talos

generate_test.go
98 строк · 2.5 Кб
Перенос по словам
1
// This Source Code Form is subject to the terms of the Mozilla Public
2
// License, v. 2.0. If a copy of the MPL was not distributed with this
3
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
4

5
package kubeconfig_test
6

7
import (
8
	"bytes"
9
	"fmt"
10
	"net/url"
11
	"testing"
12
	"time"
13

14
	"github.com/siderolabs/crypto/x509"
15
	"github.com/stretchr/testify/suite"
16
	"k8s.io/client-go/tools/clientcmd"
17

18
	"github.com/siderolabs/talos/pkg/kubeconfig"
19
	"github.com/siderolabs/talos/pkg/machinery/config/types/v1alpha1"
20
)
21

22
type GenerateSuite struct {
23
	suite.Suite
24
}
25

26
func (suite *GenerateSuite) TestGenerateAdmin() {
27
	for _, rsa := range []bool{true, false} {
28
		suite.Run(fmt.Sprintf("RSA=%v", rsa), func() {
29
			ca, err := x509.NewSelfSignedCertificateAuthority(x509.RSA(rsa))
30
			suite.Require().NoError(err)
31

32
			u, err := url.Parse("http://localhost:3333/api")
33
			suite.Require().NoError(err)
34

35
			cfg := &v1alpha1.ClusterConfig{
36
				ClusterName: "talos1",
37
				ClusterCA: &x509.PEMEncodedCertificateAndKey{
38
					Crt: ca.CrtPEM,
39
					Key: ca.KeyPEM,
40
				},
41
				ControlPlane: &v1alpha1.ControlPlaneConfig{
42
					Endpoint: &v1alpha1.Endpoint{
43
						URL: u,
44
					},
45
				},
46
				AdminKubeconfigConfig: &v1alpha1.AdminKubeconfigConfig{
47
					AdminKubeconfigCertLifetime: time.Hour,
48
				},
49
			}
50

51
			var buf bytes.Buffer
52

53
			suite.Require().NoError(kubeconfig.GenerateAdmin(cfg, &buf))
54

55
			// verify config via k8s client
56
			config, err := clientcmd.Load(buf.Bytes())
57
			suite.Require().NoError(err)
58

59
			suite.Assert().NoError(clientcmd.ConfirmUsable(*config, fmt.Sprintf("admin@%s", cfg.ClusterName)))
60
		})
61
	}
62
}
63

64
func (suite *GenerateSuite) TestGenerate() {
65
	ca, err := x509.NewSelfSignedCertificateAuthority(x509.RSA(false))
66
	suite.Require().NoError(err)
67

68
	k8sCA := x509.NewCertificateAndKeyFromCertificateAuthority(ca)
69

70
	input := kubeconfig.GenerateInput{
71
		ClusterName: "foo",
72

73
		IssuingCA:           k8sCA,
74
		AcceptedCAs:         []*x509.PEMEncodedCertificate{{Crt: k8sCA.Crt}},
75
		CertificateLifetime: time.Hour,
76

77
		CommonName:   "system:kube-controller-manager",
78
		Organization: "system:kube-controller-manager",
79

80
		Endpoint:    "https://localhost:6443/",
81
		Username:    "kube-controller-manager",
82
		ContextName: "kube-controller-manager",
83
	}
84

85
	var buf bytes.Buffer
86

87
	suite.Require().NoError(kubeconfig.Generate(&input, &buf))
88

89
	// verify config via k8s client
90
	config, err := clientcmd.Load(buf.Bytes())
91
	suite.Require().NoError(err)
92

93
	suite.Assert().NoError(clientcmd.ConfirmUsable(*config, "kube-controller-manager@foo"))
94
}
95

96
func TestGenerateSuite(t *testing.T) {
97
	suite.Run(t, new(GenerateSuite))
98
}
99
talos

Использование cookies
