Kezdőlap Felfedezés Súgó
Bejelentkezés
tzeneto
/
custom-kube-scheduler
Figyelés 1
Kedvenc 0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Fa: cb14858ef6
Branch-ok Tag-ek
custom-kube-...
/
kubernetes
/
pkg
/
controller
/
certificates
/
cleaner
/
cleaner_test.go

cleaner_test.go 6.1 KB
Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202 
  1. /*
    2. 

  2. Copyright 2017 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package cleaner
    18. 

  18. 

  19. import (
    20. 

  20. 	"testing"
    21. 

  21. 	"time"
    22. 

  22. 

  23. 	capi "k8s.io/api/certificates/v1beta1"
    24. 

  24. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    25. 

  25. 	"k8s.io/client-go/kubernetes/fake"
    26. 

  26. )
    27. 

  27. 

  28. const (
    29. 

  29. 	expiredCert = `-----BEGIN CERTIFICATE-----
    30. 

  30. MIICIzCCAc2gAwIBAgIJAOApTlMFDOUnMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNV
    31. 

  31. BAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjEYMBYGA1UE
    32. 

  32. CgwPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MQowCAYD
    33. 

  33. VQQDDAEqMB4XDTE3MTAwNDIwNDgzOFoXDTE3MTAwMzIwNDgzOFowbTELMAkGA1UE
    34. 

  34. BhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMRgwFgYDVQQK
    35. 

  35. DA9HbG9iYWwgU2VjdXJpdHkxFjAUBgNVBAsMDUlUIERlcGFydG1lbnQxCjAIBgNV
    36. 

  36. BAMMASowXDANBgkqhkiG9w0BAQEFAANLADBIAkEA3Gt0KmuRXDxvqZUiX/xqAn1t
    37. 

  37. nZZX98guZvPPyxnQtV3YpA274W0sX3jL+U71Ya+3kaUstXQa4YrWBUHiXoqJnwID
    38. 

  38. AQABo1AwTjAdBgNVHQ4EFgQUtDsIpzHoUiLsO88f9fm+G0tYSPowHwYDVR0jBBgw
    39. 

  39. FoAUtDsIpzHoUiLsO88f9fm+G0tYSPowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
    40. 

  40. AQsFAANBADfrlKof5CUkxGlX9Rifxv/mWOk8ZuTLWfMYQH2nycBHnmOxy6sR+87W
    41. 

  41. /Mb/uRz0TXVnGVcbu5E8Bz7e/Far1ZI=
    42. 

  42. -----END CERTIFICATE-----`
    43. 

  43. 	unexpiredCert = `-----BEGIN CERTIFICATE-----
    44. 

  44. MIICJTCCAc+gAwIBAgIJAIRjMToP+pPEMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNV
    45. 

  45. BAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjEYMBYGA1UE
    46. 

  46. CgwPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MQowCAYD
    47. 

  47. VQQDDAEqMCAXDTE3MTAwNDIwNDUyNFoYDzIxMTcwOTEwMjA0NTI0WjBtMQswCQYD
    48. 

  48. VQQGEwJHQjEPMA0GA1UECAwGTG9uZG9uMQ8wDQYDVQQHDAZMb25kb24xGDAWBgNV
    49. 

  49. BAoMD0dsb2JhbCBTZWN1cml0eTEWMBQGA1UECwwNSVQgRGVwYXJ0bWVudDEKMAgG
    50. 

  50. A1UEAwwBKjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC7j9BAV5HqIJGi6r4G4YeI
    51. 

  51. ioHxH2loVu8IOKSK7xVs3v/EjR/eXbQzM+jZU7duyZqn6YjySZNLl0K0MfHCHBgX
    52. 

  52. AgMBAAGjUDBOMB0GA1UdDgQWBBTwxV40NFSNW7lpQ3eUWX7Mxs03yzAfBgNVHSME
    53. 

  53. GDAWgBTwxV40NFSNW7lpQ3eUWX7Mxs03yzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
    54. 

  54. DQEBCwUAA0EALDi9OidANHflx8q+w3p0rJo9gpA6cJcFpEtP2Lv4kvOtB1f6L0jY
    55. 

  55. MLd7MVm4cS/MNcx4L7l23UC3Hx4+nAxvIg==
    56. 

  56. -----END CERTIFICATE-----`
    57. 

  57. )
    58. 

  58. 

  59. func TestCleanerWithApprovedExpiredCSR(t *testing.T) {
    60. 

  60. 	testCases := []struct {
    61. 

  61. 		name            string
    62. 

  62. 		created         metav1.Time
    63. 

  63. 		certificate     []byte
    64. 

  64. 		conditions      []capi.CertificateSigningRequestCondition
    65. 

  65. 		expectedActions []string
    66. 

  66. 	}{
    67. 

  67. 		{
    68. 

  68. 			"no delete approved not passed deadline",
    69. 

  69. 			metav1.NewTime(time.Now().Add(-1 * time.Minute)),
    70. 

  70. 			[]byte(unexpiredCert),
    71. 

  71. 			[]capi.CertificateSigningRequestCondition{
    72. 

  72. 				{
    73. 

  73. 					Type:           capi.CertificateApproved,
    74. 

  74. 					LastUpdateTime: metav1.NewTime(time.Now().Add(-50 * time.Minute)),
    75. 

  75. 				},
    76. 

  76. 			},
    77. 

  77. 			[]string{},
    78. 

  78. 		},
    79. 

  79. 		{
    80. 

  80. 			"no delete approved passed deadline not issued",
    81. 

  81. 			metav1.NewTime(time.Now().Add(-1 * time.Minute)),
    82. 

  82. 			nil,
    83. 

  83. 			[]capi.CertificateSigningRequestCondition{
    84. 

  84. 				{
    85. 

  85. 					Type:           capi.CertificateApproved,
    86. 

  86. 					LastUpdateTime: metav1.NewTime(time.Now().Add(-50 * time.Minute)),
    87. 

  87. 				},
    88. 

  88. 			},
    89. 

  89. 			[]string{},
    90. 

  90. 		},
    91. 

  91. 		{
    92. 

  92. 			"delete approved passed deadline",
    93. 

  93. 			metav1.NewTime(time.Now().Add(-1 * time.Minute)),
    94. 

  94. 			[]byte(unexpiredCert),
    95. 

  95. 			[]capi.CertificateSigningRequestCondition{
    96. 

  96. 				{
    97. 

  97. 					Type:           capi.CertificateApproved,
    98. 

  98. 					LastUpdateTime: metav1.NewTime(time.Now().Add(-2 * time.Hour)),
    99. 

  99. 				},
    100. 

  100. 			},
    101. 

  101. 			[]string{"delete"},
    102. 

  102. 		},
    103. 

  103. 		{
    104. 

  104. 			"no delete denied not passed deadline",
    105. 

  105. 			metav1.NewTime(time.Now().Add(-1 * time.Minute)),
    106. 

  106. 			nil,
    107. 

  107. 			[]capi.CertificateSigningRequestCondition{
    108. 

  108. 				{
    109. 

  109. 					Type:           capi.CertificateDenied,
    110. 

  110. 					LastUpdateTime: metav1.NewTime(time.Now().Add(-50 * time.Minute)),
    111. 

  111. 				},
    112. 

  112. 			},
    113. 

  113. 			[]string{},
    114. 

  114. 		},
    115. 

  115. 		{
    116. 

  116. 			"delete denied passed deadline",
    117. 

  117. 			metav1.NewTime(time.Now().Add(-1 * time.Minute)),
    118. 

  118. 			nil,
    119. 

  119. 			[]capi.CertificateSigningRequestCondition{
    120. 

  120. 				{
    121. 

  121. 					Type:           capi.CertificateDenied,
    122. 

  122. 					LastUpdateTime: metav1.NewTime(time.Now().Add(-2 * time.Hour)),
    123. 

  123. 				},
    124. 

  124. 			},
    125. 

  125. 			[]string{"delete"},
    126. 

  126. 		},
    127. 

  127. 		{
    128. 

  128. 			"no delete pending not passed deadline",
    129. 

  129. 			metav1.NewTime(time.Now().Add(-5 * time.Hour)),
    130. 

  130. 			nil,
    131. 

  131. 			[]capi.CertificateSigningRequestCondition{},
    132. 

  132. 			[]string{},
    133. 

  133. 		},
    134. 

  134. 		{
    135. 

  135. 			"delete pending passed deadline",
    136. 

  136. 			metav1.NewTime(time.Now().Add(-25 * time.Hour)),
    137. 

  137. 			nil,
    138. 

  138. 			[]capi.CertificateSigningRequestCondition{},
    139. 

  139. 			[]string{"delete"},
    140. 

  140. 		},
    141. 

  141. 		{
    142. 

  142. 			"no delete approved not passed deadline unexpired",
    143. 

  143. 			metav1.NewTime(time.Now().Add(-1 * time.Minute)),
    144. 

  144. 			[]byte(unexpiredCert),
    145. 

  145. 			[]capi.CertificateSigningRequestCondition{
    146. 

  146. 				{
    147. 

  147. 					Type:           capi.CertificateApproved,
    148. 

  148. 					LastUpdateTime: metav1.NewTime(time.Now().Add(-50 * time.Minute)),
    149. 

  149. 				},
    150. 

  150. 			},
    151. 

  151. 			[]string{},
    152. 

  152. 		},
    153. 

  153. 		{
    154. 

  154. 			"delete approved not passed deadline expired",
    155. 

  155. 			metav1.NewTime(time.Now().Add(-1 * time.Minute)),
    156. 

  156. 			[]byte(expiredCert),
    157. 

  157. 			[]capi.CertificateSigningRequestCondition{
    158. 

  158. 				{
    159. 

  159. 					Type:           capi.CertificateApproved,
    160. 

  160. 					LastUpdateTime: metav1.NewTime(time.Now().Add(-50 * time.Minute)),
    161. 

  161. 				},
    162. 

  162. 			},
    163. 

  163. 			[]string{"delete"},
    164. 

  164. 		},
    165. 

  165. 	}
    166. 

  166. 

  167. 	for _, tc := range testCases {
    168. 

  168. 		t.Run(tc.name, func(t *testing.T) {
    169. 

  169. 			csr := &capi.CertificateSigningRequest{
    170. 

  170. 				ObjectMeta: metav1.ObjectMeta{
    171. 

  171. 					Name:              "fake-csr",
    172. 

  172. 					CreationTimestamp: tc.created,
    173. 

  173. 				},
    174. 

  174. 				Status: capi.CertificateSigningRequestStatus{
    175. 

  175. 					Certificate: tc.certificate,
    176. 

  176. 					Conditions:  tc.conditions,
    177. 

  177. 				},
    178. 

  178. 			}
    179. 

  179. 

  180. 			client := fake.NewSimpleClientset(csr)
    181. 

  181. 			s := &CSRCleanerController{
    182. 

  182. 				csrClient: client.CertificatesV1beta1().CertificateSigningRequests(),
    183. 

  183. 			}
    184. 

  184. 

  185. 			err := s.handle(csr)
    186. 

  186. 			if err != nil {
    187. 

  187. 				t.Fatalf("failed to clean CSR: %v", err)
    188. 

  188. 			}
    189. 

  189. 

  190. 			actions := client.Actions()
    191. 

  191. 			if len(actions) != len(tc.expectedActions) {
    192. 

  192. 				t.Fatalf("got %d actions, wanted %d actions", len(actions), len(tc.expectedActions))
    193. 

  193. 			}
    194. 

  194. 			for i := 0; i < len(actions); i++ {
    195. 

  195. 				if a := actions[i]; !a.Matches(tc.expectedActions[i], "certificatesigningrequests") {
    196. 

  196. 					t.Errorf("got action %#v, wanted %v", a, tc.expectedActions[i])
    197. 

  197. 				}
    198. 

  198. 			}
    199. 

  199. 		})
    200. 

  200. 	}
    201. 

  201. }
    202. 

  202.