mirror of
https://github.com/kubevirt/containerized-data-importer.git
synced 2025-06-03 06:30:22 +00:00
75f4fd6f2f
* update k8s deps to 1.18.6 and controller runtime to 0.6.2 Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * remove building code generators from docker image. This way the k8s ligray version only has to be updated in go.mod Do more stuff in the bazel container. Faster and better interop Fix unit tests Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * make format Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * remove unnecessary rsync Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * redo code generator dep management Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * builder uses go modules Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
113 lines
3.6 KiB
Go
113 lines
3.6 KiB
Go
package controller
|
|
|
|
import (
|
|
"context"
|
|
|
|
. "github.com/onsi/ginkgo"
|
|
. "github.com/onsi/gomega"
|
|
|
|
corev1 "k8s.io/api/core/v1"
|
|
"k8s.io/apimachinery/pkg/api/errors"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/client-go/kubernetes"
|
|
"k8s.io/client-go/kubernetes/fake"
|
|
"sigs.k8s.io/controller-runtime/pkg/client"
|
|
|
|
"kubevirt.io/containerized-data-importer/pkg/operator/resources/cert"
|
|
cdicerts "kubevirt.io/containerized-data-importer/pkg/operator/resources/cert"
|
|
)
|
|
|
|
const testCertData = "test"
|
|
|
|
type fakeCertManager struct {
|
|
client client.Client
|
|
namespace string
|
|
}
|
|
|
|
func (tcm *fakeCertManager) Sync(certs []cdicerts.CertificateDefinition) error {
|
|
cm := &corev1.ConfigMap{}
|
|
key := client.ObjectKey{Namespace: tcm.namespace, Name: "cdi-uploadproxy-signer-bundle"}
|
|
err := tcm.client.Get(context.TODO(), key, cm)
|
|
// should exist
|
|
if err != nil {
|
|
return err
|
|
}
|
|
cm.Data = map[string]string{
|
|
"ca-bundle.crt": testCertData,
|
|
}
|
|
return tcm.client.Update(context.TODO(), cm)
|
|
}
|
|
|
|
// creating certs is really CPU intensive so mocking out a CertManager to just create what we need
|
|
func newFakeCertManager(crClient client.Client, namespace string) CertManager {
|
|
return &fakeCertManager{client: crClient, namespace: namespace}
|
|
}
|
|
|
|
func newCertManagerForTest(client kubernetes.Interface, namespace string) CertManager {
|
|
return newCertManager(client, namespace)
|
|
}
|
|
|
|
func checkSecret(client kubernetes.Interface, namespace, name string, exists bool) {
|
|
s, err := client.CoreV1().Secrets(namespace).Get(context.TODO(), name, metav1.GetOptions{})
|
|
if !exists {
|
|
Expect(errors.IsNotFound(err)).To(BeTrue())
|
|
return
|
|
}
|
|
Expect(s.Data["tls.crt"]).ShouldNot(BeEmpty())
|
|
Expect(s.Data["tls.crt"]).ShouldNot(BeEmpty())
|
|
}
|
|
|
|
func checkConfigMap(client kubernetes.Interface, namespace, name string, exists bool) {
|
|
cm, err := client.CoreV1().ConfigMaps(namespace).Get(context.TODO(), name, metav1.GetOptions{})
|
|
if !exists {
|
|
Expect(errors.IsNotFound(err)).To(BeTrue())
|
|
return
|
|
}
|
|
Expect(cm.Data["ca-bundle.crt"]).ShouldNot(BeEmpty())
|
|
}
|
|
|
|
func checkCerts(client kubernetes.Interface, namespace string, exists bool) {
|
|
checkSecret(client, namespace, "cdi-apiserver-signer", exists)
|
|
checkConfigMap(client, namespace, "cdi-apiserver-signer-bundle", exists)
|
|
checkSecret(client, namespace, "cdi-apiserver-server-cert", exists)
|
|
|
|
checkSecret(client, namespace, "cdi-uploadproxy-signer", exists)
|
|
checkConfigMap(client, namespace, "cdi-uploadproxy-signer-bundle", exists)
|
|
checkSecret(client, namespace, "cdi-uploadproxy-server-cert", exists)
|
|
|
|
checkSecret(client, namespace, "cdi-uploadserver-signer", exists)
|
|
checkConfigMap(client, namespace, "cdi-uploadserver-signer-bundle", exists)
|
|
|
|
checkSecret(client, namespace, "cdi-uploadserver-client-signer", exists)
|
|
checkConfigMap(client, namespace, "cdi-uploadserver-client-signer-bundle", exists)
|
|
checkSecret(client, namespace, "cdi-uploadserver-client-cert", exists)
|
|
}
|
|
|
|
var _ = Describe("Cert rotation tests", func() {
|
|
const namespace = "cdi"
|
|
Context("with clean slate", func() {
|
|
client := fake.NewSimpleClientset()
|
|
cm := newCertManagerForTest(client, namespace)
|
|
|
|
It("should create everything", func() {
|
|
checkCerts(client, namespace, false)
|
|
|
|
certs := cert.CreateCertificateDefinitions(&cert.FactoryArgs{Namespace: namespace})
|
|
err := cm.Sync(certs)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
|
|
checkCerts(client, namespace, true)
|
|
})
|
|
|
|
It("should not do anything", func() {
|
|
checkCerts(client, namespace, true)
|
|
|
|
certs := cert.CreateCertificateDefinitions(&cert.FactoryArgs{Namespace: namespace})
|
|
err := cm.Sync(certs)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
|
|
checkCerts(client, namespace, true)
|
|
})
|
|
})
|
|
})
|