首頁 探索 說明
登入
tzeneto
/
custom-kube-scheduler
關註 1
讚好 0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: d09a286d62
分支列表 標籤列表
custom-kube-...
/
kubernetes
/
cmd
/
kubeadm
/
test
/
kubeconfig
/
util.go

util.go 4.2 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 
  1. /*
    2. 

  2. Copyright 2017 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package kubeconfig
    18. 

  18. 

  19. import (
    20. 

  20. 	"crypto/x509"
    21. 

  21. 	"encoding/pem"
    22. 

  22. 	"testing"
    23. 

  23. 

  24. 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
    25. 

  25. 	certstestutil "k8s.io/kubernetes/cmd/kubeadm/app/util/certs"
    26. 

  26. )
    27. 

  27. 

  28. // AssertKubeConfigCurrentCluster is a utility function for kubeadm testing that asserts if the CurrentCluster in
    29. 

  29. // the given KubeConfig object contains refers to a specific cluster
    30. 

  30. func AssertKubeConfigCurrentCluster(t *testing.T, config *clientcmdapi.Config, expectedAPIServerAddress string, expectedAPIServerCaCert *x509.Certificate) {
    31. 

  31. 	currentContext := config.Contexts[config.CurrentContext]
    32. 

  32. 	currentCluster := config.Clusters[currentContext.Cluster]
    33. 

  33. 

  34. 	// Assert expectedAPIServerAddress
    35. 

  35. 	if currentCluster.Server != expectedAPIServerAddress {
    36. 

  36. 		t.Errorf("kubeconfig.currentCluster.Server is [%s], expected [%s]", currentCluster.Server, expectedAPIServerAddress)
    37. 

  37. 	}
    38. 

  38. 

  39. 	// Assert the APIServerCaCert
    40. 

  40. 	if len(currentCluster.CertificateAuthorityData) == 0 {
    41. 

  41. 		t.Error("kubeconfig.currentCluster.CertificateAuthorityData is empty, expected not empty")
    42. 

  42. 		return
    43. 

  43. 	}
    44. 

  44. 

  45. 	block, _ := pem.Decode(currentCluster.CertificateAuthorityData)
    46. 

  46. 	currentAPIServerCaCert, err := x509.ParseCertificate(block.Bytes)
    47. 

  47. 	if err != nil {
    48. 

  48. 		t.Errorf("kubeconfig.currentCluster.CertificateAuthorityData is not a valid CA: %v", err)
    49. 

  49. 		return
    50. 

  50. 	}
    51. 

  51. 

  52. 	if !currentAPIServerCaCert.Equal(expectedAPIServerCaCert) {
    53. 

  53. 		t.Errorf("kubeconfig.currentCluster.CertificateAuthorityData not correspond to the expected CA cert")
    54. 

  54. 	}
    55. 

  55. }
    56. 

  56. 

  57. // AssertKubeConfigCurrentAuthInfoWithClientCert is a utility function for kubeadm testing that asserts if the CurrentAuthInfo in
    58. 

  58. // the given KubeConfig object contains a clientCert that refers to a specific client name, is signed by the expected CA, includes the expected organizations
    59. 

  59. func AssertKubeConfigCurrentAuthInfoWithClientCert(t *testing.T, config *clientcmdapi.Config, signinCa *x509.Certificate, expectedClientName string, expectedOrganizations ...string) {
    60. 

  60. 	currentContext := config.Contexts[config.CurrentContext]
    61. 

  61. 	currentAuthInfo := config.AuthInfos[currentContext.AuthInfo]
    62. 

  62. 

  63. 	// assert clientCert
    64. 

  64. 	if len(currentAuthInfo.ClientCertificateData) == 0 {
    65. 

  65. 		t.Error("kubeconfig.currentAuthInfo.ClientCertificateData is empty, expected not empty")
    66. 

  66. 		return
    67. 

  67. 	}
    68. 

  68. 

  69. 	block, _ := pem.Decode(config.AuthInfos[currentContext.AuthInfo].ClientCertificateData)
    70. 

  70. 	currentClientCert, err := x509.ParseCertificate(block.Bytes)
    71. 

  71. 	if err != nil {
    72. 

  72. 		t.Errorf("kubeconfig.currentAuthInfo.ClientCertificateData is not a valid CA: %v", err)
    73. 

  73. 		return
    74. 

  74. 	}
    75. 

  75. 

  76. 	// Asserts the clientCert is signed by the signinCa
    77. 

  77. 	certstestutil.AssertCertificateIsSignedByCa(t, currentClientCert, signinCa)
    78. 

  78. 

  79. 	// Asserts the clientCert has ClientAuth ExtKeyUsage
    80. 

  80. 	certstestutil.AssertCertificateHasClientAuthUsage(t, currentClientCert)
    81. 

  81. 

  82. 	// Asserts the clientCert has expected expectedUserName as CommonName
    83. 

  83. 	certstestutil.AssertCertificateHasCommonName(t, currentClientCert, expectedClientName)
    84. 

  84. 

  85. 	// Asserts the clientCert has expected Organizations
    86. 

  86. 	certstestutil.AssertCertificateHasOrganizations(t, currentClientCert, expectedOrganizations...)
    87. 

  87. }
    88. 

  88. 

  89. // AssertKubeConfigCurrentAuthInfoWithToken is a utility function for kubeadm testing that asserts if the CurrentAuthInfo in
    90. 

  90. // the given KubeConfig object refers to expected token
    91. 

  91. func AssertKubeConfigCurrentAuthInfoWithToken(t *testing.T, config *clientcmdapi.Config, expectedClientName, expectedToken string) {
    92. 

  92. 	currentContext := config.Contexts[config.CurrentContext]
    93. 

  93. 	currentAuthInfo := config.AuthInfos[currentContext.AuthInfo]
    94. 

  94. 

  95. 	// assert token
    96. 

  96. 	if currentAuthInfo.Token != expectedToken {
    97. 

  97. 		t.Errorf("kubeconfig.currentAuthInfo.Token [%s], expected [%s]", currentAuthInfo.Token, expectedToken)
    98. 

  98. 		return
    99. 

  99. 	}
    100. 

  100. }
    101. 

  101.