mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-10-11 07:31:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
talos/internal/pkg/containers/cri/containerd/hosts_test.go
Andrey Smirnov f62d17125b
chore: update crypto to use new import path siderolabs/crypto 
No functional changes in this PR, just updating import paths.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-09-07 23:02:50 +04:00

146 lines
4.5 KiB
Go
Raw Blame History

// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
package containerd_test
import (
_ "embed"
"testing"
"github.com/siderolabs/crypto/x509"
"github.com/siderolabs/go-pointer"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/talos-systems/talos/internal/pkg/containers/cri/containerd"
"github.com/talos-systems/talos/pkg/machinery/config/types/v1alpha1"
)
func TestGenerateHosts(t *testing.T) {
cfgWithTLS := &mockConfig{
mirrors: map[string]*v1alpha1.RegistryMirrorConfig{
"docker.io": {
MirrorEndpoints: []string{"https://registry-1.docker.io", "https://registry-2.docker.io"},
},
},
config: map[string]*v1alpha1.RegistryConfig{
"some.host:123": {
RegistryAuth: &v1alpha1.RegistryAuthConfig{
RegistryUsername: "root",
RegistryPassword: "secret",
RegistryAuth: "auth",
RegistryIdentityToken: "token",
},
RegistryTLS: &v1alpha1.RegistryTLSConfig{
TLSInsecureSkipVerify: pointer.To(true),
TLSCA: []byte("cacert"),
TLSClientIdentity: &x509.PEMEncodedCertificateAndKey{
Crt: []byte("clientcert"),
Key: []byte("clientkey"),
},
},
},
"registry-2.docker.io": {
RegistryTLS: &v1alpha1.RegistryTLSConfig{
TLSInsecureSkipVerify: pointer.To(true),
},
},
},
}
resultWithTLS, err := containerd.GenerateHosts(cfgWithTLS, "/etc/cri/conf.d/hosts")
require.NoError(t, err)
assert.Equal(t, &containerd.HostsConfig{
Directories: map[string]*containerd.HostsDirectory{
"docker.io": {
Files: []*containerd.HostsFile{
{
Name: "hosts.toml",
Mode: 0o600,
Contents: []byte("\n[host]\n\n [host.\"https://registry-1.docker.io\"]\n capabilities = [\"pull\", \"resolve\"]\n\n [host.\"https://registry-2.docker.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n"), //nolint:lll
},
},
},
"some.host_123_": {
Files: []*containerd.HostsFile{
{
Name: "some.host:123-ca.crt",
Mode: 0o600,
Contents: []byte("cacert"),
},
{
Name: "some.host:123-client.crt",
Mode: 0o600,
Contents: []byte("clientcert"),
},
{
Name: "some.host:123-client.key",
Mode: 0o600,
Contents: []byte("clientkey"),
},
{
Name: "hosts.toml",
Mode: 0o600,
Contents: []byte("server = \"https://some.host:123\"\n\n[host]\n\n [host.\"https://some.host:123\"]\n ca = \"/etc/cri/conf.d/hosts/some.host_123_/some.host:123-ca.crt\"\n client = [[\"/etc/cri/conf.d/hosts/some.host_123_/some.host:123-client.crt\", \"/etc/cri/conf.d/hosts/some.host_123_/some.host:123-client.key\"]]\n skip_verify = true\n"), //nolint:lll
},
},
},
"registry-2.docker.io": {
Files: []*containerd.HostsFile{
{
Name: "hosts.toml",
Mode: 0o600,
Contents: []byte("server = \"https://registry-2.docker.io\"\n\n[host]\n\n [host.\"https://registry-2.docker.io\"]\n skip_verify = true\n"),
},
},
},
},
}, resultWithTLS)
cfgWithoutTLS := &mockConfig{
mirrors: map[string]*v1alpha1.RegistryMirrorConfig{
"docker.io": {
MirrorEndpoints: []string{"https://registry-1.docker.io", "https://registry-2.docker.io"},
},
},
config: map[string]*v1alpha1.RegistryConfig{
"some.host:123": {
RegistryAuth: &v1alpha1.RegistryAuthConfig{
RegistryUsername: "root",
RegistryPassword: "secret",
RegistryAuth: "auth",
RegistryIdentityToken: "token",
},
},
},
}
resultWithoutTLS, err := containerd.GenerateHosts(cfgWithoutTLS, "/etc/cri/conf.d/hosts")
require.NoError(t, err)
assert.Equal(t, &containerd.HostsConfig{
Directories: map[string]*containerd.HostsDirectory{
"docker.io": {
Files: []*containerd.HostsFile{
{
Name: "hosts.toml",
Mode: 0o600,
Contents: []byte("\n[host]\n\n [host.\"https://registry-1.docker.io\"]\n capabilities = [\"pull\", \"resolve\"]\n\n [host.\"https://registry-2.docker.io\"]\n capabilities = [\"pull\", \"resolve\"]\n"), //nolint:lll
},
},
},
"some.host_123_": {
Files: []*containerd.HostsFile{
{
Name: "hosts.toml",
Mode: 0o600,
Contents: []byte("server = \"https://some.host:123\"\n\n[host]\n\n [host.\"https://some.host:123\"]\n"),
},
},
},
},
}, resultWithoutTLS)
}
Reference in New Issue View Git Blame Copy Permalink