Home Explore Help
Sign In
tzeneto
/
custom-kube-scheduler
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 0c4ab5bd81
Branches Tags
custom-kube-...
/
kubernetes
/
pkg
/
master
/
controller
/
clusterauthenticationtrust
/
cluster_authentication_trust_controller_test.go

cluster_authentication_trust_controller_test.go 15 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387 
  1. /*
    2. 

  2. Copyright 2019 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package clusterauthenticationtrust
    18. 

  18. 

  19. import (
    20. 

  20. 	"reflect"
    21. 

  21. 	"testing"
    22. 

  22. 

  23. 	"github.com/davecgh/go-spew/spew"
    24. 

  24. 

  25. 	corev1 "k8s.io/api/core/v1"
    26. 

  26. 	apierrors "k8s.io/apimachinery/pkg/api/errors"
    27. 

  27. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    28. 

  28. 	"k8s.io/apimachinery/pkg/runtime"
    29. 

  29. 	"k8s.io/apimachinery/pkg/runtime/schema"
    30. 

  30. 	"k8s.io/apimachinery/pkg/util/diff"
    31. 

  31. 	"k8s.io/apimachinery/pkg/util/validation/field"
    32. 

  32. 	"k8s.io/apiserver/pkg/authentication/request/headerrequest"
    33. 

  33. 	"k8s.io/apiserver/pkg/server/dynamiccertificates"
    34. 

  34. 	"k8s.io/client-go/kubernetes/fake"
    35. 

  35. 	corev1listers "k8s.io/client-go/listers/core/v1"
    36. 

  36. 	clienttesting "k8s.io/client-go/testing"
    37. 

  37. 	"k8s.io/client-go/tools/cache"
    38. 

  38. )
    39. 

  39. 

  40. var (
    41. 

  41. 	someRandomCA = []byte(`-----BEGIN CERTIFICATE-----
    42. 

  42. MIIBqDCCAU2gAwIBAgIUfbqeieihh/oERbfvRm38XvS/xHAwCgYIKoZIzj0EAwIw
    43. 

  43. GjEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlLUNBMCAXDTE2MTAxMTA1MDYwMFoYDzIx
    44. 

  44. MTYwOTE3MDUwNjAwWjAUMRIwEAYDVQQDEwlNeSBDbGllbnQwWTATBgcqhkjOPQIB
    45. 

  45. BggqhkjOPQMBBwNCAARv6N4R/sjMR65iMFGNLN1GC/vd7WhDW6J4X/iAjkRLLnNb
    46. 

  46. KbRG/AtOUZ+7upJ3BWIRKYbOabbQGQe2BbKFiap4o3UwczAOBgNVHQ8BAf8EBAMC
    47. 

  47. BaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
    48. 

  48. K/pZOWpNcYai6eHFpmJEeFpeQlEwHwYDVR0jBBgwFoAUX6nQlxjfWnP6aM1meO/Q
    49. 

  49. a6b3a9kwCgYIKoZIzj0EAwIDSQAwRgIhAIWTKw/sjJITqeuNzJDAKU4xo1zL+xJ5
    50. 

  50. MnVCuBwfwDXCAiEAw/1TA+CjPq9JC5ek1ifR0FybTURjeQqYkKpve1dveps=
    51. 

  51. -----END CERTIFICATE-----
    52. 

  52. `)
    53. 

  53. 	anotherRandomCA = []byte(`-----BEGIN CERTIFICATE-----
    54. 

  54. MIIDQDCCAiigAwIBAgIJANWw74P5KJk2MA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
    55. 

  55. BAMMKWdlbmVyaWNfd2ViaG9va19hZG1pc3Npb25fcGx1Z2luX3Rlc3RzX2NhMCAX
    56. 

  56. DTE3MTExNjAwMDUzOVoYDzIyOTEwOTAxMDAwNTM5WjAjMSEwHwYDVQQDExh3ZWJo
    57. 

  57. b29rLXRlc3QuZGVmYXVsdC5zdmMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
    58. 

  58. AoIBAQDXd/nQ89a5H8ifEsigmMd01Ib6NVR3bkJjtkvYnTbdfYEBj7UzqOQtHoLa
    59. 

  59. dIVmefny5uIHvj93WD8WDVPB3jX2JHrXkDTXd/6o6jIXHcsUfFTVLp6/bZ+Anqe0
    60. 

  60. r/7hAPkzA2A7APyTWM3ZbEeo1afXogXhOJ1u/wz0DflgcB21gNho4kKTONXO3NHD
    61. 

  61. XLpspFqSkxfEfKVDJaYAoMnYZJtFNsa2OvsmLnhYF8bjeT3i07lfwrhUZvP+7Gsp
    62. 

  62. 7UgUwc06WuNHjfx1s5e6ySzH0QioMD1rjYneqOvk0pKrMIhuAEWXqq7jlXcDtx1E
    63. 

  63. j+wnYbVqqVYheHZ8BCJoVAAQGs9/AgMBAAGjZDBiMAkGA1UdEwQCMAAwCwYDVR0P
    64. 

  64. BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATApBgNVHREEIjAg
    65. 

  65. hwR/AAABghh3ZWJob29rLXRlc3QuZGVmYXVsdC5zdmMwDQYJKoZIhvcNAQELBQAD
    66. 

  66. ggEBAD/GKSPNyQuAOw/jsYZesb+RMedbkzs18sSwlxAJQMUrrXwlVdHrA8q5WhE6
    67. 

  67. ABLqU1b8lQ8AWun07R8k5tqTmNvCARrAPRUqls/ryER+3Y9YEcxEaTc3jKNZFLbc
    68. 

  68. T6YtcnkdhxsiO136wtiuatpYL91RgCmuSpR8+7jEHhuFU01iaASu7ypFrUzrKHTF
    69. 

  69. bKwiLRQi1cMzVcLErq5CDEKiKhUkoDucyARFszrGt9vNIl/YCcBOkcNvM3c05Hn3
    70. 

  70. M++C29JwS3Hwbubg6WO3wjFjoEhpCwU6qRYUz3MRp4tHO4kxKXx+oQnUiFnR7vW0
    71. 

  71. YkNtGc1RUDHwecCTFpJtPb7Yu/E=
    72. 

  72. -----END CERTIFICATE-----
    73. 

  73. `)
    74. 

  74. 

  75. 	someRandomCAProvider    dynamiccertificates.CAContentProvider
    76. 

  76. 	anotherRandomCAProvider dynamiccertificates.CAContentProvider
    77. 

  77. )
    78. 

  78. 

  79. func init() {
    80. 

  80. 	var err error
    81. 

  81. 	someRandomCAProvider, err = dynamiccertificates.NewStaticCAContent("foo", someRandomCA)
    82. 

  82. 	if err != nil {
    83. 

  83. 		panic(err)
    84. 

  84. 	}
    85. 

  85. 	anotherRandomCAProvider, err = dynamiccertificates.NewStaticCAContent("bar", anotherRandomCA)
    86. 

  86. 	if err != nil {
    87. 

  87. 		panic(err)
    88. 

  88. 	}
    89. 

  89. }
    90. 

  90. 

  91. func TestWriteClientCAs(t *testing.T) {
    92. 

  92. 	tests := []struct {
    93. 

  93. 		name               string
    94. 

  94. 		clusterAuthInfo    ClusterAuthenticationInfo
    95. 

  95. 		preexistingObjs    []runtime.Object
    96. 

  96. 		expectedConfigMaps map[string]*corev1.ConfigMap
    97. 

  97. 		expectCreate       bool
    98. 

  98. 	}{
    99. 

  99. 		{
    100. 

  100. 			name: "basic",
    101. 

  101. 			clusterAuthInfo: ClusterAuthenticationInfo{
    102. 

  102. 				ClientCA:                         someRandomCAProvider,
    103. 

  103. 				RequestHeaderUsernameHeaders:     headerrequest.StaticStringSlice{"alfa", "bravo", "charlie"},
    104. 

  104. 				RequestHeaderGroupHeaders:        headerrequest.StaticStringSlice{"delta"},
    105. 

  105. 				RequestHeaderExtraHeaderPrefixes: headerrequest.StaticStringSlice{"echo", "foxtrot"},
    106. 

  106. 				RequestHeaderCA:                  anotherRandomCAProvider,
    107. 

  107. 				RequestHeaderAllowedNames:        headerrequest.StaticStringSlice{"first", "second"},
    108. 

  108. 			},
    109. 

  109. 			expectedConfigMaps: map[string]*corev1.ConfigMap{
    110. 

  110. 				"extension-apiserver-authentication": {
    111. 

  111. 					ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
    112. 

  112. 					Data: map[string]string{
    113. 

  113. 						"client-ca-file":                     string(someRandomCA),
    114. 

  114. 						"requestheader-username-headers":     `["alfa","bravo","charlie"]`,
    115. 

  115. 						"requestheader-group-headers":        `["delta"]`,
    116. 

  116. 						"requestheader-extra-headers-prefix": `["echo","foxtrot"]`,
    117. 

  117. 						"requestheader-client-ca-file":       string(anotherRandomCA),
    118. 

  118. 						"requestheader-allowed-names":        `["first","second"]`,
    119. 

  119. 					},
    120. 

  120. 				},
    121. 

  121. 			},
    122. 

  122. 			expectCreate: true,
    123. 

  123. 		},
    124. 

  124. 		{
    125. 

  125. 			name: "skip extension-apiserver-authentication",
    126. 

  126. 			clusterAuthInfo: ClusterAuthenticationInfo{
    127. 

  127. 				RequestHeaderCA:           anotherRandomCAProvider,
    128. 

  128. 				RequestHeaderAllowedNames: headerrequest.StaticStringSlice{"first", "second"},
    129. 

  129. 			},
    130. 

  130. 			expectedConfigMaps: map[string]*corev1.ConfigMap{
    131. 

  131. 				"extension-apiserver-authentication": {
    132. 

  132. 					ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
    133. 

  133. 					Data: map[string]string{
    134. 

  134. 						"requestheader-username-headers":     `[]`,
    135. 

  135. 						"requestheader-group-headers":        `[]`,
    136. 

  136. 						"requestheader-extra-headers-prefix": `[]`,
    137. 

  137. 						"requestheader-client-ca-file":       string(anotherRandomCA),
    138. 

  138. 						"requestheader-allowed-names":        `["first","second"]`,
    139. 

  139. 					},
    140. 

  140. 				},
    141. 

  141. 			},
    142. 

  142. 			expectCreate: true,
    143. 

  143. 		},
    144. 

  144. 		{
    145. 

  145. 			name: "skip extension-apiserver-authentication",
    146. 

  146. 			clusterAuthInfo: ClusterAuthenticationInfo{
    147. 

  147. 				ClientCA: someRandomCAProvider,
    148. 

  148. 			},
    149. 

  149. 			expectedConfigMaps: map[string]*corev1.ConfigMap{
    150. 

  150. 				"extension-apiserver-authentication": {
    151. 

  151. 					ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
    152. 

  152. 					Data: map[string]string{
    153. 

  153. 						"client-ca-file": string(someRandomCA),
    154. 

  154. 					},
    155. 

  155. 				},
    156. 

  156. 			},
    157. 

  157. 			expectCreate: true,
    158. 

  158. 		},
    159. 

  159. 		{
    160. 

  160. 			name: "empty allowed names",
    161. 

  161. 			clusterAuthInfo: ClusterAuthenticationInfo{
    162. 

  162. 				RequestHeaderCA: anotherRandomCAProvider,
    163. 

  163. 			},
    164. 

  164. 			expectedConfigMaps: map[string]*corev1.ConfigMap{
    165. 

  165. 				"extension-apiserver-authentication": {
    166. 

  166. 					ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
    167. 

  167. 					Data: map[string]string{
    168. 

  168. 						"requestheader-username-headers":     `[]`,
    169. 

  169. 						"requestheader-group-headers":        `[]`,
    170. 

  170. 						"requestheader-extra-headers-prefix": `[]`,
    171. 

  171. 						"requestheader-client-ca-file":       string(anotherRandomCA),
    172. 

  172. 						"requestheader-allowed-names":        `[]`,
    173. 

  173. 					},
    174. 

  174. 				},
    175. 

  175. 			},
    176. 

  176. 			expectCreate: true,
    177. 

  177. 		},
    178. 

  178. 		{
    179. 

  179. 			name: "overwrite extension-apiserver-authentication",
    180. 

  180. 			clusterAuthInfo: ClusterAuthenticationInfo{
    181. 

  181. 				ClientCA: someRandomCAProvider,
    182. 

  182. 			},
    183. 

  183. 			preexistingObjs: []runtime.Object{
    184. 

  184. 				&corev1.ConfigMap{
    185. 

  185. 					ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
    186. 

  186. 					Data: map[string]string{
    187. 

  187. 						"client-ca-file": string(anotherRandomCA),
    188. 

  188. 					},
    189. 

  189. 				},
    190. 

  190. 			},
    191. 

  191. 			expectedConfigMaps: map[string]*corev1.ConfigMap{
    192. 

  192. 				"extension-apiserver-authentication": {
    193. 

  193. 					ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
    194. 

  194. 					Data: map[string]string{
    195. 

  195. 						"client-ca-file": string(anotherRandomCA) + string(someRandomCA),
    196. 

  196. 					},
    197. 

  197. 				},
    198. 

  198. 			},
    199. 

  199. 		},
    200. 

  200. 		{
    201. 

  201. 			name: "overwrite extension-apiserver-authentication requestheader",
    202. 

  202. 			clusterAuthInfo: ClusterAuthenticationInfo{
    203. 

  203. 				RequestHeaderUsernameHeaders:     headerrequest.StaticStringSlice{},
    204. 

  204. 				RequestHeaderGroupHeaders:        headerrequest.StaticStringSlice{},
    205. 

  205. 				RequestHeaderExtraHeaderPrefixes: headerrequest.StaticStringSlice{},
    206. 

  206. 				RequestHeaderCA:                  anotherRandomCAProvider,
    207. 

  207. 				RequestHeaderAllowedNames:        headerrequest.StaticStringSlice{},
    208. 

  208. 			},
    209. 

  209. 			preexistingObjs: []runtime.Object{
    210. 

  210. 				&corev1.ConfigMap{
    211. 

  211. 					ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
    212. 

  212. 					Data: map[string]string{
    213. 

  213. 						"requestheader-username-headers":     `[]`,
    214. 

  214. 						"requestheader-group-headers":        `[]`,
    215. 

  215. 						"requestheader-extra-headers-prefix": `[]`,
    216. 

  216. 						"requestheader-client-ca-file":       string(someRandomCA),
    217. 

  217. 						"requestheader-allowed-names":        `[]`,
    218. 

  218. 					},
    219. 

  219. 				},
    220. 

  220. 			},
    221. 

  221. 			expectedConfigMaps: map[string]*corev1.ConfigMap{
    222. 

  222. 				"extension-apiserver-authentication": {
    223. 

  223. 					ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
    224. 

  224. 					Data: map[string]string{
    225. 

  225. 						"requestheader-username-headers":     `[]`,
    226. 

  226. 						"requestheader-group-headers":        `[]`,
    227. 

  227. 						"requestheader-extra-headers-prefix": `[]`,
    228. 

  228. 						"requestheader-client-ca-file":       string(someRandomCA) + string(anotherRandomCA),
    229. 

  229. 						"requestheader-allowed-names":        `[]`,
    230. 

  230. 					},
    231. 

  231. 				},
    232. 

  232. 			},
    233. 

  233. 		},
    234. 

  234. 		{
    235. 

  235. 			name: "namespace exists",
    236. 

  236. 			clusterAuthInfo: ClusterAuthenticationInfo{
    237. 

  237. 				ClientCA: someRandomCAProvider,
    238. 

  238. 			},
    239. 

  239. 			preexistingObjs: []runtime.Object{
    240. 

  240. 				&corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: metav1.NamespaceSystem}},
    241. 

  241. 			},
    242. 

  242. 			expectedConfigMaps: map[string]*corev1.ConfigMap{
    243. 

  243. 				"extension-apiserver-authentication": {
    244. 

  244. 					ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
    245. 

  245. 					Data: map[string]string{
    246. 

  246. 						"client-ca-file": string(someRandomCA),
    247. 

  247. 					},
    248. 

  248. 				},
    249. 

  249. 			},
    250. 

  250. 			expectCreate: true,
    251. 

  251. 		},
    252. 

  252. 		{
    253. 

  253. 			name: "skip on no change",
    254. 

  254. 			clusterAuthInfo: ClusterAuthenticationInfo{
    255. 

  255. 				RequestHeaderUsernameHeaders:     headerrequest.StaticStringSlice{},
    256. 

  256. 				RequestHeaderGroupHeaders:        headerrequest.StaticStringSlice{},
    257. 

  257. 				RequestHeaderExtraHeaderPrefixes: headerrequest.StaticStringSlice{},
    258. 

  258. 				RequestHeaderCA:                  anotherRandomCAProvider,
    259. 

  259. 				RequestHeaderAllowedNames:        headerrequest.StaticStringSlice{},
    260. 

  260. 			},
    261. 

  261. 			preexistingObjs: []runtime.Object{
    262. 

  262. 				&corev1.ConfigMap{
    263. 

  263. 					ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
    264. 

  264. 					Data: map[string]string{
    265. 

  265. 						"requestheader-username-headers":     `[]`,
    266. 

  266. 						"requestheader-group-headers":        `[]`,
    267. 

  267. 						"requestheader-extra-headers-prefix": `[]`,
    268. 

  268. 						"requestheader-client-ca-file":       string(anotherRandomCA),
    269. 

  269. 						"requestheader-allowed-names":        `[]`,
    270. 

  270. 					},
    271. 

  271. 				},
    272. 

  272. 			},
    273. 

  273. 			expectedConfigMaps: map[string]*corev1.ConfigMap{},
    274. 

  274. 			expectCreate:       false,
    275. 

  275. 		},
    276. 

  276. 	}
    277. 

  277. 

  278. 	for _, test := range tests {
    279. 

  279. 		t.Run(test.name, func(t *testing.T) {
    280. 

  280. 			client := fake.NewSimpleClientset(test.preexistingObjs...)
    281. 

  281. 			configMapIndexer := cache.NewIndexer(cache.MetaNamespaceKeyFunc, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc})
    282. 

  282. 			for _, obj := range test.preexistingObjs {
    283. 

  283. 				configMapIndexer.Add(obj)
    284. 

  284. 			}
    285. 

  285. 			configmapLister := corev1listers.NewConfigMapLister(configMapIndexer)
    286. 

  286. 

  287. 			c := &Controller{
    288. 

  288. 				configMapLister:            configmapLister,
    289. 

  289. 				configMapClient:            client.CoreV1(),
    290. 

  290. 				namespaceClient:            client.CoreV1(),
    291. 

  291. 				requiredAuthenticationData: test.clusterAuthInfo,
    292. 

  292. 			}
    293. 

  293. 

  294. 			err := c.syncConfigMap()
    295. 

  295. 			if err != nil {
    296. 

  296. 				t.Fatal(err)
    297. 

  297. 			}
    298. 

  298. 

  299. 			actualConfigMaps, updated := getFinalConfigMaps(t, client)
    300. 

  300. 			if !reflect.DeepEqual(test.expectedConfigMaps, actualConfigMaps) {
    301. 

  301. 				t.Fatalf("%s: %v", test.name, diff.ObjectReflectDiff(test.expectedConfigMaps, actualConfigMaps))
    302. 

  302. 			}
    303. 

  303. 			if test.expectCreate != updated {
    304. 

  304. 				t.Fatalf("%s: expected %v, got %v", test.name, test.expectCreate, updated)
    305. 

  305. 			}
    306. 

  306. 		})
    307. 

  307. 	}
    308. 

  308. }
    309. 

  309. 

  310. func getFinalConfigMaps(t *testing.T, client *fake.Clientset) (map[string]*corev1.ConfigMap, bool) {
    311. 

  311. 	ret := map[string]*corev1.ConfigMap{}
    312. 

  312. 	created := false
    313. 

  313. 

  314. 	for _, action := range client.Actions() {
    315. 

  315. 		t.Log(spew.Sdump(action))
    316. 

  316. 		if action.Matches("create", "configmaps") {
    317. 

  317. 			created = true
    318. 

  318. 			obj := action.(clienttesting.CreateAction).GetObject().(*corev1.ConfigMap)
    319. 

  319. 			ret[obj.Name] = obj
    320. 

  320. 		}
    321. 

  321. 		if action.Matches("update", "configmaps") {
    322. 

  322. 			obj := action.(clienttesting.UpdateAction).GetObject().(*corev1.ConfigMap)
    323. 

  323. 			ret[obj.Name] = obj
    324. 

  324. 		}
    325. 

  325. 	}
    326. 

  326. 	return ret, created
    327. 

  327. }
    328. 

  328. 

  329. func TestWriteConfigMapDeleted(t *testing.T) {
    330. 

  330. 	// the basics are tested above, this checks the deletion logic when the ca bundles are too large
    331. 

  331. 	cm := &corev1.ConfigMap{
    332. 

  332. 		ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
    333. 

  333. 		Data: map[string]string{
    334. 

  334. 			"requestheader-username-headers":     `[]`,
    335. 

  335. 			"requestheader-group-headers":        `[]`,
    336. 

  336. 			"requestheader-extra-headers-prefix": `[]`,
    337. 

  337. 			"requestheader-client-ca-file":       string(anotherRandomCA),
    338. 

  338. 			"requestheader-allowed-names":        `[]`,
    339. 

  339. 		},
    340. 

  340. 	}
    341. 

  341. 

  342. 	t.Run("request entity too large", func(t *testing.T) {
    343. 

  343. 		client := fake.NewSimpleClientset()
    344. 

  344. 		client.PrependReactor("update", "configmaps", func(action clienttesting.Action) (handled bool, ret runtime.Object, err error) {
    345. 

  345. 			return true, nil, apierrors.NewRequestEntityTooLargeError("way too big")
    346. 

  346. 		})
    347. 

  347. 		client.PrependReactor("delete", "configmaps", func(action clienttesting.Action) (handled bool, ret runtime.Object, err error) {
    348. 

  348. 			return true, nil, nil
    349. 

  349. 		})
    350. 

  350. 

  351. 		err := writeConfigMap(client.CoreV1(), cm)
    352. 

  352. 		if err == nil || err.Error() != "Request entity too large: way too big" {
    353. 

  353. 			t.Fatal(err)
    354. 

  354. 		}
    355. 

  355. 		if len(client.Actions()) != 2 {
    356. 

  356. 			t.Fatal(client.Actions())
    357. 

  357. 		}
    358. 

  358. 		_, ok := client.Actions()[1].(clienttesting.DeleteAction)
    359. 

  359. 		if !ok {
    360. 

  360. 			t.Fatal(client.Actions())
    361. 

  361. 		}
    362. 

  362. 	})
    363. 

  363. 

  364. 	t.Run("ca bundle too large", func(t *testing.T) {
    365. 

  365. 		client := fake.NewSimpleClientset()
    366. 

  366. 		client.PrependReactor("update", "configmaps", func(action clienttesting.Action) (handled bool, ret runtime.Object, err error) {
    367. 

  367. 			return true, nil, apierrors.NewInvalid(schema.GroupKind{Kind: "ConfigMap"}, cm.Name, field.ErrorList{field.TooLong(field.NewPath(""), cm, corev1.MaxSecretSize)})
    368. 

  368. 		})
    369. 

  369. 		client.PrependReactor("delete", "configmaps", func(action clienttesting.Action) (handled bool, ret runtime.Object, err error) {
    370. 

  370. 			return true, nil, nil
    371. 

  371. 		})
    372. 

  372. 

  373. 		err := writeConfigMap(client.CoreV1(), cm)
    374. 

  374. 		if err == nil || err.Error() != `ConfigMap "extension-apiserver-authentication" is invalid: []: Too long: must have at most 1048576 bytes` {
    375. 

  375. 			t.Fatal(err)
    376. 

  376. 		}
    377. 

  377. 		if len(client.Actions()) != 2 {
    378. 

  378. 			t.Fatal(client.Actions())
    379. 

  379. 		}
    380. 

  380. 		_, ok := client.Actions()[1].(clienttesting.DeleteAction)
    381. 

  381. 		if !ok {
    382. 

  382. 			t.Fatal(client.Actions())
    383. 

  383. 		}
    384. 

  384. 	})
    385. 

  385. 

  386. }
    387. 

  387.