Skip to content

Commit ace9281

Browse files
mfojtikmfojtik
committed
e2e: add test for serviceaccountissuer
1 parent 4034d23 commit ace9281

File tree

2 files changed

+89
-44
lines changed

2 files changed

+89
-44
lines changed

test/e2e/bound_sa_token_test.go

-44
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,7 @@
11
package e2e
22

33
import (
4-
"bytes"
54
"context"
6-
"encoding/json"
75
"reflect"
86
"testing"
97
"time"
@@ -15,12 +13,10 @@ import (
1513
v1 "k8s.io/api/core/v1"
1614
apierrors "k8s.io/apimachinery/pkg/api/errors"
1715
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
18-
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
1916
"k8s.io/apimachinery/pkg/util/wait"
2017
"k8s.io/client-go/kubernetes"
2118
clientcorev1 "k8s.io/client-go/kubernetes/typed/core/v1"
2219

23-
configclient "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
2420
tokenctl "github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/boundsatokensignercontroller"
2521
"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/operatorclient"
2622
testlibrary "github.com/openshift/library-go/test/library"
@@ -222,43 +218,3 @@ func TestTokenRequestAndReview(t *testing.T) {
222218
require.Empty(t, trev.Status.Error)
223219
require.True(t, trev.Status.Authenticated)
224220
}
225-
226-
func pollForOperandIssuer(t *testing.T, client clientcorev1.CoreV1Interface, expectedIssuer string) error {
227-
return wait.PollImmediate(interval, regularTimeout, func() (done bool, err error) {
228-
configMap, err := client.ConfigMaps(operatorclient.TargetNamespace).Get(context.TODO(), "config", metav1.GetOptions{})
229-
if err != nil {
230-
t.Errorf("failed to retrieve apiserver config configmap: %v", err)
231-
return false, nil
232-
}
233-
// key has a .yaml extension but actual format is json
234-
rawConfig := configMap.Data["config.yaml"]
235-
if len(rawConfig) == 0 {
236-
t.Logf("config.yaml is empty in apiserver config configmap")
237-
return false, nil
238-
}
239-
config := map[string]interface{}{}
240-
if err := json.NewDecoder(bytes.NewBuffer([]byte(rawConfig))).Decode(&config); err != nil {
241-
t.Errorf("error parsing config, %v", err)
242-
return false, nil
243-
}
244-
issuers, found, err := unstructured.NestedStringSlice(config, "apiServerArguments", "service-account-issuer")
245-
if !found {
246-
t.Log("apiServerArguments.service-account-issuer not found in config")
247-
return false, nil
248-
}
249-
issuer := issuers[0]
250-
if !found || expectedIssuer != issuer {
251-
t.Logf("expected service account issuer to be %q, got %q", expectedIssuer, issuer)
252-
return false, nil
253-
}
254-
return true, nil
255-
})
256-
}
257-
258-
func setServiceAccountIssuer(t *testing.T, client configclient.ConfigV1Interface, issuer string) {
259-
auth, err := client.Authentications().Get(context.TODO(), "cluster", metav1.GetOptions{})
260-
require.NoError(t, err)
261-
auth.Spec.ServiceAccountIssuer = issuer
262-
_, err = client.Authentications().Update(context.TODO(), auth, metav1.UpdateOptions{})
263-
require.NoError(t, err)
264-
}

test/e2e/serviceaccountissuer_test.go

+89
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
package e2e
2+
3+
import (
4+
"bytes"
5+
"context"
6+
"encoding/json"
7+
configv1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
8+
testlibrary "github.com/openshift/library-go/test/library"
9+
"github.com/stretchr/testify/require"
10+
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
11+
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
12+
"k8s.io/apimachinery/pkg/util/wait"
13+
clientcorev1 "k8s.io/client-go/kubernetes/typed/core/v1"
14+
"reflect"
15+
"testing"
16+
17+
"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/operatorclient"
18+
)
19+
20+
func TestServiceAccountIssuer(t *testing.T) {
21+
kubeConfig, err := testlibrary.NewClientConfigForTest()
22+
require.NoError(t, err)
23+
24+
kubeClient, err := clientcorev1.NewForConfig(kubeConfig)
25+
require.NoError(t, err)
26+
27+
authConfigClient, err := configv1.NewForConfig(kubeConfig)
28+
require.NoError(t, err)
29+
30+
t.Run("serviceaccountissuer set in authentication config results in apiserver config", func(t *testing.T) {
31+
setServiceAccountIssuer(t, authConfigClient, "https://first.foo.bar")
32+
if err := pollForOperandIssuer(t, kubeClient, []string{"https://first.foo.bar"}); err != nil {
33+
t.Errorf(err.Error())
34+
}
35+
})
36+
37+
t.Run("second serviceaccountissuer set in authentication config results in apiserver config with two issuers", func(t *testing.T) {
38+
setServiceAccountIssuer(t, authConfigClient, "https://second.foo.bar")
39+
if err := pollForOperandIssuer(t, kubeClient, []string{"https://second.foo.bar", "https://first.foo.bar"}); err != nil {
40+
t.Errorf(err.Error())
41+
}
42+
})
43+
44+
t.Run("no serviceaccountissuer set in authentication config results in apiserver config with default issuer set", func(t *testing.T) {
45+
setServiceAccountIssuer(t, authConfigClient, "")
46+
if err := pollForOperandIssuer(t, kubeClient, []string{"https://kubernetes.default.svc"}); err != nil {
47+
t.Errorf(err.Error())
48+
}
49+
})
50+
51+
}
52+
func pollForOperandIssuer(t *testing.T, client clientcorev1.CoreV1Interface, expectedIssuers []string) error {
53+
return wait.PollImmediate(interval, regularTimeout, func() (done bool, err error) {
54+
configMap, err := client.ConfigMaps(operatorclient.TargetNamespace).Get(context.TODO(), "config", metav1.GetOptions{})
55+
if err != nil {
56+
t.Errorf("failed to retrieve apiserver config configmap: %v", err)
57+
return false, nil
58+
}
59+
// key has a .yaml extension but actual format is json
60+
rawConfig := configMap.Data["config.yaml"]
61+
if len(rawConfig) == 0 {
62+
t.Logf("config.yaml is empty in apiserver config configmap")
63+
return false, nil
64+
}
65+
config := map[string]interface{}{}
66+
if err := json.NewDecoder(bytes.NewBuffer([]byte(rawConfig))).Decode(&config); err != nil {
67+
t.Errorf("error parsing config, %v", err)
68+
return false, nil
69+
}
70+
issuers, found, err := unstructured.NestedStringSlice(config, "apiServerArguments", "service-account-issuer")
71+
if !found {
72+
t.Log("apiServerArguments.service-account-issuer not found in config")
73+
return false, nil
74+
}
75+
if !found || !reflect.DeepEqual(expectedIssuers, issuers) {
76+
t.Logf("expected service account issuers to be %#v, got %#v", expectedIssuers, issuers)
77+
return false, nil
78+
}
79+
return true, nil
80+
})
81+
}
82+
83+
func setServiceAccountIssuer(t *testing.T, client configv1.ConfigV1Interface, issuer string) {
84+
auth, err := client.Authentications().Get(context.TODO(), "cluster", metav1.GetOptions{})
85+
require.NoError(t, err)
86+
auth.Spec.ServiceAccountIssuer = issuer
87+
_, err = client.Authentications().Update(context.TODO(), auth, metav1.UpdateOptions{})
88+
require.NoError(t, err)
89+
}

0 commit comments

Comments
 (0)