mirror of https://github.com/portainer/portainer
151 lines
4.9 KiB
Go
151 lines
4.9 KiB
Go
package cli
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"testing"
|
|
|
|
portainer "github.com/portainer/portainer/api"
|
|
v1 "k8s.io/api/core/v1"
|
|
k8serrors "k8s.io/apimachinery/pkg/api/errors"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
kfake "k8s.io/client-go/kubernetes/fake"
|
|
)
|
|
|
|
func Test_GetKubeConfig(t *testing.T) {
|
|
|
|
t.Run("returns error if SA non-existent", func(t *testing.T) {
|
|
k := &KubeClient{
|
|
cli: kfake.NewSimpleClientset(),
|
|
instanceID: "test",
|
|
}
|
|
|
|
tokenData := &portainer.TokenData{
|
|
ID: 1,
|
|
Role: portainer.AdministratorRole,
|
|
Username: portainerClusterAdminServiceAccountName,
|
|
}
|
|
|
|
_, err := k.GetKubeConfig(context.Background(), "localhost", "abc", tokenData)
|
|
|
|
if err == nil {
|
|
t.Error("GetKubeConfig should fail as service account does not exist")
|
|
}
|
|
if k8sErr := errors.Unwrap(err); !k8serrors.IsNotFound(k8sErr) {
|
|
t.Error("GetKubeConfig should fail with service account not found k8s error")
|
|
}
|
|
})
|
|
|
|
t.Run("successfully obtains kubeconfig for cluster admin", func(t *testing.T) {
|
|
k := &KubeClient{
|
|
cli: kfake.NewSimpleClientset(),
|
|
instanceID: "test",
|
|
}
|
|
|
|
tokenData := &portainer.TokenData{
|
|
Role: portainer.AdministratorRole,
|
|
Username: portainerClusterAdminServiceAccountName,
|
|
}
|
|
serviceAccount := &v1.ServiceAccount{
|
|
ObjectMeta: metav1.ObjectMeta{Name: tokenData.Username},
|
|
}
|
|
|
|
k.cli.CoreV1().ServiceAccounts(portainerNamespace).Create(context.Background(), serviceAccount, metav1.CreateOptions{})
|
|
defer k.cli.CoreV1().ServiceAccounts(portainerNamespace).Delete(context.Background(), serviceAccount.Name, metav1.DeleteOptions{})
|
|
|
|
_, err := k.GetKubeConfig(context.Background(), "localhost", "abc", tokenData)
|
|
|
|
if err != nil {
|
|
t.Errorf("GetKubeConfig should succeed; err=%s", err)
|
|
}
|
|
})
|
|
|
|
t.Run("successfully obtains kubeconfig for standard user", func(t *testing.T) {
|
|
k := &KubeClient{
|
|
cli: kfake.NewSimpleClientset(),
|
|
instanceID: "test",
|
|
}
|
|
|
|
tokenData := &portainer.TokenData{
|
|
ID: 1,
|
|
Role: portainer.StandardUserRole,
|
|
}
|
|
nonAdminUserName := userServiceAccountName(int(tokenData.ID), k.instanceID)
|
|
serviceAccount := &v1.ServiceAccount{
|
|
ObjectMeta: metav1.ObjectMeta{Name: nonAdminUserName},
|
|
}
|
|
|
|
k.cli.CoreV1().ServiceAccounts(portainerNamespace).Create(context.Background(), serviceAccount, metav1.CreateOptions{})
|
|
defer k.cli.CoreV1().ServiceAccounts(portainerNamespace).Delete(context.Background(), serviceAccount.Name, metav1.DeleteOptions{})
|
|
|
|
_, err := k.GetKubeConfig(context.Background(), "localhost", "abc", tokenData)
|
|
|
|
if err != nil {
|
|
t.Errorf("GetKubeConfig should succeed; err=%s", err)
|
|
}
|
|
})
|
|
}
|
|
|
|
func Test_generateKubeconfig(t *testing.T) {
|
|
apiServerURL, bearerToken, serviceAccountName := "localhost", "test-token", "test-user"
|
|
|
|
t.Run("generates Config resource kind", func(t *testing.T) {
|
|
config := generateKubeconfig(apiServerURL, bearerToken, serviceAccountName)
|
|
want := "Config"
|
|
if config.Kind != want {
|
|
t.Errorf("generateKubeconfig resource kind should be %s", want)
|
|
}
|
|
})
|
|
|
|
t.Run("generates v1 version", func(t *testing.T) {
|
|
config := generateKubeconfig(apiServerURL, bearerToken, serviceAccountName)
|
|
want := "v1"
|
|
if config.APIVersion != want {
|
|
t.Errorf("generateKubeconfig api version should be %s", want)
|
|
}
|
|
})
|
|
|
|
t.Run("generates single entry context cluster and authinfo", func(t *testing.T) {
|
|
config := generateKubeconfig(apiServerURL, bearerToken, serviceAccountName)
|
|
if len(config.Contexts) != 1 {
|
|
t.Error("generateKubeconfig should generate single context configuration")
|
|
}
|
|
if len(config.Clusters) != 1 {
|
|
t.Error("generateKubeconfig should generate single cluster configuration")
|
|
}
|
|
if len(config.AuthInfos) != 1 {
|
|
t.Error("generateKubeconfig should generate single user configuration")
|
|
}
|
|
})
|
|
|
|
t.Run("sets default context appropriately", func(t *testing.T) {
|
|
config := generateKubeconfig(apiServerURL, bearerToken, serviceAccountName)
|
|
want := "portainer-ctx"
|
|
if config.CurrentContext != want {
|
|
t.Errorf("generateKubeconfig set cluster to be %s", want)
|
|
}
|
|
})
|
|
|
|
t.Run("generates cluster with InsecureSkipTLSVerify to be set to true", func(t *testing.T) {
|
|
config := generateKubeconfig(apiServerURL, bearerToken, serviceAccountName)
|
|
if config.Clusters[0].Cluster.InsecureSkipTLSVerify != true {
|
|
t.Error("generateKubeconfig default cluster InsecureSkipTLSVerify should be true")
|
|
}
|
|
})
|
|
|
|
t.Run("should contain passed in value", func(t *testing.T) {
|
|
config := generateKubeconfig(apiServerURL, bearerToken, serviceAccountName)
|
|
if config.Clusters[0].Cluster.Server != apiServerURL {
|
|
t.Errorf("generateKubeconfig default cluster server url should be %s", apiServerURL)
|
|
}
|
|
|
|
if config.AuthInfos[0].Name != serviceAccountName {
|
|
t.Errorf("generateKubeconfig default authinfo name should be %s", serviceAccountName)
|
|
}
|
|
|
|
if config.AuthInfos[0].AuthInfo.Token != bearerToken {
|
|
t.Errorf("generateKubeconfig default authinfo user token should be %s", bearerToken)
|
|
}
|
|
})
|
|
}
|