Merge pull request #19 from skeeey/adding-integration-test

add integration test cases
2026-05-09 18:57:35 +00:00 · 2020-05-21 21:26:25 +02:00
parent 0a6f161017 a09ef1620f
commit d570bfedbd
11 changed files with 1100 additions and 54 deletions
--- a/pkg/hub/csr/controller.go
+++ b/pkg/hub/csr/controller.go
@@ -134,7 +134,10 @@ func isSpokeClusterClientCertRenewal(csr *certificatesv1beta1.CertificateSigning
 		return false
 	}

-	if csr.Spec.SignerName == nil || *csr.Spec.SignerName != certificatesv1beta1.KubeAPIServerClientSignerName {
+	// The CSR signer name must be provided on Kubernetes v1.18.0 and above, so if the signer name is empty,
+	// we should be on an old server, we skip the signer name check
+	if (csr.Spec.SignerName != nil && len(*csr.Spec.SignerName) != 0) &&
+		*csr.Spec.SignerName != certificatesv1beta1.KubeAPIServerClientSignerName {
 		return false
 	}

--- a/pkg/hub/csr/controller_test.go
+++ b/pkg/hub/csr/controller_test.go
@@ -119,6 +119,8 @@ func TestSync(t *testing.T) {
 }

 func TestIsSpokeClusterClientCertRenewal(t *testing.T) {
+	invalidSignerName := "invalidsigner"
+
 	cases := []struct {
 		name      string
 		csr       *certificatesv1beta1.CertificateSigningRequest
@@ -131,7 +133,7 @@ func TestIsSpokeClusterClientCertRenewal(t *testing.T) {
 		},
 		{
 			name:      "an invalid signer name",
-			csr:       newCSR(labels, nil, "", []string{}, "", ""),
+			csr:       newCSR(labels, &invalidSignerName, "", []string{}, "", ""),
 			isRenewal: false,
 		},
 		{
@@ -159,6 +161,11 @@ func TestIsSpokeClusterClientCertRenewal(t *testing.T) {
 			csr:       newInvalidCSR(),
 			isRenewal: false,
 		},
+		{
+			name:      "a renewal csr without signer name",
+			csr:       newCSRWithSignerName(nil),
+			isRenewal: true,
+		},
 		{
 			name:      "a renewal csr",
 			csr:       newRenewalCSR(),
@@ -207,10 +214,10 @@ func newCSR(labels map[string]string, signerName *string, cn string, orgs []stri
 	}
 }

-func newRenewalCSR() *certificatesv1beta1.CertificateSigningRequest {
+func newCSRWithSignerName(signer *string) *certificatesv1beta1.CertificateSigningRequest {
 	csr := newCSR(
 		labels,
-		&signerName,
+		signer,
 		"system:open-cluster-management:spokecluster1:spokeagent1",
 		[]string{"system:open-cluster-management:spokecluster1"},
 		"system:open-cluster-management:spokecluster1:spokeagent1",
@@ -220,6 +227,10 @@ func newRenewalCSR() *certificatesv1beta1.CertificateSigningRequest {
 	return csr
 }

+func newRenewalCSR() *certificatesv1beta1.CertificateSigningRequest {
+	return newCSRWithSignerName(&signerName)
+}
+
 func newInvalidCSR() *certificatesv1beta1.CertificateSigningRequest {
 	csr := newCSR(
 		labels,
--- a/pkg/spoke/hubclientcert/controller.go
+++ b/pkg/spoke/hubclientcert/controller.go
@@ -41,6 +41,9 @@ const (
 	AgentNameFile         = "agent-name"
 )

+// ControllerSyncInterval is exposed so that integration tests can crank up the constroller sync speed.
+var ControllerSyncInterval = 5 * time.Minute
+
 // ClientCertForHubController maintains the client cert and kubeconfig for hub
 type ClientCertForHubController struct {
 	clusterName string
@@ -97,7 +100,7 @@ func NewClientCertForHubController(
 	return factory.New().
 		WithInformers(hubCSRInformer.Informer(), spokeSecretInformer.Informer()).
 		WithSync(c.sync).
-		ResyncEvery(5*time.Minute).
+		ResyncEvery(ControllerSyncInterval).
 		ToController(controllerName, recorder)
 }

@@ -241,14 +244,15 @@ func (c *ClientCertForHubController) syncCSR(secret *corev1.Secret) (map[string]
 	// create a kubeconfig with references to the key/cert files in kubeconfigSecret if it dose not exists.
 	// So other components deployed in separated deployments are able to access this kubeconfig for hub as
 	// well by sharing the secret
-	if _, ok := secret.Data[KubeconfigFile]; !ok {
+	kubeconfigData, ok := secret.Data[KubeconfigFile]
+	if !ok {
 		kubeconfig := buildKubeconfig(restclient.CopyConfig(c.hubClientConfig), TLSCertFile, TLSKeyFile)
-		kubeconfigData, err := clientcmd.Write(kubeconfig)
+		kubeconfigData, err = clientcmd.Write(kubeconfig)
 		if err != nil {
 			return nil, err
 		}
-		data[KubeconfigFile] = kubeconfigData
 	}
+	data[KubeconfigFile] = kubeconfigData

 	// clear the csr name and private key
 	c.reset()
--- a/pkg/spoke/spokecluster/creating_controller.go
+++ b/pkg/spoke/spokecluster/creating_controller.go
@@ -18,6 +18,9 @@ import (
 // well-known anonymous user
 const anonymous = "system:anonymous"

+// CreatingControllerSyncInterval is exposed so that integration tests can crank up the constroller sync speed.
+var CreatingControllerSyncInterval = 60 * time.Minute
+
 // spokeClusterCreatingController creates a spoke cluster on hub cluster during the spoke agent bootstrap phase
 type spokeClusterCreatingController struct {
 	clusterName             string
@@ -40,7 +43,7 @@ func NewSpokeClusterCreatingController(
 	}
 	return factory.New().
 		WithSync(c.sync).
-		ResyncEvery(60*time.Minute).
+		ResyncEvery(CreatingControllerSyncInterval).
 		ToController("SpokeClusterCreatingController", recorder)
 }