talos
98 строк · 2.5 Кб
1// This Source Code Form is subject to the terms of the Mozilla Public
2// License, v. 2.0. If a copy of the MPL was not distributed with this
3// file, You can obtain one at http://mozilla.org/MPL/2.0/.
4
5package kubeconfig_test
6
7import (
8"bytes"
9"fmt"
10"net/url"
11"testing"
12"time"
13
14"github.com/siderolabs/crypto/x509"
15"github.com/stretchr/testify/suite"
16"k8s.io/client-go/tools/clientcmd"
17
18"github.com/siderolabs/talos/pkg/kubeconfig"
19"github.com/siderolabs/talos/pkg/machinery/config/types/v1alpha1"
20)
21
22type GenerateSuite struct {
23suite.Suite
24}
25
26func (suite *GenerateSuite) TestGenerateAdmin() {
27for _, rsa := range []bool{true, false} {
28suite.Run(fmt.Sprintf("RSA=%v", rsa), func() {
29ca, err := x509.NewSelfSignedCertificateAuthority(x509.RSA(rsa))
30suite.Require().NoError(err)
31
32u, err := url.Parse("http://localhost:3333/api")
33suite.Require().NoError(err)
34
35cfg := &v1alpha1.ClusterConfig{
36ClusterName: "talos1",
37ClusterCA: &x509.PEMEncodedCertificateAndKey{
38Crt: ca.CrtPEM,
39Key: ca.KeyPEM,
40},
41ControlPlane: &v1alpha1.ControlPlaneConfig{
42Endpoint: &v1alpha1.Endpoint{
43URL: u,
44},
45},
46AdminKubeconfigConfig: &v1alpha1.AdminKubeconfigConfig{
47AdminKubeconfigCertLifetime: time.Hour,
48},
49}
50
51var buf bytes.Buffer
52
53suite.Require().NoError(kubeconfig.GenerateAdmin(cfg, &buf))
54
55// verify config via k8s client
56config, err := clientcmd.Load(buf.Bytes())
57suite.Require().NoError(err)
58
59suite.Assert().NoError(clientcmd.ConfirmUsable(*config, fmt.Sprintf("admin@%s", cfg.ClusterName)))
60})
61}
62}
63
64func (suite *GenerateSuite) TestGenerate() {
65ca, err := x509.NewSelfSignedCertificateAuthority(x509.RSA(false))
66suite.Require().NoError(err)
67
68k8sCA := x509.NewCertificateAndKeyFromCertificateAuthority(ca)
69
70input := kubeconfig.GenerateInput{
71ClusterName: "foo",
72
73IssuingCA: k8sCA,
74AcceptedCAs: []*x509.PEMEncodedCertificate{{Crt: k8sCA.Crt}},
75CertificateLifetime: time.Hour,
76
77CommonName: "system:kube-controller-manager",
78Organization: "system:kube-controller-manager",
79
80Endpoint: "https://localhost:6443/",
81Username: "kube-controller-manager",
82ContextName: "kube-controller-manager",
83}
84
85var buf bytes.Buffer
86
87suite.Require().NoError(kubeconfig.Generate(&input, &buf))
88
89// verify config via k8s client
90config, err := clientcmd.Load(buf.Bytes())
91suite.Require().NoError(err)
92
93suite.Assert().NoError(clientcmd.ConfirmUsable(*config, "kube-controller-manager@foo"))
94}
95
96func TestGenerateSuite(t *testing.T) {
97suite.Run(t, new(GenerateSuite))
98}
99