From fd768e36a207dc55374ff668067ce1d28111d139 Mon Sep 17 00:00:00 2001 From: guhaneswaran20 Date: Fri, 30 Oct 2020 10:33:55 +0000 Subject: [PATCH] Unit tests for `cluster check-certificate-expiration` command Reference:- https://hackmd.io/aGaz7YXSSHybGcyol8vYEw Closes: #391 Change-Id: I2e16eb99eca17f809196f9691cc8d0671b6ac15c --- .../checkexpiration/checkexpiration_test.go | 128 ++++++++++++++++++ pkg/cluster/checkexpiration/command_test.go | 18 ++- .../checkexpiration/testdata/node.yaml | 2 +- 3 files changed, 142 insertions(+), 6 deletions(-) create mode 100644 pkg/cluster/checkexpiration/checkexpiration_test.go diff --git a/pkg/cluster/checkexpiration/checkexpiration_test.go b/pkg/cluster/checkexpiration/checkexpiration_test.go new file mode 100644 index 000000000..9dd1d2b64 --- /dev/null +++ b/pkg/cluster/checkexpiration/checkexpiration_test.go @@ -0,0 +1,128 @@ +/* + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package checkexpiration_test + +import ( + "testing" + + "github.com/stretchr/testify/assert" + + "k8s.io/apimachinery/pkg/runtime" + + "opendev.org/airship/airshipctl/pkg/cluster/checkexpiration" + "opendev.org/airship/airshipctl/pkg/config" + "opendev.org/airship/airshipctl/pkg/k8s/client" + "opendev.org/airship/airshipctl/pkg/k8s/client/fake" + "opendev.org/airship/airshipctl/testutil" +) + +type testCase struct { + name string + expiryThreshold int + nodeTestFile string + kubeconfTestFile string + tlsSecretTestFile string + nodeExpirationYear string + expectedExpiringNodeCount int + expectedExpiringKubeConfigCount int + expectedExpiringTLSSecretCount int +} + +var ( + testCases = []*testCase{ + { + name: "empty-expect-error", + expectedExpiringNodeCount: 0, + expectedExpiringKubeConfigCount: 0, + expectedExpiringTLSSecretCount: 0, + }, + { + name: "node-cert-expiring", + nodeTestFile: nodeFile, + nodeExpirationYear: "2021", + expiryThreshold: testThreshold, // 20 years + expectedExpiringNodeCount: 1, + }, + { + name: "node-cert-not-expiring", + nodeExpirationYear: "2025", + nodeTestFile: nodeFile, + expiryThreshold: 10, + expectedExpiringNodeCount: 0, + }, + { + name: "all-certs-not-expiring", + nodeExpirationYear: "2025", + nodeTestFile: nodeFile, + tlsSecretTestFile: tlsSecretFile, + kubeconfTestFile: kubeconfFile, + expiryThreshold: 1, + expectedExpiringNodeCount: 0, + expectedExpiringKubeConfigCount: 0, + expectedExpiringTLSSecretCount: 0, + }, + { + name: "all-certs-expiring", + nodeExpirationYear: "2021", + nodeTestFile: nodeFile, + tlsSecretTestFile: tlsSecretFile, + kubeconfTestFile: kubeconfFile, + expiryThreshold: testThreshold, + expectedExpiringNodeCount: 1, + expectedExpiringKubeConfigCount: 1, + expectedExpiringTLSSecretCount: 1, + }, + } +) + +func TestCheckExpiration(t *testing.T) { + for _, testCase := range testCases { + cfg, _ := testutil.InitConfig(t) + settings := func() (*config.Config, error) { + return cfg, nil + } + + var objects []runtime.Object + + if testCase.nodeExpirationYear != "" && testCase.nodeTestFile != "" { + objects = append(objects, getNodeObject(t, testCase.nodeTestFile, testCase.nodeExpirationYear)) + } + + if testCase.tlsSecretTestFile != "" { + objects = append(objects, getSecretObject(t, testCase.tlsSecretTestFile)) + } + + if testCase.kubeconfTestFile != "" { + objects = append(objects, getSecretObject(t, testCase.kubeconfTestFile)) + } + + ra := fake.WithTypedObjects(objects...) + + clientFactory := func(_ string, _ string) (client.Interface, error) { + return fake.NewClient(ra), nil + } + + store, err := checkexpiration.NewStore(settings, clientFactory, "", "", testCase.expiryThreshold) + assert.NoError(t, err) + + expirationInfo := store.GetExpiringCertificates() + + assert.Len(t, expirationInfo.Kubeconfs, testCase.expectedExpiringKubeConfigCount) + + assert.Len(t, expirationInfo.TLSSecrets, testCase.expectedExpiringTLSSecretCount) + + assert.Len(t, expirationInfo.NodeCerts, testCase.expectedExpiringNodeCount) + } +} diff --git a/pkg/cluster/checkexpiration/command_test.go b/pkg/cluster/checkexpiration/command_test.go index 63b1da05d..4a61cadb0 100644 --- a/pkg/cluster/checkexpiration/command_test.go +++ b/pkg/cluster/checkexpiration/command_test.go @@ -17,6 +17,7 @@ package checkexpiration_test import ( "bytes" "io/ioutil" + "strings" "testing" "github.com/stretchr/testify/assert" @@ -34,7 +35,11 @@ import ( ) const ( - testThreshold = 5000 + testThreshold = 7200 + + nodeFile = "testdata/node.yaml" + kubeconfFile = "testdata/kubeconfig.yaml" + tlsSecretFile = "testdata/tls-secret.yaml" //nolint:gosec expectedJSONOutput = ` { "tlsSecrets": [ @@ -179,9 +184,9 @@ func TestRunE(t *testing.T) { for _, tt := range tests { t.Run(tt.testCaseName, func(t *testing.T) { objects := []runtime.Object{ - getSecretObject(t, "testdata/tls-secret.yaml"), - getSecretObject(t, "testdata/kubeconfig.yaml"), - getNodeObject(t, "testdata/node.yaml"), + getSecretObject(t, tlsSecretFile), + getSecretObject(t, kubeconfFile), + getNodeObject(t, nodeFile, "2021"), } ra := fake.WithTypedObjects(objects...) @@ -223,13 +228,16 @@ func getSecretObject(t *testing.T, fileName string) *v1.Secret { return secret } -func getNodeObject(t *testing.T, fileName string) *v1.Node { +func getNodeObject(t *testing.T, fileName string, expirationYear string) *v1.Node { t.Helper() object := readObjectFromFile(t, fileName) node, ok := object.(*v1.Node) require.True(t, ok) + node.Annotations["cert-expiration"] = strings.ReplaceAll(node.Annotations["cert-expiration"], + "{{year}}", expirationYear) + return node } diff --git a/pkg/cluster/checkexpiration/testdata/node.yaml b/pkg/cluster/checkexpiration/testdata/node.yaml index 7d4d174ea..8e1b99c8d 100644 --- a/pkg/cluster/checkexpiration/testdata/node.yaml +++ b/pkg/cluster/checkexpiration/testdata/node.yaml @@ -2,5 +2,5 @@ apiVersion: v1 kind: Node metadata: annotations: - cert-expiration: "{ admin.conf: Aug 06, 2021 12:36 UTC },{ apiserver: Aug 06, 2021 12:36 UTC },{ apiserver-etcd-client: Aug 06, 2021 12:36 UTC },{ apiserver-kubelet-client: Aug 06, 2021 12:36 UTC },{ controller-manager.conf: Aug 06, 2021 12:36 UTC },{ etcd-healthcheck-client: Aug 06, 2021 12:36 UTC },{ etcd-peer: Aug 06, 2021 12:36 UTC },{ etcd-server: Aug 06, 2021 12:36 UTC },{ front-proxy-client: Aug 06, 2021 12:36 UTC },{ scheduler.conf: Aug 06, 2021 12:36 UTC },{ ca: Aug 04, 2021 12:36 UTC },{ etcd-ca: Aug 04, 2021 12:36 UTC },{ front-proxy-ca: Aug 04, 2021 12:36 UTC }" + cert-expiration: "{ admin.conf: Aug 06, {{year}} 12:36 UTC },{ apiserver: Aug 06, {{year}} 12:36 UTC },{ apiserver-etcd-client: Aug 06, {{year}} 12:36 UTC },{ apiserver-kubelet-client: Aug 06, {{year}} 12:36 UTC },{ controller-manager.conf: Aug 06, {{year}} 12:36 UTC },{ etcd-healthcheck-client: Aug 06, {{year}} 12:36 UTC },{ etcd-peer: Aug 06, {{year}} 12:36 UTC },{ etcd-server: Aug 06, {{year}} 12:36 UTC },{ front-proxy-client: Aug 06, {{year}} 12:36 UTC },{ scheduler.conf: Aug 06, {{year}} 12:36 UTC },{ ca: Aug 04, {{year}} 12:36 UTC },{ etcd-ca: Aug 04, {{year}} 12:36 UTC },{ front-proxy-ca: Aug 04, {{year}} 12:36 UTC }" name: test-node \ No newline at end of file