mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-11-07 20:01:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: add ctest package and base for test suite

Browse Source 
This change adds ctest package which adds DefaultSuite and helper functions.

Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
This commit is contained in:
Dmitriy Matrenichev 2022-06-13 20:14:28 +08:00
parent 2aad3a1e49
commit 068f1b6d05
No known key found for this signature in database
GPG Key ID: D3363CF894E68892
7 changed files with 533 additions and 686 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
internal/app/machined/pkg/controllers/ctest/ctest.go Normal file
View File

@ -0,0 +1,131 @@
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
// Package ctest provides basic types and functions for controller testing.
package ctest
import (
"context"
"log"
"sync"
"testing"
"time"
"github.com/cosi-project/runtime/pkg/controller/runtime"
"github.com/cosi-project/runtime/pkg/resource"
"github.com/cosi-project/runtime/pkg/safe"
"github.com/cosi-project/runtime/pkg/state"
"github.com/cosi-project/runtime/pkg/state/impl/inmem"
"github.com/cosi-project/runtime/pkg/state/impl/namespaced"
"github.com/stretchr/testify/require"
"github.com/stretchr/testify/suite"
"github.com/talos-systems/go-retry/retry"
"github.com/talos-systems/talos/pkg/logging"
)
// DefaultSuite is a base suite for controller testing.
type DefaultSuite struct { //nolint:govet
suite.Suite
state state.State
runtime *runtime.Runtime
wg sync.WaitGroup
ctx context.Context //nolint:containedctx
ctxCancel context.CancelFunc
AfterSetup func(suite *DefaultSuite)
AfterTearDown func(suite *DefaultSuite)
}
// SetupTest is a function for setting up a test.
func (suite *DefaultSuite) SetupTest() {
suite.ctx, suite.ctxCancel = context.WithTimeout(context.Background(), 3*time.Minute)
suite.state = state.WrapCore(namespaced.NewState(inmem.Build))
var err error
suite.runtime, err = runtime.NewRuntime(suite.state, logging.Wrap(log.Writer()))
suite.Require().NoError(err)
suite.startRuntime()
if suite.AfterSetup != nil {
suite.AfterSetup(suite)
}
}
func (suite *DefaultSuite) startRuntime() {
suite.wg.Add(1)
go func() {
defer suite.wg.Done()
suite.Assert().NoError(suite.runtime.Run(suite.ctx))
}()
}
// Runtime returns the runtime of the suite.
func (suite *DefaultSuite) Runtime() *runtime.Runtime {
return suite.runtime
}
// State returns the state of the suite.
func (suite *DefaultSuite) State() state.State {
return suite.state
}
// Ctx returns the context of the suite.
func (suite *DefaultSuite) Ctx() context.Context {
return suite.ctx
}
// AssertWithin asserts that fn returns within the given duration without an error.
func (suite *DefaultSuite) AssertWithin(d time.Duration, rate time.Duration, fn func() error) {
retryer := retry.Constant(d, retry.WithUnits(rate))
suite.Assert().NoError(retryer.Retry(fn))
}
// TearDownTest is a function for tearing down a test.
func (suite *DefaultSuite) TearDownTest() {
suite.T().Log("tear down")
suite.ctxCancel()
suite.wg.Wait()
if suite.AfterTearDown != nil {
suite.AfterTearDown(suite)
}
}
// Suite is a type which dectibes the suite type.
type Suite interface {
T() *testing.T
Require() *require.Assertions
State() state.State
Ctx() context.Context
}
// UpdateWithConflicts is a type safe wrapper around state.UpdateWithConflicts which uses the provided suite.
func UpdateWithConflicts[T resource.Resource](suite Suite, res T, updateFn func(T) error, options ...state.UpdateOption) T { //nolint:ireturn
suite.T().Helper()
result, err := safe.StateUpdateWithConflicts(suite.Ctx(), suite.State(), res.Metadata(), updateFn, options...)
suite.Require().NoError(err)
return result
}
// GetUsingResource is a type safe wrapper around state.StateGetResource which uses the provided suite.
func GetUsingResource[T resource.Resource](suite Suite, res T, options ...state.GetOption) (T, error) { //nolint:ireturn
return safe.StateGetResource(suite.Ctx(), suite.State(), res, options...)
}
// Get is a type safe wrapper around state.Get which uses the provided suite.
func Get[T resource.Resource](suite Suite, ptr resource.Pointer, options ...state.GetOption) (T, error) { //nolint:ireturn
return safe.StateGet[T](suite.Ctx(), suite.State(), ptr, options...)
}

172
internal/app/machined/pkg/controllers/secrets/api_cert_sans_test.go
View File

@ -6,65 +6,36 @@
package secrets_test package secrets_test
import ( import (
"context"
"fmt" "fmt"
"log"
"reflect" "reflect"
"sync"
"testing" "testing"
"time" "time"
"github.com/cosi-project/runtime/pkg/controller/runtime"
"github.com/cosi-project/runtime/pkg/resource" "github.com/cosi-project/runtime/pkg/resource"
"github.com/cosi-project/runtime/pkg/state" "github.com/cosi-project/runtime/pkg/state"
"github.com/cosi-project/runtime/pkg/state/impl/inmem"
"github.com/cosi-project/runtime/pkg/state/impl/namespaced"
"github.com/stretchr/testify/suite" "github.com/stretchr/testify/suite"
"github.com/talos-systems/go-retry/retry" "github.com/talos-systems/go-retry/retry"
"inet.af/netaddr" "inet.af/netaddr"
"github.com/talos-systems/talos/internal/app/machined/pkg/controllers/ctest"
secretsctrl "github.com/talos-systems/talos/internal/app/machined/pkg/controllers/secrets" secretsctrl "github.com/talos-systems/talos/internal/app/machined/pkg/controllers/secrets"
"github.com/talos-systems/talos/pkg/logging"
"github.com/talos-systems/talos/pkg/machinery/resources/k8s" "github.com/talos-systems/talos/pkg/machinery/resources/k8s"
"github.com/talos-systems/talos/pkg/machinery/resources/network" "github.com/talos-systems/talos/pkg/machinery/resources/network"
"github.com/talos-systems/talos/pkg/machinery/resources/secrets" "github.com/talos-systems/talos/pkg/machinery/resources/secrets"
) )
func TestAPICertSANsSuite(t *testing.T) {
suite.Run(t, &APICertSANsSuite{
DefaultSuite: ctest.DefaultSuite{
AfterSetup: func(suite *ctest.DefaultSuite) {
suite.Require().NoError(suite.Runtime().RegisterController(&secretsctrl.APICertSANsController{}))
},
},
})
}
type APICertSANsSuite struct { type APICertSANsSuite struct {
suite.Suite ctest.DefaultSuite
state state.State
runtime *runtime.Runtime
wg sync.WaitGroup
ctx context.Context //nolint:containedctx
ctxCancel context.CancelFunc
}
func (suite *APICertSANsSuite) SetupTest() {
suite.ctx, suite.ctxCancel = context.WithTimeout(context.Background(), 3*time.Minute)
suite.state = state.WrapCore(namespaced.NewState(inmem.Build))
var err error
suite.runtime, err = runtime.NewRuntime(suite.state, logging.Wrap(log.Writer()))
suite.Require().NoError(err)
suite.Require().NoError(suite.runtime.RegisterController(&secretsctrl.APICertSANsController{}))
suite.startRuntime()
}
func (suite *APICertSANsSuite) startRuntime() {
suite.wg.Add(1)
go func() {
defer suite.wg.Done()
suite.Assert().NoError(suite.runtime.Run(suite.ctx))
}()
} }
func (suite *APICertSANsSuite) TestReconcileControlPlane() { func (suite *APICertSANsSuite) TestReconcileControlPlane() {
@ -72,12 +43,12 @@ func (suite *APICertSANsSuite) TestReconcileControlPlane() {
rootSecrets.TypedSpec().CertSANDNSNames = []string{"some.org"} rootSecrets.TypedSpec().CertSANDNSNames = []string{"some.org"}
rootSecrets.TypedSpec().CertSANIPs = []netaddr.IP{netaddr.MustParseIP("10.4.3.2"), netaddr.MustParseIP("10.2.1.3")} rootSecrets.TypedSpec().CertSANIPs = []netaddr.IP{netaddr.MustParseIP("10.4.3.2"), netaddr.MustParseIP("10.2.1.3")}
suite.Require().NoError(suite.state.Create(suite.ctx, rootSecrets)) suite.Require().NoError(suite.State().Create(suite.Ctx(), rootSecrets))
hostnameStatus := network.NewHostnameStatus(network.NamespaceName, network.HostnameID) hostnameStatus := network.NewHostnameStatus(network.NamespaceName, network.HostnameID)
hostnameStatus.TypedSpec().Hostname = "bar" hostnameStatus.TypedSpec().Hostname = "bar"
hostnameStatus.TypedSpec().Domainname = "some.org" hostnameStatus.TypedSpec().Domainname = "some.org"
suite.Require().NoError(suite.state.Create(suite.ctx, hostnameStatus)) suite.Require().NoError(suite.State().Create(suite.Ctx(), hostnameStatus))
nodeAddresses := network.NewNodeAddress( nodeAddresses := network.NewNodeAddress(
network.NamespaceName, network.NamespaceName,
@ -87,84 +58,63 @@ func (suite *APICertSANsSuite) TestReconcileControlPlane() {
netaddr.MustParseIPPrefix("10.2.1.3/24"), netaddr.MustParseIPPrefix("10.2.1.3/24"),
netaddr.MustParseIPPrefix("172.16.0.1/32"), netaddr.MustParseIPPrefix("172.16.0.1/32"),
} }
suite.Require().NoError(suite.state.Create(suite.ctx, nodeAddresses)) suite.Require().NoError(suite.State().Create(suite.Ctx(), nodeAddresses))
suite.Assert().NoError( suite.AssertWithin(10*time.Second, 100*time.Millisecond, func() error {
retry.Constant(10*time.Second, retry.WithUnits(100*time.Millisecond)).Retry( certSANs, err := ctest.Get[*secrets.CertSAN](
func() error { suite,
certSANs, err := suite.state.Get( resource.NewMetadata(
suite.ctx, secrets.NamespaceName,
resource.NewMetadata( secrets.CertSANType,
secrets.NamespaceName, secrets.CertSANAPIID,
secrets.CertSANType, resource.VersionUndefined,
secrets.CertSANAPIID, ),
resource.VersionUndefined, )
), if err != nil {
) if state.IsNotFoundError(err) {
if err != nil { return retry.ExpectedError(err)
if state.IsNotFoundError(err) { }
return retry.ExpectedError(err)
}
return err return err
} }
spec := certSANs.(*secrets.CertSAN).TypedSpec() spec := certSANs.TypedSpec()
suite.Assert().Equal([]string{"bar", "bar.some.org", "some.org"}, spec.DNSNames) suite.Assert().Equal([]string{"bar", "bar.some.org", "some.org"}, spec.DNSNames)
suite.Assert().Equal("[10.2.1.3 10.4.3.2 172.16.0.1]", fmt.Sprintf("%v", spec.IPs)) suite.Assert().Equal("[10.2.1.3 10.4.3.2 172.16.0.1]", fmt.Sprintf("%v", spec.IPs))
suite.Assert().Equal("bar.some.org", spec.FQDN) suite.Assert().Equal("bar.some.org", spec.FQDN)
return nil
},
),
)
_, err := suite.state.UpdateWithConflicts(suite.ctx, rootSecrets.Metadata(), func(r resource.Resource) error {
r.(*secrets.OSRoot).TypedSpec().CertSANDNSNames = []string{"other.org"}
return nil return nil
}) })
suite.Require().NoError(err)
suite.Assert().NoError( ctest.UpdateWithConflicts(suite, rootSecrets, func(rootSecrets *secrets.OSRoot) error {
retry.Constant(10*time.Second, retry.WithUnits(100*time.Millisecond)).Retry( rootSecrets.TypedSpec().CertSANDNSNames = []string{"other.org"}
func() error {
certSANs, err := suite.state.Get(
suite.ctx,
resource.NewMetadata(
secrets.NamespaceName,
secrets.CertSANType,
secrets.CertSANAPIID,
resource.VersionUndefined,
),
)
if err != nil {
return err
}
spec := certSANs.(*secrets.CertSAN).TypedSpec() return nil
})
expectedDNSNames := []string{"bar", "bar.some.org", "other.org"} suite.AssertWithin(10*time.Second, 100*time.Millisecond, func() error {
certSANs, err := ctest.Get[*secrets.CertSAN](
suite,
resource.NewMetadata(
secrets.NamespaceName,
secrets.CertSANType,
secrets.CertSANAPIID,
resource.VersionUndefined,
),
)
if err != nil {
return err
}
if !reflect.DeepEqual(expectedDNSNames, spec.DNSNames) { spec := certSANs.TypedSpec()
return retry.ExpectedErrorf("expected %v, got %v", expectedDNSNames, spec.DNSNames)
}
return nil expectedDNSNames := []string{"bar", "bar.some.org", "other.org"}
},
), if !reflect.DeepEqual(expectedDNSNames, spec.DNSNames) {
) return retry.ExpectedErrorf("expected %v, got %v", expectedDNSNames, spec.DNSNames)
} }
func (suite *APICertSANsSuite) TearDownTest() { return nil
suite.T().Log("tear down") })
suite.ctxCancel()
suite.wg.Wait()
}
func TestAPICertSANsSuite(t *testing.T) {
suite.Run(t, new(APICertSANsSuite))
} }

164
internal/app/machined/pkg/controllers/secrets/api_test.go
View File

@ -6,26 +6,20 @@
package secrets_test package secrets_test
import ( import (
"context"
stdlibx509 "crypto/x509" stdlibx509 "crypto/x509"
"fmt" "fmt"
"log"
"sync"
"testing" "testing"
"time" "time"
"github.com/cosi-project/runtime/pkg/controller/runtime"
"github.com/cosi-project/runtime/pkg/resource" "github.com/cosi-project/runtime/pkg/resource"
"github.com/cosi-project/runtime/pkg/state" "github.com/cosi-project/runtime/pkg/state"
"github.com/cosi-project/runtime/pkg/state/impl/inmem"
"github.com/cosi-project/runtime/pkg/state/impl/namespaced"
"github.com/stretchr/testify/suite" "github.com/stretchr/testify/suite"
"github.com/talos-systems/crypto/x509" "github.com/talos-systems/crypto/x509"
"github.com/talos-systems/go-retry/retry" "github.com/talos-systems/go-retry/retry"
"inet.af/netaddr" "inet.af/netaddr"
"github.com/talos-systems/talos/internal/app/machined/pkg/controllers/ctest"
secretsctrl "github.com/talos-systems/talos/internal/app/machined/pkg/controllers/secrets" secretsctrl "github.com/talos-systems/talos/internal/app/machined/pkg/controllers/secrets"
"github.com/talos-systems/talos/pkg/logging"
"github.com/talos-systems/talos/pkg/machinery/config/types/v1alpha1/machine" "github.com/talos-systems/talos/pkg/machinery/config/types/v1alpha1/machine"
"github.com/talos-systems/talos/pkg/machinery/resources/config" "github.com/talos-systems/talos/pkg/machinery/resources/config"
"github.com/talos-systems/talos/pkg/machinery/resources/network" "github.com/talos-systems/talos/pkg/machinery/resources/network"
@ -33,41 +27,18 @@ import (
"github.com/talos-systems/talos/pkg/machinery/role" "github.com/talos-systems/talos/pkg/machinery/role"
) )
func TestAPISuite(t *testing.T) {
suite.Run(t, &APISuite{
DefaultSuite: ctest.DefaultSuite{
AfterSetup: func(suite *ctest.DefaultSuite) {
suite.Require().NoError(suite.Runtime().RegisterController(&secretsctrl.APIController{}))
},
},
})
}
type APISuite struct { type APISuite struct {
suite.Suite ctest.DefaultSuite
state state.State
runtime *runtime.Runtime
wg sync.WaitGroup
ctx context.Context //nolint:containedctx
ctxCancel context.CancelFunc
}
func (suite *APISuite) SetupTest() {
suite.ctx, suite.ctxCancel = context.WithTimeout(context.Background(), 3*time.Minute)
suite.state = state.WrapCore(namespaced.NewState(inmem.Build))
var err error
suite.runtime, err = runtime.NewRuntime(suite.state, logging.Wrap(log.Writer()))
suite.Require().NoError(err)
suite.Require().NoError(suite.runtime.RegisterController(&secretsctrl.APIController{}))
suite.startRuntime()
}
func (suite *APISuite) startRuntime() {
suite.wg.Add(1)
go func() {
defer suite.wg.Done()
suite.Assert().NoError(suite.runtime.Run(suite.ctx))
}()
} }
func (suite *APISuite) TestReconcileControlPlane() { func (suite *APISuite) TestReconcileControlPlane() {
@ -85,16 +56,16 @@ func (suite *APISuite) TestReconcileControlPlane() {
rootSecrets.TypedSpec().CertSANDNSNames = []string{"example.com"} rootSecrets.TypedSpec().CertSANDNSNames = []string{"example.com"}
rootSecrets.TypedSpec().CertSANIPs = []netaddr.IP{netaddr.MustParseIP("10.4.3.2"), netaddr.MustParseIP("10.2.1.3")} rootSecrets.TypedSpec().CertSANIPs = []netaddr.IP{netaddr.MustParseIP("10.4.3.2"), netaddr.MustParseIP("10.2.1.3")}
rootSecrets.TypedSpec().Token = "something" rootSecrets.TypedSpec().Token = "something"
suite.Require().NoError(suite.state.Create(suite.ctx, rootSecrets)) suite.Require().NoError(suite.State().Create(suite.Ctx(), rootSecrets))
machineType := config.NewMachineType() machineType := config.NewMachineType()
machineType.SetMachineType(machine.TypeControlPlane) machineType.SetMachineType(machine.TypeControlPlane)
suite.Require().NoError(suite.state.Create(suite.ctx, machineType)) suite.Require().NoError(suite.State().Create(suite.Ctx(), machineType))
networkStatus := network.NewStatus(network.NamespaceName, network.StatusID) networkStatus := network.NewStatus(network.NamespaceName, network.StatusID)
networkStatus.TypedSpec().AddressReady = true networkStatus.TypedSpec().AddressReady = true
networkStatus.TypedSpec().HostnameReady = true networkStatus.TypedSpec().HostnameReady = true
suite.Require().NoError(suite.state.Create(suite.ctx, networkStatus)) suite.Require().NoError(suite.State().Create(suite.Ctx(), networkStatus))
certSANs := secrets.NewCertSAN(secrets.NamespaceName, secrets.CertSANAPIID) certSANs := secrets.NewCertSAN(secrets.NamespaceName, secrets.CertSANAPIID)
certSANs.TypedSpec().Append( certSANs.TypedSpec().Append(
@ -108,77 +79,60 @@ func (suite *APISuite) TestReconcileControlPlane() {
certSANs.TypedSpec().FQDN = "foo.example.com" certSANs.TypedSpec().FQDN = "foo.example.com"
suite.Require().NoError(suite.state.Create(suite.ctx, certSANs)) suite.Require().NoError(suite.State().Create(suite.Ctx(), certSANs))
suite.AssertWithin(10*time.Second, 100*time.Millisecond, func() error {
certs, err := ctest.Get[*secrets.API](
suite,
resource.NewMetadata(
secrets.NamespaceName,
secrets.APIType,
secrets.APIID,
resource.VersionUndefined,
),
)
if err != nil {
if state.IsNotFoundError(err) {
return retry.ExpectedError(err)
}
suite.Assert().NoError( return err
retry.Constant(10*time.Second, retry.WithUnits(100*time.Millisecond)).Retry( }
func() error {
certs, err := suite.state.Get(
suite.ctx,
resource.NewMetadata(
secrets.NamespaceName,
secrets.APIType,
secrets.APIID,
resource.VersionUndefined,
),
)
if err != nil {
if state.IsNotFoundError(err) {
return retry.ExpectedError(err)
}
return err apiCerts := certs.TypedSpec()
}
apiCerts := certs.(*secrets.API).TypedSpec() suite.Assert().Equal(talosCA.CrtPEM, apiCerts.CA.Crt)
suite.Assert().Nil(apiCerts.CA.Key)
suite.Assert().Equal(talosCA.CrtPEM, apiCerts.CA.Crt) serverCert, err := apiCerts.Server.GetCert()
suite.Assert().Nil(apiCerts.CA.Key) suite.Require().NoError(err)
serverCert, err := apiCerts.Server.GetCert() suite.Assert().Equal([]string{"example.com", "foo", "foo.example.com"}, serverCert.DNSNames)
suite.Require().NoError(err) suite.Assert().Equal("[10.2.1.3 10.4.3.2 172.16.0.1]", fmt.Sprintf("%v", serverCert.IPAddresses))
suite.Assert().Equal([]string{"example.com", "foo", "foo.example.com"}, serverCert.DNSNames) suite.Assert().Equal("foo.example.com", serverCert.Subject.CommonName)
suite.Assert().Equal("[10.2.1.3 10.4.3.2 172.16.0.1]", fmt.Sprintf("%v", serverCert.IPAddresses)) suite.Assert().Empty(serverCert.Subject.Organization)
suite.Assert().Equal("foo.example.com", serverCert.Subject.CommonName) suite.Assert().Equal(
suite.Assert().Empty(serverCert.Subject.Organization) stdlibx509.KeyUsageDigitalSignature|stdlibx509.KeyUsageKeyEncipherment,
serverCert.KeyUsage,
)
suite.Assert().Equal([]stdlibx509.ExtKeyUsage{stdlibx509.ExtKeyUsageServerAuth}, serverCert.ExtKeyUsage)
suite.Assert().Equal( clientCert, err := apiCerts.Client.GetCert()
stdlibx509.KeyUsageDigitalSignature|stdlibx509.KeyUsageKeyEncipherment, suite.Require().NoError(err)
serverCert.KeyUsage,
)
suite.Assert().Equal([]stdlibx509.ExtKeyUsage{stdlibx509.ExtKeyUsageServerAuth}, serverCert.ExtKeyUsage)
clientCert, err := apiCerts.Client.GetCert() suite.Assert().Empty(clientCert.DNSNames)
suite.Require().NoError(err) suite.Assert().Empty(clientCert.IPAddresses)
suite.Assert().Empty(clientCert.DNSNames) suite.Assert().Equal("foo.example.com", clientCert.Subject.CommonName)
suite.Assert().Empty(clientCert.IPAddresses) suite.Assert().Equal([]string{string(role.Impersonator)}, clientCert.Subject.Organization)
suite.Assert().Equal("foo.example.com", clientCert.Subject.CommonName) suite.Assert().Equal(
suite.Assert().Equal([]string{string(role.Impersonator)}, clientCert.Subject.Organization) stdlibx509.KeyUsageDigitalSignature|stdlibx509.KeyUsageKeyEncipherment,
clientCert.KeyUsage,
)
suite.Assert().Equal([]stdlibx509.ExtKeyUsage{stdlibx509.ExtKeyUsageClientAuth}, clientCert.ExtKeyUsage)
suite.Assert().Equal( return nil
stdlibx509.KeyUsageDigitalSignature|stdlibx509.KeyUsageKeyEncipherment, })
clientCert.KeyUsage,
)
suite.Assert().Equal([]stdlibx509.ExtKeyUsage{stdlibx509.ExtKeyUsageClientAuth}, clientCert.ExtKeyUsage)
return nil
},
),
)
}
func (suite *APISuite) TearDownTest() {
suite.T().Log("tear down")
suite.ctxCancel()
suite.wg.Wait()
}
func TestAPISuite(t *testing.T) {
suite.Run(t, new(APISuite))
} }

73
internal/app/machined/pkg/controllers/secrets/kubelet_test.go
View File

@ -6,64 +6,35 @@
package secrets_test package secrets_test
import ( import (
"context"
"log"
"net/url" "net/url"
"sync"
"testing" "testing"
"time" "time"
"github.com/cosi-project/runtime/pkg/controller/runtime"
"github.com/cosi-project/runtime/pkg/resource" "github.com/cosi-project/runtime/pkg/resource"
"github.com/cosi-project/runtime/pkg/state" "github.com/cosi-project/runtime/pkg/state"
"github.com/cosi-project/runtime/pkg/state/impl/inmem"
"github.com/cosi-project/runtime/pkg/state/impl/namespaced"
"github.com/stretchr/testify/suite" "github.com/stretchr/testify/suite"
"github.com/talos-systems/crypto/x509" "github.com/talos-systems/crypto/x509"
"github.com/talos-systems/go-retry/retry" "github.com/talos-systems/go-retry/retry"
"github.com/talos-systems/talos/internal/app/machined/pkg/controllers/ctest"
secretsctrl "github.com/talos-systems/talos/internal/app/machined/pkg/controllers/secrets" secretsctrl "github.com/talos-systems/talos/internal/app/machined/pkg/controllers/secrets"
"github.com/talos-systems/talos/pkg/logging"
"github.com/talos-systems/talos/pkg/machinery/config/types/v1alpha1" "github.com/talos-systems/talos/pkg/machinery/config/types/v1alpha1"
"github.com/talos-systems/talos/pkg/machinery/resources/config" "github.com/talos-systems/talos/pkg/machinery/resources/config"
"github.com/talos-systems/talos/pkg/machinery/resources/secrets" "github.com/talos-systems/talos/pkg/machinery/resources/secrets"
) )
func TestKubeletSuite(t *testing.T) {
suite.Run(t, &KubeletSuite{
DefaultSuite: ctest.DefaultSuite{
AfterSetup: func(suite *ctest.DefaultSuite) {
suite.Require().NoError(suite.Runtime().RegisterController(&secretsctrl.KubeletController{}))
},
},
})
}
type KubeletSuite struct { type KubeletSuite struct {
suite.Suite ctest.DefaultSuite
state state.State
runtime *runtime.Runtime
wg sync.WaitGroup
ctx context.Context //nolint:containedctx
ctxCancel context.CancelFunc
}
func (suite *KubeletSuite) SetupTest() {
suite.ctx, suite.ctxCancel = context.WithTimeout(context.Background(), 3*time.Minute)
suite.state = state.WrapCore(namespaced.NewState(inmem.Build))
var err error
suite.runtime, err = runtime.NewRuntime(suite.state, logging.Wrap(log.Writer()))
suite.Require().NoError(err)
suite.Require().NoError(suite.runtime.RegisterController(&secretsctrl.KubeletController{}))
suite.startRuntime()
}
func (suite *KubeletSuite) startRuntime() {
suite.wg.Add(1)
go func() {
defer suite.wg.Done()
suite.Assert().NoError(suite.runtime.Run(suite.ctx))
}()
} }
func (suite *KubeletSuite) TestReconcile() { func (suite *KubeletSuite) TestReconcile() {
@ -91,13 +62,13 @@ func (suite *KubeletSuite) TestReconcile() {
}, },
) )
suite.Require().NoError(suite.state.Create(suite.ctx, cfg)) suite.Require().NoError(suite.State().Create(suite.Ctx(), cfg))
suite.Assert().NoError( suite.Assert().NoError(
retry.Constant(10*time.Second, retry.WithUnits(100*time.Millisecond)).Retry( retry.Constant(10*time.Second, retry.WithUnits(100*time.Millisecond)).Retry(
func() error { func() error {
kubeletSecrets, err := suite.state.Get( kubeletSecrets, err := ctest.Get[*secrets.Kubelet](
suite.ctx, suite,
resource.NewMetadata( resource.NewMetadata(
secrets.NamespaceName, secrets.NamespaceName,
secrets.KubeletType, secrets.KubeletType,
@ -113,7 +84,7 @@ func (suite *KubeletSuite) TestReconcile() {
return err return err
} }
spec := kubeletSecrets.(*secrets.Kubelet).TypedSpec() spec := kubeletSecrets.TypedSpec()
suite.Assert().Equal("https://foo:6443", spec.Endpoint.String()) suite.Assert().Equal("https://foo:6443", spec.Endpoint.String())
suite.Assert().Equal(k8sCA, spec.CA) suite.Assert().Equal(k8sCA, spec.CA)
@ -125,15 +96,3 @@ func (suite *KubeletSuite) TestReconcile() {
), ),
) )
} }
func (suite *KubeletSuite) TearDownTest() {
suite.T().Log("tear down")
suite.ctxCancel()
suite.wg.Wait()
}
func TestKubeletSuite(t *testing.T) {
suite.Run(t, new(KubeletSuite))
}

212
internal/app/machined/pkg/controllers/secrets/kubernetes_cert_sans_test.go
View File

@ -6,67 +6,38 @@
package secrets_test package secrets_test
import ( import (
"context"
"fmt" "fmt"
"log"
"net" "net"
"net/url" "net/url"
"reflect" "reflect"
"sync"
"testing" "testing"
"time" "time"
"github.com/cosi-project/runtime/pkg/controller/runtime"
"github.com/cosi-project/runtime/pkg/resource" "github.com/cosi-project/runtime/pkg/resource"
"github.com/cosi-project/runtime/pkg/state" "github.com/cosi-project/runtime/pkg/state"
"github.com/cosi-project/runtime/pkg/state/impl/inmem"
"github.com/cosi-project/runtime/pkg/state/impl/namespaced"
"github.com/stretchr/testify/suite" "github.com/stretchr/testify/suite"
"github.com/talos-systems/go-retry/retry" "github.com/talos-systems/go-retry/retry"
"inet.af/netaddr" "inet.af/netaddr"
"github.com/talos-systems/talos/internal/app/machined/pkg/controllers/ctest"
secretsctrl "github.com/talos-systems/talos/internal/app/machined/pkg/controllers/secrets" secretsctrl "github.com/talos-systems/talos/internal/app/machined/pkg/controllers/secrets"
"github.com/talos-systems/talos/pkg/logging"
"github.com/talos-systems/talos/pkg/machinery/resources/k8s" "github.com/talos-systems/talos/pkg/machinery/resources/k8s"
"github.com/talos-systems/talos/pkg/machinery/resources/network" "github.com/talos-systems/talos/pkg/machinery/resources/network"
"github.com/talos-systems/talos/pkg/machinery/resources/secrets" "github.com/talos-systems/talos/pkg/machinery/resources/secrets"
) )
type KubernetesCertSANsSuite struct { type KubernetesCertSANsSuite struct {
suite.Suite ctest.DefaultSuite
state state.State
runtime *runtime.Runtime
wg sync.WaitGroup
ctx context.Context //nolint:containedctx
ctxCancel context.CancelFunc
} }
func (suite *KubernetesCertSANsSuite) SetupTest() { func TestKubernetesCertSANsSuite(t *testing.T) {
suite.ctx, suite.ctxCancel = context.WithTimeout(context.Background(), 3*time.Minute) suite.Run(t, &KubernetesCertSANsSuite{
DefaultSuite: ctest.DefaultSuite{
suite.state = state.WrapCore(namespaced.NewState(inmem.Build)) AfterSetup: func(suite *ctest.DefaultSuite) {
suite.Require().NoError(suite.Runtime().RegisterController(&secretsctrl.KubernetesCertSANsController{}))
var err error },
},
suite.runtime, err = runtime.NewRuntime(suite.state, logging.Wrap(log.Writer())) })
suite.Require().NoError(err)
suite.Require().NoError(suite.runtime.RegisterController(&secretsctrl.KubernetesCertSANsController{}))
suite.startRuntime()
}
func (suite *KubernetesCertSANsSuite) startRuntime() {
suite.wg.Add(1)
go func() {
defer suite.wg.Done()
suite.Assert().NoError(suite.runtime.Run(suite.ctx))
}()
} }
func (suite *KubernetesCertSANsSuite) TestReconcile() { func (suite *KubernetesCertSANsSuite) TestReconcile() {
@ -82,12 +53,12 @@ func (suite *KubernetesCertSANsSuite) TestReconcile() {
rootSecrets.TypedSpec().LocalEndpoint, err = url.Parse("https://localhost:6443/") rootSecrets.TypedSpec().LocalEndpoint, err = url.Parse("https://localhost:6443/")
suite.Require().NoError(err) suite.Require().NoError(err)
suite.Require().NoError(suite.state.Create(suite.ctx, rootSecrets)) suite.Require().NoError(suite.State().Create(suite.Ctx(), rootSecrets))
hostnameStatus := network.NewHostnameStatus(network.NamespaceName, network.HostnameID) hostnameStatus := network.NewHostnameStatus(network.NamespaceName, network.HostnameID)
hostnameStatus.TypedSpec().Hostname = "foo" hostnameStatus.TypedSpec().Hostname = "foo"
hostnameStatus.TypedSpec().Domainname = "example.com" hostnameStatus.TypedSpec().Domainname = "example.com"
suite.Require().NoError(suite.state.Create(suite.ctx, hostnameStatus)) suite.Require().NoError(suite.State().Create(suite.Ctx(), hostnameStatus))
nodeAddresses := network.NewNodeAddress( nodeAddresses := network.NewNodeAddress(
network.NamespaceName, network.NamespaceName,
@ -97,109 +68,86 @@ func (suite *KubernetesCertSANsSuite) TestReconcile() {
netaddr.MustParseIPPrefix("10.2.1.3/24"), netaddr.MustParseIPPrefix("10.2.1.3/24"),
netaddr.MustParseIPPrefix("172.16.0.1/32"), netaddr.MustParseIPPrefix("172.16.0.1/32"),
} }
suite.Require().NoError(suite.state.Create(suite.ctx, nodeAddresses)) suite.Require().NoError(suite.State().Create(suite.Ctx(), nodeAddresses))
suite.Assert().NoError( suite.AssertWithin(10*time.Second, 100*time.Millisecond, func() error {
retry.Constant(10*time.Second, retry.WithUnits(100*time.Millisecond)).Retry( certSANs, err := ctest.Get[*secrets.CertSAN](
func() error { suite,
var certSANs resource.Resource resource.NewMetadata(
secrets.NamespaceName,
secrets.CertSANType,
secrets.CertSANKubernetesID,
resource.VersionUndefined,
),
)
if err != nil {
if state.IsNotFoundError(err) {
return retry.ExpectedError(err)
}
certSANs, err = suite.state.Get( return err
suite.ctx, }
resource.NewMetadata(
secrets.NamespaceName,
secrets.CertSANType,
secrets.CertSANKubernetesID,
resource.VersionUndefined,
),
)
if err != nil {
if state.IsNotFoundError(err) {
return retry.ExpectedError(err)
}
return err spec := certSANs.TypedSpec()
}
spec := certSANs.(*secrets.CertSAN).TypedSpec() suite.Assert().Equal(
[]string{
"example.com",
"foo",
"foo.example.com",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster.remote",
"localhost",
"some.url",
}, spec.DNSNames,
)
suite.Assert().Equal("[10.2.1.3 10.4.3.2 172.16.0.1]", fmt.Sprintf("%v", spec.IPs))
suite.Assert().Equal( return nil
[]string{ })
"example.com",
"foo",
"foo.example.com",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster.remote",
"localhost",
"some.url",
}, spec.DNSNames,
)
suite.Assert().Equal("[10.2.1.3 10.4.3.2 172.16.0.1]", fmt.Sprintf("%v", spec.IPs))
return nil ctest.UpdateWithConflicts(suite, rootSecrets, func(rootSecrets *secrets.KubernetesRoot) error {
}, var err error
), rootSecrets.TypedSpec().Endpoint, err = url.Parse("https://some.other.url:6443/")
)
_, err = suite.state.UpdateWithConflicts(suite.ctx, rootSecrets.Metadata(), func(r resource.Resource) error {
r.(*secrets.KubernetesRoot).TypedSpec().Endpoint, err = url.Parse("https://some.other.url:6443/")
return err return err
}) })
suite.Require().NoError(err)
suite.Assert().NoError( suite.AssertWithin(10*time.Second, 100*time.Millisecond, func() error {
retry.Constant(10*time.Second, retry.WithUnits(100*time.Millisecond)).Retry( var certSANs resource.Resource
func() error { certSANs, err := ctest.Get[*secrets.CertSAN](
var certSANs resource.Resource suite,
resource.NewMetadata(
secrets.NamespaceName,
secrets.CertSANType,
secrets.CertSANKubernetesID,
resource.VersionUndefined,
),
)
if err != nil {
return err
}
certSANs, err = suite.state.Get( spec := certSANs.(*secrets.CertSAN).TypedSpec()
suite.ctx,
resource.NewMetadata(
secrets.NamespaceName,
secrets.CertSANType,
secrets.CertSANKubernetesID,
resource.VersionUndefined,
),
)
if err != nil {
return err
}
spec := certSANs.(*secrets.CertSAN).TypedSpec() expectedDNSNames := []string{
"example.com",
"foo",
"foo.example.com",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster.remote",
"localhost",
"some.other.url",
}
expectedDNSNames := []string{ if !reflect.DeepEqual(spec.DNSNames, expectedDNSNames) {
"example.com", return retry.ExpectedErrorf("expected %v, got %v", expectedDNSNames, spec.DNSNames)
"foo", }
"foo.example.com",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster.remote",
"localhost",
"some.other.url",
}
if !reflect.DeepEqual(spec.DNSNames, expectedDNSNames) { return nil
return retry.ExpectedErrorf("expected %v, got %v", expectedDNSNames, spec.DNSNames) })
}
return nil
},
),
)
}
func (suite *KubernetesCertSANsSuite) TearDownTest() {
suite.T().Log("tear down")
suite.ctxCancel()
suite.wg.Wait()
}
func TestKubernetesCertSANsSuite(t *testing.T) {
suite.Run(t, new(KubernetesCertSANsSuite))
} }

245
internal/app/machined/pkg/controllers/secrets/kubernetes_test.go
View File

@ -6,28 +6,22 @@
package secrets_test package secrets_test
import ( import (
"context"
stdlibx509 "crypto/x509" stdlibx509 "crypto/x509"
"fmt" "fmt"
"log"
"net" "net"
"net/url" "net/url"
"sync"
"testing" "testing"
"time" "time"
"github.com/cosi-project/runtime/pkg/controller/runtime"
"github.com/cosi-project/runtime/pkg/resource" "github.com/cosi-project/runtime/pkg/resource"
"github.com/cosi-project/runtime/pkg/state" "github.com/cosi-project/runtime/pkg/state"
"github.com/cosi-project/runtime/pkg/state/impl/inmem"
"github.com/cosi-project/runtime/pkg/state/impl/namespaced"
"github.com/stretchr/testify/suite" "github.com/stretchr/testify/suite"
"github.com/talos-systems/crypto/x509" "github.com/talos-systems/crypto/x509"
"github.com/talos-systems/go-retry/retry" "github.com/talos-systems/go-retry/retry"
"k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/tools/clientcmd"
"github.com/talos-systems/talos/internal/app/machined/pkg/controllers/ctest"
secretsctrl "github.com/talos-systems/talos/internal/app/machined/pkg/controllers/secrets" secretsctrl "github.com/talos-systems/talos/internal/app/machined/pkg/controllers/secrets"
"github.com/talos-systems/talos/pkg/logging"
"github.com/talos-systems/talos/pkg/machinery/config/types/v1alpha1/machine" "github.com/talos-systems/talos/pkg/machinery/config/types/v1alpha1/machine"
"github.com/talos-systems/talos/pkg/machinery/constants" "github.com/talos-systems/talos/pkg/machinery/constants"
"github.com/talos-systems/talos/pkg/machinery/resources/config" "github.com/talos-systems/talos/pkg/machinery/resources/config"
@ -36,41 +30,18 @@ import (
timeresource "github.com/talos-systems/talos/pkg/machinery/resources/time" timeresource "github.com/talos-systems/talos/pkg/machinery/resources/time"
) )
func TestKubernetesSuite(t *testing.T) {
suite.Run(t, &KubernetesSuite{
DefaultSuite: ctest.DefaultSuite{
AfterSetup: func(suite *ctest.DefaultSuite) {
suite.Require().NoError(suite.Runtime().RegisterController(&secretsctrl.KubernetesController{}))
},
},
})
}
type KubernetesSuite struct { type KubernetesSuite struct {
suite.Suite ctest.DefaultSuite
state state.State
runtime *runtime.Runtime
wg sync.WaitGroup
ctx context.Context //nolint:containedctx
ctxCancel context.CancelFunc
}
func (suite *KubernetesSuite) SetupTest() {
suite.ctx, suite.ctxCancel = context.WithTimeout(context.Background(), 3*time.Minute)
suite.state = state.WrapCore(namespaced.NewState(inmem.Build))
var err error
suite.runtime, err = runtime.NewRuntime(suite.state, logging.Wrap(log.Writer()))
suite.Require().NoError(err)
suite.Require().NoError(suite.runtime.RegisterController(&secretsctrl.KubernetesController{}))
suite.startRuntime()
}
func (suite *KubernetesSuite) startRuntime() {
suite.wg.Add(1)
go func() {
defer suite.wg.Done()
suite.Assert().NoError(suite.runtime.Run(suite.ctx))
}()
} }
func (suite *KubernetesSuite) TestReconcile() { func (suite *KubernetesSuite) TestReconcile() {
@ -111,16 +82,16 @@ func (suite *KubernetesSuite) TestReconcile() {
rootSecrets.TypedSpec().CertSANs = []string{"example.com"} rootSecrets.TypedSpec().CertSANs = []string{"example.com"}
rootSecrets.TypedSpec().APIServerIPs = []net.IP{net.ParseIP("10.4.3.2"), net.ParseIP("10.2.1.3")} rootSecrets.TypedSpec().APIServerIPs = []net.IP{net.ParseIP("10.4.3.2"), net.ParseIP("10.2.1.3")}
rootSecrets.TypedSpec().DNSDomain = "cluster.remote" rootSecrets.TypedSpec().DNSDomain = "cluster.remote"
suite.Require().NoError(suite.state.Create(suite.ctx, rootSecrets)) suite.Require().NoError(suite.State().Create(suite.Ctx(), rootSecrets))
machineType := config.NewMachineType() machineType := config.NewMachineType()
machineType.SetMachineType(machine.TypeControlPlane) machineType.SetMachineType(machine.TypeControlPlane)
suite.Require().NoError(suite.state.Create(suite.ctx, machineType)) suite.Require().NoError(suite.State().Create(suite.Ctx(), machineType))
networkStatus := network.NewStatus(network.NamespaceName, network.StatusID) networkStatus := network.NewStatus(network.NamespaceName, network.StatusID)
networkStatus.TypedSpec().AddressReady = true networkStatus.TypedSpec().AddressReady = true
networkStatus.TypedSpec().HostnameReady = true networkStatus.TypedSpec().HostnameReady = true
suite.Require().NoError(suite.state.Create(suite.ctx, networkStatus)) suite.Require().NoError(suite.State().Create(suite.Ctx(), networkStatus))
certSANs := secrets.NewCertSAN(secrets.NamespaceName, secrets.CertSANKubernetesID) certSANs := secrets.NewCertSAN(secrets.NamespaceName, secrets.CertSANKubernetesID)
certSANs.TypedSpec().Append( certSANs.TypedSpec().Append(
@ -137,128 +108,112 @@ func (suite *KubernetesSuite) TestReconcile() {
"10.4.3.2", "10.4.3.2",
"172.16.0.1", "172.16.0.1",
) )
suite.Require().NoError(suite.state.Create(suite.ctx, certSANs)) suite.Require().NoError(suite.State().Create(suite.Ctx(), certSANs))
timeSync := timeresource.NewStatus() timeSync := timeresource.NewStatus()
*timeSync.TypedSpec() = timeresource.StatusSpec{ *timeSync.TypedSpec() = timeresource.StatusSpec{
Synced: true, Synced: true,
} }
suite.Require().NoError(suite.state.Create(suite.ctx, timeSync)) suite.Require().NoError(suite.State().Create(suite.Ctx(), timeSync))
suite.Assert().NoError( suite.AssertWithin(10*time.Second, 100*time.Millisecond, func() error {
retry.Constant(10*time.Second, retry.WithUnits(100*time.Millisecond)).Retry( certs, err := ctest.Get[*secrets.Kubernetes](
func() error { suite,
certs, err := suite.state.Get( resource.NewMetadata(
suite.ctx, secrets.NamespaceName,
resource.NewMetadata( secrets.KubernetesType,
secrets.NamespaceName, secrets.KubernetesID,
secrets.KubernetesType, resource.VersionUndefined,
secrets.KubernetesID, ),
resource.VersionUndefined, )
), if err != nil {
) if state.IsNotFoundError(err) {
if err != nil { return retry.ExpectedError(err)
if state.IsNotFoundError(err) { }
return retry.ExpectedError(err)
}
return err return err
} }
kubernetesCerts := certs.(*secrets.Kubernetes).TypedSpec() kubernetesCerts := certs.TypedSpec()
apiCert, err := kubernetesCerts.APIServer.GetCert() apiCert, err := kubernetesCerts.APIServer.GetCert()
suite.Require().NoError(err) suite.Require().NoError(err)
suite.Assert().Equal( suite.Assert().Equal(
[]string{ []string{
"example.com", "example.com",
"foo", "foo",
"foo.example.com", "foo.example.com",
"kubernetes", "kubernetes",
"kubernetes.default", "kubernetes.default",
"kubernetes.default.svc", "kubernetes.default.svc",
"kubernetes.default.svc.cluster.remote", "kubernetes.default.svc.cluster.remote",
"localhost", "localhost",
"some.url", "some.url",
}, apiCert.DNSNames, }, apiCert.DNSNames,
) )
suite.Assert().Equal("[10.2.1.3 10.4.3.2 172.16.0.1]", fmt.Sprintf("%v", apiCert.IPAddresses)) suite.Assert().Equal("[10.2.1.3 10.4.3.2 172.16.0.1]", fmt.Sprintf("%v", apiCert.IPAddresses))
suite.Assert().Equal("kube-apiserver", apiCert.Subject.CommonName) suite.Assert().Equal("kube-apiserver", apiCert.Subject.CommonName)
suite.Assert().Equal([]string{"kube-master"}, apiCert.Subject.Organization) suite.Assert().Equal([]string{"kube-master"}, apiCert.Subject.Organization)
suite.Assert().Equal( suite.Assert().Equal(
stdlibx509.KeyUsageDigitalSignature|stdlibx509.KeyUsageKeyEncipherment, stdlibx509.KeyUsageDigitalSignature|stdlibx509.KeyUsageKeyEncipherment,
apiCert.KeyUsage, apiCert.KeyUsage,
) )
suite.Assert().Equal([]stdlibx509.ExtKeyUsage{stdlibx509.ExtKeyUsageServerAuth}, apiCert.ExtKeyUsage) suite.Assert().Equal([]stdlibx509.ExtKeyUsage{stdlibx509.ExtKeyUsageServerAuth}, apiCert.ExtKeyUsage)
clientCert, err := kubernetesCerts.APIServerKubeletClient.GetCert() clientCert, err := kubernetesCerts.APIServerKubeletClient.GetCert()
suite.Require().NoError(err) suite.Require().NoError(err)
suite.Assert().Empty(clientCert.DNSNames) suite.Assert().Empty(clientCert.DNSNames)
suite.Assert().Empty(clientCert.IPAddresses) suite.Assert().Empty(clientCert.IPAddresses)
suite.Assert().Equal( suite.Assert().Equal(
constants.KubernetesAPIServerKubeletClientCommonName, constants.KubernetesAPIServerKubeletClientCommonName,
clientCert.Subject.CommonName, clientCert.Subject.CommonName,
) )
suite.Assert().Equal( suite.Assert().Equal(
[]string{constants.KubernetesAdminCertOrganization}, []string{constants.KubernetesAdminCertOrganization},
clientCert.Subject.Organization, clientCert.Subject.Organization,
) )
suite.Assert().Equal( suite.Assert().Equal(
stdlibx509.KeyUsageDigitalSignature|stdlibx509.KeyUsageKeyEncipherment, stdlibx509.KeyUsageDigitalSignature|stdlibx509.KeyUsageKeyEncipherment,
clientCert.KeyUsage, clientCert.KeyUsage,
) )
suite.Assert().Equal([]stdlibx509.ExtKeyUsage{stdlibx509.ExtKeyUsageClientAuth}, clientCert.ExtKeyUsage) suite.Assert().Equal([]stdlibx509.ExtKeyUsage{stdlibx509.ExtKeyUsageClientAuth}, clientCert.ExtKeyUsage)
frontProxyCert, err := kubernetesCerts.FrontProxy.GetCert() frontProxyCert, err := kubernetesCerts.FrontProxy.GetCert()
suite.Require().NoError(err) suite.Require().NoError(err)
suite.Assert().Empty(frontProxyCert.DNSNames) suite.Assert().Empty(frontProxyCert.DNSNames)
suite.Assert().Empty(frontProxyCert.IPAddresses) suite.Assert().Empty(frontProxyCert.IPAddresses)
suite.Assert().Equal("front-proxy-client", frontProxyCert.Subject.CommonName) suite.Assert().Equal("front-proxy-client", frontProxyCert.Subject.CommonName)
suite.Assert().Empty(frontProxyCert.Subject.Organization) suite.Assert().Empty(frontProxyCert.Subject.Organization)
suite.Assert().Equal( suite.Assert().Equal(
stdlibx509.KeyUsageDigitalSignature|stdlibx509.KeyUsageKeyEncipherment, stdlibx509.KeyUsageDigitalSignature|stdlibx509.KeyUsageKeyEncipherment,
frontProxyCert.KeyUsage, frontProxyCert.KeyUsage,
) )
suite.Assert().Equal( suite.Assert().Equal(
[]stdlibx509.ExtKeyUsage{stdlibx509.ExtKeyUsageClientAuth}, []stdlibx509.ExtKeyUsage{stdlibx509.ExtKeyUsageClientAuth},
frontProxyCert.ExtKeyUsage, frontProxyCert.ExtKeyUsage,
) )
for _, kubeconfig := range []string{ for _, kubeconfig := range []string{
kubernetesCerts.ControllerManagerKubeconfig, kubernetesCerts.ControllerManagerKubeconfig,
kubernetesCerts.SchedulerKubeconfig, kubernetesCerts.SchedulerKubeconfig,
kubernetesCerts.LocalhostAdminKubeconfig, kubernetesCerts.LocalhostAdminKubeconfig,
kubernetesCerts.AdminKubeconfig, kubernetesCerts.AdminKubeconfig,
} { } {
config, err := clientcmd.Load([]byte(kubeconfig)) config, err := clientcmd.Load([]byte(kubeconfig))
suite.Require().NoError(err) suite.Require().NoError(err)
suite.Assert().NoError(clientcmd.ConfirmUsable(*config, config.CurrentContext)) suite.Assert().NoError(clientcmd.ConfirmUsable(*config, config.CurrentContext))
} }
return nil return nil
}, })
),
)
}
func (suite *KubernetesSuite) TearDownTest() {
suite.T().Log("tear down")
suite.ctxCancel()
suite.wg.Wait()
}
func TestKubernetesSuite(t *testing.T) {
suite.Run(t, new(KubernetesSuite))
} }

222
internal/app/machined/pkg/controllers/siderolink/manager_test.go
View File

@ -7,17 +7,12 @@ package siderolink_test
import ( import (
"context" "context"
"fmt" "fmt"
"log"
"net" "net"
"sync"
"testing" "testing"
"time" "time"
"github.com/cosi-project/runtime/pkg/controller/runtime"
"github.com/cosi-project/runtime/pkg/resource" "github.com/cosi-project/runtime/pkg/resource"
"github.com/cosi-project/runtime/pkg/state" "github.com/cosi-project/runtime/pkg/state"
"github.com/cosi-project/runtime/pkg/state/impl/inmem"
"github.com/cosi-project/runtime/pkg/state/impl/namespaced"
"github.com/siderolabs/go-pointer" "github.com/siderolabs/go-pointer"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/suite" "github.com/stretchr/testify/suite"
@ -27,24 +22,38 @@ import (
"google.golang.org/grpc" "google.golang.org/grpc"
"inet.af/netaddr" "inet.af/netaddr"
"github.com/talos-systems/talos/internal/app/machined/pkg/controllers/ctest"
siderolinkctrl "github.com/talos-systems/talos/internal/app/machined/pkg/controllers/siderolink" siderolinkctrl "github.com/talos-systems/talos/internal/app/machined/pkg/controllers/siderolink"
"github.com/talos-systems/talos/pkg/logging"
"github.com/talos-systems/talos/pkg/machinery/constants" "github.com/talos-systems/talos/pkg/machinery/constants"
"github.com/talos-systems/talos/pkg/machinery/nethelpers" "github.com/talos-systems/talos/pkg/machinery/nethelpers"
"github.com/talos-systems/talos/pkg/machinery/resources/network" "github.com/talos-systems/talos/pkg/machinery/resources/network"
) )
func TestManagerSuite(t *testing.T) {
var m ManagerSuite
m.AfterSetup = func(suite *ctest.DefaultSuite) {
lis, err := net.Listen("tcp", "localhost:0")
suite.Require().NoError(err)
m.s = grpc.NewServer()
pb.RegisterProvisionServiceServer(m.s, mockServer{})
go func() {
suite.Require().NoError(m.s.Serve(lis))
}()
cmdline := procfs.NewCmdline(fmt.Sprintf("%s=%s", constants.KernelParamSideroLink, lis.Addr().String()))
suite.Require().NoError(suite.Runtime().RegisterController(&siderolinkctrl.ManagerController{
Cmdline: cmdline,
}))
}
suite.Run(t, &m)
}
type ManagerSuite struct { type ManagerSuite struct {
suite.Suite ctest.DefaultSuite
state state.State
runtime *runtime.Runtime
wg sync.WaitGroup
ctx context.Context //nolint:containedctx
ctxCancel context.CancelFunc
s *grpc.Server s *grpc.Server
} }
@ -68,141 +77,82 @@ func (srv mockServer) Provision(ctx context.Context, req *pb.ProvisionRequest) (
}, nil }, nil
} }
func (suite *ManagerSuite) SetupTest() {
suite.ctx, suite.ctxCancel = context.WithTimeout(context.Background(), 3*time.Minute)
suite.state = state.WrapCore(namespaced.NewState(inmem.Build))
var err error
suite.runtime, err = runtime.NewRuntime(suite.state, logging.Wrap(log.Writer()))
suite.Require().NoError(err)
suite.startRuntime()
lis, err := net.Listen("tcp", "localhost:0")
suite.Require().NoError(err)
suite.s = grpc.NewServer()
pb.RegisterProvisionServiceServer(suite.s, mockServer{})
go func() {
suite.Require().NoError(suite.s.Serve(lis))
}()
cmdline := procfs.NewCmdline(fmt.Sprintf("%s=%s", constants.KernelParamSideroLink, lis.Addr().String()))
suite.Require().NoError(
suite.runtime.RegisterController(
&siderolinkctrl.ManagerController{
Cmdline: cmdline,
},
),
)
}
func (suite *ManagerSuite) startRuntime() {
suite.wg.Add(1)
go func() {
defer suite.wg.Done()
suite.Assert().NoError(suite.runtime.Run(suite.ctx))
}()
}
func (suite *ManagerSuite) TestReconcile() { func (suite *ManagerSuite) TestReconcile() {
networkStatus := network.NewStatus(network.NamespaceName, network.StatusID) networkStatus := network.NewStatus(network.NamespaceName, network.StatusID)
networkStatus.TypedSpec().AddressReady = true networkStatus.TypedSpec().AddressReady = true
suite.Require().NoError(suite.state.Create(suite.ctx, networkStatus)) suite.Require().NoError(suite.State().Create(suite.Ctx(), networkStatus))
nodeAddress := netaddr.MustParseIPPrefix(mockNodeAddressPrefix) nodeAddress := netaddr.MustParseIPPrefix(mockNodeAddressPrefix)
suite.Assert().NoError( suite.AssertWithin(10*time.Second, 100*time.Millisecond, func() error {
retry.Constant(5*time.Second, retry.WithUnits(100*time.Millisecond)).Retry( addressResource, err := ctest.Get[*network.AddressSpec](
func() error { suite,
addressResource, err := suite.state.Get( resource.NewMetadata(
suite.ctx, resource.NewMetadata( network.ConfigNamespaceName,
network.ConfigNamespaceName, network.AddressSpecType,
network.AddressSpecType, network.LayeredID(
network.LayeredID( network.ConfigOperator,
network.ConfigOperator, network.AddressID(constants.SideroLinkName, nodeAddress),
network.AddressID(constants.SideroLinkName, nodeAddress), ),
), resource.VersionUndefined,
resource.VersionUndefined, ),
), )
) if err != nil {
if err != nil { if state.IsNotFoundError(err) {
if state.IsNotFoundError(err) { return retry.ExpectedError(err)
return retry.ExpectedError(err) }
}
return err return err
} }
address := addressResource.(*network.AddressSpec).TypedSpec() address := addressResource.TypedSpec()
suite.Assert().Equal(nodeAddress, address.Address) suite.Assert().Equal(nodeAddress, address.Address)
suite.Assert().Equal(network.ConfigOperator, address.ConfigLayer) suite.Assert().Equal(network.ConfigOperator, address.ConfigLayer)
suite.Assert().Equal(nethelpers.FamilyInet6, address.Family) suite.Assert().Equal(nethelpers.FamilyInet6, address.Family)
suite.Assert().Equal(constants.SideroLinkName, address.LinkName) suite.Assert().Equal(constants.SideroLinkName, address.LinkName)
linkResource, err := suite.state.Get( linkResource, err := ctest.Get[*network.LinkSpec](
suite.ctx, resource.NewMetadata( suite,
network.ConfigNamespaceName, resource.NewMetadata(
network.LinkSpecType, network.ConfigNamespaceName,
network.LayeredID(network.ConfigOperator, network.LinkID(constants.SideroLinkName)), network.LinkSpecType,
resource.VersionUndefined, network.LayeredID(network.ConfigOperator, network.LinkID(constants.SideroLinkName)),
), resource.VersionUndefined,
) ),
if err != nil { )
if state.IsNotFoundError(err) { if err != nil {
return retry.ExpectedError(err) if state.IsNotFoundError(err) {
} return retry.ExpectedError(err)
}
return err return err
} }
link := linkResource.(*network.LinkSpec).TypedSpec() link := linkResource.TypedSpec()
suite.Assert().Equal("wireguard", link.Kind) suite.Assert().Equal("wireguard", link.Kind)
suite.Assert().Equal(network.ConfigOperator, link.ConfigLayer) suite.Assert().Equal(network.ConfigOperator, link.ConfigLayer)
suite.Assert().NotEmpty(link.Wireguard.PrivateKey) suite.Assert().NotEmpty(link.Wireguard.PrivateKey)
suite.Assert().Len(link.Wireguard.Peers, 1) suite.Assert().Len(link.Wireguard.Peers, 1)
suite.Assert().Equal(mockServerEndpoint, link.Wireguard.Peers[0].Endpoint) suite.Assert().Equal(mockServerEndpoint, link.Wireguard.Peers[0].Endpoint)
suite.Assert().Equal(mockServerPublicKey, link.Wireguard.Peers[0].PublicKey) suite.Assert().Equal(mockServerPublicKey, link.Wireguard.Peers[0].PublicKey)
suite.Assert().Equal( suite.Assert().Equal(
[]netaddr.IPPrefix{ []netaddr.IPPrefix{
netaddr.IPPrefixFrom( netaddr.IPPrefixFrom(
netaddr.MustParseIP(mockServerAddress), netaddr.MustParseIP(mockServerAddress),
128, 128,
), ),
}, link.Wireguard.Peers[0].AllowedIPs, }, link.Wireguard.Peers[0].AllowedIPs,
) )
suite.Assert().Equal( suite.Assert().Equal(
constants.SideroLinkDefaultPeerKeepalive, constants.SideroLinkDefaultPeerKeepalive,
link.Wireguard.Peers[0].PersistentKeepaliveInterval, link.Wireguard.Peers[0].PersistentKeepaliveInterval,
) )
return nil return nil
}, })
),
)
}
func (suite *ManagerSuite) TearDownTest() {
suite.T().Log("tear down")
suite.s.Stop()
suite.ctxCancel()
suite.wg.Wait()
}
func TestManagerSuite(t *testing.T) {
suite.Run(t, new(ManagerSuite))
} }
func TestParseJoinToken(t *testing.T) { func TestParseJoinToken(t *testing.T) {