From 0afd1c279fcade0227b8f53e87824377ef4ea325 Mon Sep 17 00:00:00 2001 From: belyshevdenis Date: Wed, 20 Mar 2019 12:37:05 +0200 Subject: [PATCH] NK-31: Added tests for CA extraction from clientset --- webhooks/registration.go | 20 +++++------ webhooks/registration_test.go | 65 +++++++++++++++++++++++++++++++++++ webhooks/resources/CAFile | 17 +++++++++ 3 files changed, 91 insertions(+), 11 deletions(-) create mode 100644 webhooks/registration_test.go create mode 100644 webhooks/resources/CAFile diff --git a/webhooks/registration.go b/webhooks/registration.go index db8912bf45..434e825c42 100644 --- a/webhooks/registration.go +++ b/webhooks/registration.go @@ -1,7 +1,6 @@ package webhooks import ( "io/ioutil" - "encoding/base64" rest "k8s.io/client-go/rest" meta "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -55,7 +54,7 @@ func constructWebhookConfig(config *rest.Config) *adm.MutatingWebhookConfigurati Name: webhookServiceName, Path: &webhookPath, }, - CABundle: extractCA(config), + CABundle: ExtractCA(config), }, Rules: []adm.RuleWithOperations { adm.RuleWithOperations { @@ -80,19 +79,18 @@ func constructWebhookConfig(config *rest.Config) *adm.MutatingWebhookConfigurati } } -func extractCA(config *rest.Config) (result []byte) { - - if config.TLSClientConfig.CAData != nil { - return config.TLSClientConfig.CAData - } else { - fileName := config.TLSClientConfig.CAFile - bytes, err := ioutil.ReadFile(fileName) +func ExtractCA(config *rest.Config) (result []byte) { + fileName := config.TLSClientConfig.CAFile + if fileName != "" { + result, err := ioutil.ReadFile(fileName) + if err != nil { return nil } - base64.StdEncoding.Encode(result, bytes) - return + return result + } else { + return config.TLSClientConfig.CAData } } \ No newline at end of file diff --git a/webhooks/registration_test.go b/webhooks/registration_test.go new file mode 100644 index 0000000000..7a6cbaffb8 --- /dev/null +++ b/webhooks/registration_test.go @@ -0,0 +1,65 @@ +package webhooks_test +import ( + "gotest.tools/assert" + "io/ioutil" + "testing" + "bytes" + + "github.com/nirmata/kube-policy/webhooks" + + rest "k8s.io/client-go/rest" +) + +func TestExtractCA_EmptyBundle(t *testing.T) { + CAFile := "resources/CAFile" + + config := &rest.Config { + TLSClientConfig: rest.TLSClientConfig { + CAData: nil, + CAFile: CAFile, + }, + } + + expected, err := ioutil.ReadFile(CAFile) + assert.Assert(t, err == nil) + actual := webhooks.ExtractCA(config) + assert.Assert(t, bytes.Equal(expected, actual)) +} + +func TestExtractCA_EmptyCAFile(t *testing.T) { + CABundle := []byte(`LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1ETXhPVEUwTURjd05Gb1hEVEk1TURNeE5qRTBNRGN3TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTStQClVLVmExcm9tQndOZzdqNnBBSGo5TDQ4RVJpdEplRzRXM1pUYmNMNWNKbnVTQmFsc1h1TWpQTGZmbUV1VEZIdVAKenRqUlBEUHcreEg1d3VTWFF2U0tIaXF2VE1pUm9DSlJFa09sQXpIa1dQM0VrdnUzNzRqZDVGV3Q3NEhnRk91cApIZ1ZwdUxPblczK2NDVE5iQ3VkeDFMVldRbGgwQzJKbm1Lam5uS1YrTkxzNFJVaVk1dk91ekpuNHl6QldLRjM2CmJLZ3ZDOVpMWlFSM3dZcnJNZWllYzBnWVY2VlJtaGgxSjRDV3V1UWd0ckM2d2NJanFWZFdEUlJyNHFMdEtDcDIKQVNIZmNieitwcEdHblJ5Z2FzcWNJdnpiNUVwV3NIRGtHRStUUW5WQ0JmTmsxN0NEOTZBQ1pmRWVybzEvWE16MgpRbzZvcUE0dnF5ZkdWWVU5RVZFQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFNWFVpUVJpdUc4cGdzcHMrZTdGZWdCdEJOZEcKZlFUdHVLRWFUZ0U0RjQwamJ3UmdrN25DTHlsSHgvRG04aVRRQmsyWjR4WnNuY0huRys4SkwrckRLdlJBSE5iVQpsYnpReXA1V3FwdjdPcThwZ01wU0o5bTdVY3BGZmRVZkorNW43aXFnTGdMb3lhNmtRVTR2Rk0yTE1rWjI5NVpxCmVId0hnREo5Z3IwWGNyOWM1L2tRdkxFc2Z2WU5QZVhuamNyWXlDb2JNcVduSElxeVd3cHM1VTJOaGgraXhSZEIKbzRRL3RJS04xOU93WGZBaVc5SENhNzZMb3ZXaUhPU2UxVnFzK1h1N1A5ckx4eW1vQm91aFcxVmZ0bUo5Qy9vTAp3cFVuNnlXRCttY0tkZ3J5QTFjTWJ4Q281bUd6YTNLaFk1QTd5eDQ1cThkSEIzTWU4d0FCam1wWEs0ST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=`) + + config := &rest.Config { + TLSClientConfig: rest.TLSClientConfig { + CAData: CABundle, + CAFile: "", + }, + } + + actual := webhooks.ExtractCA(config) + assert.Assert(t, bytes.Equal(CABundle, actual)) +} + +func TestExtractCA_EmptyConfig(t *testing.T) { + config := &rest.Config { + TLSClientConfig: rest.TLSClientConfig { + CAData: nil, + CAFile: "", + }, + } + + actual := webhooks.ExtractCA(config) + assert.Assert(t, actual == nil) +} + +func TestExtractCA_InvalidFile(t *testing.T) { + config := &rest.Config { + TLSClientConfig: rest.TLSClientConfig { + CAData: nil, + CAFile: "somenonexistingfile", + }, + } + + actual := webhooks.ExtractCA(config) + assert.Assert(t, actual == nil) +} \ No newline at end of file diff --git a/webhooks/resources/CAFile b/webhooks/resources/CAFile new file mode 100644 index 0000000000..d3700b2b42 --- /dev/null +++ b/webhooks/resources/CAFile @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl +cm5ldGVzMB4XDTE5MDMxOTE0MDcwNFoXDTI5MDMxNjE0MDcwNFowFTETMBEGA1UE +AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+P +UKVa1romBwNg7j6pAHj9L48ERitJeG4W3ZTbcL5cJnuSBalsXuMjPLffmEuTFHuP +ztjRPDPw+xH5wuSXQvSKHiqvTMiRoCJREkOlAzHkWP3Ekvu374jd5FWt74HgFOup +HgVpuLOnW3+cCTNbCudx1LVWQlh0C2JnmKjnnKV+NLs4RUiY5vOuzJn4yzBWKF36 +bKgvC9ZLZQR3wYrrMeiec0gYV6VRmhh1J4CWuuQgtrC6wcIjqVdWDRRr4qLtKCp2 +ASHfcbz+ppGGnRygasqcIvzb5EpWsHDkGE+TQnVCBfNk17CD96ACZfEero1/XMz2 +Qo6oqA4vqyfGVYU9EVECAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAMXUiQRiuG8pgsps+e7FegBtBNdG +fQTtuKEaTgE4F40jbwRgk7nCLylHx/Dm8iTQBk2Z4xZsncHnG+8JL+rDKvRAHNbU +lbzQyp5Wqpv7Oq8pgMpSJ9m7UcpFfdUfJ+5n7iqgLgLoya6kQU4vFM2LMkZ295Zq +eHwHgDJ9gr0Xcr9c5/kQvLEsfvYNPeXnjcrYyCobMqWnHIqyWwps5U2Nhh+ixRdB +o4Q/tIKN19OwXfAiW9HCa76LovWiHOSe1Vqs+Xu7P9rLxymoBouhW1VftmJ9C/oL +wpUn6yWD+mcKdgryA1cMbxCo5mGza3KhY5A7yx45q8dHB3Me8wABjmpXK4I= +-----END CERTIFICATE-----