := testutil.GetDefaultInternalConfig(t)
cfg.ClusterConfiguration.CertificatesDir = tmpdir cfg.ClusterConfiguration.CertificatesDir = tmpdir
writePKIFiles(t, tmpdir, test.files) certstestutil.WritePKIFiles(t, tmpdir, test.Files)
err := CreatePKIAssets(cfg) err := CreatePKIAssets(cfg)
if err != nil { if err != nil {
if test.expectError { if test.ExpectError {
return return
} }
t.Fatalf("Unexpected error: %v", err) t.Fatalf("Unexpected error: %v", err)
} }
if test.expectError { if test.ExpectError {
t.Fatal("Expected error from CreatePKIAssets, got none") t.Fatal("Expected error from CreatePKIAssets, got none")
} }
assertCertsExist(t, tmpdir) assertCertsExist(t, tmpdir)
@ -612,19 +535,19 @@ func TestUsingExternalCA(t *testing.T) {
func TestValidateMethods(t *testing.T) { func TestValidateMethods(t *testing.T) {
caCert, caKey := createCACert(t) caCert, caKey := certstestutil.CreateCACert(t)
cert, key := createTestCert(t, caCert, caKey) cert, key := certstestutil.CreateTestCert(t, caCert, caKey)
tests := []struct { tests := []struct {
name string name string
files pkiFiles files certstestutil.PKIFiles
validateFunc func(l certKeyLocation) error validateFunc func(l certKeyLocation) error
loc certKeyLocation loc certKeyLocation
expectedSuccess bool expectedSuccess bool
}{ }{
{ {
name: "validateCACert", name: "validateCACert",
files: pkiFiles{ files: certstestutil.PKIFiles{
"ca.crt": caCert, "ca.crt": caCert,
}, },
validateFunc: validateCACert, validateFunc: validateCACert,
@ -633,7 +556,7 @@ func TestValidateMethods(t *testing.T) {
}, },
{ {
name: "validateCACertAndKey (files present)", name: "validateCACertAndKey (files present)",
files: pkiFiles{ files: certstestutil.PKIFiles{
"ca.crt": caCert, "ca.crt": caCert,
"ca.key": caKey, "ca.key": caKey,
}, },
@ -642,7 +565,7 @@ func TestValidateMethods(t *testing.T) {
expectedSuccess: true, expectedSuccess: true,
}, },
{ {
files: pkiFiles{ files: certstestutil.PKIFiles{
"ca.crt": caCert, "ca.crt": caCert,
}, },
name: "validateCACertAndKey (key missing)", name: "validateCACertAndKey (key missing)",
@ -652,7 +575,7 @@ func TestValidateMethods(t *testing.T) {
}, },
{ {
name: "validateSignedCert", name: "validateSignedCert",
files: pkiFiles{ files: certstestutil.PKIFiles{
"ca.crt": caCert, "ca.crt": caCert,
"ca.key": caKey, "ca.key": caKey,
"apiserver.crt": cert, "apiserver.crt": cert,
@ -664,7 +587,7 @@ func TestValidateMethods(t *testing.T) {
}, },
{ {
name: "validatePrivatePublicKey", name: "validatePrivatePublicKey",
files: pkiFiles{ files: certstestutil.PKIFiles{
"sa.pub": &key.PublicKey, "sa.pub": &key.PublicKey,
"sa.key": key, "sa.key": key,
}, },
@ -679,7 +602,7 @@ func TestValidateMethods(t *testing.T) {
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
test.loc.pkiDir = dir test.loc.pkiDir = dir
writePKIFiles(t, dir, test.files) certstestutil.WritePKIFiles(t, dir, test.files)
err := test.validateFunc(test.loc) err := test.validateFunc(test.loc)
if test.expectedSuccess && err != nil { if test.expectedSuccess && err != nil {
@ -722,31 +645,6 @@ func TestNewCSR(t *testing.T) {
} }
} }
type pkiFiles map[string]interface{}
func writePKIFiles(t *testing.T, dir string, files pkiFiles) {
for filename, body := range files {
switch body := body.(type) {
case *x509.Certificate:
if err := certutil.WriteCert(path.Join(dir, filename), certutil.EncodeCertPEM(body)); err != nil {
t.Errorf("unable to write certificate to file %q: [%v]", dir, err)
}
case *rsa.PublicKey:
publicKeyBytes, err := certutil.EncodePublicKeyPEM(body)
if err != nil {
t.Errorf("unable to write public key to file %q: [%v]", filename, err)
}
if err := certutil.WriteKey(path.Join(dir, filename), publicKeyBytes); err != nil {
t.Errorf("unable to write public key to file %q: [%v]", filename, err)
}
case *rsa.PrivateKey:
if err := certutil.WriteKey(path.Join(dir, filename), certutil.EncodePrivateKeyPEM(body)); err != nil {
t.Errorf("unable to write private key to file %q: [%v]", filename, err)
}
}
}
}
func TestCreateCertificateFilesMethods(t *testing.T) { func TestCreateCertificateFilesMethods(t *testing.T) {
var tests = []struct { var tests = []struct {

114
cmd/kubeadm/test/certs/util.go
View File

@ -20,6 +20,7 @@ import (
"crypto/rsa" "crypto/rsa"
"crypto/x509" "crypto/x509"
"net" "net"
"path"
"testing" "testing"
certutil "k8s.io/client-go/util/cert" certutil "k8s.io/client-go/util/cert"
@ -133,3 +134,116 @@ func AssertCertificateHasIPAddresses(t *testing.T, cert *x509.Certificate, IPAdd
} }
} }
} }
// CreateCACert creates a generic CA cert.
func CreateCACert(t *testing.T) (*x509.Certificate, *rsa.PrivateKey) {
certCfg := &certutil.Config{CommonName: "kubernetes"}
cert, key, err := pkiutil.NewCertificateAuthority(certCfg)
if err != nil {
t.Fatalf("couldn't create CA: %v", err)
}
return cert, key
}
// CreateTestCert makes a generic certficate with the given CA.
func CreateTestCert(t *testing.T, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey) {
cert, key, err := pkiutil.NewCertAndKey(caCert, caKey,
&certutil.Config{
CommonName: "testCert",
Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
})
if err != nil {
t.Fatalf("couldn't create test cert: %v", err)
}
return cert, key
}
// CertTestCase is a configuration of certificates and whether it's expected to work.
type CertTestCase struct {
Name string
Files PKIFiles
ExpectError bool
}
// GetSparseCertTestCases produces a series of cert configurations and their intended outcomes.
func GetSparseCertTestCases(t *testing.T) []CertTestCase {
caCert, caKey := CreateCACert(t)
fpCACert, fpCAKey := CreateCACert(t)
etcdCACert, etcdCAKey := CreateCACert(t)
fpCert, fpKey := CreateTestCert(t, fpCACert, fpCAKey)
return []CertTestCase{
{
Name: "nothing present",
},
{
Name: "CAs already exist",
Files: PKIFiles{
"ca.crt": caCert,
"ca.key": caKey,
"front-proxy-ca.crt": fpCACert,
"front-proxy-ca.key": fpCAKey,
"etcd/ca.crt": etcdCACert,
"etcd/ca.key": etcdCAKey,
},
},
{
Name: "CA certs only",
Files: PKIFiles{
"ca.crt": caCert,
"front-proxy-ca.crt": fpCACert,
"etcd/ca.crt": etcdCACert,
},
ExpectError: true,
},
{
Name: "FrontProxyCA with certs",
Files: PKIFiles{
"ca.crt": caCert,
"ca.key": caKey,
"front-proxy-ca.crt": fpCACert,
"front-proxy-client.crt": fpCert,
"front-proxy-client.key": fpKey,
"etcd/ca.crt": etcdCACert,
"etcd/ca.key": etcdCAKey,
},
},
{
Name: "FrontProxy certs missing CA",
Files: PKIFiles{
"front-proxy-client.crt": fpCert,
"front-proxy-client.key": fpKey,
},
ExpectError: true,
},
}
}
// PKIFiles are a list of files that should be created for a test case
type PKIFiles map[string]interface{}
// WritePKIFiles writes the given files out to the given directory
func WritePKIFiles(t *testing.T, dir string, files PKIFiles) {
for filename, body := range files {
switch body := body.(type) {
case *x509.Certificate:
if err := certutil.WriteCert(path.Join(dir, filename), certutil.EncodeCertPEM(body)); err != nil {
t.Errorf("unable to write certificate to file %q: [%v]", dir, err)
}
case *rsa.PublicKey:
publicKeyBytes, err := certutil.EncodePublicKeyPEM(body)
if err != nil {
t.Errorf("unable to write public key to file %q: [%v]", filename, err)
}
if err := certutil.WriteKey(path.Join(dir, filename), publicKeyBytes); err != nil {
t.Errorf("unable to write public key to file %q: [%v]", filename, err)
}
case *rsa.PrivateKey:
if err := certutil.WriteKey(path.Join(dir, filename), certutil.EncodePrivateKeyPEM(body)); err != nil {
t.Errorf("unable to write private key to file %q: [%v]", filename, err)
}
}
}
}