mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-08-25 08:31:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
talos/pkg/userdata/kubernetes_security_test.go
Brad Beam 2c0ec43a0b
feat: Add additional kubernetes certs (#619) 
Add support for supplying all of the necessary CA cert and key pairs for
kubeadm use.

Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
2019-05-07 11:30:10 -05:00

58 lines
2.1 KiB
Go
Raw Blame History

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
// nolint: dupl
package userdata
import (
"github.com/hashicorp/go-multierror"
"github.com/talos-systems/talos/pkg/crypto/x509"
"golang.org/x/xerrors"
)
func (suite *validateSuite) TestValidateKubernetesSecurity() {
var err error
// Test for missing required sections
kube := &KubernetesSecurity{}
err = kube.Validate(CheckKubernetesCA())
suite.Require().Error(err)
// Embedding the check in suite.Assert().Equal(true, xerrors.Is had issues )
if !xerrors.Is(err.(*multierror.Error).Errors[0], ErrRequiredSection) {
suite.T().Errorf("%+v", err)
}
kube.CA = &x509.PEMEncodedCertificateAndKey{}
err = kube.Validate(CheckKubernetesCA())
suite.Require().Error(err)
suite.Assert().Equal(4, len(err.(*multierror.Error).Errors))
// Test for invalid certs
kube.CA.Crt = []byte("-----BEGIN Rubbish-----\n-----END Rubbish-----")
kube.CA.Key = []byte("-----BEGIN EC Fluffy KEY-----\n-----END EC Fluffy KEY-----")
err = kube.Validate(CheckKubernetesCA())
suite.Require().Error(err)
// Successful test
kube.CA = &x509.PEMEncodedCertificateAndKey{
Crt: []byte("-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----"),
Key: []byte("-----BEGIN EC PRIVATE KEY-----\n-----END EC PRIVATE KEY-----"),
}
kube.SA = &x509.PEMEncodedCertificateAndKey{
Crt: []byte("-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----"),
Key: []byte("-----BEGIN EC PRIVATE KEY-----\n-----END EC PRIVATE KEY-----"),
}
kube.FrontProxy = &x509.PEMEncodedCertificateAndKey{
Crt: []byte("-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----"),
Key: []byte("-----BEGIN EC PRIVATE KEY-----\n-----END EC PRIVATE KEY-----"),
}
kube.Etcd = &x509.PEMEncodedCertificateAndKey{
Crt: []byte("-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----"),
Key: []byte("-----BEGIN EC PRIVATE KEY-----\n-----END EC PRIVATE KEY-----"),
}
err = kube.Validate(CheckKubernetesCA())
suite.Require().NoError(err)
}
Reference in New Issue View Git Blame Copy Permalink