탐색 도움말
로그인
tzeneto
/
custom-kube-scheduler
Watch 1
Star 0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: c4c2e0c5e5
브랜치 태그
custom-kube-...
/
kubernetes-v1.15.4
/
pkg
/
controller
/
bootstrap
/
util_test.go

util_test.go 6.0 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207 
  1. /*
    2. 

  2. Copyright 2016 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package bootstrap
    18. 

  18. 

  19. import (
    20. 

  20. 	"testing"
    21. 

  21. 	"time"
    22. 

  22. 

  23. 	"github.com/stretchr/testify/assert"
    24. 

  24. 

  25. 	"k8s.io/api/core/v1"
    26. 

  26. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    27. 

  27. 	bootstrapapi "k8s.io/cluster-bootstrap/token/api"
    28. 

  28. )
    29. 

  29. 

  30. const (
    31. 

  31. 	givenTokenID     = "abc123"
    32. 

  32. 	givenTokenID2    = "def456"
    33. 

  33. 	givenTokenSecret = "tokenSecret"
    34. 

  34. )
    35. 

  35. 

  36. func timeString(delta time.Duration) string {
    37. 

  37. 	return time.Now().Add(delta).Format(time.RFC3339)
    38. 

  38. }
    39. 

  39. 

  40. func TestValidateSecretForSigning(t *testing.T) {
    41. 

  41. 	cases := []struct {
    42. 

  42. 		description string
    43. 

  43. 		tokenID     string
    44. 

  44. 		tokenSecret string
    45. 

  45. 		okToSign    string
    46. 

  46. 		expiration  string
    47. 

  47. 		valid       bool
    48. 

  48. 	}{
    49. 

  49. 		{
    50. 

  50. 			"Signing token with no exp",
    51. 

  51. 			givenTokenID, givenTokenSecret, "true", "", true,
    52. 

  52. 		},
    53. 

  53. 		{
    54. 

  54. 			"Signing token with valid exp",
    55. 

  55. 			givenTokenID, givenTokenSecret, "true", timeString(time.Hour), true,
    56. 

  56. 		},
    57. 

  57. 		{
    58. 

  58. 			"Expired signing token",
    59. 

  59. 			givenTokenID, givenTokenSecret, "true", timeString(-time.Hour), false,
    60. 

  60. 		},
    61. 

  61. 		{
    62. 

  62. 			"Signing token with bad exp",
    63. 

  63. 			givenTokenID, givenTokenSecret, "true", "garbage", false,
    64. 

  64. 		},
    65. 

  65. 		{
    66. 

  66. 			"Signing token without signing bit",
    67. 

  67. 			givenTokenID, givenTokenSecret, "", "garbage", false,
    68. 

  68. 		},
    69. 

  69. 		{
    70. 

  70. 			"Signing token with bad signing bit",
    71. 

  71. 			givenTokenID, givenTokenSecret, "", "", false,
    72. 

  72. 		},
    73. 

  73. 		{
    74. 

  74. 			"Signing token with no ID",
    75. 

  75. 			"", givenTokenSecret, "true", "", false,
    76. 

  76. 		},
    77. 

  77. 		{
    78. 

  78. 			"Signing token with no secret",
    79. 

  79. 			givenTokenID, "", "true", "", false,
    80. 

  80. 		},
    81. 

  81. 	}
    82. 

  82. 

  83. 	for _, tc := range cases {
    84. 

  84. 		secret := &v1.Secret{
    85. 

  85. 			ObjectMeta: metav1.ObjectMeta{
    86. 

  86. 				Namespace:       metav1.NamespaceSystem,
    87. 

  87. 				Name:            bootstrapapi.BootstrapTokenSecretPrefix + givenTokenID,
    88. 

  88. 				ResourceVersion: "1",
    89. 

  89. 			},
    90. 

  90. 			Type: bootstrapapi.SecretTypeBootstrapToken,
    91. 

  91. 			Data: map[string][]byte{
    92. 

  92. 				bootstrapapi.BootstrapTokenIDKey:           []byte(tc.tokenID),
    93. 

  93. 				bootstrapapi.BootstrapTokenSecretKey:       []byte(tc.tokenSecret),
    94. 

  94. 				bootstrapapi.BootstrapTokenUsageSigningKey: []byte(tc.okToSign),
    95. 

  95. 				bootstrapapi.BootstrapTokenExpirationKey:   []byte(tc.expiration),
    96. 

  96. 			},
    97. 

  97. 		}
    98. 

  98. 

  99. 		tokenID, tokenSecret, ok := validateSecretForSigning(secret)
    100. 

  100. 		if ok != tc.valid {
    101. 

  101. 			t.Errorf("%s: Unexpected validation failure. Expected %v, got %v", tc.description, tc.valid, ok)
    102. 

  102. 		}
    103. 

  103. 		if ok {
    104. 

  104. 			if tokenID != tc.tokenID {
    105. 

  105. 				t.Errorf("%s: Unexpected Token ID. Expected %q, got %q", tc.description, givenTokenID, tokenID)
    106. 

  106. 			}
    107. 

  107. 			if tokenSecret != tc.tokenSecret {
    108. 

  108. 				t.Errorf("%s: Unexpected Token Secret. Expected %q, got %q", tc.description, givenTokenSecret, tokenSecret)
    109. 

  109. 			}
    110. 

  110. 		}
    111. 

  111. 	}
    112. 

  112. 

  113. }
    114. 

  114. 

  115. func TestValidateSecret(t *testing.T) {
    116. 

  116. 	secret := &v1.Secret{
    117. 

  117. 		ObjectMeta: metav1.ObjectMeta{
    118. 

  118. 			Namespace:       metav1.NamespaceSystem,
    119. 

  119. 			Name:            bootstrapapi.BootstrapTokenSecretPrefix + givenTokenID,
    120. 

  120. 			ResourceVersion: "1",
    121. 

  121. 		},
    122. 

  122. 		Type: bootstrapapi.SecretTypeBootstrapToken,
    123. 

  123. 		Data: map[string][]byte{
    124. 

  124. 			bootstrapapi.BootstrapTokenIDKey:           []byte(givenTokenID),
    125. 

  125. 			bootstrapapi.BootstrapTokenSecretKey:       []byte(givenTokenSecret),
    126. 

  126. 			bootstrapapi.BootstrapTokenUsageSigningKey: []byte("true"),
    127. 

  127. 		},
    128. 

  128. 	}
    129. 

  129. 

  130. 	tokenID, tokenSecret, ok := validateSecretForSigning(secret)
    131. 

  131. 	if !ok {
    132. 

  132. 		t.Errorf("Unexpected validation failure.")
    133. 

  133. 	}
    134. 

  134. 	if tokenID != givenTokenID {
    135. 

  135. 		t.Errorf("Unexpected Token ID. Expected %q, got %q", givenTokenID, tokenID)
    136. 

  136. 	}
    137. 

  137. 	if tokenSecret != givenTokenSecret {
    138. 

  138. 		t.Errorf("Unexpected Token Secret. Expected %q, got %q", givenTokenSecret, tokenSecret)
    139. 

  139. 	}
    140. 

  140. }
    141. 

  141. 

  142. func TestBadSecretName(t *testing.T) {
    143. 

  143. 	secret := &v1.Secret{
    144. 

  144. 		ObjectMeta: metav1.ObjectMeta{
    145. 

  145. 			Namespace:       metav1.NamespaceSystem,
    146. 

  146. 			Name:            givenTokenID,
    147. 

  147. 			ResourceVersion: "1",
    148. 

  148. 		},
    149. 

  149. 		Type: bootstrapapi.SecretTypeBootstrapToken,
    150. 

  150. 		Data: map[string][]byte{
    151. 

  151. 			bootstrapapi.BootstrapTokenIDKey:           []byte(givenTokenID),
    152. 

  152. 			bootstrapapi.BootstrapTokenSecretKey:       []byte(givenTokenSecret),
    153. 

  153. 			bootstrapapi.BootstrapTokenUsageSigningKey: []byte("true"),
    154. 

  154. 		},
    155. 

  155. 	}
    156. 

  156. 

  157. 	_, _, ok := validateSecretForSigning(secret)
    158. 

  158. 	if ok {
    159. 

  159. 		t.Errorf("Token validation should fail with bad name")
    160. 

  160. 	}
    161. 

  161. }
    162. 

  162. 

  163. func TestMismatchSecretName(t *testing.T) {
    164. 

  164. 	secret := &v1.Secret{
    165. 

  165. 		ObjectMeta: metav1.ObjectMeta{
    166. 

  166. 			Namespace:       metav1.NamespaceSystem,
    167. 

  167. 			Name:            bootstrapapi.BootstrapTokenSecretPrefix + givenTokenID2,
    168. 

  168. 			ResourceVersion: "1",
    169. 

  169. 		},
    170. 

  170. 		Type: bootstrapapi.SecretTypeBootstrapToken,
    171. 

  171. 		Data: map[string][]byte{
    172. 

  172. 			bootstrapapi.BootstrapTokenIDKey:           []byte(givenTokenID),
    173. 

  173. 			bootstrapapi.BootstrapTokenSecretKey:       []byte(givenTokenSecret),
    174. 

  174. 			bootstrapapi.BootstrapTokenUsageSigningKey: []byte("true"),
    175. 

  175. 		},
    176. 

  176. 	}
    177. 

  177. 

  178. 	_, _, ok := validateSecretForSigning(secret)
    179. 

  179. 	if ok {
    180. 

  180. 		t.Errorf("Token validation should fail with mismatched name")
    181. 

  181. 	}
    182. 

  182. }
    183. 

  183. 

  184. func TestParseSecretName(t *testing.T) {
    185. 

  185. 	tokenID, ok := parseSecretName("bootstrap-token-abc123")
    186. 

  186. 	assert.True(t, ok, "parseSecretName should accept valid name")
    187. 

  187. 	assert.Equal(t, "abc123", tokenID, "parseSecretName should return token ID")
    188. 

  188. 

  189. 	_, ok = parseSecretName("")
    190. 

  190. 	assert.False(t, ok, "parseSecretName should reject blank name")
    191. 

  191. 

  192. 	_, ok = parseSecretName("abc123")
    193. 

  193. 	assert.False(t, ok, "parseSecretName should reject with no prefix")
    194. 

  194. 

  195. 	_, ok = parseSecretName("bootstrap-token-")
    196. 

  196. 	assert.False(t, ok, "parseSecretName should reject no token ID")
    197. 

  197. 

  198. 	_, ok = parseSecretName("bootstrap-token-abc")
    199. 

  199. 	assert.False(t, ok, "parseSecretName should reject short token ID")
    200. 

  200. 

  201. 	_, ok = parseSecretName("bootstrap-token-abc123ghi")
    202. 

  202. 	assert.False(t, ok, "parseSecretName should reject long token ID")
    203. 

  203. 

  204. 	_, ok = parseSecretName("bootstrap-token-ABC123")
    205. 

  205. 	assert.False(t, ok, "parseSecretName should reject invalid token ID")
    206. 

  206. }
    207. 

  207.